Active Directory

78K

Solutions

39K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

This is a simple web application that allows you to use Active Directory photos anywhere that you can use a HTML tag
2
Fundamentals of JavaScript
LVL 13
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

This article details my method of auditing computers by querying WMI class, serializing it to JSON and saving it is a central location, ready to be deserialized again and pulled into a report
3
LVL 12

Expert Comment

by:Senior IT System Engineer
Comment Utility
Yes, I already have it on my workstation:

PS C:\> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.17134.590
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17134.590
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Open in new window


is it because some of my Domain Controllers are on Windows Server 2012 R2?
0
LVL 53

Author Comment

by:Shaun Vermaak
Comment Utility
It runs remotely so you need PS 5 on DC
0
The "Local Administrator Password Solution" (LAPS) provides a centralized storage of secrets/passwords in Active Directory (AD). On the other hand, KeePass is an open source password manager. This Powershell script generates a KeePass XML file from a LAPS enabled Active Directory, ready for import.
2
In this article will discuss what Microsoft exchange database portability is and how we can use it to restore email services along with mailbox data in case of Exchange Server failures.
1
Over time I have seen a number of questions asking how to logoff users at a specific time. I personally haven't required this but decided to develop a little Windows service that manages this via schedule and not a legacy scheduled task running shutdown /l or via AD logon hours
1
LVL 64

Expert Comment

by:McKnife
Comment Utility
Will I understand the limitation once I use yours? I have no idea, what you mean. I want to logoff all users at a given time - I can and I don't need extra tools or schedulers.
0
LVL 53

Author Comment

by:Shaun Vermaak
Comment Utility
Many ways to skin a cat. I prefer to use methods where I can replace a config file an alter all configuration.
0
AD SYSVOL Scratch recovery from backup
This article explains AD System State Recovery with the authsysvol switch, what it does and when this restore should be attempted, prerequisites, demo, impact and implications. The topic is partially documented by Microsoft and DELL and lacks important details, hence tried to add entire stuff here
2
This article demonstrates DFS namespace and replication group accidental deletion recovery. DFS-N and DFS-R configuration are stored with active directory. Few precautionary measures will enable DFS-N and DFS-R recovery either from DFS native tool (dfsutil) or active directory.
2
LVL 50

Author Comment

by:Mahesh
Comment Utility
If user does save previous version of file from VSS, the restored previous version gets replicated to DFSR partner

If VSS is enabled on both replicated partners, the last restored file will win and replicated to all partners

Note that since VSS copy is server specific it will not get replicated across DFSR partners
The VSS versions of same file on both servers can be different based on time difference of VSS snapshot is triggered
If VSS snapshot is triggered on all replicated members at same time, you would get previous version data similar on all members, note that this is workaround as VSS copy is separate for every member

I hope this is clear
1
LVL 12

Expert Comment

by:Senior IT System Engineer
Comment Utility
Many thanks, Mahesh for the clarification, it's all clear from now on.
0
In this article I will cover Microsoft DFSR major issues and their resolution. These issues can occur during initial deployment or post-deployment. The resolution for each problem is available on the internet generally in standalone posts. I have tried to present them here collectively and detailed.
4
Group membership expiration is a superb new feature included with Active Directory 2016 functional level. But what if you want this functionality but you haven't upgraded yet? Since I have many clients that cannot yet leverage this new feature, I have developed a custom tool.
2
LVL 64

Expert Comment

by:McKnife
Comment Utility
That's too bad. I had hoped that it would, so that we could switch to your tool instead of using what is built-in @2016 server, because the built-in method has a funny limitation (at least in our domain) : it won't work with times of 5 minutes or less (6 minutes is ok!). When using 5 minutes or less, the group will get populated, but the kerberos ticket will not be granted for whatever reason.

