Monthly Archive


Active Directory

AD Month of Lunches–Chapt 18 & 19 in MEAP

An updated MEAP has been released for Active Directory Management in a Month of Lunches.  This one adds chapters 18 & 19

  • Chapter 18, "Managing AD trusts"
  • Chapter 19, "Troubleshooting your AD"

The MEAP is available from


WMI and Trusts

When you install AD on a machine you get the MicrosoftActiveDirectory WMI namespace as well. This namespace was deprecated in Windows 2012 but while it is still available there are few useful things we can do with it. Even with my fondness of WMI I’m not suggesting moving to using WMI wholesale for AD admin but one of the more useful things is testing a trust’s status.

PS> Get-CimInstance -ClassName Microsoft_DomainTrustStatus -Namespace root\MicrosoftActiveDirectory |
select Flatname, Trust*


Flatname          : SPHINX
TrustAttributes   : 8
TrustDirection    : 3
TrustedDCName     :
TrustedDomain     :
TrustIsOk         : False
TrustStatus       : 1355
TrustStatusString : The specified domain either does not exist or could not be contacted.
TrustType         : 2


The error messages are because the VM hosting the remote domain is switched off.  If you want a quick test of your trust status this is a good way.

Time oddity

I was looking for a test of time synchronisation on domain controllers and knew that the .NET domain controller object held a system property. So, I cam up with this

$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$dom.DomainControllers | Format-Table Name, CurrentTime

What I didn’t realise was that the CurrentTime given by this object reads GMT not your local time. OK, technically its UTC but as I live in the UK its GMT Smile

When you are testing for time synchronisation all you want is differences so the absolute time doesn’t matter so much. If you need the system time as local time

Get-CimInstance -ClassName Win32_OperatingSystem | select LocalDateTime

will find it for you

AD Management MEAP

A new MEAP was released last week for AD Management in a Month of Lunches.  Chapters 1-15 are now available

AD Management in a Month of Lunches–new MEAP

Chapters 12 and 13 have been added to the Manning Early Access Program

Chapter 12 shows you how to manage your domain controllers

Chapter 13 teaches how to protect the data in your Active Directory


You can order the MEAP from

AD Month of Lunches–Chapter 11 in MEAP

The MEAP for AD Management in a Month of Lunches has been extended with the inclusion of chapter 11 – Creating Domain Controllers.


AD MoL Chapter 10 MEAP

Chapter 10 of AD Management in a Month of Lunches is now available.

The chapter covers Fine Grained Password Policies

AD Management in a Month of Lunches

The MEAP marches on with chapter 8 now released:

Chapter 8 – creating Group Policies

details from

Book offer–AD Management in a Month of Lunches

AD Management in a month of lunches is today’s deal of the day from Manning –

The get 50% off today using code dotd0227cc. The offer is good for today only

The same code can be used for 50% off PowerShell in Practice

New book

My latest book has been released on the Manning Early Access Program (MEAP). Active Directory Management in a Month of Lunches takes the newcomer to AD through the tasks they need to perform to manage their organization’s AD.

it assumes no knowledge of AD and shows how to perform the common management tasks from the GUI (AD Administrative Center & the venerable AD Users & Computers) as well as PowerShell (using the Microsoft cmdlets). 

Chapters 1-7 are currently available from\siddaway3 with more to come soon