Today’s post is another short one. It’s a Powershell one-liner to find all the Primary SMTP address suffixes in use by the mailboxes in your Exchange Org. In this example I know that my default suffix is “contoso.com”, but I want to find out what others are being used as primary: get-mailbox -ResultSize unlimited | ?… Read More »
Short answer: No, AppLocker is not supported on Windows Server 2012 Server Core. Slightly more long-winded answer: My Google/Bing mojo failed to find a definitive answer to this question on-line. In fact, I found two apparently conflicting sources of information. This was the first one: Windows PowerShell can used to manage AppLocker on Server Core installations… Read More »
Today’s blog entry is short and sweet. You want to quickly find out whether the AD Recycle Bin feature is enabled or not. There are a few ways to do this, but this is a quick Powershell method. # Is the AD Recycle Bin enabled in my forest? Import-Module ActiveDirectory If ((Get-ADOptionalFeature -Identity “Recycle… Read More »
I quite regularly come across Active Directory environments where users have been mistakenly added to groups protected by the AdminSDHolder and subsequently removed when the mistake has been realised. This process creates “orphans” because the AdminSDHolder process doesn’t tidy up after itself. Here’s what happens: User added to group protected by the AdminSDHolder (e.g. Account… Read More »
Back in March 2010 when Powershell and I were on somewhat less friendly terms, I wrote an OU shadow script to populate group membership based on the contents of an OU. Since then, Powershell and I now at least acknowledge eachother when we pass in the corridor and I have updated the script with some… Read More »
I’ve recently been looking at Microsoft’s Security Compliance Manager 3.0. SCM allows provides a rich set of server-role-based security baselines for deployment using either GPO or SCCM. This latest version includes baselines for Windows Server 2012. After deploying the “WS2012 Domain Controller Security Compliance 1.0” baseline settings via GPO into my lab environment I found RDP sessions to… Read More »
Have you ever considered running BitLocker to encrypt the drives within a Virtual Machine running on, e.g. Hyper-V or VMWare? On the face of it, it seems a sensible thing to do, especially considering how portable VHDX and VMDK files are. Despite the process of enabling BitLocker for VMs being described online, you should be… Read More »
Occasionally, I have a need to merge the attributes of one AD user into another. This requirement is typically the result of a migration where some users have had accounts informally created in the target environment in advance of the formal migration process. In other words, a user ends up with two accounts and needs… Read More »
Quite often I see customers that need to use generic attributes to populate user, group or contact objects with certain values that do not appear in the default AD schema. Most of these customers have Microsoft Exchange and tend to use the extension attributes that are delivered as part of the Exchange AD schema extensions. … Read More »
I often see my customers running things other than Active Directory Domain Services (ADDS) on Domain Controllers. These can range from the relatively innocuous (KMS) to the downright ludicrous (Exchange). Until now, I haven’t been able to point to anything official from Microsoft to state that this is not a good idea. Anyway, fellow Directory Services MVP… Read More »