{ "version": "https://jsonfeed.org/version/1.1", "title": "ad", "home_page_url": "https://evotec.xyz/fr/tags/ad", "feed_url": "https://evotec.xyz/fr/tags/ad/index.feed.json", "description": "Evotec Main Website", "items": [ { "id": "https://evotec.xyz/fr/blog/mastering-active-directory-hygiene-automating-stale-computer-cleanup-with-cleanupmonster", "url": "https://evotec.xyz/fr/blog/mastering-active-directory-hygiene-automating-stale-computer-cleanup-with-cleanupmonster", "title": "Mastering Active Directory Hygiene: Automating Stale Computer Cleanup with CleanupMonster", "summary": "Have you ever looked at your Active Directory and wondered, \u201CWhy do I still have computers listed that haven\u2019t been turned on since World Cup 2016?\u201D Yeah, we\u2019ve all been there. Keeping AD clean and up-to-date is like trying to organize your garage\u2014it\u2019s easy to put off until it becomes a total mess.", "date_published": "2024-08-25T13:14:39.0000000Z", "tags": [ "active directory", "ad", "cleanup", "intune", "microsoft entra", "powershell" ] }, { "id": "https://evotec.xyz/fr/blog/report-active-directory-accounts-that-are-synchronized-with-azure-ad", "url": "https://evotec.xyz/fr/blog/report-active-directory-accounts-that-are-synchronized-with-azure-ad", "title": "Report Active Directory Accounts that are Synchronized with Azure AD", "summary": "I was scrolling X (aka Twitter) today and saw this blog post, \u201CPowerShell: Report On-Premises Active Directory Accounts that are Synchronized with Azure AD Connect\u201D by Kevin Trent. I like reading blog posts as I tend to learn some new things and see how people tend to solve their problems.", "date_published": "2023-08-07T13:21:18.0000000Z", "tags": [ "active directory", "ad", "azure ad", "microsoft graph", "powershell" ] }, { "id": "https://evotec.xyz/fr/blog/strengthening-password-security-in-active-directory-a-powershell-powered-approach", "url": "https://evotec.xyz/fr/blog/strengthening-password-security-in-active-directory-a-powershell-powered-approach", "title": "Strengthening Password Security in Active Directory: A PowerShell-Powered Approach", "summary": "PasswordSolution uses the DSInternals PowerShell module to gather Active Directory hashes and then combines that data into a prettified report. If you have ever used DSInternals, you know that while very powerful, it comes with raw data that is hard to process and requires some skills to get it into a state that can be shown to management or security.", "date_published": "2023-05-28T14:40:25.0000000Z", "tags": [ "active directory", "ad", "dsinternals", "html", "password quality", "passwordsolution", "powershell", "scan", "security", "Windows" ] }, { "id": "https://evotec.xyz/fr/blog/reporting-group-membership-for-critical-active-directory-groups", "url": "https://evotec.xyz/fr/blog/reporting-group-membership-for-critical-active-directory-groups", "title": "Reporting group membership for critical Active Directory groups", "summary": "I work a lot with Active Directory-related tasks. One of the tasks is to know the group membership of critical Active Directory Groups such as Domain Admins, Enterprise Admins, Schema Admins, Event Log Readers, and a few others that are a bit less known. As I did it, I got bored of typing the group names repeatedly and decided that enough was enough and there must be an easier way for me to do that.", "date_published": "2022-08-07T11:57:28.0000000Z", "tags": [ "active directory", "ad", "group membership", "groups", "nested groups", "powershell", "Windows" ] }, { "id": "https://evotec.xyz/fr/blog/finding-duplicate-dns-entries-using-powershell", "url": "https://evotec.xyz/fr/blog/finding-duplicate-dns-entries-using-powershell", "title": "Finding duplicate DNS entries using PowerShell", "summary": "Today\u2019s blog post is about Active Directory-integrated DNS and how to find duplicate entries. By duplicate, I mean those where one DNS name matches multiple IP addresses. While some duplicate DNS entries are