Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

Browse by Tags

All Tags » Active Directory   (RSS)

Notifying users by e-mail their password is going to expire

Windows by default has a mechanism to notify a user when the password is going to expire. By default Windows will start notifying the user 14 days before the password really expires and must be changed. The default value is affective when no other value Read More...
Posted Sunday, July 20, 2008 5:44 PM by Jorge | 7 Comments
Attachment(s): ADPwdExpNotify.zip

AutoEnrollment Control Access Right is missing in AD

A few days ago I was chatting with a colleague of mine in the UK about automated permissions assignment in AD through DSACLS. His reason to do this was because of CLM deployments where you had to use different kinds of Extended Rights that are defined Read More...
Posted Thursday, July 17, 2008 9:13 PM by Jorge | 0 Comments

Migration Support in ADMTv3.1 for Windows Server 2008

In this post I explain what you can do with ADMTv3 and what you cannot do. Additionally I also define common migration steps and provide links to other information sources. ADMTv3.1 has been released a few days ago and it now supports Windows Server 2008 Read More...
Posted Tuesday, July 15, 2008 11:29 PM by Jorge | 0 Comments

Wanna read something cool about RODCs, Hyper-V and PowerShell?

Nathan Muggli, a PM at Microsoft in the AD product group blogged about a cool way to deploy RODC using Hyper-V and PowerShell in an automated way. Read it here . Cheers, Jorge -------------------------------------------------------------------------------------------------- Read More...
Posted Tuesday, June 10, 2008 12:25 AM by Jorge | 0 Comments

RODC Compatility Pack for Legacy OSes

Microsoft released a KB article that describes issues/symptoms with legacy OSes and the Windows Server 2008 RODC including possible workarounds. You can find that KB article here (Description of the Windows Server 2008 read-only domain controller compatibility Read More...
Posted Wednesday, June 04, 2008 2:16 PM by Jorge | 0 Comments

Denying the change of password related bits on user objects

In every AD domain it is possible to implement one or more password and account lockout policies. In W2K/W2K3 AD domains you can only define one password and account lockout policy and in W2K8 AD domains you can define multiple password and account lockout Read More...
Posted Tuesday, May 20, 2008 9:24 PM by Jorge | 0 Comments
Filed under:

All the information about designing, implementing, using and troubleshooting Group Policy

Always wanted to have all the information about designing, implementing, using and troubleshooting Group Policy in one place? Well, here it is then. Go and get the Group Policy Survival Guide ( HTML ) and ( PDF )! Cheers, Jorge -------------------------------------------------------------------------------------------------- Read More...
Posted Tuesday, April 29, 2008 11:32 AM by Jorge | 1 Comments
Filed under:

Auditing in Windows Server 2008

To audit stuff in Windows Server you first need to configure a main event category to be enabled for "Successes" and/or "Failures". This must be done through a local GPO on the server or through a GPO in AD which then is linked to an OU containing the Read More...
Posted Tuesday, April 29, 2008 11:19 AM by Jorge | 1 Comments

Free AD Objects Recovery Tools

A while ago, I wrote about the new feature within Windows Server 2008 to reanimate and populate the attributes from a snapshot backup. That post can be found here . I thought it would be interesting to summarize the tools available that can help you recover Read More...
Posted Wednesday, March 26, 2008 12:51 PM by Jorge | 3 Comments
Filed under:

Group Policy Preferences

Both Windows Vista SP1 and Windows Server 2008 allow the configuration of "Group Policy Prefences" through the GPMC. With "Grou Policy Preferences" you can deploy and manage operating system and application settings. Previously this was not possible or Read More...
Posted Friday, March 21, 2008 7:14 PM by Jorge | 0 Comments
Filed under:

Switching between a RODC and a RWDC

A DC (for both RODCs/RWDCs) can be (un)assigned the GC role by just configuring a checkbox in Active Directory Sites And Services or using REPADMIN or some other tool that configures the feature. To switch between a RWDC and a RODC (or the other way around), Read More...
Posted Friday, March 21, 2008 6:08 PM by Jorge | 0 Comments
Filed under:

Auditing when members of specific groups logon to a Vista or 2008 computer

Have you ever had the need to audit when members of specific groups logon to a computer? If yes, unfortunately this is only possible out-of-the-box in both Windows Vista and Windows Server 2008. The feature is called "Auditing Special Groups" and you Read More...
Posted Friday, March 21, 2008 5:23 PM by Jorge | 0 Comments

Windows Server 2008 – Reanimating Objects and Restoring additional Information

This post is an updated version of the following post and now contains RTM information: Windows Server Longhorn – Reanimating Objects and Restoring Additional Information Reanimating Objects and Restoring Additional Information Basically when restoring Read More...
Posted Thursday, March 20, 2008 1:29 PM by Jorge | 3 Comments

Windows Time Service

In addition to a previous post a did, I would like to point you to a Microsoft blog about the Windows Time Service (W32TIME) . That blog contains interesting information. My favorite posts on that blog are: Keeping the Domain On Time (Explaining how Windows Read More...
Posted Wednesday, March 19, 2008 4:57 PM by Jorge | 0 Comments

Delegated Permissions and Owner Permissions

Isn't it great when you have created your own delegation model in AD to manage all your stuff in it like creating users, groups, computers, resetting password, unlocking accounts, etc.? That sure is, but things can become not that nice when delegated Read More...
Posted Thursday, February 21, 2008 7:39 PM by Jorge | 1 Comments
Filed under:
More Posts Next page »