ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Tags
    3. ad
    Log in to post
    • All categories
    • OksanaO

      Active Directory Replication Status Tool: Is There a Replacement?

      Watching Ignoring Scheduled Pinned Locked Moved Starwind starwind active directory ad troubleshooting
      1
      0 Votes
      1 Posts
      201 Views
      No one has replied
    • scottalanmillerS

      Move FSMO Roles Using PowerShell | Active Directory Domain Controller AD DC

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion powershell ad dc ad dc active directory fsmo domain controller windows windows server
      4
      4 Votes
      4 Posts
      883 Views
      CCWTechC

      @syko24 said in Move FSMO Roles Using PowerShell | Active Directory Domain Controller AD DC:

      I'm a fan of the one liner assuming you are transferring all roles to the same DC.

      Move-ADDirectoryServerOperationMasterRole -Identity "DC-Server" -OperationMasterRole 0,1,2,3,4 0: PDCEmulator 1: RIDMaster 2: InfrastructureMaster 3: SchemaMaster 4: DomainNamingMaster

      Me too. This is what I normally use. SOOOO helpful.

      Not sure why powershell made it so complicated to find who has the roles.
      netdom query fsmo was so easy.

    • EddieJenningsE

      sssd and user ID mapping

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion linux sssd authentication ad active directory
      14
      0 Votes
      14 Posts
      3k Views
      1

      @stacksofplates said in sssd and user ID mapping:

      @Pete-S said in sssd and user ID mapping:

      @Semicolon said in sssd and user ID mapping:

      @Pete-S If it is an issue, its trival enough to prevent public key authentication for users or groups of users, even groups of AD users.

      Sure, but the problem for developers and admins is that they usually need their keys. That's why I don't think ad/ldap integration with ssh users really works in that use case.

      The other solution, which is what I think is more suitable for developers and admins, is to use your SSO/AD solution with MFA to pickup a short-lived ssh certificate. Then you use the ssh certificate to actually access things.
      Many companies with huge infrastructures use this method because it's very scalable.

      We forced kerberos for SSH auth after wen enabled AD integration. SSH works like keys then but you don't use the keys.

      Never used it but it seems to be a good solution if you want AD integration.

      I noticed that gitlab also supports kerberos for pushing and pulling. I assume github does too. That's very convenient.

    • OksanaO

      How to Assess the Security of Your Active Directory

      Watching Ignoring Scheduled Pinned Locked Moved Starwind active directory ad pingcastle cyber security
      2
      1 Votes
      2 Posts
      540 Views
      J

      Hmmmm.....

      There are two releases per year: January, 31th and July, 31th.
    • wrx7mW

      PowerShell - Using Variables to Delete SMTP Proxy Addresses in AD

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion powershell ad active directory windows get-aduser
      11
      1 Votes
      11 Posts
      3k Views
      wrx7mW

      @flaxking said in PowerShell - Using Variables to Delete SMTP Proxy Addresses in AD:

      if they do not have previous experience with objects

      Describes me. lol

    • 1

      How does name resolution work in AD?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion windows dns ad
      15
      0 Votes
      15 Posts
      1k Views
      DashrenderD

      @Pete-S said in How does name resolution work in AD?:

      @Dashrender said in How does name resolution work in AD?:

      @scottalanmiller said in How does name resolution work in AD?:

      @Pete-S said in How does name resolution work in AD?:

      I was wondering how it works because we see a problem where a couple of Win 10 clients can resolve all the internal Windows servers names, but not the statically assigned names of linux servers.

      I thought if the name resolution works over different mechanisms and uses different ports it could be an firewall or L3 switch somewhere that has been misconfigured.

      This is common in situations where Linux is not given an opportunity to auto-update the DNS entries, no one makes them manually, and they are not joined to AD.

      Exactly - have you or anyone else added these servers to AD's DNS?

