Some helpful information about setting passwords and configuring accounts when programatically creating Active Directory user objects.
Continue reading “Active Directory Account and Password Settings”
- Windows 7 or Server 2008
- Windows PowerShell
- .NET Framework 3.5.1
- Windows PowerShell and the .NET Framework 3.5.1 enabled.
- Microsoft Online Services Sign-in Assistant
- Microsoft Online Services Module for PowerShell
To start a PowerShell session:
- Run c:\program files\microsoft online directory sync\dirsyncconfigshell.psc1,
- To use an existing PowerShell session load the Directory Synchronization snapin:
- Add-PSSnapin Coexistence-Configuration
- Import the Microsoft Online Services Module
These commands can be added to the PowerShell Profile so that they run automatically:
It’s time to move on from the old Debian host that this blog is running on. Since I’ve decided that it is also time to move from Debian to CentOS for my Linux OS of choice. Now that I work in a place that has a Linux team that uses RHEL I figure it would be a good idea to make the change.
Since it doesn’t look like it’s going to be an easy migration for my blog, I decided that it’s time to look at something other than Drupal. The whole reason I’m doing all of this anyways is to learn, so, it is time to experience another CMS product. That new product will be WordPress. Continue reading “WordPress Installation on CentOS 6”
We have a security group that is supposed to contain all user objects that are able to log in. Becuse we’re doing a passthrough authentication to an MIT Kerberos realm the user objects that can authenticate have the “altSecurityIdentities” attribute populated. However, this could be any attribute like Description or Office.
We also have a lot of objects, somewhere north of a half million, so it takes a long time if the script tries to add everyone each time and error out on the ones that already exist. I know this because that’s how I first tried it and just handled the errors.
Below is the final version of the script. It only tries to add users to the group if they belong in the group and are not already a member. I’ve also added the script as an attachment so that it is easier to read. Continue reading “PS Script to Manage Groups Based on User Attribute”
I attended a “Tech Talk” tonight at the SANS conference in Las Vegas where Jason Fossen discussed the open source tool called Process Hacker.
Windows Exploratory Surgery with Process Hacker
Windows Internals Book
Pretty cool stuff.
Stale, or unused, objects in Active Directory pose a security risk to an organization as well affect replication performance, increase the size of system state backups, and increase the amount of time it takes to create and restore backups.
When computer objects are created by joining a computer to the domain they are created in the default computers container. After being joined to the domain these computer objects should be moved to the creator’s delegated Organizational Unit where they will receive appropriate departmental Group Policy.
Continue reading “Disable Computer Objects in Default Location Daily and Delete them Weekly”
CIS_SVR_2K8_ENT_DCAttached are three zip files that contain files needed to apply the CIS Benchmarks for Windows Server 2008 R2 Enterprise Member Servers Domain Controllers, and Windows 7.
Unzip the contents into “C:\Scripts” and run. Just to make sure, run the CIS-CAT tool to make sure that all of the settings applied correctly.
See Microsoft Tools to Configure Local Group Policy for usage of the LGPO tools.