With Windows Vista / 7 / 8 the “DC Locator Algorithm” has been improved. However, it needs to be activated by a group policy (GPO) first. The article will tell you about the differences and how to configure the group policy
Articles related to Active Directory administration. (user, computer and group management)
The Standard “Users” and the standard “Computers” container (in which new objects are to be created in default) can be easily changed with Windows standard applications. Benefits, requirements and the commands redirusr and redircmp are explained in this article.
Many administrators use KiXtart and have developed their own login script. The script checks group memberships of the users during the log-in process to connect network drives, assign printers and so on. (new to Kixtart?) When an Active Directory group has been renamed, it might happen that the ‘InGroup’ function Kixtart does not work anymore.
Lately we found a security gap in Active Directory. We noticed that some accounts in Active Directory were active, but contained an empty password. This should not be possible if a valid password policy is in place. This is at least what I thought…
After looking for the Microsoft KB article on Active Directory Group Nesting for the umpteenth time today, because I wasn’t sure on a particular issue, I decided to create a table as an overview. What group can be member of what group in the same domain or forest? Here are all possible group nesting memberships in […]
Dynamic security groups are now possible in Active Directory. Dynamic distribution groups already exist in MS Exchange Server. So far they cannot be used to assign permissions to AD objects. There is various scenarios that make it necessary to use them like risk management or a fast provisioning of permissions.
Timestamps and changes of AD objects can be made visible with REPADMIN A well-known problem for many administrators: An error occured and when questioned what has been changed – of course ‘nothing has been changed’ will be the answer. Using the “Active Directory Users and Computers” MMC console will only reveal time and date of […]
Authorative and non-authorative restore Individual Active Directory objects that have been deleted accidently can be backed up proceeding an authoritative restore. You can restore single objects (OU, containers) and integrate them in the current AD. To know how, read the step by step tutorial. A non-authorative restore instead would not set back a missing / […]
Exchange 2007 is a 64 bit application with 64 bit management tools. Download the Exchange 2007 management tools for 32 bit operation systems from the following link:
Not only user accounts, but also computer accounts use passwords to log on to the domain. The computer password is set by the client and changed every 30 days. Computer account copy – Domain log-in doesn’t work In virtual environments you can easily create a copy of a computer (server or client) and also continue […]
- AD LDS Proxy Authentication
- PowerShell: Find active computer objects
- Nesting groups in Active Directory
- Create home directory and grant permissions with PowerShell
- Creating an individual random password with PowerShell
- Retrieve Active Directory subnets with PowerShell
- Editing users of other domains – with PowerShell
- Azure Basics: Connecting with Azure (PowerShell)
- PowerShell Custom Objects
- Logon Script does not start on Windows Server 2012 R2 domain