[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x

Active Directory

75K

Solutions

38K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

[Webinar] How Hackers Steal Your Credentials and Why Active Directory Must be Secure to Stop Them
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can result in an oversight, leaving weak spots in our system exposed to the outside world. The most often overlooked weak spot? Credentials.

In this webinar, we're shown how to step out of our existing roles and mindsets and step into those of a hacker looking for AD credentials. You'll see where credentials are stored and how improper monitoring can weaken security and make it easier for hackers to gain access to your database.

View the webinar to learn how to mitigate credential issues and vulnerabilities by locking down admin credentials for good.
0
Free Tool: SSL Checker
LVL 11
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

What is WMI and how it can be used to get hardware and software information from remote computers?
Pawel from AdRem Software explains what is WMI and how you can pull very detailed hardware and software information from remote Windows computers without installing any software on them. Key concepts explained: WMI, remote information access, agent-less network monitoring. WMI-enabled software examples include free WMI Tools and NetCrunch network monitor.
0
How to access multiple mailboxes from one account in MS Exchange Server 2010 - video tutorial
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator wants to confirm the message is delivered to all of mailboxes correctly. The video below explains how to grant full access rights to the selected mailbox for the specific user (John in this case). The video also shows how these mailboxes are visible in the left pane of MS Outlook right after the program is launched, while in OWA the user needs to switch between them manually.
0
Mass Updating Active Directory From a Text File
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
1
[Webinar] Secure Your Active Directory
Are you ready to implement Active Directory best practices without reading 300+ pages?

You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest ways to secure your Active Directory environment. Companies like Skyport Systems understand the critical role Active Directory plays in a company's IT infrastructure, and that securing it against vulnerabilities and hackers is essential to operational success.

Watch the video to learn:
  • Easier ways to secure AD based on Microsoft’s guidance
  • How to secure workstations and domain controllers with their SkySecure product
  • How to create an admin/red forest with SkySecure
5
[Webinar] Are Unknown Privileged Accounts Putting You At Risk?
Attackers love to prey on accounts that have privileges.

Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory environment.

Agenda:
  • Create a honeypot Administrator account to track attacks
  • Ensure the built-in Administrator account is secured
  • Monitor activities performed by users that have privileges in Active Directory
  • Reduce membership in privileged groups
  • Be informed when any privileged group changes membership
  • Track changes to service accounts and ensure the highest level of security
2
Importing Users Into Active Directory From a Text File
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
0
[Webinar] Is Your Active Directory as Secure as You Think?
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks is to conduct regular penetration tests. However, most organizations don’t have the resources for this, and simply assume their environment is secure enough.

Many experts, like Ascent Solutions and Skyport Systems, know that “secure enough” isn’t really enough and have taken strides to identify the attack vectors and establish best practice mitigation guidance.

Howard Friedman from Ascent Solutions, Russell Rice of Skyport Systems, and Gene Richardson from Experts Exchange hosted a webinar to showcase:

  • How to gain confidence that your environment will survive a penetration test and be safeguarded against an actual attack
  • The threat model for Microsoft Active Directory domain controllers and its importance
  • Common attack vectors and best practice security techniques
  • How to comply with advanced guidance and mitigate many attack vectors

You may not of been able to ask your question during the live webinar, but you can keep the conversation going! Ask your question now!
5
Joining OS X Mavericks
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease.

The following video show how to bind OSX Mavericks to a Windows Server 2008 Active Directory Domain.
3
Windows Server 2012 – Configuring NTP Servers for Time Synchronization
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource.

1. Use Google, Bing, or other preferred search engine to locate trusted NTP time servers. These are typically provided by government or other network organizations.

2. Log onto the domain controller with administrative credentials and launch a command prompt

3. Stop the time service with the following command: net stop w32time

4. Enter the following command to configure the NTP time servers: w32tm /config /syncfromflags:manual /manualpeerlist:”time server 1, time server 2, time server 3” then hit enter. The command should complete successfully.

