Category: Active Directory
-
Linux on Active Directory
I remember a decade or so ago when Microsoft tried to reach out to the Open Source community and get them to give their products and environments a chance. ‘Microsoft loves Linux!’ was the slogan, with a big heart in there. I remember joking with some of my colleagues that they really did not, but…
-
Creating AD User Accounts Using PowerShell
Whenever someone tells me that my insistence that domain controllers should never have a GUI (Graphical User Interface) I introduce them to the Remote Server Administration Tools, and all is well. Yes, you can manage your Active Directory Domain Services (AD DS) from the comfort of your Windows 11 (or Windows 10) PC with the…
-
HAADJ: Group Policy to Cloud Policy
**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody…
-
Domain Controller to the Core
**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody…
-
Renaming Your Domain
**DISCLOSURE: While I am contracted to Microsoft Corporation, I am not an employee. The articles that I write are not meant to represent the company, nor are they meant to represent me as an employee or spokesman for the company. As has always been the case, all articles on this website represent me and nobody…
-
Creating a Lab Domain in PowerShell
I am spending a lot of time in Microsoft 365 these days. Because of my new contract, I found myself needing to build a lab environment from scratch. Yes, I am working in Azure AD, but for my role I realized it would be help to have an on-premise Active Directory Domain Services environment, in…
-
AzureAD: Joining is easy!
There was a time, years ago, when I maintained my own Active Directory infrastructure. I was living with my family in Canada, I had server racks in the basement, and my company required my having AD that I could use and often demo. Those days are long gone. I now live in an apartment in…
-
Domain Controller Ports
Recently I was asked by a client to produce a list of firewall ports that are used by Active Directory Domain Services (AD DS), specifically those for domain controllers. This is what I came up with: TCP and UDP 389 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP TCP 636 Directory, Replication, User…
-
A PowerShell Gotcha
I was bulk-creating users for a test environment today, and in doing so, I borrowed a script from an article online, which set the password for all users to ‘Pa$$word’ I usually use a variation on the same for test environments, but I opted to leave this one as it was. The script worked. A…
-
Delegating Control in Active Directory
I have been saying for years that a good IT department in a secure, well-managed infrastructure will give their end users the tools they need to do their job… and nothing more. If that is true for end users, shouldn’t it also be true for the IT department themselves? It is frustrating to see the…
-
Domain Controller Health Service Lockdown Issue with SCOM 2016
I came to this realization last year, but I don’t think I wrote about it. When monitoring domain controllers, specifically domain controllers running on Windows Server 2016, and specifically with System Center Operations Manager 2016 (and later, I assume) have a bit of an issue when you deploy the SCOM Agent to the server. It deploys,…
-
Active Directory Recycle Bin
A few years ago, Microsoft introduced the Active Directory Recycle Bin to Windows Server. Wonderful! It is not enabled out of the box, but it is reasonably simple to enable… except, it is not. Firstly, you can do it in the GUI… Open the Active Directory Administrative Center, navigate to local (local), and then in the…
-
DCPromo No More… PowerShell!
I needed to build a new domain controller for a friend’s company recently. It is something that I have done so many times over the past two decades that some things are just instinctive… like typing dcpromo to create a domain controller. Right… I had forgotten about that. dcpromo has been deprecated. You could go…
-
SCM is gone… Say Hi to SCT.
For the past several years nearly every client of mine (that I have consulted on Active Directory) has been introduced to the Microsoft Security Compliance Manager (SCM), a great tool that helped create Group Policy Objects (GPOs) for any number of Organizational Units (OUs), including Default Domain Policy, Domain Controller Policy, Client Workstation Policy, and…
The World According to Mitch 