By default DirSync runs every three hours; which for some environments or during testing may not be frequent enough…
Reducing the Azure AD Sync Schedule
read more
Active Directory
Manage Azure AD via PowerShell
You can install the Azure module directly from the PowerShell prompt and connect to the numerous services offered by Microsofts extensive cloud solution!
PowerShell: List newly created users
To help detect and prevent malicious behavior I usually implement different scripts or other monitoring features in my customers environments.
One of the snippets I frequently use is one that detects newly created accounts.
Change default OU for computers in AD
There are several reasons to change the default organizational unit of computers that join the domain.
The default OU (domain.local\Computers) cannot be linked with GPOs, and should be avoided since its builtin.
Domain Controllers Warning Event ID 10154
I was getting an error at startup on a new Windows 2008 R2 Domain Controller. Apparently the WinRM attempts to create two SPNs after the startup process.
Since that WinRM runs under “Network Service” account, I was able to fix this warning by granting the “Validated Write to Service Principal Name” permission to the NETWORK SERVICE…
AD Delegation: Default Permissions for GPOs
When setting up Active Directory delegation, you want administrators to be able to maintain Group Policy without being a Domain Admin.
If you read TechNet, Microsoft tells you to use Group Policy Creator Owners. However CO does not have permissions to modify or edit any other group policy objects.
Verifying Domain User Home Directory
Some administrators prefer to do everything manually, other automated. I have always preferred to have as much as possible automated or at least set up with a script so the action can easily be repeated without varying end results.
I have written a script which verifies that all users that should have a home folder has one, and that it has the appropriate permissions.
SCCM 2012: Create Collections and AD Groups
After setting up a new domain and deploying SCCM 2012 I came to realize how much work it actually is to set up new applications.
I have made a script which creates AD groups and Collections.
Auditing Group Changes in Active Directory
A customer of ours asked us to look into making their environment more secure. However we noticed that they did not audit Group/User changes in their Active Directory, we adjusted this and here’s a quick guide how to deploy it in your corporation.
Letting end-user update Active Directory
There might come a time where as a IT administrator you get tired of being asked to update peoples personal information in the Active Directory.
