You are here: Windows OS HubActive Directory

Archive for the 'Active Directory' Category

How to Find Blocked, Disabled or Inactive Objects in AD Using Search-ADAccount

Posted on September 6th, 2017 · Posted in Active Directory, Powershell
Search-ADAccount out-gridview

Quite an often task of an Active Directory administrator is to make a list of disabled or inactive accounts and computers, or a list of accounts with expired passwords. To do it, you can use either the saved LDAP queries in the ADUC console, or already familiar PowerShell cmdlets, like.. read more

Generating Outlook 2010/2013 Signature Using AD Information

Posted on May 11th, 2017 · Posted in Active Directory, Outlook
Outlook 2010 - generated signature

In this article we’ll show how to automatically create a user signature in Outlook 2010/2013 based on data from  Active Directory. The following scenario will be considered: the first time a new domain user is logged on to the workstation, the PowerShell script automatically generates an Outlook user signature file with.. read more

Fine-Grained Password Policy in Windows Server 2012 R2

Posted on May 5th, 2017 · Posted in Active Directory, Windows Server 2012 R2
Fine Grained Password Policy for domain admins

In Active Directory version introduced in Windows Server 2000, you could create only one password policy for the entire domain. This policy was configured within the standard Default Domain Policy. If the administrator assigned a new GPO with other password settings to the OU, CSE (Client Side Extensions) would ignore.. read more

Temporary Membership in Active Directory Groups

Posted on December 28th, 2016 · Posted in Active Directory, Windows Server 2016
Get-ADGroup ShowMemberTimeToLive

The version of Active Directory in Windows Server 2016 has a number of interesting changes. Today we’ll consider the opportunity to provide users with temporary membership in Active Directory groups. This feature can be used when you need to give specific privileges based on the membership in AD security group.. read more

How to Set Windows User Account Picture From Active Directory

Posted on November 30th, 2016 · Posted in Active Directory, Windows 10
windows account picture from ad thumbnailPhoto

In this article we’ll show how to get a user photo from Active Directory and use it as user account picture in Windows  (displayed on logon and the lock screen, in the start menu, etc.) The algorithm should work as follows: during user logon, the system must receive a user.. read more

How to Import User Photo to Active Directory Using PowerShell

Posted on November 18th, 2016 · Posted in Active Directory, Powershell
import user photo to ad

Among user attributes starting from the version of Active Directory schema in Windows Server 2000, there is a special attribute thumbnailPhoto, in which a user photo (or any other images) can be stored as binary data. Outlook since 2010, Lync, SharePoint (and other applications) can use the data contained in.. read more

How to Convert SID to Username and Vice Versa

Posted on October 14th, 2016 · Posted in Active Directory
whoami /user

In Windows environment, each domain and local user, a group or other security objects are assigned a unique identifier — Security Identifier or SID. It is an SID, but not the user name, that is used to control access to different resources: network shares, registry keys, file system objects, etc… read more

How to Change Default Permissions for New GPOs

Posted on October 12th, 2016 · Posted in Active Directory, Group Policies
new gpo permission

Getting back to the problems related to the break of GPO processing after the installation of the updates from MS16-072 (KB3163622) security bulletin, I’d like to tell about another important thing. As you remember, in order to make GPO Security Filtering work correctly after you install this update on clients,.. read more

Auditing Users Password Strength in AD

Posted on October 5th, 2016 · Posted in Active Directory, Powershell
Active Directory Password Quality Report

The complexity of a user password in Active Directory domain is one of the key security elements both for user data, and the entire domain. As a rule, users prefer to use weak, easy-to-remember passwords. Thus, they significantly reduce the level of protection against hackers for their accounts. In this.. read more

How to Refresh AD Groups Membership Without User Logoff

Posted on September 21st, 2016 · Posted in Active Directory
klist -lh 0 -li 0x3e7 purge

 All administrators know that after a computer or a user is added to an Active Directory group the computer has to be reboot (if the computer account has been added to the domain group) or a user has to be logged off and on again to update group membership or.. read more