RSS

Tag Archives: Active Directory

Microsoft Ignite 2015 : huge collection of information enhanced with more detailed resources to get you up-to-date with less time and effort

As some of you might know already, the Microsoft Ignite 2015 conference has started where Microsoft talks about where they’re going and what they’re doing. I watched the keynote, took many notes and added other relevant information which I’m sharing with you. Since so much was told and shown it’s certain I’ve missed stuff. As time goes by I will update the information in this post so it can be used as a reference.

I hope it’s useful. If you find any errors or have other useful resources or feedback, please leave a comment.

Update log:

-05-05-2015: Created Initial version including the keynote and additional information.

General information:
- Twitter hashtag #MSIgnite
- News portal for ignite: http://news.microsoft.com/ignite2015/
- Videos:
  - Recording of the keynote: https://channel9.msdn.com/Events/Ignite/2015/KEY01
  - For other live streams and recorded sessions take a look at
    https://channel9.msdn.com/
  - Downloading MS Ignite content with PowerShell and Bits from CH9:
    http://vniklas.djungeln.se/2015/05/05/downloading-ms-ignite-content-with-powershell-and-bits-from-ch9/
- Mobile first, cloud first
- More personal computing, reinventing productivity, intelligent cloud: http://news.microsoft.com/2015/05/04/microsoft-announces-new-solutions-to-empower-it-professionals/
- Same bits (code) is used across device types (mobile phones, tablets, desktops, laptops) and across on-premises and azure cloud services (Azure in cloud and Azure Stack on-premises)
- 40% of IT spend outside of organization
- Microsoft innovates in cloud and then delivers back to on premises.
- Multi-cloud and hybrid cloud will become increasingly important
Enterprise Mobility Suite
- More info: http://blogs.technet.com/b/enterprisemobility/archive/2015/05/04/ignite-microsofts-next-chapter-in-enterprise-mobility.aspx?linkId=13943564
SQL Server 2016
- Mission critical Tier 1 scale
- Advanced analytics including R integration
- Hybrid cloud integration
- Enhanced security and encryption
  - By example: stretch (part of a) database from on-premises SQL server to Azure
- For more info:
  - http://blogs.technet.com/b/dataplatforminsider/archive/2015/05/04/sql-server-2016-public-preview-coming-this-summer.aspx?linkId=13943659
  - http://www.microsoft.com/en-us/server-cloud/products/sql-server-2016/?WT.mc_id=Blog_SQL_Announce_DI
Windows Server 2016
- New preview build (Windows Server Technical Preview 2) can be downloaded from: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview or from MSDN
- At Build 2015 it was also announced that nested virtualization would become available in Server 2016 (but it is unclear yet if this is already possible in Technical Preview 2). For more information see:
  http://www.hyper-v.nu/archives/hvredevoort/2015/05/nested-hypervisor-in-windows-server-vnext/
- For more info:
  - http://blogs.technet.com/b/windowsserver/archive/2015/05/04/what-s-new-in-windows-server-2016-technical-preview-2.aspx
  - https://technet.microsoft.com/en-us/library/mt126143.aspx
System Center 2016
- New Technical Preview 2 builds available here: http://www.microsoft.com/en-us/search/Results.aspx?q=System%20Center%20Technical%20Preview%202&form=DLC
- More info: https://technet.microsoft.com/en-us/library/dn997272.aspx
Operations Management Suite
- Builds on Azure Operational Insights
- More info: http://www.microsoft.com/en-us/server-cloud/operations-management-suite/Overview.aspx
Windows 10
- New preview build (Technical Preview 2) can be downloaded from MSDN and probably soon from https://www.microsoft.com/en-us/evalcenter/ as well.
- http://blogs.msdn.com/b/microsoft_press/archive/2015/05/01/free-ebook-introducing-windows-10-for-it-professionals-preview-edition.aspx
- In the new build you can use CTRL+Arrow to switch between virtual desktops
- Cortana uses intelligent cloud and improves over time. It can be used to search web, search local content, learn how to use pc, search using big data/PowerBI if cortana is connected with it.
- Microsoft Edge
  - The new Internet browser previously known as Project Spartan
  - Is a universal app.
  - Reading view can use extension to translate web sites to your native language.
  - More info: http://windows.microsoft.com/en-us/windows/preview-microsoft-edge-pc
- Continuum
  - Takes into account the device type you’re using and will (ask to) change when the situation changes. By example when you either add or remove a keyboard on a convertible device or when you dock it.
  - Will also work for Windows Phone 10 when connected to a monitor/TV using HDMI, by example when running Outlook on the phone it will get the full Outlook interface similar to that on a desktop/tablet.
- Security
  - Microsoft Hello
    - Biometric suite
    - More info: https://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/
  - Microsoft Passport
    - Enables replacement of password
    - Per device
    - Cryptographic credentials
    - When combined with Windows Hello, it provides biometric capabilities
    - Will delight users
    - Will help mitigate data leakage
  - Default in the Office 2016 “Save As” menu is to encrypt files on a per file basis using an encryption authority.
    - This is opposed to Bitlocker’s full drive encryption approach.
    - Works for local drives, shares, sharepoint, external drives.
    - Can be overridden for personal (non-enterprise documents).
    - Documents will be usable only by users that also fall under the same encryption authority. By example when mailed or put on USB drives.
    - Similar behavior will be implemented in other apps.
- Supported by Microsoft Intune: http://blogs.technet.com/b/microsoftintune/archive/2015/05/04/announcing-support-for-windows-10-management-with-microsoft-intune.aspx
Enterprise
- Trustworthy
  - Security is #1 concern
    - 75% attacks due to weak credentials or compromised identities
      - Motives today: IP theft, damage, disruption
  - Balance between empowerment and security must be the goal
  - Modern architecture high level:
  - Key security principles: Apply defense in depth and assume you have been breached
  - Mobile device management and Mobile Apllication Management can help increase security, simplify management and improve the end-user experience.
  - Secure in an integrated way: Devices, Apps, Files, Identities
    - Windows 10
      - Designed for enterprise with this in mind, by implementing by example:
        
