Quite an often task of an Active Directory administrator is to make a list of disabled or inactive accounts and computers, or a list of accounts with expired passwords. To do it, you can use either the saved LDAP queries in the ADUC console, or already familiar PowerShell cmdlets, like.. read more
Knowledge base for system administrators
You are here: Windows OS Hub -» Active Directory
Archive for the 'Active Directory' Category
Generating Outlook 2010/2013 Signature Using AD Information
In this article we’ll show how to automatically create a user signature in Outlook 2010/2013 based on data from Active Directory. The following scenario will be considered: the first time a new domain user is logged on to the workstation, the PowerShell script automatically generates an Outlook user signature file with.. read more
Fine-Grained Password Policy in Windows Server 2012 R2
In Active Directory version introduced in Windows Server 2000, you could create only one password policy for the entire domain. This policy was configured within the standard Default Domain Policy. If the administrator assigned a new GPO with other password settings to the OU, CSE (Client Side Extensions) would ignore.. read more
Temporary Membership in Active Directory Groups
The version of Active Directory in Windows Server 2016 has a number of interesting changes. Today we’ll consider the opportunity to provide users with temporary membership in Active Directory groups. This feature can be used when you need to give specific privileges based on the membership in AD security group.. read more
How to Set Windows User Account Picture From Active Directory
In this article we’ll show how to get a user photo from Active Directory and use it as user account picture in Windows (displayed on logon and the lock screen, in the start menu, etc.) The algorithm should work as follows: during user logon, the system must receive a user.. read more
How to Import User Photo to Active Directory Using PowerShell
Among user attributes starting from the version of Active Directory schema in Windows Server 2000, there is a special attribute thumbnailPhoto, in which a user photo (or any other images) can be stored as binary data. Outlook since 2010, Lync, SharePoint (and other applications) can use the data contained in.. read more
How to Convert SID to Username and Vice Versa
In Windows environment, each domain and local user, a group or other security objects are assigned a unique identifier — Security Identifier or SID. It is an SID, but not the user name, that is used to control access to different resources: network shares, registry keys, file system objects, etc… read more
How to Change Default Permissions for New GPOs
Getting back to the problems related to the break of GPO processing after the installation of the updates from MS16-072 (KB3163622) security bulletin, I’d like to tell about another important thing. As you remember, in order to make GPO Security Filtering work correctly after you install this update on clients,.. read more
Auditing Users Password Strength in AD
The complexity of a user password in Active Directory domain is one of the key security elements both for user data, and the entire domain. As a rule, users prefer to use weak, easy-to-remember passwords. Thus, they significantly reduce the level of protection against hackers for their accounts. In this.. read more
How to Refresh AD Groups Membership Without User Logoff
All administrators know that after a computer or a user is added to an Active Directory group the computer has to be reboot (if the computer account has been added to the domain group) or a user has to be logged off and on again to update group membership or.. read more