expected, in other cases, it may lead to problems. For example, having a static IP assigned to a hostname that later on is also updated with dynamic entries.", "date_published": "2022-07-24T16:48:21.0000000Z", "tags": [ "active directory", "ad", "dns", "DNSServer", "powershell" ] }, { "id": "https://evotec.xyz/fr/blog/finding-duplicate-spn-with-powershell", "url": "https://evotec.xyz/fr/blog/finding-duplicate-spn-with-powershell", "title": "Finding duplicate SPN with PowerShell", "summary": "Duplicate SPNs aren\u2019t very common but can happen in any Active Directory as there\u2019s no built-in way that tracks and prevent duplicate SPN\u2019s. One has to either know all SPN\u2019s in the environment, track them or check each time whether it already exists or not. Things get more complicated with larger Active Directory environments as people change, new apps are added, old apps are forgotten, but SPNs prevail.", "date_published": "2021-12-07T15:32:01.0000000Z", "tags": [ "active directory", "ad", "adessentials", "forest", "powershell", "spn", "testimo" ] }, { "id": "https://evotec.xyz/fr/blog/monitoring-ldaps-connectivity-certificate-with-powershell", "url": "https://evotec.xyz/fr/blog/monitoring-ldaps-connectivity-certificate-with-powershell", "title": "Monitoring LDAPS connectivity/certificate with PowerShell", "summary": "Some time ago, I wrote a blog post on checking for LDAP, LDAPS, LDAP GC, and LDAPS GC ports with PowerShell. It mostly works, but it requires a tad bit of effort, and it doesn\u2019t cover the full scope that I wanted. Recently (well over 3 years ago), Chris Dent shared some code that verifies the LDAP certificate, and I thought this would be good to update my cmdlets to support just that with a bit of my own magic on top.", "date_published": "2021-03-02T17:53:05.0000000Z", "tags": [ "active directory", "ad", "ldap", "powershell", "testimo" ] }, { "id": "https://evotec.xyz/fr/blog/using-win32_useraccount-wmi-filter-in-powershell-group-policies-and-what-to-avoid", "url": "https://evotec.xyz/fr/blog/using-win32_useraccount-wmi-filter-in-powershell-group-policies-and-what-to-avoid", "title": "Using Win32_UserAccount WMI filter in PowerShell/Group Policies and what to avoid", "summary": "Some months ago, I created PowerShell Script to create local administrative users on workstations \u2013 Create a local user or administrator account in Windows using PowerShell. It\u2019s a bit overcomplicated, but the goal was it should work for Windows 7 and up, and that means supporting PowerShell 2.0. As part of that exercise, I\u2019ve been using Win32_UserAccount WMI based query to find local users and manage them to an extent. While Get-LocalUser exists, it\u2019s not suitable for the PowerShell 2.0 scenario. I also use the same query in GPO for WMI filtering. You can say it\u2019s been a good friend of mine.", "date_published": "2020-06-02T15:45:54.0000000Z", "tags": [ "active directory", "ad", "gpo", "powershell", "wmi" ] }, { "id": "https://evotec.xyz/fr/blog/what-do-we-say-to-health-checking-active-directory", "url": "https://evotec.xyz/fr/blog/what-do-we-say-to-health-checking-active-directory", "title": "What do we say to health checking Active Directory?", "summary": "Setting up a new Active Directory is an easy task. You download and install Windows Server, install required roles and in 4 hours or less have a basic Active Directory setup. In an ideal world that would be all and your only task would be to manage users, computers, and groups occasionally creating some Group Policies. Unfortunately, things with Active Directory aren\u2019t as easy as I\u2019ve pictured it. Active Directory is a whole ecosystem and works well ranging from small companies with ten users to 500k users or more (haven\u2019t seen one myself \u2013 but so they say!). When you scale Active Directory adding more servers, more domains things tend to get complicated, and while things on top may look like they work correctly, in practice, they may not. That\u2019s