Archive for the ‘Active Directory’ Category
Step #1: This is the simplest method to add a computer to a domain. In this example you will be prompted for credentials followed by the required reboot. Add-Computer -DomainName “your.domain.here” Restart-Computer Step #2: If you require an automated script without prompting the user for credentials you can provide the user account with rights to […]
Best practice #1: remove disabled accounts A crucial part of Active Directory cleanup is monitoring for disabled user and computer accounts, and removing them when appropriate. When employees go on extended leave or leave an organization completely, it’s common practice for organizations to disable their account through Active Directory. Depending on their length of leave, […]
netdom query fsmo 查询五大角色 dsquery server 显示所有域控 查看架构主机角色 dsquery.exe server -hasfsmo schema 查看域命名主机角色 dsquery.exe server -hasfsmo name 查看RID 主机角色 dsquery.exe server -hasfsmo rid 查看PDC 模拟主机角色 dsquery.exe server -hasfsmo pdc 查看基础架构主机角色 dsquery.exe server -hasfsmo infr whoami /all 查询当前用户及权限 net user /domain 查询域用户状态
This script might be useful in getting users that haven’t logged for a longer amount of time. It is checking lastlogondate property: Please be aware that it gets a date only from the specified Domain Controller. In this case, I added a logon server in the server parameter and I was looking only for enabled […]
Disabled accounts If an organization has a provisioning process in place for governing (automatically) the enabling and disabling of account status and (or) there is a good frequency of guest / vendor engagement, this process is very effective. Owing to the uncertainty attached to such vendor engagement that has an uncertain expiry date, an automated […]
On the domain controller, open the group policy management tool. Create a new group policy.
Logon Types are logged in the Logon Type field of logon events (event IDs 528 and 540 for successful logons, and 529-537 and 539 for failed logons). Windows supports the following logon types and associated logon type values:Logon Types are logged in the Logon Type field of logon events (event IDs 528 and 540 for […]