Active Directory Archive

Managing Enabled and Enforced GPO Link Settings in Active Directory

In this article, we’ll show you how to manage the Group Policy Object Links in Active Directory from the GPMC graphic snap-in and PowerShell, and consider the differences between Enabled and Enforced Link status. By default, when you create a new GPO in a domain, it doesn’t apply to...

PowerShell: Move Computer to OU

By default, when you join a new computer or server to the Active Directory domain (through the properties of the computer), it creates the computer object in the Computers root container. If you use a complex Active Directory Organizational Unit (OU) structure in your domain with various Group Policies,...

Performing Active Directory Metadata Cleanup

When deleting a domain controller from Active Directory, it is advisable to use the DCPromo (demote) procedure, which allows you to correctly delete all records about the old domain controller from the Active Directory database (the computer object, NTDS Settings, site settings, cross-site links and replication metadata). If for...

How to Check Active Directory Group Membership?

Active Directory security groups used to grant users’ permissions to various domain services and resources. Therefore, to understand what permissions are assigned to a specific user in the AD domain, it is enough to look at the groups in which the user’s account is a member of. The easiest...

How to Restore Deleted Active Directory User?

If you accidentally deleted an Active Directory user, you can easily restore it. The fact is that when you delete any object from Active Directory, it is not deleted immediately. First, the value of the isDeleted = true attribute is set for the object, then it is moved to...

Non-authoritative Restore of AD Domain Controller from Backup

If your Active Directory domain controller fails and you have a DC backup (created using Windows Server Backup or other backup tools), you can restore a single domain controller or the entire AD domain. In this article, we will show you how to perform a non-authoritative AD DS recovery...

How to Disable Active Directory Account Using PowerShell?

An Active Directory administrator must periodically disable user and computer domain accounts that are not used for a long time. Disabled accounts cannot be used to log on the domain, even if the user knows the password for the account and it is not expired. You can disable a...

How to Sync Active Directory to Office 365?

You can integrate your Office 365 subscription with your existing local (on-premises) directory service based on Active Directory Domain Services (AD DS). You can configure automatic synchronization of AD user accounts, groups, and contacts with Azure. As a result, you can manage your user accounts for both environments. Office...

Adding an Additional Domain Controller on Windows Server 2016

In this article, we will show you how to deploy an additional domain controller in an existing Active Directory forest based on Windows Server 2016. An additional domain controller can be used to increase domain resiliency, used for load balancing between AD sites, and reduce the load on WAN...

Deploying Active Directory Federation Services on Windows Server

ADFS (Active Directory Federation Services) is a component of Windows Server that provides the functionality of an authentication provider for web applications. Federation Services are used to authenticate external users in different applications. Why do I need ADFS if I have an Active Directory deployed? The fact is that...