You can use Active Directory to securely store backups of BitLocker recovery keys (passwords) from client computers. It is very convenient if you have multiple users using BitLocker to encrypt…
Recently I’ve faced quite an interesting problem when some users are unable to authenticate on some domain services due to exceeding the maximum size of the Kerberos ticket. In this…
Active Directory is a reliable, but complex and critical service, and the operability of the whole enterprise network depends on it. A system administrator should constantly check if Active Directory…
Windows Server Core is a good platform to host the Active Directory domain controller role due to fewer resource requirements, increased stability and security (due to less code and updates).…
In this article, we will show how to update (install) new GPO administrative templates (admx) in the Active Directory domain when upgrading a Windows 10 or Windows Server 2016/2019 build…
When a domain user logs on to Windows, their credentials are saved on a local computer by default (Cached Credentials: a user name and a password hash). This allows the…
In this article we will look at how to find out the date a user was created in Active Directory; how to use PowerShell to get information from the domain…
The version of Active Directory in Windows Server 2016 introduces an interesting feature that allows you to temporarily add a user to an AD security group. This feature is called…
You can use Managed Service Accounts (MSA) to securely run services, applications, and scheduler tasks on servers and workstations in an Active Directory domain. The MSA is a special type…
The Set-ADUser cmdlet allows to modify user properties (attributes) in Active Directory using PowerShell. Traditionally, a graphic MMC snap-in dsa.msc (Active Directory Users and Computers, ADUC) is used to edit…