Creating AD User Accounts Using PowerShell

Whenever someone tells me that my insistence that domain controllers should never have a GUI (Graphical User Interface) I introduce them to the Remote Server Administration Tools, and all is well. Yes, you can manage your Active Directory Domain Services (AD DS) from the comfort of your Windows 11 (or Windows 10) PC with the … Continue reading Creating AD User Accounts Using PowerShell

HAADJ: Group Policy to Cloud Policy

**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody … Continue reading HAADJ: Group Policy to Cloud Policy

Azure AD Connect: Setting up your HAADJ

**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody … Continue reading Azure AD Connect: Setting up your HAADJ

Domain Controller to the Core

**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody … Continue reading Domain Controller to the Core

Renaming Your Domain

**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody … Continue reading Renaming Your Domain

Creating a Lab Domain in PowerShell

I am spending a lot of time in Microsoft 365 these days. Because of my new contract, I found myself needing to build a lab environment from scratch. Yes, I am working in Azure AD, but for my role I realized it would be help to have an on-premise Active Directory Domain Services environment, in … Continue reading Creating a Lab Domain in PowerShell

AzureAD: Joining is easy!

There was a time, years ago, when I maintained my own Active Directory infrastructure.  I was living with my family in Canada, I had server racks in the basement, and my company required my having AD that I could use and often demo.  Those days are long gone.  I now live in an apartment in … Continue reading AzureAD: Joining is easy!

Domain Controller Ports

Recently I was asked by a client to produce a list of firewall ports that are used by Active Directory Domain Services (AD DS), specifically those for domain controllers.  This is what I came up with: TCP and UDP 389 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP TCP 636 Directory, Replication, User … Continue reading Domain Controller Ports

A PowerShell Gotcha

I was bulk-creating users for a test environment today, and in doing so, I borrowed a script from an article online, which set the password for all users to 'Pa$$word'  I usually use a variation on the same for test environments, but I opted to leave this one as it was.  The script worked. A … Continue reading A PowerShell Gotcha

Delegating Control in Active Directory

I have been saying for years that a good IT department in a secure, well-managed infrastructure will give their end users the tools they need to do their job… and nothing more.If that is true for end users, shouldn’t it also be true for the IT department themselves?  It is frustrating to see the number … Continue reading Delegating Control in Active Directory

Domain Controller Health Service Lockdown Issue with SCOM 2016

I came to this realization last year, but I don't think I wrote about it. When monitoring domain controllers, specifically domain controllers running on Windows Server 2016, and specifically with System Center Operations Manager 2016 (and later, I assume) have a bit of an issue when you deploy the SCOM Agent to the server.  It deploys, … Continue reading Domain Controller Health Service Lockdown Issue with SCOM 2016

Active Directory Recycle Bin

A few years ago, Microsoft introduced the Active Directory Recycle Bin to Windows Server.  Wonderful!  It is not enabled out of the box, but it is reasonably simple to enable... except, it is not. Firstly, you can do it in the GUI... Open the Active Directory Administrative Center, navigate to local (local), and then in the … Continue reading Active Directory Recycle Bin

DCPromo No More… PowerShell!

I needed to build a new domain controller for a friend’s company recently.  It is something that I have done so many times over the past two decades that some things are just instinctive… like typing dcpromo to create a domain controller. Right… I had forgotten about that.  dcpromo has been deprecated. You could go … Continue reading DCPromo No More… PowerShell!

SCM is gone… Say Hi to SCT.

For the past several years nearly every client of mine (that I have consulted on Active Directory) has been introduced to the Microsoft Security Compliance Manager (SCM), a great tool that helped create Group Policy Objects (GPOs) for any number of Organizational Units (OUs), including Default Domain Policy, Domain Controller Policy, Client Workstation Policy, and … Continue reading SCM is gone… Say Hi to SCT.

Distinguished Names: How do I…

Yeah yeah, I know… A little while ago I talked about how to determine the Distinguished Name (DN) of an Active Directory Object, and I got a flurry of requests for doing it with PowerShell. Now, normally I do like to show you how to do things via the GUI, and then what the PowerShell … Continue reading Distinguished Names: How do I…