You are here: Windows OS HubActive Directory (Page 2)

Archive for the 'Active Directory' Category

How Automatically Fill Computer Description Field in Active Directory

Posted on September 18th, 2015 · Posted in Active Directory, Powershell
populated computer description fileld in active directory

In this article we’ll demonstrate how to fill the computer information in Active Directory using PowerShell. As an example, we’ll show how to save the information about the computer model in the description field of a computer objects in Active Directory.

Kerberos Token Size and Issues of Its Growth

Posted on August 28th, 2015 · Posted in Active Directory
Large Kerberos token size

Recently I’ve faced a quite interesting problem when some users are unable to authenticate on some domain services due to the Kerberos token oversize. In this article, we’ll try to consider the peculiarities of building the Kerberos token, how a user can define its size and how to extend the.. read more

Get-ADUser: Getting Active Directory Users Data via Powershell

Posted on August 21st, 2015 · Posted in Active Directory, Powershell
get-aduser table view

It’s no secret that from the first PowerShell version, Microsoft tries to make it the main administrative tool in Windows. And it mostly succeeds! Using simple examples, we’ll demonstrate PowerShell features to get different information about Active Directory users and their attributes.

Manage Local Administrator Passwords with LAPS

Posted on August 14th, 2015 · Posted in Active Directory
Local admin password store in Active Directory

The issue of managing built-in accounts on the domain computers is one of the most important security aspects requiring attention of a system administrator. Indeed, you shouldn’t allow using the same local administrator passwords on all computers. There are a lot of approaches to the management of local administrator accounts.. read more

Using LDAP Saved Queries in Active Directory

Posted on June 24th, 2015 · Posted in Active Directory
aduc-with-additional-fields

The Saved Queries in Active Directory Users and Computers (ADUC) console allow to create simple and complex LDAP queries by samples of Active Directory objects. These queries can be saved, edited and transferred to other computers. Using the Saved Queries, you can deal with search and sampling of AD objects.. read more

Allow non-administrators RDP Access to Domain Controller

Posted on June 4th, 2015 · Posted in Active Directory
you need remote desktop services rights

By default, only the members of Domain Admins group have the remote RDP access to the domain controllers. In this article we’ll show how to grant domain users  RDP access to the domain controllers.

Configuring Network Devices Authentication using Active Directory

Posted on May 14th, 2015 · Posted in Active Directory
New RADIUS client

When servicing large networks, system administrators often face authentication problems on the network devices. In particular, it is quite hard to arrange normal work of several network administrators under individual accounts on a large amount of equipment (you have to support and keep up to date the database of the.. read more

Using GPResult to Diagnose Group Policies Issues

Posted on November 6th, 2014 · Posted in Active Directory
Genereate GPResult html report

GPResult.exe is a console utility that allows to analyze settings and diagnose group policies that applied to a computer and/or user. In particular, GPResult helps to obtain the Resultant Set of Policy (RSOP), the list of the applied domain policies (GPO), their settings and the detailed information on the errors.. read more

Additional Account Info Tab in AD Users And Computers Console

Posted on August 13th, 2014 · Posted in Active Directory
Additional Account Info tab on ADUC windows 2012 r2 x64

Many administrators are familiar with Additional Account Info tab since there have been AD domains based on Windows Server 2003. It is to be reminded that the Additional Account Info tab to appear in the User Properties of Active Directory Users and Computers (ADUC) console, you had to download Windows.. read more

Troubleshooting: Identify Source of Active Directory Account Lockouts

Posted on June 25th, 2014 · Posted in Active Directory
Active Directory Account Lockout Policies

An account security policy in most businesses requires mandatory Active Directory user account lockout if the password has been entered incorrectly n times. Usually an account is locked for several minutes (5-30), when a user can’t log in the system. In some time defined by the security policies, the account.. read more