Archive for July, 2010

Stale user accounts can be a big problem…even more so when they are not disabled.  I’m a firm believer that if you have an account that is not being used it should be disabled.  However depending on the size of your Active Directory that can be a daunting challenge.  Below you will find a snippet […]

Wow, that is a lot of delegating…seriously how many times can you say it in one sentence.  Today’s post is one that threw me for a loop.  As a domain admin I have the right to configure constrained Kerberos delegation.  There may come a time when you want to delegate that out to a user […]

Here are two ways for you to use PowerShell to raise your Forest Functional level to Server 2008 R2: get-adforest | set-adforestmode -forestmode windows2008R2Forest –confirm:$false set-adforestmode –identity netbiosname windows2008R2Forest –confirm:$false Either way will work.  Enjoy

Tip of the day today is to view your Active Directory Tombstone period while using PowerShell From a PowerShell prompt, type (get-adobject "cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=AdminPrep,DC=Local" -properties "tombstonelifetime").tombstonelifetime The result shows up in days…very cool.  Just make sure to change dc=AdminPrep,DC=Local to match your domain.