      They have been added manually. The name of the service is also not the name as the server. So if a webserver is abc001.company.com the name in the DNS that will send you to that server might be logistics.company.com.

      if you're being sent to logistics, that's the entry that must be in DNS.. you can have as many entries as are needed for a single server.
      each name is it's own entry.

    • wrx7mW

      Any Way to Automate Adding a New Computer to an AD Group?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion windows 10 windows server ad active directory gpo mdt powershell ps pdq deploy ou task sequence
      32
      0 Votes
      32 Posts
      9k Views
      F

      @marcinozga said in Any Way to Automate Adding a New Computer to an AD Group?:

      @flaxking said in Any Way to Automate Adding a New Computer to an AD Group?:

      @marcinozga said in Any Way to Automate Adding a New Computer to an AD Group?:

      Ansible can do that. https://docs.ansible.com/ansible/latest/modules/win_domain_group_membership_module.html#win-domain-group-membership-module
      You can add new PCs to domain, and change their group membership, you just need to know computer names in advance.

      Which is just a layer on top of Powershell. The Active Directory Powershell module is still required.

      It's not required, or that module is included already in Windows 10 by default. Because I haven't had to install it on any machine I managed with Ansible.

      "win_domain_group_membership requires the ActiveDirectory PS module to be installed"
      https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/windows/win_domain_group_membership.ps1

      They have it in the documentation as well "This must be run on a host that has the ActiveDirectory powershell module installed."
      https://docs.ansible.com/ansible/latest/modules/win_domain_group_module.html

    • JaredBuschJ

      Managing Fedora 30 with SMB share for 100 users

      Watching Ignoring Scheduled Pinned Locked Moved Unsolved IT Discussion ad fedora smb share permissions management
      7
      0 Votes
      7 Posts
      821 Views
      NashBrydgesN

      @JaredBusch I have a couple clients using Synology for their auth needs and it's been working extremely well.

    • wrx7mW

      PowerShell - Off-boarding Script

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion powershell windows server active directory ad script scripting office 365 microsoft password password reset
      12
      1 Votes
      12 Posts
      3k Views
      dafyreD

      @wrx7m said in PowerShell - Off-boarding Script:

      @dafyre said in PowerShell - Off-boarding Script:

      @wrx7m said in PowerShell - Off-boarding Script:

      @dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text

      Anyway, I am not sure where, in my script, I should place that function.

      You'd put the actual function at the top of your script, and then just

      $myPassword=convertFrom-SecureToPlain -securepassword $MySecurePassword

      Wherever you need the password in plain text form.

      Thanks. It mostly works. The only problem is that it isn't actually using the password I specify at the top. It is somehow generating its own and then writing it at the end. I put in

      write-host "Plain Text Says: $plainText"

      and it shows the password that I typed in for the secure variable at the beginning, followed by the one that it generated.

      Plain Text Says: $#@%4#@177 Jof91348

      Works fine for me here.... Check and make sure you don't have an extra write-host or anything somewhere.

      4a0db1d0-785c-4771-9ad2-9cec6cb0434a-image.png

    • JaredBuschJ

      Where do I start with replacing the whole MS AD stack

      Watching Ignoring Scheduled Pinned Locked Moved Water Closet microsoft active directory ad dhcp dns
      104
      3 Votes
      104 Posts
      10k Views
      Emad RE

      @Donahue said in Where do I start with replacing the whole MS AD stack:

      sing reservations.

      I think your knowledge of FG is not allowing you to do this, just create a new interface with the desired subnet and leave or tick DHCP option. And they you can do it what you want with it. Create an IPv4 policy to give access to internet to the new interface.

    • wrx7mW

      PowerShell - Create New AD User Using Prompts and Variables

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion powershell ad windows
      26
      2 Votes
      26 Posts
      5k Views
      PhlipElderP

      @wrx7m said in PowerShell - Create New AD User Using Prompts and Variables:

      If I get rid of the attempt to combine the 2 existing variables into a 3rd, I get this error.

      New-ADUser : A positional parameter cannot be found that accepts argument '+'. At \\FP02\it\Scripts\AD\AD-InitialUserCreationVariables.ps1:5 char:1 + New-ADUser -Name "$GivenName $Surname" ` + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [New-ADUser], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.NewADUser

      Like this I think:

      New-ADUser -Name "$($GivenName) $($Surname)"`

      From: https://blogs.technet.microsoft.com/stefan_stranger/2013/09/25/powershell-sub-expressions/

    • scottalanmillerS

      Handling DNS in a Single Active Directory Domain Controller Environment

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion ad dc ad dns windows windows server
      242
      0 Votes
      242 Posts
      36k Views
      scottalanmillerS

      @obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment:

      @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

      @obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment:

      @stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

      I believe the forest level with Samba can only be 2008R2 though.

      If you're not using Windows AD, what's it matter?

      If he's merging in DFS, it might. It's rare to do, but could matter.

      Oh I see, so Windows AD and other services were involved at some point.

      Depending on what you want to do, sometimes AD has to support it.

    • NerdyDadN

      Microsoft Hello for Business: What is your opinion?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion windows server 2008 r2 windows server 2016 ad microsoft hello microsoft hello for business mhfb
      5
      0 Votes
      5 Posts
      829 Views
      wrx7mW

      @nerdydad - Yes, you do get a skimped down version of Azure AD with the O365 license. The prerequisites mention using Azure AD, but don't say which one, except where they say that the Premium version is optional for auto enrollment with intune. Although, they have several plans/tiers, including 2 premium tiers.

    • OksanaO

      Microsoft Certificate Server, the relief from the self-signed certificates

      Watching Ignoring Scheduled Pinned Locked Moved Starwind microsoft active directory ad adcs
      1
      4 Votes
      1 Posts
      574 Views
      No one has replied
    • OksanaO

      Be smart, automate boring stuff like Microsoft Hyper-V Live Migration: handy PowerShell scripts and tips

      Watching Ignoring Scheduled Pinned Locked Moved Starwind microsoft hyper-v activedirectory ad powershell livemigration
      1
      2 Votes
      1 Posts
      616 Views
      No one has replied
    • OksanaO

      Instead of creating users manually, just join VMware vCenter to Microsoft AD

      Watching Ignoring Scheduled Pinned Locked Moved Starwind vmware vcenter vcenter vmware active directory ad vcsa microsoft
      1
      2 Votes
      1 Posts
      691 Views
      No one has replied
    • OksanaO

      Deploy SQL Server 2016 Basic Availability Groups without Active Directory

      Watching Ignoring Scheduled Pinned Locked Moved Starwind database mirroring sql server starwind blog sql server 2016 availability groups basic availability groups ag bag failover cluster wsfc database mirroring active directory ad
      1
      1 Votes
      1 Posts
      1k Views
      No one has replied
    • gjacobseG

      Powershell - Count AD users

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion powershell count ad
      13
      2 Votes
      13 Posts
      3k Views
      J

      You can try the following command:

      (get-aduser -filter *).count

      For only Enabled User Accounts
      (get-aduser -filter *|where {$_.enabled -eq "True"}).count

      For only Disabled User Accounts
      (get-aduser -filter *|where {$_.enabled -ne "False"}).count

    • gjacobseG

      ADUC: Clear 'dead' computers

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion ad active directory aduc computers powershell
      13
      2 Votes
      13 Posts
      2k Views
      dbeatoD

      Another example taken from another script:

      import-module activedirectory $domain = "domain.mydom.com" $DaysInactive = 90 $time = (Get-Date).Adddays(-($DaysInactive)) # Get all AD computers with lastLogonTimestamp less than our time Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp | # Output hostname and lastLogonTimestamp into CSV select-object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv OLD_Computer.csv -notypeinformation
    • wrx7mW

      LAPS - Using on Remote Laptops?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion laps windows desktop ad microsoft
      2
      0 Votes
      2 Posts
      901 Views
      scottalanmillerS

      Have not used it, I'm afraid.

    • 1
    • 2
    • 1 / 2