You are here: Windows OS HubActive Directory

Archive for the 'Active Directory' Category

Temporary Membership in Active Directory Groups

Posted on December 28th, 2016 · Posted in Active Directory, Windows Server 2016
Get-ADGroup ShowMemberTimeToLive

The version of Active Directory in Windows Server 2016 has a number of interesting changes. Today we’ll consider the opportunity to provide users with temporary membership in Active Directory groups. This feature can be used when you need to give specific privileges based on the membership in AD security group.. read more

How to Set Windows User Account Picture From Active Directory

Posted on November 30th, 2016 · Posted in Active Directory, Windows 10
windows account picture from ad thumbnailPhoto

In this article we’ll show how to get a user photo from Active Directory and use it as user account picture in Windows  (displayed on logon and the lock screen, in the start menu, etc.) The algorithm should work as follows: during user logon, the system must receive a user.. read more

How to Import User Photo to Active Directory Using PowerShell

Posted on November 18th, 2016 · Posted in Active Directory, Powershell
import user photo to ad

Among user attributes starting from the version of Active Directory schema in Windows Server 2000, there is a special attribute thumbnailPhoto, in which a user photo (or any other images) can be stored as binary data. Outlook since 2010, Lync, SharePoint (and other applications) can use the data contained in.. read more

How to Convert SID to Username and Vice Versa

Posted on October 14th, 2016 · Posted in Active Directory
whoami /user

In Windows environment, each domain and local user, a group or other security objects are assigned a unique identifier — Security Identifier or SID. It is an SID, but not the user name, that is used to control access to different resources: network shares, registry keys, file system objects, etc… read more

How to Change Default Permissions for New GPOs

Posted on October 12th, 2016 · Posted in Active Directory, Group Policies
new gpo permission

Getting back to the problems related to the break of GPO processing after the installation of the updates from MS16-072 (KB3163622) security bulletin, I’d like to tell about another important thing. As you remember, in order to make GPO Security Filtering work correctly after you install this update on clients,.. read more

Auditing Users Password Strength in AD

Posted on October 5th, 2016 · Posted in Active Directory, Powershell
Active Directory Password Quality Report

The complexity of a user password in Active Directory domain is one of the key security elements both for user data, and the entire domain. As a rule, users prefer to use weak, easy-to-remember passwords. Thus, they significantly reduce the level of protection against hackers for their accounts. In this.. read more

How to Refresh AD Groups Membership Without User Logoff

Posted on September 21st, 2016 · Posted in Active Directory
klist -lh 0 -li 0x3e7 purge

 All administrators know that after a computer or a user is added to an Active Directory group the computer has to be reboot (if the computer account has been added to the domain group) or a user has to be logged off and on again to update group membership or.. read more

Get-ADComputer: Getting Active Directory Computers Info via Powershell

Posted on December 9th, 2015 · Posted in Active Directory, Powershell
All AD computer properties

We go on studying useful PowerShell cmdlets to interact with Active Directory. In our last article, we told about Get-AD User cmdlet that allowed to get any information about AD user accounts. Today we’ll discuss Get-ADComputer cmdlet and its use to get information about computer accounts in Active Directory.

How Automatically Fill Computer Description Field in Active Directory

Posted on September 18th, 2015 · Posted in Active Directory, Powershell
populated computer description fileld in active directory

In this article we’ll demonstrate how to fill the computer information in Active Directory using PowerShell. As an example, we’ll show how to save the information about the computer model in the description field of a computer objects in Active Directory.

Kerberos Token Size and Issues of Its Growth

Posted on August 28th, 2015 · Posted in Active Directory
Large Kerberos token size

Recently I’ve faced a quite interesting problem when some users are unable to authenticate on some domain services due to the Kerberos token oversize. In this article, we’ll try to consider the peculiarities of building the Kerberos token, how a user can define its size and how to extend the.. read more