We would like to use less than 6 minutes, sometimes, for example when we activate a software license, we give the machine internet access for the shortest time possible (working close to the military, here, no direct internet access allowed). And to do so, we use AD groups, that the SQUID proxy works with. We would like to use, say, 1 minute, but we can't do less than 6... :-)
0
LVL 53

Author Comment

by:Shaun Vermaak
Comment Utility
Will look into it. Our requirement usually for a ~day but yours make sense
0
In this article, I am trying to collectively present DFSN and DFSR deployment considerations / best practices, in general, to avoid known DFSN and DFSR issues during and post-deployment. The article would help in defining DFSN and DFSR architecture and configuration.
6
Ensure Business Longevity with As-A-Service
Ensure Business Longevity with As-A-Service

Using the as-a-service approach for your business model allows you to grow your revenue stream with new practice areas, without forcing you to part ways with existing clients just because they don’t fit the mold of your new service offerings.

NTFS File Permissions
An article explaining how to give user/group ability to create, edit, rename & delete files, but not create folders.
2
This article documents the process of assigning different password policies based on user account password strength. The result of this script is that all the users that are using weak passwords are forced to have a password policy on them that allows their passwords to be valid for fewer days.
6
LVL 12

Expert Comment

by:Senior IT System Engineer
Comment Utility
Hi Shaun,

Can the DSInternals module be installed in another computer without RSAT installed?
Because I wanted to run the scheduled task for this report to send out email alert, not from the Domain Controller.
0
LVL 53

Author Comment

by:Shaun Vermaak
Comment Utility
Yes, it can :)

Just remember that you do not need DA. Configure an account with replicate directory access an use that in your scheduled task
0
This article shows a process of synchronizing password from on Active Directory domain to another, even if in another forest
6
This is my take on Shadow Groups, the principle of maintaining group membership based on objects within an organizational unit within the Active Directory.
1
Correctly defined Active Directory sites and subnet allows for the optimized replication, nearest service location, and authentication to the correct server
1
This command line tool can be used to quickly create a folder structure for a file server. Not only does it assist in creating the folders, it creates the appropriate groups and assigns the correct permission.
2
This article outlines the Importance of Certificate Authority validity period and its impact on Certificate Renewal Process. The article also details out CA certificate renewal process along with CA validity period extension.
6

Expert Comment

by:Mr Saadi
Comment Utility
Hi Mahesh

For issuing a new Sub CA certificate from an offline Root CA, do we need to renew and publish a new CRL from the root CA?

Thanks in advance.
0
LVL 50

Author Comment

by:Mahesh
Comment Utility
NO

CRL need to be published in two cases
When your existing CRL validity is expired - You should have keep CRL validity period good enough for Offline Root CA, say, on e year
OR
if you have revoked any certificate

Mahesh.
0
Assume that as a role of System Administrator in SMB (or a startup group), you are requested to (re)design the IT infrastructure of the company. In this article, I will describe the steps of design, configure and operate the IT devices in a small business environment. (<50 users).
0
Import Outlook Calendar to Exchange Server
How to import Outlook calendar to MS Exchange Server. A Calendar stores user appointments, meetings details to manage work. Moving Outlook Calendar to a new or already existing Exchange Server become complex process if Admin needs to import Calendar from Outlook to specific Exchange Mailbox.
0
Active Protection takes the fight to cryptojacking
LVL 2
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

I’m a fan of folder redirection, however, it does have a couple of “Gotchas!” you have to look out for. For example, if you redirect a user’s AppData folder to a DFS namespace, shortcuts on the taskbar are no longer trusted. Here’s how to fix that.
0
One thing I've always found frustrating is no matter how many times one asks the end users to not save things on their local machines, they do it anyway. Forget that we don't back up the desktops - only the servers. Well, let's sneak their data onto the servers without them knowing about it.
0
Seizing the Operation Master Roles in Windows Server 2016 in case of FSMO holder failure.
0
Using Active Directory Groups in Access and VBA -
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
1
The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
2
You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
0
LVL 6

Author Comment

by:Michal Ziemba
Comment Utility
I wonder, have you ever been in this kind of situation that you couldn't find the owner of the number who has just called you, and you were certain that this was a company number, which means it should be fairly easily be found in Outlook address book or in Active Directory?
Except for admin tools I have in hand I also tried to search for the phone number in Outlook without success. How about you?
0

Active Directory

78K

Solutions

39K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.