        Secure boot
        
        Device Guard: Hardware and software used to specify which software is (dis)allowed
        
        More info: https://technet.microsoft.com/en-us/library/dn986865(v=vs.85).aspx
        
        Microsoft Passport
        
        Microsoft Hello
      - Windows for consumers
        
        Windows as a service
        
        Windows Update will not only deliver updates, but also operating system updates
        
        Updates will not be delivered to everyone at the same time. Deployment rings are used to determine when which software will be deployed to who. This is similar to how the Windows 10 preview build updates are being deployed.
      - Windows Update for business
        
        Microsoft committed to keeping your devices secure
        
        Compared to by example Google that does not commit to keeping Android devices secure.
        
        Delivers ongoing innovation and security updates
        
        Requires Windows 10
        
        IT controls
        
        Distribution rings
        
        Maintenance windows
        
        Peer-to-peer delivery
        
        Integrated with existing tools (SCCM/EMS)
        
        Unclear yet if IT controls also integrates with WSUS or something similar to control which updates/innovations are deployed.
        
        Free for Windows 10 Pro and Windows 10 Enterprise
        
        More info: http://blogs.windows.com/bloggingwindows/2015/05/04/announcing-windows-update-for-business/
    - Many applications have been enhanced with:
      - Mobile Application Management through Intune
      - Conditional Access
        
        Data Leakage Protection (DLP) on iPad: Not being able to copy/paste corporate data from a corporate app to a non-corporate/peronal app (by example Twitter), while allowing it between corporate apps like Outlook (version with these capabilities coming in Q2) and Word.
        
        Policy in Windows 10 can be configured to warn about copying data from corporate app to non-corporate app, but still allow it and logging the event.
        
        Supports multiple identities while still enforcing security and not allowing to copy corporate data between them.
        
        For more info: https://technet.microsoft.com/en-us/library/dn818907.aspx
    - Azure RemoteApp can be used to easily enable people to use apps
    - Outlook : Protect a file that you share by email by using the Rights Management sharing application
      - Uses Azure AD RMS
      - Access (attempts) can be tracked including showing times and geographic locations using Azure RMS Document Tracking Public Preview
      - For more info:
        
        https://technet.microsoft.com/en-us/library/dn574735(v=ws.10).aspx
        
        Welcome to Azure RMS Document Tracking http://blogs.technet.com/b/rms/archive/2015/05/04/doctracking.aspx
    - Azure AD/EMS Cloud App Discovery
      - Detect SAAS apps that are being used
      - Bring SAAS apps under management (Requires Azure Active Directory Premium)
        
        Configure service for SSO
        
        configure user (de)provisioning for the service
        
        Configure rules regarding access to the service
        
        Require multi-factor authentication.
        
