[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Active Directory

78K

Solutions

39K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
1
LVL 11

Expert Comment

by:Senior IT System Engineer
Comment Utility
Many thanks for the sharing here Greg.
Let us for future update.
0
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
11

Expert Comment

by:IT Guy
Comment Utility
How can I extend the right for a particular AD group to be able to delete any existing Windows 10 computer account (without having the rights to delete or reset any of the server computer accounts)?
0
LVL 49

Author Comment

by:Shaun Vermaak
Comment Utility
Hi IT Guy.

You need to put your workstations and servers in different OUs. You then delegate from the OU level
0
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
5
In-place Upgrading Dirsync to Azure AD Connect
0
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
17
LVL 11

Expert Comment

by:Senior IT System Engineer
Comment Utility
@Shaun,

Regarding the Resetting the cached Creds for SYSTEM accounts
psexec -s -i -d....

Open in new window


Why do you need to use PSExec if you can do it using the cmd prompt RunDLL32.exe ?

Disable the Credential Manager service.
Does that can also reset or clear the currently saved credentials within the local OS or just Microsoft Application only?
0
LVL 49

Author Comment

by:Shaun Vermaak
Comment Utility
The one is for the current user and the psexec is for system

No, it does not clear existing saved credentials
1
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is required to start the all services normally
0

Expert Comment

by:Praveen Patten
Comment Utility
Super Jinesh
1
Last week, our Skyport webinar on “How to secure your Active Directory” provided 218 attendees with a step-by-step guide for identifying Active Directory security threats and how to protect against them.

According to Howard Friedman, presenter and vice president of business innovation at Ascent Solutions, 90% of organizations use Active Directory for their identities and credentials. That means this system—often at the center of everything for an enterprise—is at a high targeted risk for theft and security breaches.

In fact, Russell Rice, head of product at Skyport Systems, said threats are many and growing. There are sites that exist for the sole purpose of providing free means to breach Active Directory firewalls and swipe credentials to infiltrate weak points of entry. 

This vulnerability has lead teams like Friedman’s and Rice’s to explore existing weaknesses in this widely-used system and find ways to safeguard against potential threats.

They discussed why these gaps exist, citing issues such as cost, bogged down processes that teams and individuals put off, and too many administrative access points. While the job can sometimes be “unsexy”, as Friedman put it, securing Active Directory doesn’t just protect user credentials, but credentials for computers, data, and even three-party firms. They’re all connected, and a problem in …
5
This article runs through the process of deploying a single EXE application selectively to a group of user.
10
LVL 15

Expert Comment

by:Jamie Garroch
Comment Utility
As a developer of PowerPoint templates and add-ins, this article is a great find as clients often do not know how to deploy these types of deliverables centrally. Thanks for taking the time to write it. Is there a way to test this is local mode i.e. when you don't have access to a corporate infrastructure. I see that Win10 has a "Local Group Policy Editor":
Local Group Policy Editor
0
LVL 49

Author Comment

by:Shaun Vermaak
Comment Utility
Hi Jamie. Thank you for the comment.

Unfortunately not. In fact, you cannot see preferences even in RSOP.msc, only in GPRESULT.

May I recommend you build a testing DC with a trial account?

Something that you might like is that these preferences are XML and you can variablize it.
2
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
7
LVL 3

Expert Comment

by:alohadin
Comment Utility
This has been bookmarked!
Great stuff Shaun.
Thanks a lot.
1
LVL 11

Expert Comment

by:Senior IT System Engineer
Comment Utility
thanks for sharing such a great article Shaun :-) !
0
Lab Topology
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
1

Expert Comment

by:PriteshW
Comment Utility
Good Article, setup on my lab and works well.
0
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
0
LVL 22

Expert Comment

by:Walter Curtis
Comment Utility
Great information. Thanks! Recommended reading for all SharePoint people. This should be submitted as an article.

Have a good one...
1
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
0
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
0
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, code portability, maintainability and platform agnosti
0
Synchronize a new Active Directory domain with an existing Office 365 tenant
1
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
0
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
1
Resolve DNS query failed errors for Exchange
2
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogged down in the details.
7
LVL 67

Expert Comment

by:Jim Horn
Comment Utility
Nice article on a large Active Directory and SQL Server permissions issue that DBA's work with a lot.  Nicely illustrated as well.  Voting Yes.
0
LVL 8

Expert Comment

by:Yashwant Vishwakarma
Comment Utility
Nice article Joseph :)
got some idea about active directory concepts.
Voted YES.
1
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
3
LVL 11

Expert Comment

by:Senior IT System Engineer
Comment Utility
Hi Michael,

Do I need to run the Powershell that you mention above in the PDC emulator role or it has to be from the DC where I have made the changes ?
0
LVL 5

Author Comment

by:Michael Christly
Comment Utility
I run this in powershell (as admin) from my desktop. It would be fine to run on any dc. However I have remote admin tools installed on my machine. If your domain is large this type of forced replication could cause a significant network traffic until replication is complete. My domain has 4 dc at two physical sites and it takes about 20 to 40 seconds to complete.
1
Domain split
Previously I had a customer who was preparing to be split into two separate businesses. The disruption to the IT infrastructure was going to be huge, and the timeline to complete the work was tight - very tight. With the help of EE I managed to find a way to do this quickly and cleanly.
6
LVL 25

Expert Comment

by:Luciano Patrão
Comment Utility
Good article!
0
LVL 67

Expert Comment

by:Jim Horn
Comment Utility
Nice case study you've written here, and well illustrated.  Voting Yes.
0
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lot of time with Jeremy Moskowitz's GP books.
0
Several part series to implement Internet Explorer 11 Enterprise Mode
1
Not many admins are aware that GPOs can be activated and deactivated time-based. Time to change that :)
6
Ever wondered why Windows 8 and 10 don't seem to accept your GPO-based software deployment while Windows 7 does? Read on.
13
LVL 15

Expert Comment

by:LockDown32
Comment Utility
Thanks McKnife. I caught the part about the fast boot. It was interesting and clear. What wasn't clear was the fix.
0

Expert Comment

by:IT Guy
Comment Utility
Excellent article
0

Active Directory

78K

Solutions

39K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Vendor Experts

Kevin StanushSystemTools Software Learn more about SystemTools Software