Sharing Active Directory Best Practices
Great article! I’ve been meaning to write this one myself.
AdminSDHolder is a built-in protection mechanism to make sure specific objects…like Domain Admin accounts don’t have the security on their object inadvertently changed. So, you’re a domain admin and go an make a change to an OU’s security and think that an object is going to inherit it? Not so! Read on…
http://www.frickelsoft.net/blog/?p=247
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
I’m sure I’ll run in to this one, especially since I use PC’s that aren’t joined to the domain. I’m going to probably put this in my Powershell profile to avoid waiting for it to load and potential error messages.
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
I’ve seen some other blogs point this out so I decided to read the Microsoft KB article myself. The limit of 5000 objects is definitely something you might run up against in larger organizations. What I would be curious to know is if you can use paging to get around this limit?
Cool little website to search for available Group Policies, a bit faster than using the filter option in the Group Policy Management Console.
Our engineers have created a series of demonstration online videos that provide insight into how PeopleUpdate can be used to delegate active directory updates out to the information and business owners within your organization. Each video provides a different view of PeopleUpdate through the eyes of a typical end-user, a typical HR-user and a typical IT-user. Here are the links to the online YouTube videos:
Needless to say, there are many other ways you can configure and customize PeopleUpdate to manage your Active Directory information based on your organizations’ needs. Please take a look at the videos and let us know if you have any questions or comments. And remember, you can always request a 30-day evaluation of PeopleUpdate on our website or call us toll free at +1-800-747-3565.
Critical must read for you Active Directory admins! How to troubleshoot or even just detect slow LDAP searches.
I honestly had never given this any thought but it sounds like a great idea to do in corporate environments. There are so many Group Policy objects I never even noticed it.
http://blogs.techrepublic.com.com/networking/?p=2795&tag=content;leftCo
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
I’m working on my next Active Directory Health Check article and I came across this article which applies to one of the areas we review as part of an Active Directory Health Check.
Check it out!
http://daniellange.wordpress.com/2010/03/08/auditing-gpo-inheritance-with-powershell/
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
I saw someone else post this on twitter and instead of making it a favorite in my browser I thought I would post it here in hopes that someone else would also find it useful.
Here is a link to the Powershell cmdlets in Windows 2008 R2 for Active Directory.
http://technet.microsoft.com/en-us/library/ee617195.aspx
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
Want an easy way to keep an auditor busy for a while? Check out this script that puts all of the users and groups into excel. I’m not sure how useful it would be in a medium to large organization but it sure would be fun to print out and hand to an auditor!
http://gallery.technet.microsoft.com/ScriptCenter/en-us/d5c6b119-0337-4b5d-93f3-c409c6cf7a45
For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565
