Active Directory

AccountLockout

24 Jan: Active Directory – How to track down why and where the user account was locked out

I’ve been working with Windows Events for a while now. One of the things I did to help me diagnose problems and reporting on Windows Events was to write PSEventViewer to help to parse the logs and write PSWinReporting to help monitor (with use of PSEventViewer) Domain Controllers for events that happen across the domain. It’s handy and I, get those excellent daily reports of what happened while I was gone.
Move-ADDirectoryServerOperationMasterRole

06 Jan: Active Directory – Move-AD Directory Server Operation Master Role: Access is denied

When working with Active Directory one of the common tasks is to move FSMO roles between servers. Well, maybe not that common but it happens from time to time where you have to move all or just some of the FSMO roles. For that purposes, there is single PowerShell command Move-ADDirectoryServerOperationalMasterRole. Sure you can do this via GUI but if there’s one command available to fix it all why bother? To make the move one has to be a Domain Admin, Enterprise Admin and Schema Admin. Everything was going smoothly for some roles but wasn’t working for others.
Synchronization Rules

09 Nov: Azure AD Connect – Synchronizing MAIL field with UserPrincipalName in Azure

Azure AD Connect is an application responsible for synchronizing Active Directory with Azure AD allowing for a natural population of users, groups, and devices in Office 365. While for most companies standard setup is very easy and most of the time touch-free, there are companies which require greater customization. During installation of AD Connector, you choose what should be used for Azure AD Username from your AD. UserPrincipalName field is an obvious choice for this and also proposed by default for that purpose. This field is utilized further by your users to log in to your Exchange, SharePoint, Teams and so on.
PSWinDocumentation - Password Quality

07 Oct: PSWinDocumentation – Audit Active Directory Passwords

If you’re paying attention to what’s happening around the world now you probably know Have I Been Pwned service by now. You probably know that it has huge lists of hashes of passwords that leaked out over the years from different services (LinkedIn, Adobe, and so on). This means those passwords are now in possession of good guys, but also bad guys. With Active Directory being often a central place to store your password that allows you to access your Office 365 account, ADFS, Microsoft Exchange it’s important that your AD passwords is both secure and safe. Bad guys may want to try and access your email accounts or other data that’s available online. And having a list of passwords you or other people may have used before doesn’t help you in protecting your own data.
PSWinDocumentation

23 Sep: PSWinDocumentation – Export to Word, Excel, SQL of AD, AWS, Exchange, O365 Exchange, O365 Azure AD

Today I’m pushing forward with PSWinDocumentation project. I’ve fixed some bugs but I also added a couple of new features. I did lie a bit in the first sentence because this time it’s not all me. I got help from Mateusz Niemczyk who is a certified AWS engineer working for Euvic with me on some projects. If you’ve not yet guessed where I got him involved from the introduction – yes we’re adding basic AWS data support to PSWinDocumentation. But that’s not all…