5. Inform the domain controller that these are trusted server with the following command: w32tm /config /reliable:yes

6. Restart the time service: net start w32time

7. Review the results by entering: w32tm /query /configuration

8. Ensure the settings are the desired ones. Then close the command prompt. The NTP servers have now been configured.

66
 

Expert Comment

by:Shane Gubb
Thank you for the video clear instruction

I have found on server 2012 (non r2) I had to change the command a little
[comma] [space] between each server causes "The following arguments were unexpected"  where as just [comma] between works correctly
0
 

Expert Comment

by:Hadoop Training
Thanks for given the Awesome Video.Really I like this video.If u are interested in Big Data Hadoop Videos Then visit
<a href="http://www.orienit.com/courses/hadoop-training-in-hyderabad">Big Data Training In Hyderabad</a>
0
Simplify Active Directory Administration
LVL 7
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Windows Server 2008 – Transferring Active Directory FSMO Roles
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller.

1. Log onto the new domain controller with a user account that is a member of both the Enterprise and Schema Admins

2. If there are no other Global Catalog servers in the environment, ensure the new DC is a Global Catalog server. Launch Active Directory Sites and Services, expand the site, expand servers, then highlight the new server

3. Select NTDS Settings in the right panel, right-click, and select Properties. Ensure the Global Catalog box is checked.

4. The schema management DLL must be registered. To do this, click on the Start button and in the Run box type: regsvr32 schmmgmt.dll and hit the enter key. Ensure the DLL is registered successfully.

5. Click on Start and select Run again. Type MMC in the box and hit the enter key. From the console, select File and Add\Remove Snap-In.

6. Select the Active Directory Schema and click the Add radio button, then click OK

7. In the console, highlight Active Directory Schema, right-click and select Change Active Directory Domain Controller. This is because by default, it connects to the existing Schema Master and there is not an option to transfer it.

8. Select the domain controller where the role will be transferred to and click OK

9. Click OK on the warning that you are no longer connected to the Schema Master

10. In the console, highlight Active Directory Schema, right-click and select Change Operations Master. This will show the current Schema Master and provides the options to change it to the one you are currently connected. Click the Change radio button to switch the server. Verify this is the desired task by clicking Yes.

11. Ensure the change is successful

12. To change the Domain Naming Master, launch the Active Directory Domains and Trusts. On the console, highlight Active Directory Domains and Trusts, right-click and select Change Active Directory Domain Controller. Select the domain controller you would like to move the role to and click OK.

13. Highlight Active Directory Domains and Trusts again, right-click and select Change Operations Master. Review the current and new servers. Click the Change radio button to switch the server. Verify this is the desired task by clicking Yes.

14. The final three roles are transferred with the Active Directory Users and Computers tool, so click on Start, Administrative Tools, and select it from the list.

15. Highlight Active Directory Users and Computers, right-click and go to All Tasks, and select Operations Masters. Tabs for the final three roles appear. On the RID screen click the Change radio button. Confirm the change by clicking Yes, and ensure the role was transferred successfully.

16. Select the PDC tab, click the Change radio button. Confirm the change by clicking Yes, and ensure the role was transferred successfully.

17. Select the Infrastructure tab, click the Change radio button. Confirm the change by clicking Yes, and ensure the role was transferred successfully.

1
Transferring Active Directory FSMO Roles to a Windows 2012 Domain Controller
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controller.

1. Log onto the new domain controller with a user account that is a member of both the Enterprise and Schema Admins

2. Verify the systems where the FSMO roles currently reside by launching a command prompt. Type netdom query fsmo.

3. On the desktop, type Run to get the run command screen. The schema management DLL must be registered. Type: regsvr32 schmmgmt.dll and hit the enter key. Ensure the DLL is registered successfully.

4. On the desktop, type MMC and select the MMC console option. From the console, select File and Add\Remove Snap-In.

5. Select the Active Directory Schema and click the Add radio button, then click OK

6. In the console, highlight Active Directory Schema, right-click and select Change Active Directory Domain Controller. This is because by default, it connects to the existing Schema Master and there is not an option to transfer it.

7. Select the domain controller where the role will be transferred to and click OK

8. Click OK on the warning that you are no longer connected to the Schema Master

9. In the console, highlight Active Directory Schema, right-click and select Change Operations Master. This will show the current Schema Master and provides the options to change it to the one you are currently connected. Click the Change radio button to switch the server. Verify this is the desired task by clicking Yes.

