@dbeato said in You Have Exceeded the Maximum Number of Computer Accounts - Windows and Active Directory:

@scottalanmiller This is for a standard user without any Domain Admin Privileges. I am assuming this is for a Technician joining computers that no one wants to have admin permissions.

That would be an example case. Yes.

@JaredBusch said in Using non MS DHCP in MS AD:

Setup the way I show, Windows DNS still gets updated form workstations.

03b94431-bd00-4eb2-ad58-a26eb0814fd0-image.png

Good to know Windows is doing what it's supposed to do!

Thanks Jared

Hmmmm.....

There are two releases per year: January, 31th and July, 31th.

@Obsolesce said in Active Directory - User Attribute RFID/HID Badge:

@DustinB3403 said in Active Directory - User Attribute RFID/HID Badge:

@Dashrender I'm a 3rd party to the end customer here. Acting as the middle man as the customer's IT department wanted to engage outside support to try and vet different products.

I candidly told the customer that while this product will work, it won't work with all of the features they want without some substantial changes to their infrastructure and that the support (at least from this vendor) is pretty awful.

The simple approach here is to not integrate RFID/HID's to the system and simply use the AD Integration with the built-in QR codes that each member is assigned.

Just because something may be supported, doesn't imply that it is support.

Except in this case the vendor very clearly has stated they support you adding custom attributes within AD.

@Dashrender said in Managing Distribution Groups in an Exchange Hybrid Environment:

@EddieJennings said in Managing Distribution Groups in an Exchange Hybrid Environment:

I ought to have clarified. DUO MFA comes into play with Outlook for our mailboxes that are in Exchange Online. On-prem mailboxes (the few we have left aren't subject to DUO).

Are those that are left on prem - are they actual users? If so, I'm curious why they can't be migrated?

Eventually all users will be migrated, so, yes, we still have real users on-prem.

This is outside the scope of the original question / scenario, but I've learned a good bit during this process with much of that learning validating a few things I already knew, such as the value of taking the necessary time to plan, and prep the environment for migration (removing unnecessary objects, etc.).

So far the rebuild appears to be still working. It ran all night. No complaints yet.

Try this instead:

$FolderPath = Get-ChildItem -Recurse -Depth 2 -Path "P:\Public" -Force

Where -Depth is the how many levels deep you want to go.

If you want to see what a cmdlet can do, you can use:

Get-Help Get-ChildItem -Full

@IRJ said in New to Windows Active Directory and Group Security Management:

Make an AD group called workstation_admins and add that group to local administrators account on each desktop. This group does not need any AD rights and nobody's account should be in there except for IT admin accounts. Even those IT admin accounts should not be used on local desktops to login on a regular basis. Only when elevation is actually needed, and even then you should use run as.

I do this - Those who need it have a workstation admin account and a local non admin normal account.

@flaxking said in PowerShell - Using Variables to Delete SMTP Proxy Addresses in AD:

if they do not have previous experience with objects

Describes me. lol

@Dashrender said in SAMIT: Do You Really Need Active Directory:

I am surprised that MS didn't come out with a better solution for this ages ago. That whole Direct Connect or whatever it was called - phone home VPN solution they have for Enterprise edition only - what a kluge.

They are working on phasing this out. DirectAccess was a kludge that is being replaced by Always-On-VPN. Which works on versions of Windows Professional and Up and requires very little outside of a certificate and Group Policies (or Intune).