Archive for the ‘Active Directory’ Category

Step 1: Backup Windows Server 2008 R2 certificate authority database and its configuration Log in to Windows 2008 R2 Server as member of local administrator group Go to Start > Administrative Tools > Certificate Authority Right Click on Server Node > All Tasks > Backup CA Certification Authority Backup CA Click Next on the Certification Authority […]

Friday, June 3rd, 2022 at 14:05 | 0 comments

Step #1: This is the simplest method to add a computer to a domain. In this example you will be prompted for credentials followed by the required reboot. Add-Computer -DomainName “” Restart-Computer Step #2: If you require an automated script without prompting the user for credentials you can provide the user account with rights to […]

Thursday, May 12th, 2022 at 09:34 | 0 comments

Move disabled user accounts with a PowerShell

Monday, March 7th, 2022 at 16:15 | 0 comments

Best practice #1: remove disabled accounts A crucial part of Active Directory cleanup is monitoring for disabled user and computer accounts, and removing them when appropriate. When employees go on extended leave or leave an organization completely, it’s common practice for organizations to disable their account through Active Directory. Depending on their length of leave, […]

Monday, March 7th, 2022 at 15:52 | 0 comments

netdom query fsmo 查询五大角色 dsquery server 显示所有域控 查看架构主机角色 dsquery.exe server -hasfsmo schema 查看域命名主机角色 dsquery.exe server -hasfsmo name 查看RID 主机角色 dsquery.exe server -hasfsmo rid 查看PDC 模拟主机角色 dsquery.exe server -hasfsmo pdc 查看基础架构主机角色 dsquery.exe server -hasfsmo infr whoami /all 查询当前用户及权限 net user /domain 查询域用户状态

Friday, February 18th, 2022 at 13:46 | 0 comments

This script might be useful in getting users that haven’t logged for a longer amount of time. It is checking lastlogondate property: Please be aware that it gets a date only from the specified Domain Controller. In this case, I added a logon server in the server parameter and I was looking only for enabled […]

Saturday, November 27th, 2021 at 01:05 | 0 comments

Disabled accounts If an organization has a provisioning process in place for governing (automatically) the enabling and disabling of account status and (or) there is a good frequency of guest / vendor engagement, this process is very effective. Owing to the uncertainty attached to such vendor engagement that has an uncertain expiry date, an automated […]

Friday, October 29th, 2021 at 10:47 | 0 comments
Categories: Active Directory

On the domain controller, open the group policy management tool. Create a new group policy.

Friday, September 17th, 2021 at 20:16 | 0 comments
Categories: Active Directory

Logon Types are logged in the Logon Type field of logon events (event IDs 528 and 540 for successful logons, and 529-537 and 539 for failed logons). Windows supports the following logon types and associated logon type values:Logon Types are logged in the Logon Type field of logon events (event IDs 528 and 540 for […]

Monday, February 10th, 2020 at 00:08 | 0 comments