10. Ensure the change is successful

11. To change the Domain Naming Master, go to Server Manager and select Tools, then select Active Directory Domains and Trusts from the list. On the console, highlight Active Directory Domains and Trusts, right-click and select Change Active Directory Domain Controller. Select the domain controller you would like to move the role to and click OK.

12. Highlight Active Directory Domains and Trusts again, right-click and select Change Operations Master. Review the current and new servers. Click the Change radio button to switch the server. Verify this is the desired task by clicking Yes.

13. The final three roles are transferred with the Active Directory Users and Computers tool, go to Server Manager and select Tools, then select Active Directory Users and Computers from the list. In the console, highlight Active Directory Users and Computers, right-click and select Change Domain Controller. Select the new domain controller and click OK. In the console, select the domain name and go to All Tasks, and select Operations Masters. Tabs for the final three roles appear. On the RID screen click the Change radio button. Confirm the change by clicking Yes, and ensure the role was transferred successfully.

14. Select the PDC tab, click the Change radio button. Confirm the change by clicking Yes, and ensure the role was transferred successfully.

15. Select the Infrastructure tab, click the Change radio button. Confirm the change by clicking Yes, and ensure the role was transferred successfully.

16. If the domain controller you are decommissioning is the last Global Catalog server, ensure that the new domain controller is also a Global Catalog server. Go to Server Manager and select Tools, then select Active Directory Sites and Services. Expand the site, expand servers, then highlight the new server. Select NTDS Settings in the right panel, right-click, and select Properties. Ensure the Global Catalog box is checked.

17. Verify that all of the roles have successfully been migrated from the command line by typing: netdom query fsmo All roles should now show being located on the Windows 2012 domain controller.

11
 

Expert Comment

by:WAMSINC
Thanks
0
 
LVL 6

Expert Comment

by:Rakesh Kapoor
My two cents about FSMO roles and steps to transfer FSMO Roles and Seize FSMO Roles.
http://www.itingredients.com/what-is-fsmo-roles-flexible-single-master-operations/
0
Introducing a Windows 2012 Domain Controller into a 2008 Active  Directory Environment
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008.

1. Determine the location of the FSMO roles by logging onto the computer with an account with domain administrative rights

2. Launch a command window and enter the command: netdom query fsmo This will display which servers are running the FSMO roles

3. The functional level of the domain is required to be 2003 or higher. To verify this is the case, click on the Start button, select Administrative Tools, then Active Directory Users and Computers.

4. Highlight the domain name, right-click and select Raise Domain Functional Level. This will show the current level and what it can be raised to.

5. Check the membership of the account you are logged on with to ensure it is a member of the Enterprise and Schema Administrators group

6. Log onto the Windows Server 2012

7. Verify that the DNS is configured to point to an existing domain controller. In a command prompt screen, type IPCONFIG /ALL to review the DNS settings

8. On the Server Manager console, select Add Roles and Features. Click Next, accepting the defaults until you come to the Roles options. Place a check in the box by Active Directory Domain Services. If presented with the option to install required features, click Add Features, then click Next two more times, review the summary page, and then click Install.

9. Once the roles have been added, there is a yellow triangle in the upper right of the Server Manager Dashboard. Click that triangle and select Promote this Server to a Domain Controller.

10. Leave the default option to join an existing domain. The domain name field should be pre-populated, click Next.

11. By default, DNS and Global Catalog service are added to the domain controller, click Next

12. Enter a password for the Directory Services Restore Mode option

13. The message about DNS can be ignored as long as you are sure there are other DNS servers in the environment, click Next

14. Select the appropriate domain replication for your environment, click Next

15. It is recommended to keep the default paths for the database, log files, and SYSVOL directories

16. If necessary, it will inform you that the forest and domain prep will be ran as part of this process, click Next

17. Review the procedures that will take place and confirm that the information is correct, click Next

18. Click Install to initiate the process and upgrade of the domain. The server will reboot once completed.

19. Once complete, a Windows Server 2012 domain controller has been added to the domain.

12

Active Directory

75K

Solutions

38K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Vendor Experts

Kevin StanushSystemTools Software Learn more about SystemTools Software