        Require multi-factor authentication when not at work.
        
        Block Access when not at work.
    - Insights available regarding access
      - By example reports like
        
        “Users with anomalous sign in activity”
        
        “Sign in from multiple geographies” where a log in occurs from The Netherlands at 08:30 and at Japan at 09:00.
        
        “Users with leaked credentials” where accounts are available online …
        
        Can be used with on premises Active Directory Domain Services as well.
        
        Uses Microsoft Advanced Threat Analytics Preview
        
        Shows very detailed information about when accounts are being used by which devices at which times and what is being done with it.
        
        More info: http://blogs.technet.com/b/ad/archive/2015/05/04/microsoft-advanced-threat-analytics-public-preview-release-is-now-available.aspx
    - Microsoft Azure Stack
      - Allows you to run your private instance of Azure.
        
        Goes beyond Microsoft/Windows Azure Pack by giving you on premises the same as what Microsoft uses for Azure.
      - More info:
        
        http://blogs.technet.com/b/server-cloud/archive/2015/05/04/microsoft-brings-azure-to-the-datacenter-for-the-next-generation-of-hybrid-cloud.aspx
        
        https://www.microsoft.com/en-us/server-cloud/products/azure-in-your-datacenter/
        
        http://www.microsoftvirtualacademy.com/training-courses/Microsoft-Datacenter-vNext-Preview-Bringing-Azure-to-your-Datacenter
    - Nano Server
      - Nano Server is a remotely administered server operating system optimized for hosting in private clouds and datacenters. It is similar to Windows Server in Server Core mode, but markedly smaller. Also, there is no local logon capability, nor does it support Terminal Services. It takes up far less disk space, sets up significantly faster, and requires far fewer restarts than Windows Server.
      - More info:
        
        Getting Started with Nano Server https://technet.microsoft.com/en-us/library/mt126167.aspx
        
        http://deploymentresearch.com/Research/Post/479/Quick-Guide-Deploying-Nano-Server-using-PowerShell
    - Containers
      - Portable application packages that can run anywhere
      - Self-contained and enables rapid deployment at massive scale.
      - Ships with Windows Server Technical Preview 3 in Q3
      - More info: https://msdn.microsoft.com/virtualization/windowscontainers
    - Multi-cloud and hybrid cloud will become increasingly important
      - Any app on any device, using any OS on any cloud
        
        One pane of glass for management using Microsoft Operations Management Suite (OMS)
        
        More info: http://blogs.technet.com/b/server-cloud/archive/2015/05/04/introducing-microsoft-operations-management-suite.aspx?linkId=13949724
- In-Depth Demo Recap at: http://aka.ms/BradIgniteRecap
Content (co-)creation and sharing using Office, Skype For Business, HoloLens, etc
- General: http://blogs.office.com/2015/05/04/modern-productivity-office-news-at-ignite/
- Microsoft HoloLens
  - Shows holograms in real life.
  - Can collaborate with others regardless of location
    - Has Skype built-in
  - Video example: https://www.youtube.com/watch?v=aThCr0PsyuA
  - For more info: https://www.microsoft.com/microsoft-hololens/en-us
- Office co-creation options built-in and leveraging cloud file services like OneDrive and Dropbox.
- Office, Office 365 and Office Server products
  - Security and data leakage prevention is very important
  - Office 2016
    - Office 2016 desktop supports real-time collaboration
    - Outlook swipes are customizable
    - Team Group conversation in Outlook 2016
    - For more info:
      - http://blogs.office.com/2015/05/04/office-2016-public-preview-now-available/
      - https://blogs.office.com/2015/05/04/modern-productivity-office-news-at-ignite/
  - Office 365 and Office Server products
    - Office Delve
      - Office Delve surfaces personalized content to you from across Office 365. Powered by the Office Graph, Delve shows you information based on what you’re working on and what’s trending around you – across Office 365.
        
        Integration with other services like SalesForce possible.
        
        Can be used to find people/groups with specific interests/skills.
        
        Office 365 Groups “hub” is available
        
        Might replace SharePoint team sites
      - For more info:
        
        https://support.office.com/en-us/article/What-is-Office-Delve-1315665a-c6af-4409-a28d-49f8916878ca
        
        https://products.office.com/en-us/business/explore-office-delve
        
        http://blogs.office.com/2014/03/11/introducing-codename-oslo-and-the-office-graph/
    - Office Sway
      - Sway is an app for expressing your ideas in an entirely new way, across your devices. See: https://sway.com/
      - Video: https://www.youtube.com/watch?v=Jw-g6IuBVJE
      - Coming to Office 365 for business and education next month
      - For more info:
        
        http://blogs.office.com/2015/05/04/sway-announces-office-365-and-languages/
        
        http://blogs.office.com/2015/05/04/modern-productivity-office-news-at-ignite/
        
        https://sway.com/
    - SharePoint Server 2016
      - Video Portal
        
        Sort of an enterprise YouTube.
      - For more info:
        
        http://blogs.office.com/2015/02/02/evolution-sharepoint/
        
        http://blogs.office.com/2015/04/16/sharepoint-server-2016-update/
    - Exchange Server 2016
      - Fore more info:
        
        http://blogs.technet.com/b/exchange/archive/2015/04/15/coming-soon-a-first-look-at-exchange-server-2016.aspx
    - Real-Time collaboration using Skype for Business, Office Online and Power-BI
      - Power-BI
        
        Simply adding two graphs and combining them by dropping one on the other.
      - Skype for Business
        
        Coming Q3
        
        In a Skype meeting a link to a document is included. When presenter opens document, it will be opened through Office Online in a browser for attendees as well.
        
        Ink-back, touch-back is for two-way inking (multiple people adding notes with pen).
        
        Skype broadcast in Office 365 is easy to use
        
        Native video interoperability with Cisco Tandberg VTCs
        
        In-place upgrade from Lync Server 2013
        
        For more info:
        
        http://blogs.office.com/2015/05/04/skype-for-business-gains-momentum/
        
        https://technet.microsoft.com/en-us/library/gg398616.aspx
Azure
- Multitude of azure announcements http://azure.microsoft.com/blog/2015/05/04/azure-shines-bright-at-ignite/

2 Comments

Posted by Bjorn Houben on May 5, 2015 in Automation, Azure, Backup, Cloud, Data center, Exchange Server 2016, Hardware, HoloLens, ICT, Internet, Microsoft, Microsoft Azure Stack, Network, Office, Office 2016, Office Delve, Office Sway, OneDrive, Power BI, Powershell, Private cloud, Public Cloud, Security, SharePoint Server 2016, Skype for Business, SQL Server, Storage, System Center, System Center 2016, Windows, Windows 10, Windows Server 2016

Tags: "Microsoft Ignite", #MSIgnite, Active Directory, Azure, Azure Active Directory, Azure AD RMS, Azure Stack, Cloud, Conditional Access, Cortana, Delve, device guard, EMS, Enterprise Mobility Suite, HoloLens, hybrid cloud, Hyper-V, Ignite, Intune, MAM, Microsoft Azure Stack, Microsoft Edge, Microsoft Hello, Microsoft Intune, Microsoft Passport, Mobile Application Management, MS Ignite, multi cloud, Nano, Nano Server, nested virtualisation, nested virtualization, Office 365, Office Delve, Office Sway, OMS, Operations Management Suite, Power BI, Project Spartan, RemoteApp, RMS, SCCM, Secure boot, SharePoint Server 2016, Spartan, SQL Server 2016, Sway, System Center 2016, Technical Preview 2, universal app, Windows 10, Windows Server 2016, Windows Update, Windows Update For Business

Create Active Directory Visio diagram automatically using Active Directory Topology Diagrammer ADTD

13 Jun

One of the least favorite tasks of many administrators is to document. Good administrators also don’t want to manually do things when it can be automated. This is where Active Directory Topology Diagrammer (ADTD) can help to automate documenting your Active Directory environment.

Recently I have been working on a new Active Directory OU design and used the Active Directory Topology Diagrammer to create a Visio diagram for the AS-IS situation. I have to say it worked great. Keep in mind though that it will show the OUs and not any other containers.

Besides documenting AD OUs, the Active Directory Topology Diagrammer can document many other things as well. Take a look at the article “How To Use The Active Directory Topology Diagrammer” or play around with it yourself to see what it can do.

The tool can also be very helpful when:

You’re in a new environment and need to get a quick overview of the Active Directory.
When there’s no documentation available or when the available documentation is outdated.
When you’re auditing the quality of documentation.

For more tools, take a look at my website: http://bjornhouben-web.sharepoint.com/Lists/Applications/Summary.aspx

Leave a comment

Posted by Bjorn Houben on June 13, 2013 in Automation, ICT, Microsoft, Tools, Windows, Windows 2003, Windows 2008

Tags: Active Directory, Active Directory Topology Diagrammer, AD, ADTD, automate, automation, Diagram, document, document active directory, document AD, documentation, Microsoft, tool, Visio, Windows, Windows Server

PowerShell – Get-GroupMemberships

20 Feb

This script determines the group membership of Active Directory users.

In this case, some users are member of multiple functional groups (groupname “*-core”), while the design assumes a user can only be a member a single functional group. This script helps determine the functional groups they are a member of.

Especially with a large number of users, scripting will save you a lot of time.

Leave a comment

Posted by Bjorn Houben on February 20, 2013 in ICT, Microsoft, Powershell, Windows, Windows 2008, Windows 2012

Tags: Active Directory, Active Directory Directory Services, AD User, ADDS, automate, Directory Services, group, group membership, groups, ICT, Microsoft, Powershell, Script, user, users

Microsoft – Resources to get more familiar with Active Directory Federation Services (ADFS)

12 Feb

Nowadays more and more work, communication and collaboration involves multiple external parties. This can involve by example employees, customers, partners, suppliers, cloud providers/platforms/applications.

This means it is becoming increasingly important to have proper authentication and authorization methods in place for single sign on (SSO) so users can be more productive. Besides the ease-of-use It can also lead to better security.

Microsoft’s Active Directory Federation Services (ADFS) will make this possible. For more information on ADFS, here are some resources. Keep in mind though that while some information may be outdated, it will give you a broad idea of the concept and the inner workings. The current version of ADFS in Windows Server 2012 is 2.1 , while Windows Server 2008 uses 2.0

PS: Microsoft is moving more and more towards claims based authentication. Examples include Windows Server 2012 Dynamic Access Control and also SharePoint 2013 that has switched to claims based authentication by default now.

If you have some other resources that might be useful, please let me know so I can add them as well.

Leave a comment

Posted by Bjorn Houben on February 12, 2013 in Exchange Online, ICT, Lync Online, Microsoft, Office 365, Powershell, Security, Sharepoint Online, Windows, Windows 2003, Windows 2008, Windows 2012

Tags: Access control, Active Directory, Active Directory Federation Services, ADFS, ADFS 2.0, ADFS 2.1, authentication, authorization, Azure, Cloud, configure, configuring, Deploy, deploying, Dynamic Access Control, federated identity, ForeFront UAG, IAAS, ICT, jump start, Microsoft, Microsoft Intune, Office 365, PKI, plan, security, Sharepoint, Sharepoint online, singe-sign-on, Single Sign On, SSO, Technet, Threat Management Gateway, TMG, UAG, Universal Access Gateway, virtual lab, Windows Azure, Windows Server 2008, Windows Server 2012

Microsoft – Security Compliance Manager 3.0 (SCM) has been released

02 Feb

Microsoft has released the Security Compliance Manager 3.0 (SCM). This version includes support for Windows Server 2012, Windows 8, and Internet Explorer 10.

SCM enables you to quickly configure and manage computers and your private cloud using Group Policy and Microsoft System Center Configuration Manager. It provides ready-to-deploy policies and DCM configuration packs based on Microsoft Security Guide recommendations and industry best practices, allowing you to easily manage configuration drift, and address compliance requirements for Windows operating systems and Microsoft applications.

Basically in SCM 3.0 you can use predefined baselines, customize them or create completely new ones. Then you can export it from SCM 3.0 and apply it using an Active Directory GPO. To do this, create a new GPO in Group Policy Management, right click the GPO, import settings and complete the wizard.

You can also export existing GPO and then import it into SCM 3.0 and compare the differences.

