Active Directory on Anything About IT

PowerShell Script - Get-MsolUserInformation

Sun, 18 Dec 2016 18:27:57 +0000

The Get-MsolUserInformation cmdlet provides an easy way to retrieve all users that are a member or guest and/or are registered in Azure Directory or Active Directory.

Installing Microsoft Azure AD Connect

Wed, 01 Jul 2015 18:34:37 +0000

Last week Microsoft anounced GA for Azure AD Connect. To get a better understanding of how this all works, I installed it in my Cloud based lab that is hosted in Azure.

I was supposed to demonstrate this to a colleague at work this week, but simply couldn’t find time for it, so here’s a short description on how to get started for him and for anyone else.

First I recommend to read through the documentation and also watch the presentation Extending On-Premises Directories to the Cloud Made Easy with Azure Active Directory Connect

ToolTip: DirCreator

Mon, 12 Nov 2012 21:29:04 +0000

Are you an Administrator tired of manually creating folder structures for new projects? Then DirCreator is just what you need. DirCreator is an enterprise-proven tool to automatically generate structured, template-based directory structures, along with groups, members and ACLs.

You can either create a template from scratch or create a template based on an existing folder structure. For this demonstration I first create a template folder structure on my home lab data share.

How to avoid KMS becoming a challenge in your Windows 7 deployment project

Wed, 25 Jan 2012 22:44:30 +0000

I’ve been involved in Windows 7 deployments since the Beta came out in 2009 and before Windows 7 there was Vista, XP, Windows 2000, Windows NT and even Windows 3.11 and although over time the technology has changed the basic challenges of every migration remained the same.

If today someone asks me what I consider as being one of the top 10 challenges I’ve seen in Windows 7 deployment projects I must mention KMS. Yes despite the fact that in theory this is nothing more than just a service you install on one or two servers in your datacenter and publish an SRV resource record in DNS, this is something that keeps people busy in nearly any project I’ve been involved so far.

Windows 8 Active Directory based volume activation

Fri, 25 Nov 2011 14:25:52 +0000

Windows Server 8 comes with a new role called Volume Activation Services. The Volume Activation Service allows IT administrators to enable volume activation for domain joined systems using a Key Management Service Host (KMS) or Active Directory based Activation. This means in theory that going forward there is no need anymore to install and manage a separate infrastructure for volume activation of Windows clients, servers and office, but according to the article “What’s new in Windows Server 8 Active Directory” from the Windows IT Pro magazine KMS will still be required for a while to support everything that uses KMS today, unless Microsoft would provide an update to enable current systems and applications to activate via Active Directory.

ToolTip: AD Photo Edit

Sat, 27 Aug 2011 15:10:18 +0000

Last night I came across this FREE utility called AD Photo Edit developed by Chris Wright which allows you to upload your picture into Active Directory. The result of doing that is that people who use Outlook 2010 can see your profile picture in the mail you send them.

Using AD Photo Edit is simple, just download and install the utility and launch it. Then enter your name and click the Search button. If AD Photo Edit finds your user object in Active Directory it will show your current Picture which is probably empty unless a picture was already uploaded.

ReadTip: Best Practice: Active Directory Structure Guidelines

Wed, 28 Jul 2010 20:04:54 +0000

Alan Burchill author of the Group Policy Center blog has posted 2 great articles on Best Practices for Active Directory Structures.

Best Practice:Active Directory Structure Guidelines – Part 1

Best Practice: Group Policy Design Guidelines – Part 2

Redirect Computers Container in Active Directory

Mon, 22 Mar 2010 23:10:09 +0000

When joining a Computer to an Active Directory domain using the Domain Join UI in Windows or a command line tool such as NETDOM.EXE, by default the computer object is stored in the Computers container which is defined as the default Container in Active Directory for new created Computer objects.

The disadvantage of this is that you cannot link any Group Policies to the Computers container which prevents you from applying any Computer security or configuration settings to these clients.

Finding unused User Accounts in Active Directory

Thu, 10 Dec 2009 00:05:17 +0000

As we move towards the end of the year I thought it’s a good time to do some housekeeping activities within the lab infrastructure in which we work on a daily basis. Throughout the year we often create test user and computer objects within Active Directory and of course sometimes we forget to delete them.

As I don’t want to reinvent a wheel again I searched the web and soon found a whole bunch of tools and scripts that would help me identifying unused user accounts. I decided that I wanted to use a script. I first found the Last Logon Dates scripts from Richard L. Mueller which are written in WSH. But then I found the Managing AD User Accounts with PowerShell article on WindowsITPro and decided to use the opportunity of using PowerShell to accomplish my task.

What’s new in Windows Server 2008 R2 Active Directory

Thu, 30 Apr 2009 23:08:55 +0000

In the video below Brian Desmond and Laura talk about the new things that come with Windows Server 2008 R2 AD.

Finding FSMO Role Owners

Mon, 20 Apr 2009 11:50:53 +0000

In preparation of doing some Group Policy related things, I decided to extend my Home Lab AD infrastructure running on Windows Server 2003, with Windows Server 2008 and Windows Server 2008R2 domain controllers.

Because at some stage I want to get rid of the Windows 2003 Server I also moved the FSMO roles from the Windows 2003 domain controller to the Windows 2008 domain controller.

I used the steps described in the “Transferring FSMO roles” article. Additional information can also be found in the “How to view and transfer FSMO roles in Windows Server 2003” article.

Active Directory Powershell Blog

Wed, 25 Mar 2009 22:34:48 +0000

Those interested in managing Active Directory with PowerShell, have a look at the Active Directory Power Shell Blog.

Active Directory Limits

Thu, 11 Dec 2008 22:49:17 +0000

Interesting in knowing how many objects you can create within AD ? how deep your OU structure can be ? Then read “Active Directory Maximum Limits”.

Enable Active Directory Services tools on Windows 2008

Tue, 02 Dec 2008 19:39:06 +0000

I just connected to our fresh installed Windows 2008 server that we intend to use as a remote system management console. The server is a member of our Windows 2003 Active Directory domain, not a DC itself.

I wanted to launch the Active directory users and computers console, but did not find it under the Administrative tools. Okay, this must be something similar like with Windows Vista when you install the RSAT tools I thought, and yes it is, you must first enable that feature.

Extending User Information in AD

Mon, 17 Nov 2008 19:44:51 +0000

The Windows 2003 Resource Kit contains a nice extension for the Active Directory Users and Computers console showing additional User Account information.

The additional user account information can be enabled by registering the acctinfo.dll as described below.

Follow the steps below to enable the additional user account information.

Download the Windows 2003 Resource kit tools.
Unpack / Install the Windows 2003 Resource Kit
Copy the acctinfo.dll to c:\windows\system32
Register the DLL by running the following command: