Whereas the total number of cmdlets and functions in PowerShell v3 (all modules) has increased to 2300, particularly in Active Directory Module 58 cmdlets were added and they are the following. Keep in mind that this is pre-beta release and things are subject to change. A lot of the new cmdlets are focused on [...]

  Yesterday marked the day when an early Windows Server 8 Developer Preview version was released. I spun it up and took it for a test drive, I installed ADDS and promoted a DC and following are some screenshots I took.           After the setup was complete..           [...]

The information provided in event logs is often not too clear but it has definitely gotten better starting in W2K8. I recently encountered an issue where replication delays to certain DC were reported. I immediately looked at the repadmin  replication summary and noticed that my deltas that usually stayed around within an hour had jumped [...]

The attributes that are multi-valued are hard to export to a CSV via the Export-Csv cmdlet as the exported value just shows the string type in Excel/Notepad. For instance, take a look below when I try to export the proxyAddresses attribute values in PowerShell console and to a CSV later. I found out that you [...]

I often get this asked this question, “how do I audit group membership changes”. Whereas a lot of AD Change Monitor Tools (Quest, Netwrix etc.) have nice reports that can be generated to look up this information, this question comes up when a change auditor product for AD is not in picture. Let me cover [...]

There are times when I am in a PowerShell session and pass another set of credentials when I use connect-qadservice cmdlet to connect to another domain with the –credential parameter, however often times I would launch the PowerShell under “run-as” with the elevated credentials and launch a native session and I would have multiple session [...]

A question was raised on ActiveDir regarding the ability to create Trust via a command line utility. It was discussed how netdom is no longer a supported command line utility to create Trusts. I referenced a snip from AD Cook Book using PowerShell to create Trust via the .Net AD namespace method alternatively.(System.DirectoryServices.ActiveDirectory). You can [...]

I encountered an issue promoting a Server Core R2 to a domain controller. The DCPROMO on Server Core is handled via unattended mode with answer file. The error I received is below. It was due to Server Core’s inability to install/confirm ADDS binaries. C:UsersAdministrator>dcpromo /unattended:answer.txt Checking if Active Directory Domain Services binaries are installed… Failed [...]

Starting with Exchange 2007, the good thing about the setup wizard is that it guides you about all the pre-requisites and provides the links from where you can download them from. However, if you are installing Exchange 2010 on Windows Server 2008 (or R2) box, and if you follow the link provided by the wizard [...]

  I find the –computerrole parameter of Get-QADComputer handy to find DCs and when usually I have to retrieve something from them with a WMI query, pipeline to (GWMI),  Here is a quick way to retrieve all DCs in a multi-domain forest model using the .NET namespace i.e [DirectoryServices.ActiveDirectory.Forest] method. To find Global Catalogs only; [...]

What is sIDhistory attribute ? The sIDhistory attribute is the key attribute that holds the previous SID(s) of Users and Groups objects that facilitate the Active Directory migrations. It contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a [...]

Kerberos Delegation, constrained and unconstrained is a complex topic, and one that often comes up when Security implications of External/Forests Trusts are discussed. Few days ago, on ActiveDir a similar topic was shed light upon. In brief Brian Arkills sums it up below, The other security implication that most folks seem oblivious to is the [...]

Yes, the KMS client activation is supported in multi-domain environment in which the KMS host belongs to one domain and needs to cater to the clients in others. For this to work, you need to create a ‘multi-string value’ registry key under “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSoftwareProtectionPlatform” called “DNSDomainPublishList” on your KMS Server. When done, restart the “Software [...]

The schema version is revealed via the objectversion attribute off of the schema object from your configuration head of the forest i.e “cn=schema,cn=configuration,dc=yourdomain,dc=int”. So using Quest Cmdlets, you can run this query : Get-QADObject “cn=schema,cn=configuration,dc=yourdomain,dc=int” -ip objectversion | select objectversion The –ip is the alias for includedproperties. And, when using the native AD Cmdlets of [...]

Another architectural poster from Microsoft that highlights the Hyper-V R2 components and features. You may download it from here.