Leave a comment

Posted by Bjorn Houben on February 2, 2013 in ICT, Microsoft, Security, System Center Configuration Manager 2012, Tools, Windows, Windows 2003, Windows 2008, Windows 2012, Windows 8

Tags: Active Directory, AD, best practice, ConfigMgr, DCM configuration, GPO, Internet Explorer 10, policies, policy, Private Cloud, SCCM, SCM, SCM 3.0, Security Compliance Manager, Security Compliance Manager 3.0, settings, System Center Configuration Manager, System Center Configuration Manager 2007, System Center Configuration Manager 2012, Windows, Windows 8, Windows Server 2012

Apple – Notes / summary for the “OS X Support Essentials 10.8 Exam”

28 Jan

As I already wrote in yesterday’s post Apple – Notes / summary for the “Mac Integration Basics 10.8 Exam”, I’ve mainly been working with Microsoft products all my life. Since recently however, I’m also trying to get more familiar with Apple, Mac products and OS X and am trying to become certified.

One of the reasons, I’d never used Apple products before was because I never really deemed it necessary. Nowadays the number of Mac users seem to be growing and there is more demand for people with Mac / OS X knowledge.

As such my quest for knowledge and certification began. For me personally this meant:

Using Apple online resources
Reading books (mainly the great book Apple Pro Training Series: OS X Support Essentials. Before purchasing, you might also want to look for coupon codes as it might save you 30% off or more.)
Watching computer based training (CBT) videos
Working with OS X (thanks go out to my employer Open Line for providing me with a MacBook Pro, books and most importantly … TIME)
- Personally I didn’t think it was necessary to take a course at a training center, but some people might prefer this.
Asking colleagues for help (thanks guys !!!)
Making sure that I understood everything and if it wasn’t the case, look it up.
Taking notes / creating this summary blog post that can be used as a reference if needed
Testing my knowledge using test questions from Revise IT

I’ve taken the exam last friday and passed with 92.5%. Even though I think it was a pretty good score, I still had to make some educated guesses. This made me realize that there’s still a lot to learn and that getting more experience is important as well.

I also want to mention that I took the exam at LAI the training institute for IT professionals in Schiedam (The Netherlands). They were really kind, helpful and service oriented. The waiting area and test room were great and they even provided a pastry and all kind of drinks at no charge. This has been my best test taking experience to date, so keep up the good work guys.

I’m looking forward to attending the OS X Server 10.8 course at LAI the training institute for IT professionals at the end of March. I’ll try to create another blog post about this as well.

But now back to the important stuff, here are my notes/summary. I hope it is useful. If you find any errors or have any suggestions, please leave a comment.

Notes / summary for the “OS X Support Essentials 10.8 Exam”

Read the rest of this entry »

