Domain Controller Ports

Recently I was asked by a client to produce a list of firewall ports that are used by Active Directory Domain Services (AD DS), specifically those for domain controllers.  This is what I came up with: TCP and UDP 389 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP TCP 636 Directory, Replication, User... Continue Reading →

A PowerShell Gotcha

I was bulk-creating users for a test environment today, and in doing so, I borrowed a script from an article online, which set the password for all users to 'Pa$$word'  I usually use a variation on the same for test environments, but I opted to leave this one as it was.  The script worked. A... Continue Reading →

Domain Controller Health Service Lockdown Issue with SCOM 2016

I came to this realization last year, but I don't think I wrote about it. When monitoring domain controllers, specifically domain controllers running on Windows Server 2016, and specifically with System Center Operations Manager 2016 (and later, I assume) have a bit of an issue when you deploy the SCOM Agent to the server.  It deploys,... Continue Reading →

Active Directory Recycle Bin

A few years ago, Microsoft introduced the Active Directory Recycle Bin to Windows Server.  Wonderful!  It is not enabled out of the box, but it is reasonably simple to enable... except, it is not. Firstly, you can do it in the GUI... Open the Active Directory Administrative Center, navigate to local (local), and then in the... Continue Reading →

SCM is gone… Say Hi to SCT.

For the past several years nearly every client of mine (that I have consulted on Active Directory) has been introduced to the Microsoft Security Compliance Manager (SCM), a great tool that helped create Group Policy Objects (GPOs) for any number of Organizational Units (OUs), including Default Domain Policy, Domain Controller Policy, Client Workstation Policy, and... Continue Reading →

Powered by WordPress.com.

Up ↑

%d bloggers like this: