posts tagged with ‘Active Directory’


PowerShell: List newly created users

Joakim February 24, 2014

To help prevent detect malicious behavior I usually implement different scripts or other monitoring features in my customers environments.

One of the snippets I frequently use is one that detects newly created accounts.


Change default OU for computers in AD

Joakim February 14, 2014

There are several reasons to change the default organizational unit of computers that join the domain.
The default OU (domain.local\Computers) cannot be linked with GPOs, and should be avoided since its builtin.

Event 10154 Permissions

Domain Controllers Warning Event ID 10154

Joakim November 20, 2013

I was getting an error at startup on a new Windows 2008 R2 Domain Controller. Apparently the WinRM attempts to create two SPNs after the startup process.

Since that WinRM runs under “Network Service” account, I was able to fix this warning by granting the “Validated Write to Service Principal Name” permission to the NETWORK SERVICE…

Windows Server Active Directory

AD Delegation: Default Permissions for GPOs

Joakim June 10, 2013

When setting up Active Directory delegation, you want administrators to be able to maintain Group Policy without being a Domain Admin.

If you read TechNet, Microsoft tells you to use Group Policy Creator Owners. However CO does not have permissions to modify or edit any other group policy objects.

Forgot Password

Resetting Password for Specific OU

Joakim April 19, 2013

I created a powershell-script which will reset the password of all users in a specific Organizational Unit.

I prefer to set unique high-end passwords for all users. If you prefer a more ‘user friendly’ approach simply…

Home Folder

Verifying Domain User Home Directory

Joakim March 20, 2013

Some administrators prefer to do everything manually, other automated. I have always preferred to have as much as possible automated or at least set up with a script so the action can easily be repeated without varying end results.

I have written a script which verifies that all users that should have a home folder has one, and that it has the appropriate permissions.

Next Page »