13 Comments

Posted by Bjorn Houben on January 28, 2013 in Apple, ICT, Learning, OS X

Tags: .mobileconfig, .Spotlight-v100, .spx, 32-bit, 64-bit, 802.1X, About this Mac, Access Control Entries, Access Control Lists, accessibility, ACE, ACL, ACSP, ACTC, Active Directory, Activity Monitor, AD, ad-hoc, ad-hoc network, Address Book, Address Resolution Protocol, address space layout randomization, Administrative user, advanced search, Advanced Technology Attachment, AES, AFP, AFP 2, AFP 3.1, Agents, AirDrop, Alias, alternative data stream, AoL, APIPA, APM, App Store, appfirewall.log, Apple, Apple Certified Associate, Apple Certified Associate - Mac Integration 10.8, Apple Certified Support Professional, Apple Certified Support Professional (ACSP) 10.8, Apple Certified Technical Coordinator (ACTC), Apple Certified Technical Coordinator (ACTC) 10.8, Apple Filing Protocol, Apple Hardware Test, Apple ID, Apple Mac OS X, Apple menu, Apple online mail Setup Assistant, Apple Partition Map, Apple Remote Desktop, Apple Rmeote Desktop, AppleFileServer, AppleScript, AppleVNCServer, application, Application Resource Troubleshooting, Application Sandboxing, Application Support, Application Troubleshooting, Applications, ARD, ARDagent, ARP, assistive technologies, Associate certification for Mac Integration, audio conferencing, authentication, authorize, auto discover, Auto Resume, Auto Save, Automatic Resume, automatic updates, Automator, backlight, backup, Backups.backupdb, backwards compatible, bidirectional, binary encoded, Bluetooth, Bluetooth PAN, BlueTooth Preferences, Bluetooth shairng, Bonjour, Boot Camp, boot rom version, boot.efi, bootd, booter, bootpd, browser, BSSID, Build, bundles, cable, cabling, CalDAV, Calendars, Calendears, camera, Carbon, CardDAV, central software update server, certificate, Certificate assistant, certificates, certification, certify, chmod, chown, CIDR, CIFS, Cisco IPSec, Classic Compatibility environment, Classless Inter Domain Routing, Classless InterDomain Routing, CLI, client-server architecture, Cocoa, code signed, collaboration services, command, Command Line Interface, Commands, Common Unix Printing System, configuration, Configuration Profile, Connect To Server, Connection Doctor, Console, Contacts, Core Audio framework, corrupt, corruption, CPU, Cross Platform, CrytpoCard, CUPS, customization, Daemons, daisy-chained, dark-wake, dark-wakes, dark-waking, darkwake, darkwakes, Dashboard, data management, deactivate, delete, desktop, Device driver, DFS, DHCP, DHCP services, diagnose, diagnostic, digital camera, digital display, Directory, Directory utility, disconnect, Discoverable mode, disk images, Disk Utility, display, DisplayPort, Distributed File Service, DNS, DNS services, Dock, Document management, Document Versions, documents, Domain Naming System, downloads, drag-and-drop installation, Driver, Drop Box, dscacheutil -flushcache, Dual-Link DVI, duplex, Duplicate, DVD or CD sharing, DVI, dynamic disk repartition, dynamic disk repartitioning, Dynamic Host Configuration Protocol, Dynamic memory, Dynamic service discovery, e-mail, effective permissions, EFI, eject, Encrypted IMAP, Encrypted POP, Encrypted SMTP, encryption, Ethernet, Everyone, EWS, Exam, Exchange, Exchange Web Services, Execute, execute disable, ExFAT, expansion buses, export, ExpressCard 34, Extended File Allocation Table, eXtensible Messaging and Presence Protocol, Extensions, Facebook, FAT, FAT32, Fibre Channel, File Allocation Table, file archives, File Quarantine, file server, File shairng, File share, File Sharing, file sharing protocols, File Sharing services, file system, File System shortcuts, file systems, fileserver, FileVault, FileVault 2, FileVault2, Find My iPhone, Find My Mac, Finder, Finger, Firewall, Firewire, firmware, Firmware Password Utility, flash disk, flash drive, Flash Storage, flickr, font, Fonts, force quit, forked file system, forward lookup, Framework plug-in, Framworks, Free Berkely Software Distribution, FreeBSD, fsck, FTP, FTPS, full disk encryption, full restore, Gatekeeper, Gbit, Get Info, Gigabit, Gmail, Go, Gopher, GPRS/3G, GPT, group, guest, guest user, gui, GUID, hard link, hardware, HDMI, hex, HID, hidden files, hidden folders, hidden items, home folder, Host Sharing Services, HP Jetdirect, HTTP, HTTPS, hub, Human Input Device, iChat, iCloud, iCloud iMessage, iClpid integration, IEEE-1394, IM, iMac, Image Capture App, Image Capture Framework, IMAP, iMessage, import, incorrect, index rebuild, Info, Inspector, installation method, installation package, InstallESD.dmg, Instant Messaging, internet, Internet Printing Protocol, Internet protocol, iOS, IP, IP address, iPad, iPhone, iPod, IPP, IPsec, IPv4, IPv6, iTunes, Jabber, Java applications, Java preferences, Java SE 6, Java SE 7, Journaled, Kerberos, kernel, Kernel