Active Directory

77K

Solutions

39K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

This is my take on Shadow Groups, the principle of maintaining group membership based on objects within an organizational unit within the Active Directory.
0
Ultimate Tool Kit for Technology Solution Provider
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Correctly defined Active Directory sites and subnet allows for the optimized replication, nearest service location, and authentication to the correct server
0
This command line tool can be used to quickly create a folder structure for a file server. Not only does it assist in creating the folders, it creates the appropriate groups and assigns the correct permission.
0
This article outlines the Importance of Certificate Authority validity period and its impact on Certificate Renewal Process. The article also details out CA certificate renewal process along with CA validity period extension.
3
LVL 2

Expert Comment

by:sara2000
Comment Utility
Nice article. This is what I was looking for. This article increased my CA's skill.
0
LVL 42

Author Comment

by:Mahesh
Comment Utility
Hi Sara,
If you like this article, please endorse it, it will help increase article visibility
0
Assume that as a role of System Administrator in SMB (or a startup group), you are requested to (re)design the IT infrastructure of the company. In this article, I will describe the steps of design, configure and operate the IT devices in a small business environment. (<50 users).
0
How to import Outlook calendar to MS Exchange Server. A Calendar stores user appointments, meetings details to manage work. Moving Outlook Calendar to a new or already existing Exchange Server become complex process if Admin needs to import Calendar from Outlook to specific Exchange Mailbox.
0
I’m a fan of folder redirection, however, it does have a couple of “Gotchas!” you have to look out for. For example, if you redirect a user’s AppData folder to a DFS namespace, shortcuts on the taskbar are no longer trusted. Here’s how to fix that.
0
One thing I've always found frustrating is no matter how many times one asks the end users to not save things on their local machines, they do it anyway. Forget that we don't back up the desktops - only the servers. Well, let's sneak their data onto the servers without them knowing about it.
0
Seizing the Operation Master Roles in Windows Server 2016 in case of FSMO holder failure.
0
Audit Active Directory
In this article, we will discuss how you can secure Active Directory using free tools, and how you can choose a safe and secure Active Directory security auditing tool.
0
LVL 26

Expert Comment

by:MidnightOne
Comment Utility
This isn't an article, it's an advertisement.
0
Problems using Powershell and Active Directory?
LVL 8
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
0
The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
1
You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
0
LVL 5

Author Comment

by:Michal Ziemba
Comment Utility
I wonder, have you ever been in this kind of situation that you couldn't find the owner of the number who has just called you, and you were certain that this was a company number, which means it should be fairly easily be found in Outlook address book or in Active Directory?
Except for admin tools I have in hand I also tried to search for the phone number in Outlook without success. How about you?
0
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something similar. But what if you want something simple?
1
FADPRT
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone. Any comments, bug reports etc. are welcome...
5

Expert Comment

by:Carter Sema
Comment Utility
Interested in trying this out. Any idea if it's possible to use 636 with a Secure LDAP Cert?
0
LVL 44

Author Comment

by:Shaun Vermaak
Comment Utility
You can change the web.config to use secure LDAP.

You need a certificate for the website too so it is SSL
0
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
0
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
1
Sometimes it necessary to set special permissions on user objects. For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few hours. The issue usually on occurs on a few users
0
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
1
LVL 28

Expert Comment

by:Tom Cieslik
Comment Utility
Very useful information but I don't get it one thing:

Move-ADDirectoryServerOperationMasterRole -Identity “TCLDC01”
- -identity is a TARGET server right ? So this is a server where role will be transfered to.

Move-ADDirectoryServerOperationMasterRole -Identity “Target_DC_name”

So if yes, then why you checking other server if all roles were moved

All 5 Roles has been transferred to TCLDC02

Or maybe I don't get it.
0
LVL 20

Expert Comment

by:Brian
Comment Utility
@Tom - It looks like the PowerShell screenshots are incorrect. Using the get-help Move-ADDirectoryServerOperationMasterRole command it clearly states "The Identity parameter specifies the directory server that receives the roles." In the screenshot above it should have shown TCLDC02.
0
Has Powershell sent you back into the Stone Age?
LVL 8
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
7
LVL 103

Expert Comment

by:John
Comment Utility
Interesting article. At my main client, we are not currently seeing high turnover (which is a good thing), but I have made a note and when there is an opportunity, we will try it out.

Thank you.
1
LVL 23

Expert Comment

by:Alan
Comment Utility
Thumbs up working now - thanks!

Alan.
1
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
4
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
5
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
0
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
4
LVL 44

Author Comment

by:Shaun Vermaak
Comment Utility
I do have a password-self-help portal, will post in the next few weeks
2
LVL 44

Author Comment

by:Shaun Vermaak
Comment Utility
0
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
7
LVL 23

Expert Comment

by:Alan
Comment Utility
Hi Ann,

You have posted here on Shaun's article, but you also need to close the question.

Thanks,

Alan.
1
LVL 44

Author Comment

by:Shaun Vermaak
Comment Utility
Comment and suggestions welcome. Let me know if you need any help ;)
1

Active Directory

77K

Solutions

39K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Vendor Experts

Kevin StanushSystemTools Software Learn more about SystemTools Software