Microsoft Exchange and Active Directory Blog
I have created a small GUI that copies Active Directory groups from one user to another user. With the script you can quickly transfer all groups of a user to another user account: The GUI is only very rudimentary, you can select a source user account and a target user account, a click on "Copy groups from source to target ... Read more
I have started to create a small PowerShell script to help detect invalid or orphaned group policies. The first version of the script searches for group policies that are not connected to an OU, have no security filtering or have all GPO settings disabled. I will add more functions to the script in the future and publish it as ... Read more
The following case is certainly not an everyday occurrence: The aim was to monitor an Active Directory group for certain members. Only very specific user accounts should be present in this group, all additional or remote members should be reported. I quickly created a small PowerShell script in which the users were specified. Read more
With Windows Server 2016, a new Privileged Access Management feature was introduced, which allows users to be added to a group for a certain period of time only and automatically removed again after this time has expired. This feature is useful if a user is only to be given administrative rights (e.g. Domain Admin) for a certain period of time. A ... Read more
Foreword IPv6 has not been one of my strengths so far. Like many others, I've probably put the topic of IPv6 on the back burner: "I'll take a look at it when it's established..." Well, it has become established and has been for some time. IPv4 will be replaced by IPv6, that much is certain. Therefore ... Read more
My last posts on the subject of Active Directory have brought an important question to light: What should the new Active Directory be called? In this article, I made the following statement: If you're in a greenfield site, you can freely name your Active Directory. In the meantime, names like company.local are no longer used in new environments. Read more
In this article, I have already described how to set up a website where users can change their password. Especially users who work with a computer that is not a member of the Active Directory often have problems changing their password. The website now gives these users the opportunity to change their password in good time. ... Read more
Foreword The following article describes a way for Active Directory users to change their password on a website. The Windows feature "Web Access for Remote Desktop" is somewhat misused for this purpose. A complete installation and configuration of the Remote Desktop services is not required for this. Note: The method described here is only suitable for changing the known Active Directory ... Read more
Foreword In the first part of this article, a new Active Directory was installed. So far, however, there is only one domain controller. In order to keep the Active Directory available in the event of a server failure, at least two domain controllers should be installed for each domain. In this article, the second domain controller is installed and configured. Preparation The preparations ... Read more
I have somewhat neglected the topic of Active Directory here recently, so here is an easy introduction to the topic. Foreword This article is about the installation of a new Active Directory on a greenfield site. In this test environment there is so far only one server that has been upgraded to a domain controller. Read more
