Field Notes: Azure AD – Configuring Self-Service Password Reset in Hybrid Deployments

This is a continuation of a series on Azure AD Connect. The second blog post of the series covered a custom installation. One of the optional features I promised to cover then was password writeback, which I discuss in this blog post as part of enabling the self-service password reset (SSPR) feature in a hybrid … Continue reading Field Notes: Azure AD – Configuring Self-Service Password Reset in Hybrid Deployments →

Active Directory Based Activation (ADBA) Fails with Error: 0x8007202B

Introduction I was working with a customer recently who could not get clients or servers at a new remote site to activate using Active Directory Based Activation (ADBA). They were getting event ID 8214 as in the image below. Notice in the above where I bold the computer name Client1.Child1.Contoso.local. This means that Client1 is … Continue reading Active Directory Based Activation (ADBA) Fails with Error: 0x8007202B →

PowerShell: Active Directory Cleanup – Part 4 – Unsupported Windows Operating Systems

Introduction Welcome to part 4 in my Active Directory Cleanup Series. This part is concentrated on pulling a report of Windows Operating Systems that are obsolete/unsupported. Using this report you can review them and decide if they should be removed or upgraded. Script 1: Long 1 liner. The following script was posted on one of … Continue reading PowerShell: Active Directory Cleanup – Part 4 – Unsupported Windows Operating Systems →

AppLocker – Part 3

Introduction:In the previous blog we looked at the AppLocker Rules, Rule Conditions and how to enforce them. In this blog we will look at AppLocker in audit mode. By using the Audit only enforcement setting, you can ensure that the AppLocker rules are properly configured for your organization. When AppLocker policy enforcement is set to … Continue reading AppLocker – Part 3 →

Cleaning Up the Mess in Your Group Policy (GPO) Environment

In this blog post series, we will cover some useful scripts and methods which will help you to organize and maintain your GPOs, and clean up the mess surrounded in your Group Policy environment.

PowerShell: Active Directory Cleanup – Part 3 – Stale Computer Objects

Introduction Hello everyone. Part 3 in my AD Cleanup series is stale computer objects. Stale computer objects are computers that haven't logged into the domain for a specified number of days. This script includes a NumberOfDays parameter that either you specify when calling the script or it defaults to 120 days during script execution. The … Continue reading PowerShell: Active Directory Cleanup – Part 3 – Stale Computer Objects →

Field Notes: Azure AD Connect – Migrating from AD FS to Password Hash Synchronization

This is a continuation of a series on Azure AD Connect. I started off this Azure AD Connect series by going through the express installation path, where the password hash synchronization (PHS) sign-in option is selected by default. This was followed by the custom installation path where I selected pass-through authentication (PTA) as a user … Continue reading Field Notes: Azure AD Connect – Migrating from AD FS to Password Hash Synchronization →

PowerShell: Active Directory Cleanup – Part 2 – Spacey Computer Names

Introduction Hello again, Scott Williamson back with the next installment in the series "PowerShell: Active Directory Cleanup". For this installment we going to take a look at a script that finds computers that have a space in their name. Per RFC 1123 DNS host names cannot contain white space (blank) in their names. This is … Continue reading PowerShell: Active Directory Cleanup – Part 2 – Spacey Computer Names →

PowerShell: Active Directory Cleanup – Part 1 – Duplicate Computers

Introduction Hello World, Scott Williamson Senior Premier Field Engineer here. As a PFE, I frequently work with customers who ask how to cleanup Active Directory of old objects and data. To assist them in automating cleanup I have written several PowerShell scripts, functions, and workflows that I want to share in this blog series. Duplicate … Continue reading PowerShell: Active Directory Cleanup – Part 1 – Duplicate Computers →

Protect Administrative Accounts with Authentication Policies and Silos

Introduction One of the recommendations to protect privileged accounts from credential theft is to prevent administrative accounts from exposing credentials to unsecure computers, on this post I will show you how to protect administrative accounts using Authentication Policies and Silos. Definition A quick definition from Microsoft web site.Authentication policy silos and the accompanying policies provide … Continue reading Protect Administrative Accounts with Authentication Policies and Silos →