why, as an Administrator, you need to manage Active Directory in terms of its Health and Security. Seems easy right? Not quite. While you may think you have done everything, checked everything, there\u2019s always something missing. Unless you have instructions for everything and can guarantee that things stay the same way as you left them forever, it\u2019s a bit more complicated. That\u2019s why Microsoft delivers you tools to the troubleshoot your Active Directory, such as dcdiag, repadmin and some others. They also sell monitoring solutions such as Microsoft SCOM which can help and detect when some things happen in your AD while you were gone. Surely there are some 3rd party companies give you some tools that can help with a lot of that as well. Finally, there is lo of folks within the community creating PowerShell scripts or functions that help with some Health Checks of your Active Directory.", "date_published": "2019-09-08T15:48:39.0000000Z", "tags": [ "active directory", "ad", "dhcp", "dns", "health checks", "powershell", "security checks", "testimo", "Windows" ] }, { "id": "https://evotec.xyz/fr/blog/active-directory-instant-replication-between-sites-with-powershell", "url": "https://evotec.xyz/fr/blog/active-directory-instant-replication-between-sites-with-powershell", "title": "Instant Replication between Active Directory sites with PowerShell", "summary": "In Active Directory when you change something, it\u2019s replicated to other Domain Controllers regularly. It\u2019s a standard procedure that happens automatically in the background for you. It\u2019s a handy feature because you can have multiple DC\u2019s all over the world and have your users data in sync. You can change almost anything on DC nearest to you and be sure it will be the same value all over the place. But is it always the same? Well, it should be unless it isn\u2019t. Today I was given a new migration from Exchange to Office 365. I started with ADConnect installation and wanted to make sure that UserPrincipalNames have all UPNSuffixes in place.", "date_published": "2019-07-21T13:31:06.0000000Z", "tags": [ "active directory", "ad", "instant replication", "powershell", "replication" ] }, { "id": "https://evotec.xyz/fr/blog/getting-bitlocker-and-laps-summary-report-with-powershell", "url": "https://evotec.xyz/fr/blog/getting-bitlocker-and-laps-summary-report-with-powershell", "title": "Getting Bitlocker and LAPS summary report with PowerShell", "summary": "Having Bitlocker and LAPS in modern Active Directory is a must. But just because you enable GPO and have a process that should say Bitlocker and LAPS are enabled doesn\u2019t mean much. Now and then you should verify things yourself. One of the Facebook users on PowerShell group just had this idea of exporting Bitlocker keys and then giving that list to his colleagues for manual verification. He wanted to do it half PowerShell and half manually. While the idea was great, why not take full advantage of PowerShell and have a helpful report with all the necessary information?", "date_published": "2019-07-11T17:07:22.0000000Z", "tags": [ "active directory", "ad", "bitlocker", "laps", "powershell" ] }, { "id": "https://evotec.xyz/fr/blog/fixing-active-directory-passwordnotrequired-with-powershell", "url": "https://evotec.xyz/fr/blog/fixing-active-directory-passwordnotrequired-with-powershell", "title": "Fixing Active Directory PasswordNotRequired with PowerShell", "summary": "There was I, deploying PSPasswordExpiryNotifications for one of my Clients when I started getting complaints that some users are not getting their Password Expiry Notifications. Well, that\u2019s a new one. I\u2019ve tested this script multiple times, and it worked just fine. So I dive into the details of my script to see what I did in there (I don\u2019t even remember anymore \u2013 it just works) to find out this little line:", "date_published": "2019-06-25T10:29:44.0000000Z", "tags": [ "active