Category: Active Directory 101

Add and remove users to AD groups with Group Policy

Group Policy allows you to add and remove users to an Active Directory (AD) group. Using this feature improves security because you can ensure that high-risk security groups only contain the users that you specify via Group Policy. To manage the Domain Admins group, you will need Remote Server Administration Tools(RSAT) installed. After installing that, open […]

Read More »

Configuring Password Replication Policy for Read Only Domain Controllers

What is Password Replication Policy? Password Replication Policy (PRP) determines which users’ credentials can be cached on a specific RODC. If PRP allows an RODC to cache a user’s credentials, authentication and service ticket activities of that user can be processed by the RODC. If a user’s credentials cannot be cached on an RODC, authentication […]

Read More »

Powershell – Remove Members from AD Groups in bulk

Now there are several ways that you can remove members from a group. The simplest of all is by using Remove-ADGroupMember. Let us see the examples associated with this cmdlet. Get-Help Remove-ADGroupMember -Examples As you can see in the Examples, we need to know the Members that are part of the group in order to […]

Read More »

Components of Active Directory Certificate Services

Today we will be seeing the different components of the Active Directory Certificate Services. Each of the components have a specific task to be done and they will be used under various different scenarios. If you have ever installed the Active Directory Certificate Services role, then you must know that there are six different components […]

Read More »

Find Expired Accounts in Active Directory using Powershell

We all know, people join organizations and leave organizations at regular intervals. And we as System Administrators have to create and manage their user accounts in Active Directory. As a best practice, we all set an expiration date to the user account that is created. But do we delete those accounts if they are no […]

Read More »

Find empty groups in Active Directory using PowerShell

Today we will find empty groups in Active Directory using Powershell. You all may know that we as System Administrators are required to create groups in the Active Directory for all sorts of purposes and reasons. But over time, do people who request for these groups really utilise them? It is bound to happen that […]

Read More »

PowerShell: Get Last Logon For All Users Across All Domain Controllers

Here is a quick PowerShell script to help you query the last logon time for all of your users across all of your domain controllers. It will also save the output to a .csv file specified in the $exportFilePath string. I was surprised not to find many examples of this across the web already. Either […]

Read More »

Creating A Windows 2012 Or 2012R2 Domain Controller

With Windows 2003 nearing end-of-life, it is becoming more imperative to upgrade to a newer operating system. For many IT admins, this is a great opportunity to start upgrading infrastructures to Windows 2012 or Windows 2012R2. Since DCPromo was depreciated in Windows Server 2012, the following article serves as a step-by-step guide to creating a […]

Read More »

Promoting A Windows 2012R2 Server To Domain Controller

Once a Windows 2012 or Windows 2012R2 has had the Active Directory Domain Services role installed, the domain controller must be promoted to a domain controller. This article outlines the steps needed to add a domain controller to an existing environment.   How to Promote a Windows 2012R2 Domain Controller Post installation of the role, […]

Read More »

FashionBuzz © 2015 | All Rights Reserved Theme by Flythemes