Author Archive

brianm

This user hasn't shared any biographical information

Stale user accounts can be a big problem…even more so when they are not disabled.  I’m a firm believer that if you have an account that is not being used it should be disabled.  However depending on the size of your Active Directory that can be a daunting challenge.  Below you will find a snippet […]

Wow, that is a lot of delegating…seriously how many times can you say it in one sentence.  Today’s post is one that threw me for a loop.  As a domain admin I have the right to configure constrained Kerberos delegation.  There may come a time when you want to delegate that out to a user […]

Here are two ways for you to use PowerShell to raise your Forest Functional level to Server 2008 R2: get-adforest | set-adforestmode -forestmode windows2008R2Forest –confirm:$false set-adforestmode –identity netbiosname windows2008R2Forest –confirm:$false Either way will work.  Enjoy

Tip of the day today is to view your Active Directory Tombstone period while using PowerShell From a PowerShell prompt, type (get-adobject "cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=AdminPrep,DC=Local" -properties "tombstonelifetime").tombstonelifetime The result shows up in days…very cool.  Just make sure to change dc=AdminPrep,DC=Local to match your domain.

SPNs seem to get more and more use these days so I thought it be nice to give an explanation of what SPNs are. SPNs are used for mapping a service to a user account. You will find SPNs used predominantly with Delegation and Impersonation and a lot of times this is between a web […]

Apr
08
Filed Under (PowerShell) by on 08-04-2010

Last night was the inaugural Arizona PowerShell user group meeting known as AZPOSH.  There was well over 20 people there and a great guest speaker.  Dr. Ferdinand Rios who is the CEO of Sapien Technologies spent an hour talking to us about what is new at Sapien…and wow there is some really cool stuff coming […]

Mar
16
Filed Under (Windows 7) by on 16-03-2010

I’m a huge fan of Windows 7.  I love just about everything with it.  There is one feature that I seem to always fight with and that is Windows Shake.  Take a look here if you are not familiar with this feature.  Most people like it, perhaps I just shake a bit to much!  If […]

I’m sure you are like me when it comes to locking your desktop.  You ALWAYS do it.  Most if not all corporations today have a group policy in place that at least sets the Screen Saver on after a certain amount of time and requires a password for security reasons (User Configuration – Administrative Templates […]

I’d like to share some of the things I look at while do a health check on a server.  Its funny how few resources there are out there on the Internet.  I believe people keep this kind of stuff to them self because they are scared they are going to miss something and they will […]

If you have been playing with the the AD PowerShell cmdlets you know that it requires a few things to run, first Windows Server 2008 R2 or Windows 7, the .NET Framework 3.5.1 and of course if you want to manage an AD domain you need Active Directory Web Services (ADWS) installed on at least […]