Tag: Active Directory
Active Directory is awesome, but for it to be effective it needs to be maintained and loved. An important maintenance step is cleanup, which involves removing objects that are no longer in use or required. These include:
- User Accounts
- Computer Objects
- Empty Groups
- Empty Organizational Units (OU)
Recently I wrote a guest article for Adaxes to cleanup Active Directory using PowerShell. Along with all of the details and how-to I developed a complete PowerShell toolkit that cleans up your Active Directory environment for you automatically. These tools can be scheduled and can be configured to search a certain scope, exclude certain types of objects and you can also choose the type of processing you want to do when you find inactive AD objects. The options available are report, disable and\or delete.
All of the details and links to the PowerShell scripts to get you started to cleanup Active Directory are available in the article on the Adaxes blog. Clicking on the title of this post will get you there.
Today we will be discussing a topic that I believe is very important and should be at the forefront of consideration for all medium and large IT shops. The topic I am talking about is Automating User Account Provisioning.
In this article we will be making a case for automation by highlighting the common problems IT teams face when tackling account provisioning manually. We then discuss some of the solutions that are available to IT professionals when looking at automating user account provisioning. These solutions range from the do-it-yourself style all the way through to off-the-shelf products that will take care of all of the hard work for you.
For more information, keep on reading…
A while back I wrote an article about all of the different Active Directory FSMO roles available, why they are important and on which Domain Controller they should be place in a Windows forest and/or Windows domain.
However, even if you have placed all FSMO roles on the correct DCs, sometimes it is necessary to move them to another server for one reason or another. This article documents how to move Active Directory FSMO roles from one Domain Controller to another.
By default DHCP works via broadcasting on the local subnet and therefore is limited to being able to provide IP addresses for devices on its subnet only. In modern day networks this is a serious limitation as it would mean that for every subnet you would need a DHCP server – imagine the management overhead!
So how can we configure a DHCP server in one subnet to respond and provide IP addresses to clients in multiple other subnets? The answer is to use a DHCP Relay Agent.
The following article explains how to configure a DHCP relay agent for a Cisco SG300 Layer 3 managed switch.
By default, all domain-joined servers and workstations synchronise their time with the PDC Emulator Domain Controller. However how do you configure Windows Time synchronisation for the PDC Emulator and for non-domain joined machines?
This article explains how to configure Windows Time to synchronise an external time source (NTP server), whether that be internal to your network or an internet NTP server.
Carrying on the theme from the Active Directory FSMO roles article, I thought I would put a little information around another really important AD component – the Global Catalog server.
The following article covers what is the Active Directory Global Catalog server, why it is important and the best practises around its placement…
Every new Active Directory forest/domain requires certain FSMO roles to be available in order for it to function successfully. The good news is that these roles are automatically installed by default. Although they are installed automatically, it is still important to understand the purpose of each FSMO role and where best to place them within your environment.
The following article outlines the function of each of the Active Directory FSMO roles, their purpose and more importantly some considerations around their placement.
I have decided to build a new test lab at home based on VMware architecture so that I can test and learn new technologies which I don’t always get a chance to play with at work. I have decided to go with a two physical host approach and use my existing Synology DS1813+ NAS for the storage. Because I want to simulate a physical network as much as possible, I am using a Cisco SG300-10 layer 3 switch to perform all of the management of all of the VLANs and the routing between them and my home network.
I am currently in the process of purchasing all of the hardware and building the lab. Below are all of the details of what my final test lab will look and the reasonings behind why I have made the decisions I have….