Everything Active Directory
I was aware of most of the software on this list but there were a few surprises like the Learning Content Development System and UAPick. Check it out, its a long list and I’m sure you will find something interesting.
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
See the link below for a great script that uses Powershell to determine when Active Directory passwords will expire. Web Active Directory, LLC also has a product called PeopleMinder that automates the notification of your end users, specific user groups, etc of an upcoming Active Directory password expiration, but if you want to make your own script here’s a great start at that.
http://blogs.msdn.com/adpowershell/archive/2010/02/26/find-out-when-your-password-expires.aspx
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
Thanks to Mark Parris a Microsoft MVP for pointing out this one. This article points out how to adjust the weight and priority for LDAP authentication requests against your domain controllers. Check it out, be sure to follow his blog, I do!
http://markparris.co.uk/2010/02/26/reduce-the-load-on-a-windows-domain-controller/
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
Ever wonder what characters are valid in domain names, netbios names, Active Directory sites, etc? Well you don’t have to guess, Microsoft has a knowledgebase article with the standards already defined for you.
Pay special attention to name collisions in the directory and the reserved words when defining OU names.
http://support.microsoft.com/kb/909264
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
I recently saw a post on this and so it got me interested in where this data is stored and where on the MSDN site I could find it.
I have found that if you ask a company what forest and domain functionality level they are at you will probably get a different answer from each person you ask…so why not get it from the source, query the rootDSE and get the attributes that correspond to the forest and domain levels.
If you are using the Active Directory module for Windows PowerShell in Windows Server 2008 R2 then you can also get this information by using Get-ADDomain and Get-ADForest and it will give you the ForestMode and DomainMode.
Using this same Directory module for Windows PowerShell in Windows Server 2008 R2 you can also use Get-ADRootDSE and look at the forestFunctionality and domainFunctionality.
Here is the blog article that got me looking Permanent Link to Active Directory – Domain and Forest Functional Levels
Here are the links to MSDN’s reference on these values
http://msdn.microsoft.com/en-us/library/cc223273(PROT.10).aspx
http://msdn.microsoft.com/en-us/library/cc223274(PROT.10).aspx
http://technet.microsoft.com/en-us/library/dd378809(WS.10).aspx
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
This has been something that has bugged me for quite a while, when I see environments where Active Directory OU’s have been created to reflect the organization structure, whether that be departments or physical locations, I always wonder why someone would choose this model and if they really understand the features and functions in Active Directory.
When you create an Active Directory OU structure that reflects physical location or departments you have doomed yourself to a life of constant object moves for little or no value. If you want to see which users are in a particular location or department use the attributes in Active Directory that correspond to those things! Use a product like PeopleUpdate to allow delegated updates to Active Directory and then when you want to see all users in a particular location or department just perform a quick search of Active Directory.
When someone asks me when they should use or create another OU my answer is for Active Directory security delegation. In limited cases I can buy in to creating OU’s to support Group Policies or at a very high level to separate normal user and computer accounts from IT/service accounts and computers. One commonly overlooked feature of Group Policy is the ability to use WMI filtering, Active Directory security groups, and Active Directory Sites to filter when or to whom Group Policy is applied to users.
I’d like to hear from you what you think about this topic too, so post a comment or two. We would love to hear from you.
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
I think it’s important that everything you can do in a GUI can be done in Powershell and this is quickly becoming a reality for all Microsoft products. This Powershell script allows you to quickly report on an Active Directory Default Domain Password Policy and change it…all with Powershell. Use this in your Active Directory Health Check to report on the directory.
http://www.energizedtech.com/2010/02/powershell-viewing-and-setting.html
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
Here is a quick reference for beginners with Powershell, just a few common things that people try to do in Powershell that they might need an example for. Not comprehensive but still a good quick link to keep.
http://www.johndcook.com/PowerShellCookbook.html#a24
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
If you want to make your Powershell scripts infinitely powerful and flexible use variables! For example, lets say you create a powershell script that manually shuts down some services in a specific order, then reboots the server, then manually starts some services in a specific order. If at a minimum you use variables for the server and services name you can now take this script and apply it to any server in your environment! Here is a link to the detailed information about variables in Powershell 2.0
http://technet.microsoft.com/en-us/library/dd347604.aspx
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
Want to use Active Directory for authenticating your Linux devices? Well you can! This is extremely powerful for enabling a single user id for authentication and now you can use products like PeoplePassword for password self-service on both Windows and Linux.
http://adminspotting.net/articles/windows/linux-and-active-directory.html
For more information, contact us at www.webactivedirectory.com
