Active Directory Archive

Active Directory Groups Types

The Active Directory groups is a collection of Active Directory objects. The group can include users, computers, other groups and other AD objects. The administrator manages the group as a single object. In Windows there are 7 types of groups: two domain groups types with three scope in each

ADSI Edit: How to View and Change Active Directory Object Properties?

The ADSI Edit tool (Active Directory Service Interface Editor) is a special mmc snap-in that allows you to connect to various Active Directory database partitions (NTDS.dit) or to the LDAP server. The ADSI Edit tool allows you to create, modify, and delete objects in Active Directory, perform searches, and

How to Delete AD User Using PowerShell?

You can remove user objects from an Active Directory domain by using the Remove-ADUser PowerShell cmdlet. This cmdlet is a part of the ActiveDirectory Module for Windows PowerShell, which must be pre-installed and imported into the PoSh session with the command: Import-Module activedirectory The syntax of the Remove-ADUser cmdlet

How to Install Active Directory Certificate Services?

Active Directory Certificate Services (AD CS) is a very convenient and useful cerise in a domain network. AD CS allows you to issue and manage SSL and other certificates within your domain. You can use your own free certificates for Exchange servers, IIS, RDSH farms, etc. In this article,

FSMO Role: Schema Master

Schema Master is another FSMO domain controller role which is responsible for making changes to the Active Directory schema. The schema stores descriptions of all Active Directory classes and attributes. The schema partition is exists on all DCs, its named “schema naming context” and located in LDAP://cn=schema,cn=configuration,dc=<domain>. Domain administrators

How to Change Account Lockout Policy in AD?

The account lockout policy in the Active Directory domain allows you to automatically lock user account if an attempt has been made to brute-force a user password. An AD domain admin can configure account locking policies using Group Policy (GPO). By default, you can create only one password and

Advanced Audit Policy Configuration on Windows Server 2016

Advanced Audit Policy Configuration in Windows Server allows you to collect information about various granular events at the server or AD domain level. In this article, we’ll show you how to enable and use Advanced Security Audit Policy with the Group Policies and auditpol.exe tool in Windows Server 2016.

How to Unlock User Account in Active Directory Domain?

A user account in Active Directory is locked if a user incorrectly typed the password several times in a row. In this article, we will show you how to find and unlock an account of one user or all locked AD domain users at once. The threshold value for

Store BitLocker Recovery Keys using Active Directory

In a domain network, you can store the BitLocker recovery keys for encrypted drives in the Active Directory Domain Services (AD DS). This is one of the coolest features of the BitLocker Drive Encryption technology for corporate users. BitLocker recovery key is a 48 and/or 256-bit sequence, which is

How to Find Active Directory User’s/Computer’s Last Logon Time?

The Active Directory administrator must periodically disable and inactivate objects in AD. In this article, we will show how to get the last logon time for the AD domain user and find accounts that have been inactive for more than 90 days. How to Get Last Logged on User