I wanted to find out what date an Active Directory object was created on / replicated to a Domain Controller. Actually, you can find that information in the meta-data of the Active Directory Object!
Articles related to Active Directory administration. (user, computer and group management)
Windows Server 2008 provides you with the possibility to create an online snapshot of the Active Directory database. You can load the AD snapshot with Windows standard tools and make it available as LDAP Directory at a TCP port of your choice. This “Snapshot Directory Service” contains all information of the AD domain and can […]
The following outline clarifies the terms needed for setting up an unidirectional Trust.
I was looking for a possibility to check and supervise the synchronization of user-objects with Quest Migration Manager for Active Directory. In addition, I was missing a good overview to answer the question: Were new user-accounts created in the target-domain? Both problems could be solved with a little Powershell script.
Trust between Windows Server 2008 R2 and NT4 does not work „by design“ It is not possible to create a trust between a Windows Server 2008 R2 domain and a NT4 domain. However, a trust can be created between a Windows Server 2008 domain and a NT4 domain by adapting certain parameters.
FSMO or Flexible Single Master Operations is a specialized domain controller set of tasks. Specialized tasks can be spread to several servers, but only one server can act as FSMO at a specific time.
With Windows Vista / 7 / 8 the “DC Locator Algorithm” has been improved. However, it needs to be activated by a group policy (GPO) first. The article will tell you about the differences and how to configure the group policy
The Standard “Users” and the standard “Computers” container (in which new objects are to be created in default) can be easily changed with Windows standard applications. Benefits, requirements and the commands redirusr and redircmp are explained in this article.
Many administrators use KiXtart and have developed their own login script. The script checks group memberships of the users during the log-in process to connect network drives, assign printers and so on. (new to Kixtart?) When an Active Directory group has been renamed, it might happen that the ‘InGroup’ function Kixtart does not work anymore.
Lately we found a security gap in Active Directory. We noticed that some accounts in Active Directory were active, but contained an empty password. This should not be possible if a valid password policy is in place. This is at least what I thought…
- Azure Basics: Connecting with Azure (PowerShell)
- PowerShell Custom Objects
- Logon Script does not start on Windows Server 2012 R2 domain
- IsMember – Check group membership in Active Directory
- Dynamic OU Groups – Assign Permissions to OUs
- Mobile Video Streaming Server with Windows 10
- AD Administration in the new Azure Portal
- Novell Migration: Migrate Critical Legacy Applications with OpenLDAP Proxy
- NTFS Creator Owner Permissions
- Adding a Windows Server 2012 R2 DC to an Existing Domain