Whereas most of newly added cmdlets focus on  PKI and Email Address Management in v1.4, there are a few cmdlets and handful of new parameters that ought to come in very handy with your AD tasks. Below I review a few that I think are some great adds : When you are enumerating a large [...]

From version 1.2 with 49 cmdlets, to version 1.3 with 63 cmdlets and now on to version 1.4 that has 32 new cmdlets making it total of 95. Here are the new cmdlets in v1.4 : • Get-QADLocalCertificateStore • New-QADLocalCertificateStore • Remove-QADLocalCertificateStore • Get-QADCertificate • Where-QADCertificate • Add-QADCertificate • Import-QADCertificate • Show-QADCertificate • Edit-QADCertificate • [...]

Often times you need to analyze your existing permissions (delegations) on your AD Objects within your domain/forest, perhaps you have just taken over an administrative role over AD and would like to quickly surface information regarding what group and user accounts have certain rights across the board in a pertinent domain. With PowerGUI and Kirk [...]

Often times there is a need to standardized Groups’ naming convention such as with migrations, when you don’t have a rich migration tool that can conform the names or when you don’t have a AD proxy management tool such as ARS in your normal provisioning process. Using Quest Cmdlets with PowerShell to rename groups is [...]

Few random pictures I took at The Experts Conference 2010

There are two types of PowerShell versions out there. PowerShell v1 that dates back to 2006 and the PowerShell v2 that is bundled with Windows 7 and Windows Server 2008 R2, and also mysteriously released for down level clients such as Windows Vista and XP (under vaguely named Windows Management Framework (Windows PowerShell 2.0, WinRM [...]

For small shops that do not leverage automated provisioning tools, they face challenge in keeping the attributes for Users and other objects in AD standardized. For similar situation, recently I was asked from Access Control team if there is an easy way to fix the displayName attribute for all users or to fill in the [...]

What is Active Directory Tombstone Lifetime (TSL) ? The tombstone lifetime in an Active Directory forest determines how long a deleted object (called a “tombstone”) is retained in Active Directory Domain Services (AD DS). The tombstone lifetime is determined by the value of the tombstoneLifetime attribute on the Directory Service object in the configuration directory [...]

Server Core seems to be the perfect candidate for installing KMS. Key Management Service mediates your Volume Licensing with Microsoft Activation Services and acts as the man-in-the-middle for the activation for all your KMS clients that comprise of Vista, Windows 7, Windows Server 2008 and R2. With Windows 7 and Windows Server 2008 R2, what [...]

As usual a good conversation spurred on ActiveDir on a much discussed scenario of virtualizing your DCs while be varied of the known pitfalls. While virtualized DCs are fully supported on either competing virtualization solution by Microsoft, one known subject I would like to highlight here is the proper time synchronization. You must make sure [...]

One of the DNS improvements in Windows Server 2008 R2 is DNS Cache Locking in which if configured the cache entries are not allowed to be modified for the percentage of TTL. Cache locking is a new security feature available with Windows Server® 2008 R2 that allows you to control whether or not information in [...]

A request came in from the Access Control team requesting that they be provided with the users that have been created in a particular office since last 90 days. As usual, PowerShell (with QAD cmdlets) has very simple one liners you can retrieve this information with. You may also use this to export this data [...]

Previously I had posted the 2003 AD and 2008 Features jigsaw posters, Mike Kline informed me that there is now a 2008 R2 Features poster. You can download the 44x24in poster from here

An off topic post here as I err to sharing uniquely designed Windows 7 wallpapers. View Full Album

As usual Joe shared a great insight that trusts well-doing can in one way be verified by checking the trust accounts for their last password resets. When trusts are created the accounts for them are by default created under ‘Users’ container, and are named as TrustedDomain$ and just like computer accounts, trusts reset their password [...]