OU Structure and Delegation

Some pages on the creation of OU structures and delegation of rights.

Designing OU Structure

TechNet: Creating an Organizational Unit Plan
Group Policy Central: Best Practice: Active Directory Structure Guidelines – Part 1
Group Policy Central: Best Practice: Group Policy Design Guidelines – Part 2
Jay Paloma’s Tech and Music Blog: Active Directory Organizational Unit Design Principles


WindowsITPro: Delegating Privileges in Active Directory

Working with DirSync for Replicating Office 365

Force DirSync Replication

  • On the computer that is running the Directory Synchronization tool, navigate to the directory synchronization installation folder, %programfiles%\Microsoft Online Directory Sync, and then run DirSyncConfigShell.psc1 to open a Windows PowerShell window.
  • In the Windows PowerShell window, type Start-OnlineCoexistenceSync, and then press Enter. Continue reading “Working with DirSync for Replicating Office 365”

Configure PowerShell to Manage Office 365

To start a PowerShell session:
  • Run c:\program files\microsoft online directory sync\dirsyncconfigshell.psc1,
  • To use an existing PowerShell session load the Directory Synchronization snapin:
    • Add-PSSnapin Coexistence-Configuration
  • Import the Microsoft Online Services Module
    • Import-Module MSOnline

These commands can be added to the PowerShell Profile so that they run automatically:

WordPress Installation on CentOS 6

It’s time to move on from the old Debian host that this blog is running on. Since I’ve decided that it is also time to move from Debian to CentOS for my Linux OS of choice. Now that I work in a place that has a Linux team that uses RHEL I figure it would be a good idea to make the change.

Since it doesn’t look like it’s going to be an easy migration for my blog, I decided that it’s time to look at something other than Drupal. The whole reason I’m doing all of this anyways is to learn, so, it is time to experience another CMS product. That new product will be WordPress. Continue reading “WordPress Installation on CentOS 6”

PS Script to Manage Groups Based on User Attribute

We have a security group that is supposed to contain all user objects that are able to log in. Becuse we’re doing a passthrough authentication to an MIT Kerberos realm the user objects that can authenticate have the “altSecurityIdentities” attribute populated. However, this could be any attribute like Description or Office.

We also have a lot of objects, somewhere north of a half million, so it takes a long time if the script tries to add everyone each time and error out on the ones that already exist. I know this because that’s how I first tried it and just handled the errors.

Below is the final version of the script. It only tries to add users to the group if they belong in the group and are not already a member. I’ve also added the script as an attachment so that it is easier to read. Continue reading “PS Script to Manage Groups Based on User Attribute”

Disable Computer Objects in Default Location Daily and Delete them Weekly

Stale, or unused, objects in Active Directory pose a security risk to an organization as well affect replication performance, increase the size of system state backups, and increase the amount of time it takes to create and restore backups.

When computer objects are created by joining a computer to the domain they are created in the default computers container. After being joined to the domain these computer objects should be moved to the creator’s delegated Organizational Unit where they will receive appropriate departmental Group Policy.

Continue reading “Disable Computer Objects in Default Location Daily and Delete them Weekly”

Appy CIS Benchmarks to Windows Server 2008 R2 and Windows 7

CIS_SVR_2K8_ENT_DCAttached are three zip files that contain files needed to apply the CIS Benchmarks for Windows Server 2008 R2 Enterprise Member Servers Domain Controllers, and Windows 7.

Unzip the contents into “C:\Scripts” and run. Just to make sure, run the CIS-CAT tool to make sure that all of the settings applied correctly.

See Microsoft Tools to Configure Local Group Policy for usage of the LGPO tools.