Active Directory

75K

Solutions

38K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
0
 
LVL 5

Author Comment

by:Michal Ziemba
Comment Utility
I wonder, have you ever been in this kind of situation that you couldn't find the owner of the number who has just called you, and you were certain that this was a company number, which means it should be fairly easily be found in Outlook address book or in Active Directory?
Except for admin tools I have in hand I also tried to search for the phone number in Outlook without success. How about you?
0
The new generation of project management tools
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something similar. But what if you want something simple?
0
FADPRT
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone. Any comments, bug reports etc. are welcome...
3
 

Expert Comment

by:John Trussell
Comment Utility
Thanks. Where is the "ModelSSPR.edmx" ? I cannot find it to open in VS in order to create a DB.
0
 
LVL 39

Author Comment

by:Shaun Vermaak
Comment Utility
You can skip that step and use the DDL above
0
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
0
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
1
Sometimes it necessary to set special permissions on user objects. For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few hours. The issue usually on occurs on a few users
0
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
1
 
LVL 27

Expert Comment

by:Tom Cieslik
Comment Utility
Very useful information but I don't get it one thing:

Move-ADDirectoryServerOperationMasterRole -Identity “TCLDC01”
- -identity is a TARGET server right ? So this is a server where role will be transfered to.

Move-ADDirectoryServerOperationMasterRole -Identity “Target_DC_name”

So if yes, then why you checking other server if all roles were moved

All 5 Roles has been transferred to TCLDC02

Or maybe I don't get it.
0
 
LVL 20

Expert Comment

by:Brian
Comment Utility
@Tom - It looks like the PowerShell screenshots are incorrect. Using the get-help Move-ADDirectoryServerOperationMasterRole command it clearly states "The Identity parameter specifies the directory server that receives the roles." In the screenshot above it should have shown TCLDC02.
0
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
7
 
LVL 101

Expert Comment

by:John Hurst
Comment Utility
Interesting article. At my main client, we are not currently seeing high turnover (which is a good thing), but I have made a note and when there is an opportunity, we will try it out.

Thank you.
1
 
LVL 22

Expert Comment

by:Alan
Comment Utility
Thumbs up working now - thanks!

Alan.
1
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
4
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
5
Never miss a deadline with monday.com
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
0
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
4
 
LVL 39

Author Comment

by:Shaun Vermaak
Comment Utility
I do have a password-self-help portal, will post in the next few weeks
2
 
LVL 39

Author Comment

by:Shaun Vermaak
Comment Utility
0
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
5
 

Expert Comment

by:geekgirl472
Comment Utility
Yes, please. I would be very grateful. Thank you!
0
 
LVL 39

Author Comment

by:Shaun Vermaak
Comment Utility
Here is link to user data cleanup tool (UserResourceCleanup) https://www.experts-exchange.com/articles/31021/UserResourceCleanup.html
1
GPO Monitor
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed or changed with an option for email notifications.
2
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
0
Compliance and data security require steps be taken to prevent unauthorized users from copying data. Here's one method to prevent data theft via USB drives (and writable optical media).
3
 
LVL 97

Author Comment

by:Lee W, MVP
Comment Utility
Ok, thanks!
0
 
LVL 8

Expert Comment

by:Senior IT System Engineer
Comment Utility
Thanks for sharing the great article.
0
Let's recap what we learned from yesterday's Skyport Systems webinar.
1
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
3
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
0
Live webcast with Pinal Dave
Live webcast with Pinal Dave

Pinal Dave will teach you tricks to help identify the real root cause of database problems rather than red herrings. Attendees will learn scripts that they can use in their environment to immediately figure out their performance Blame Shifters and fix them quickly.

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group filtering a group policy.
3
Here's a look at newsworthy articles and community happenings during the last month.
3
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
7
 
LVL 8

Expert Comment

by:Senior IT System Engineer
Comment Utility
Hi Shaun,

Why there is a need to use Configurator.exe (Configurator Editor) to do this?
I believe this can be done purely with Group Policy Preference for Windows Vista-Server 2008 and above.
1
 
LVL 39

Author Comment

by:Shaun Vermaak
Comment Utility
Enforcement, yes but not the part where group members are moved to AD. If you do it individually with Preferences you will how to create a preference item for each possible combination.
Also, the configurator is the configuration tool, admingroups.exe is the actual application.
1
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
3
 
LVL 39

Author Comment

by:Shaun Vermaak
Comment Utility
Hiya. Yes I tried it without but could not get a variable to use for getting the value
0
A hard and fast method for reducing Active Directory Administrators members.
7
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract user data, including hashes from an IFM backup.
5

Active Directory

75K

Solutions

38K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Vendor Experts

Kevin StanushSystemTools Software Learn more about SystemTools Software
Gil FeldmanMonday Learn more about Monday