Step-By-Step: Enabling Advanced Security Audit Policy via DS Access

Active directory, from a security perspective, is one of the more impactful services within an organization. Even small changes in Organization’s AD can cause a major business impact. Preventing any unauthorized access and unplanned changes in an AD environment should be top of mind for any system administrator. Should changes or unauthorized access happen within your AD environment, would you have enough…


[Script Of Mar. 27] How to get all Active Directory users account last log on time and export Excel

Mar. 27 Script Download: The script is available for download from https://gallery.technet.microsoft.com/scriptcenter/How-to-get-all-Active-832ca0c5. The sample code demonstrates how to get all Active Directory users account last logged on time. You can find more All-In-One Script Framework script samples at http://aka.ms/onescriptingallery


Find missing SPN registrations

Active Directory admins are probably well aware of how Kerberos works. If you need a little refresher, check out the article over at askds: Kerberos for the busy admin. Kerberos requires a service principle name (SPN) for each Kerberos enabled network service offered in the forest: a file service, KDC, web farm, whatever. Typical examples…


Group Policy Search

The GPS is a fantastic group policy search tool for Microsoft Active Directory Group Policy settings. Use this when you’re looking for various Group Policy settings and respective registry data. Data is available for Windows Client, Server, Internet Explorer, Edge, Office, User & Machines polices. Source: Group Policy Search


Step-By-Step: Setting up Active Directory in Windows Server 2016

There are interesting new features now made available in Windows Server 2016 such as time based group membership, privileged access management, and others. Most will be covered in future posts. This post will detail how to install active directory on Windows Server 2016. Before the AD install however it is important to understand what is the minimum requirement to…


Top Ten Issues with Active Directory Trusts and Corporate Mergers

Hey Everyone. Randy, Premier Field Engineer, here to discuss some lessons learned from working with a recent merger between two corporations. I don’t have enough time or space to go into the details of this major endeavor, so I am going to talk about this experience with a “Top Ten Countdown” style BLOG POST. I’m…

3

Why you can still have duplicate SPNs in AD 2012 R2 and AD 2016

As an AD admin you are probably familiar with the problem of duplicate Service Principal Name (SPN) attributes. Need a refresher on Kerberos and SPN? Read the famous blogpost over at askds: Kerberos for the busy admin. If you have these duplicates, Kerberos fails for the affected accounts. It always fails so there is no…

1