How to Modify Security Inheritance on Active Directory Objects using PowerShell

A couple of weeks ago I was working with a customer analyzing a number of user accounts affected by AdminSDHolder protection.  User accounts that are members of privileged groups such as Domain Admins end up being modified so they are protected by AdminSDHolder.  There is a property named AdminCount that usually has no value that…

23

Who’s in the Local Administrators Group?

I was organizing files this weekend and ran across a script I created for a customer recently.   They we trying to determine the membership of the local Administrators group on each computer on their network.  The had determined that non-admin users were being added to the local Administrator group and needed to know how widespread…

20

Windows 8 Start Screen–Don’t Panic and Don’t Believe the Hype

I work as a Microsoft Premier Field Engineer (PFE).  Every week I’m at a different customer performing some type of Risk Assessment or helping them solve a problem.  As a PFE a my job is to make sure people are happy with the products they own now.  Not sell new products, not design new systems…

13

How to run DCDIAG and NETDIAG on Multiple Computers Using a Batch File

I was onsite with a customer this week reviewing their Active Directory configuration.  During the visit the system admin I was working with mentioned he needed to run DCDIAG and NETDIAG on every domain controller (DC) in his domain and collect the output to prepare for their upcoming migration to Office 365.  When I got…

13

Automate Network Adapter Configuration using NETSH

So I’m kind of lazy.  Not in the “sleep late and don’t go to work” slacker way, I just don’t like doing dull repetitive tasks if they can be automated in some way.  As a rule if I have to do the same task more than a couple of times I’m writing a script (or getting someone…

12

Understanding and Managing the Certificate Stores Used for Smart Card Logon

Recently I was onsite helping a customer clean up some certificates related to smart card logon.  One of the things I find challenging about PKI and specifically about smart card  logon is remembering how and where to publish certificates.  It seems like every time I work on an issue related to smart card logon and…

11

How to Determine Which DNS Server(s) Have Scavenging Enabled Using PowerShell

One of my duties as a Microsoft Premier Field Engineer (PFE) is to make sure the products a customer is currently using are configured properly and the customer is getting all the functionality the product provides.  Whenever I’m working with customers on any DNS issue I always check to see if they are using DNS…

11

How to update the list of Name Servers on a DNS Zone with a Script

I was working with a customer this week doing some Active Directory cleanup tasks.  We were decommissioning the last of their Windows Server 2003 domain controllers so we could upgrade the domain and forest functional level to Windows Server 2008 R2 to take advantage of some new features. After removing the last Windows Server 2003…

9

How to Create Custom Active Directory LDAP Searches

A nice feature in Windows Server Active Directory is the ability for an administrator to create saved queries in Active Directory USers % Computers to return common information within the Directory.  The queries you can create through the GUI are pretty basic so to get the real benefit you need to create a “Custom Search”, click the…

9

How to Back Up Active Directory Objects Using LDIFDE

There are times when you need to modify or delete objects in Active Directory (AD) in order to perform some level of cleanup. In a perfect world, you would always have a good backup and the restore would work flawlessly. Just in case, I always export the objects I’m about to delete or modify so…

7