directory", "ad", "PasswordNotRequired", "powershell" ] }, { "id": "https://evotec.xyz/fr/blog/the-only-powershell-command-you-will-ever-need-to-find-out-who-did-what-in-active-directory", "url": "https://evotec.xyz/fr/blog/the-only-powershell-command-you-will-ever-need-to-find-out-who-did-what-in-active-directory", "title": "The only PowerShell Command you will ever need to find out who did what in Active Directory", "summary": "While the title of this blog may be a bit exaggeration, the command I\u2019m trying to show here does it\u2019s best to deliver on the promise. What you\u2019re about to witness here is something I\u2019ve worked on for a while now, and it meets my basic needs. If you don\u2019t have SIEM product or products that monitor who does what in Active Directory this command makes it very easy, even for people who don\u2019t have much experience in reading Event Logs. If you\u2019d like to learn about working with Windows Event Logs here\u2019s a great article I wrote recently \u2013 PowerShell \u2013 Everything you wanted to know about Event Logs and then some.", "date_published": "2019-04-28T15:52:32.0000000Z", "tags": [ "active directory", "ad", "events", "events viewer", "powershell", "pswinreporting", "pswinreportingv2", "Windows" ] }, { "id": "https://evotec.xyz/fr/blog/active-directory-the-directory-service-was-unable-to-allocate-a-relative-identifier", "url": "https://evotec.xyz/fr/blog/active-directory-the-directory-service-was-unable-to-allocate-a-relative-identifier", "title": "Active Directory \u2013 The directory service was unable to allocate a relative identifier", "summary": "I\u2019ve been testing Disaster Recovery scenario restoring Active Directory. One of the servers was restored, and it worked for a moment after restore. If you can regain your Primary DC, it\u2019s best to do so. If you can\u2019t, a standard thing to do during DR is to move all FSMO roles to the restored server so that it can become a master server. You can find out your FSMO holders by using those commands below:", "date_published": "2019-03-27T20:39:25.0000000Z", "tags": [ "active directory", "ad", "error", "powershell" ] }, { "id": "https://evotec.xyz/fr/blog/how-to-find-different-server-types-in-active-directory-with-powershell", "url": "https://evotec.xyz/fr/blog/how-to-find-different-server-types-in-active-directory-with-powershell", "title": "How to find different server types in Active Directory with PowerShell", "summary": "Working as a freelancer is a great thing if you can handle it. Each day, each week something new happens and a new problem shows up on my doorstep. It also means it\u2019s almost never boring at your job and you get to play with new stuff. But there\u2019s one drawback to this. You\u2019re often thrown at the problem, told to fix it but often that\u2019s about as much information as you get. It wasn\u2019t very different today. I was told to switch Office 365 from ADFS to Password Synchronization. While reasons for this are not really important, the important question here is what is the name of AD Connect server that\u2019s responsible for this configuration?", "date_published": "2019-02-06T18:25:30.0000000Z", "tags": [ "active directory", "ad", "adconnect", "azure ad", "exchange", "Hyper-V", "powershell", "sql", "windows" ] }, { "id": "https://evotec.xyz/fr/blog/pswindocumentation-audit-active-directory-passwords", "url": "https://evotec.xyz/fr/blog/pswindocumentation-audit-active-directory-passwords", "title": "PSWinDocumentation \u2013 Audit Active Directory Passwords", "summary": "If you\u2019re paying attention to what\u2019s happening around the world now you probably know Have I Been Pwned service by now. You probably know that it has huge lists of hashes of passwords that leaked out over the years from different services (LinkedIn, Adobe, and so on). This means those passwords are now in possession of good guys, but also bad guys. With Active Directory being often a central place to store your password that allows you to access your Office 365 account, ADFS, Microsoft