[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Active Directory

77K

Solutions

39K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

This article documents the process of assigning different password policies based on user account password strength. The result of this script is that all the users that are using weak passwords are forced to have a password policy on them that allows their passwords to be valid for fewer days.
3
LVL 10

Expert Comment

by:Senior IT System Engineer
Comment Utility
Hi Shaun,

Can the DSInternals module be installed in another computer without RSAT installed?
Because I wanted to run the scheduled task for this report to send out email alert, not from the Domain Controller.
0
LVL 48

Author Comment

by:Shaun Vermaak
Comment Utility
Yes, it can :)

Just remember that you do not need DA. Configure an account with replicate directory access an use that in your scheduled task
0
Determine the Perfect Price for Your IT Services
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

This article shows a process of synchronizing password from on Active Directory domain to another, even if in another forest
3
This is my take on Shadow Groups, the principle of maintaining group membership based on objects within an organizational unit within the Active Directory.
1
Correctly defined Active Directory sites and subnet allows for the optimized replication, nearest service location, and authentication to the correct server
1
This command line tool can be used to quickly create a folder structure for a file server. Not only does it assist in creating the folders, it creates the appropriate groups and assigns the correct permission.
1
This article outlines the Importance of Certificate Authority validity period and its impact on Certificate Renewal Process. The article also details out CA certificate renewal process along with CA validity period extension.
4

Expert Comment

by:Mr Saadi
Comment Utility
Hi Mahesh

For issuing a new Sub CA certificate from an offline Root CA, do we need to renew and publish a new CRL from the root CA?

Thanks in advance.
0
LVL 45

Author Comment

by:Mahesh
Comment Utility
NO

CRL need to be published in two cases
When your existing CRL validity is expired - You should have keep CRL validity period good enough for Offline Root CA, say, on e year
OR
if you have revoked any certificate

Mahesh.
0
Assume that as a role of System Administrator in SMB (or a startup group), you are requested to (re)design the IT infrastructure of the company. In this article, I will describe the steps of design, configure and operate the IT devices in a small business environment. (<50 users).
0
How to import Outlook calendar to MS Exchange Server. A Calendar stores user appointments, meetings details to manage work. Moving Outlook Calendar to a new or already existing Exchange Server become complex process if Admin needs to import Calendar from Outlook to specific Exchange Mailbox.
0
I’m a fan of folder redirection, however, it does have a couple of “Gotchas!” you have to look out for. For example, if you redirect a user’s AppData folder to a DFS namespace, shortcuts on the taskbar are no longer trusted. Here’s how to fix that.
0
One thing I've always found frustrating is no matter how many times one asks the end users to not save things on their local machines, they do it anyway. Forget that we don't back up the desktops - only the servers. Well, let's sneak their data onto the servers without them knowing about it.
0
CompTIA Cloud+
LVL 12
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Seizing the Operation Master Roles in Windows Server 2016 in case of FSMO holder failure.
0
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
1
The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
2
You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
0
LVL 6

Author Comment

by:Michal Ziemba
Comment Utility
I wonder, have you ever been in this kind of situation that you couldn't find the owner of the number who has just called you, and you were certain that this was a company number, which means it should be fairly easily be found in Outlook address book or in Active Directory?
Except for admin tools I have in hand I also tried to search for the phone number in Outlook without success. How about you?
0
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something similar. But what if you want something simple?
1
FADPRT
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone. Any comments, bug reports etc. are welcome...
6
LVL 48

Author Comment

by:Shaun Vermaak
Comment Utility
The easiest would be to add a UPN suffix and set it on the user. The UPN can then be exactly the same as the email address.

Would this be an option for you?

http://www.tutorialspoint.com/articles/adding-alternate-upn-suffix-to-active-directory-domain
0

Expert Comment

by:J. Steven Young
Comment Utility
Yes I actually did that shortly after my last comment using a bulk update to AD via groovy script! Thanks!
1
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
0
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
1
Sometimes it necessary to set special permissions on user objects. For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few hours. The issue usually on occurs on a few users
0
Learn Ruby Fundamentals
LVL 12
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
1
LVL 29

Expert Comment

by:Tom Cieslik
Comment Utility
Very useful information but I don't get it one thing:

Move-ADDirectoryServerOperationMasterRole -Identity “TCLDC01”
- -identity is a TARGET server right ? So this is a server where role will be transfered to.

Move-ADDirectoryServerOperationMasterRole -Identity “Target_DC_name”

So if yes, then why you checking other server if all roles were moved

All 5 Roles has been transferred to TCLDC02

Or maybe I don't get it.
0
LVL 20

Expert Comment

by:Brian
Comment Utility
@Tom - It looks like the PowerShell screenshots are incorrect. Using the get-help Move-ADDirectoryServerOperationMasterRole command it clearly states "The Identity parameter specifies the directory server that receives the roles." In the screenshot above it should have shown TCLDC02.
0
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
7
LVL 107

Expert Comment

by:John
Comment Utility
Interesting article. At my main client, we are not currently seeing high turnover (which is a good thing), but I have made a note and when there is an opportunity, we will try it out.

Thank you.
1
LVL 24

Expert Comment

by:Alan
Comment Utility
Thumbs up working now - thanks!

Alan.
1
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
4
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
7
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
0
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
4
LVL 48

Author Comment

by:Shaun Vermaak
Comment Utility
I do have a password-self-help portal, will post in the next few weeks
2
LVL 48

Author Comment

by:Shaun Vermaak
Comment Utility
0

Active Directory

77K

Solutions

39K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Vendor Experts

Kevin StanushSystemTools Software Learn more about SystemTools Software