Extract GPO Links from AD Snapshot Author: Alexei Segundo :: Date: Sunday, April 15, 2012 4:20 AM
Categories:
Active Directory,
Group PolicyHere's a short Powershell script that queries an AD snapshot to find the GPOs linked to an OU at a specific point in time.
Powershell 2.0 script to bulk create test user accounts Author: Tony Murray :: Date: Monday, November 09, 2009 10:35 PM
Categories:
Active Directory,
Scripting,
Windows ServerThis script uses Powershell 2.0 with the Windows Server 2008 R2 Active Directory service provider and CMDlets. Use the script to bulk create test user objects in AD.
How do I get to my external website when my AD domain internal name is the same as my external name? Or From inside the office, I can't get to http://domain.com, but can using http://www.domain.com after creating an "A" 'www' record. Author: Ace Fekay :: Date: Monday, July 06, 2009 10:51 PM
Categories:
Active Directory,
Tips and Tricks,
DNSIs your internal domain name and external domain name the same? If so, it's called a split zone.
This is a common dilemma resulting when the internal AD name and the external public names are the same. Users inside the office, including VPN users connected from an external location to the office, cannot get to their externally hosted website.
Considerations when using a domain-based service account with AD LDS Author: Tony Murray :: Date: Monday, April 13, 2009 9:39 PM
Categories:
Active Directory,
Tips and Tricks,
Windows ServerWhen creating an AD LDS instance you are prompted to specify an account to use as the service account. At this point you can specify either the Network Service account or another account. Unless you have a particular need, you should choose the built-in Network Service account. If you opt for a domain-based service account you have to jump through a whole lot of hoops to get things working. Also, you typically end up giving your domain-based service account more permissions than are strictly necessary (as described later in this article). The Network Service account on the other hand provides an easy set up option and is a good choice from a security perspective given that the account has limited access to the local computer.
So why bother to use a domain-based service account at all? Well, if you have a number of services on your server all running under the context of the Network Service account there is potential for security compromise. In this scenario you may want to consider isolating the services from each other using dedicated service accounts.
What follows is a discussion of the steps required to configure AD LDS to use a domain-based service account.
Vbscript to determine domain and forest functional levels Author: Alexei Segundo :: Date: Wednesday, April 08, 2009 7:09 PM
Categories:
Active Directory,
ScriptingThis script was created to help when raising domain and forest functional levels, especially in larger environments. The script uses an authoritative DC to enumerate all the DCs in the forest. Each DC is then contacted in turn to determine what it thinks is the current domain and forest functional level. The goal is to ensure that the information is consistent across DCs before raising the functional level, and to ensure that replication distributes the changes successfully after raising the functional level.
The (Almost) Definitive Active Directory Blogroll Author: Tony Murray :: Date: Saturday, November 01, 2008 8:42 PM
Categories:
Active DirectoryI subscribe to a number of Blogs with Active Directory content. As it took me a while to accumulate the list, I thought I would share it here.
Let me know if I have missed any out there that should be on this list.
LDAP tips #3: Searching for Computers Author: Tony Murray :: Date: Thursday, September 25, 2008 10:57 PM
Categories:
Active Directory,
Tips and TricksThis article is the third in a series providing tips for common LDAP searches.
Multiple Domain Forests: Still a Valid Design Model? Author: Tony Murray :: Date: Monday, July 21, 2008 2:52 PM
Categories:
Active Directory,
Windows ServerOn the ActiveDir.org list there has been some good discussion about whether the multi-domain forest is still considered a valid design option. This article attempts to crystallise the discussion for use as a reference for those involved with the design or review of forest models.
The general consensus is that single domain forests are now the preferred design option for all but the most marginal cases. Note that this does not preclude the use of multiple forests within a single organisation. For example, the use of the Exchange Resource forest in environments that have a distributed NOS architecture but a centralised messaging architecture is common in larger organisations.
Bulk Updates to Active Directory User Attributes Author: David Wiseman :: Date: Thursday, June 12, 2008 3:52 PM
Categories:
Active DirectoryDescribes how to make bulk updates to Active Directory User Attributes using freeware tools (from WiseSoft.co.uk).
How to Enable, Disable and Maintain OCS 2007 (Office Communications Server) User Attributes using VBScript. Author: Matty Holland :: Date: Thursday, May 15, 2008 4:51 PM
Categories:
Active Directory,
ScriptingThis script will enable and configure Active Directory users for OCS 2007. This is an updated version of the re-written LCS reskit script published in article: How to Enable, Disable and Maintain LCS (Live Communications Server) User Attributes using VBScript.