Exchange it\u2019s important that your AD passwords is both secure and safe. Bad guys may want to try and access your email accounts or other data that\u2019s available online. And having a list of passwords you or other people may have used before doesn\u2019t help you in protecting your own data.", "date_published": "2018-10-07T17:57:42.0000000Z", "tags": [ "active directory", "ad", "audit", "powershell", "windows" ] }, { "id": "https://evotec.xyz/fr/blog/pswindocumentation-version-0-1-with-word-excel-export", "url": "https://evotec.xyz/fr/blog/pswindocumentation-version-0-1-with-word-excel-export", "title": "PSWinDocumentation \u2013 Version 0.1 with Word / Excel export", "summary": "A few weeks ago I\u2019ve released my first version of PSWinDocumentation. It was simple, one command module where you start it and get some basic AD stuff into Microsoft Word document. Today\u2026 I\u2019m releasing a new version that has a bit bigger feature set. Are you ready for it? Let\u2019s go!", "date_published": "2018-08-23T20:07:04.0000000Z", "tags": [ "active directory", "ad", "excel", "powershell", "scripts", "windows", "word" ] }, { "id": "https://evotec.xyz/fr/blog/pswinreporting-1-0-is-out", "url": "https://evotec.xyz/fr/blog/pswinreporting-1-0-is-out", "title": "PSWinReporting 1.0 \u2013 Monitoring Active Directrory Events", "summary": "Few months after initial release a new public version of PSWinReporting 1.0 is released. While the name might not be\u2026", "date_published": "2018-06-10T09:26:45.0000000Z", "tags": [ "active directory", "ad", "domain controller", "email", "html", "monitoring", "powershell", "powershell gallery", "powershell module", "Windows" ] }, { "id": "https://evotec.xyz/fr/blog/just-different-approach-to-active-directory-password-notifications", "url": "https://evotec.xyz/fr/blog/just-different-approach-to-active-directory-password-notifications", "title": "Just different approach to Active Directory Password Notifications", "summary": "A long time ago I\u2019ve maintained a C# version of Password Expiry reminders. It was working based on HTML templates\u2026", "date_published": "2018-05-23T15:12:36.0000000Z", "tags": [ "active directory", "ad", "Password Notifications", "passwords", "PowerShell", "task scheduler", "tasks", "Windows" ] }, { "id": "https://evotec.xyz/fr/blog/get-eventslibrary-ps1-monitoring-events-powershell", "url": "https://evotec.xyz/fr/blog/get-eventslibrary-ps1-monitoring-events-powershell", "title": "Get-EventsLibrary.ps1 \u2013 Monitoring Events PowerShell", "summary": "This event library (Get-EventsLibrary.ps1) is PowerShell script that parses Security (mostly) logs on Domain Controllers. It has few reports capabilities\u2026", "date_published": "2018-04-19T09:48:35.0000000Z", "tags": [ "active directory", "ad", "domain controller", "get-events", "monitoring", "powershell", "Windows" ] }, { "id": "https://evotec.xyz/fr/blog/whats-new-event-monitoring-v0-7", "url": "https://evotec.xyz/fr/blog/whats-new-event-monitoring-v0-7", "title": "What\u2019s new \u2013 Event Monitoring v0.7", "summary": "I\u2019ve further optimized code and added some more health checks so that the process is a bit smoother. You can\u2026", "date_published": "2018-03-27T19:36:29.0000000Z", "tags": [ "active directory", "ad", "dc", "domain controller", "event id", "event monitoring", "events", "monitoring", "PowerShell", "Windows" ] }, { "id": "https://evotec.xyz/fr/blog/synchronizing-active-directory-external-time-source", "url": "https://evotec.xyz/fr/blog/synchronizing-active-directory-external-time-source", "title": "Synchronizing Active Directory with External Time Source", "summary": "One of the crucial parts in modern IT world is proper time and date. While it may seem that 30\u2026", "date_published": "2018-01-24T16:33:18.0000000Z", "tags": [ "active directory", "ad", "ntp", "ntp servers", "pdc", "powershell", "sync", "synchronization", "time", "time configuration", "time managment", "time source", "w32tm" ] } ] }