Extension, kernel_task, KEXT, Keyboard, keychain, Keychains, Keynote, killall -HUP mDNSResponder, L2TP, L2TP over IPsec, LaunchAgents, launchd, LaunchDaemons, Launchpad, LDAP, Legacy AFP, Legacy Applications, Legacy FileVault, library, Library Randomization, Line Printer Daemon, link-local, listening key, local snapshot, location services, lock, lock screen, Login Keychain, login message, loginwindow, logout, Logs, Lookup, LPD, mac, MAC address, Mac App Store, Mac App Store and identified developers, Mac Integration Basics 10.8, Mac Integration Basics 10.8 Exam, Mac mini, Mac OS Extended, Mac OS X, Mac OS X 10.8 Mountain Lion, Mac Pro, MacBook, MacBook Air, MacBook Pro, machine authentication, mail, malware, managed user, manual restore, MAPI, Master Boot Record, Master Password, MAx OS Extended (Journaled), Maximum Transmission Unit, MBR, MCS, MDM, memory, Messages, Messages Screen Sharing, Messaging services, metadata, Microsoft Exchange, Migration Assistant, mobile device management, modifier keys, Modulation and Coding Scheme, mount, Mountain Lion, Mouse, mouse keys, Movies, MS DOS, MTU, Music, named, NAT, natd, Native OS X applications, Netbios, NetBoot, Netstat, network, Network Address Translation, network configuration, Network Diagnostics, Network File System, Network folder, network servcies, Network Service, network service account settings, Network Utility, NFS, NIS, No Access, notes, notifications, Numbers, NVRAM, octet, Open Directory, Open in Low Resolution, Open Systems Interconnection Reference model, OpenType, Oracle, Organizationally unique identifier, OS X, OS X 10.8, OS X 10.8 Mountain Lion, OS X internet recovery, OS X Launch Services, OS X Mountain Lion, OS X Recovery, OS X Server, OSI, OSI model, OUI, Outline fonts, Owner, packages, Pages, pair, parental controls, paring, partitioning, Password, password hint, passwords, PCI Express, PCIe, PDF, PDF tools, peer-to-peer, per-user authentication, peripheral buses, peripherals, Permissions, Personal Firewall, Photo Stream, PHY, Pictures, PID, Ping, plist, Point-to-Point Protocol over Ethernet, Point-to-Point Tunneling Protocol, policy banner, POP, port, Port Scan, Portable Document Format, ports, POSIX, POST, PostScript, PostScript Printer Description, Power Nap, Power On Self Test, PowerNap, PowerPC, PPD, PPoE, PPTP, preference file, PreferencePanes, Preferences, Preview, print, Print & Scan, print job, printer queue, Printer Sharing, printer spool, Printing, privacy, Process Features, Process ID, Process Security, Process Types, profile, Profile Manager, profiles, property list, Protected memory, protocols, Proxy, public, Quick Look, QuickTime, raid, Read, Read & Write, Read Only, Real Mem, Received Signal Strength Indication, reconnect, recovery, Recovery Disk Assistant, Recovery Key, referral, Remote Apple Events, Remote Disc, Remote Login, Remote Management, Reset permissions, resetpassword, restore, restore DVD, Retina, Retina display, Reverse lookup, Root, Root user, Rosetta, RSA SecurID, RSSI, RTSP, S-Video, Safari, safe boot, safe downloads list, Safe Sleep, sandbox, Sandboxing, SATA, Scanner sharing, Screen Sharing, SCSI, Secure Empty Trash, secure erase, Secure FTP, secure memory, security, Security & Privacy, self-assigned, Serial ATA, Serial Attached SCSI, Serial Number, Server Message Block, Services For Macintosh, Setup Assistant, SFM, SFTP, Shared, shared secret, sharing only user, shortcuts, Shutdown, side-by-side, Sidebar, Single Sign On, single user mode, Sites, sleep mode, Small Computer System Interface, SMB, smbd, SMTP, Socks, speakable items, speed, spoken commands, spool, Spotlight, Spotlight index, spotlight plug-ins, spotlight search, srm, SSD, SSH, SSH daemon, SSH File Transfer Protocol, sshd, SSO, standard user, Startup Items, startup keyboard shortcut, startup keyboard shortcuts, startup shortcuts, StartupItems, StdExclusions.plist, Stealth, Stealth mode, sticky keys, storage, storage buses, sudo, summary, Symbolic link, Symmetric multiprocessing, system, System Administrator, System information, system kernel, system launchd, System Memory, System Preferences, System Profiler, System resources, System Screen Sharing, System Security, System Security Settings, system sleep, system startup, SystemStarter, target disk mode, TCP, TCP/IP, Terminal, TextEdit, Thunderbolt, Time Capsule wireless base station, Time Machine, Time Machine local snapshot, TOSLINK, Traceroute, trackpad, Trash, troubleshooting, Troubleshooting Utility, TrueType, Twitter, UDP, UEFI, UFS, Universal Serial Bus, Universally Unique ID, UNIX, UNIX BSD, UNIX commands, Unix File System, UNIX permissions, unmount, update, updating applications, USB, USB cellular, user, user account, user account information, User authentication, User Datagram Protocol, user launchd, users, Users & Groups, UUID, vector fonts, verbose logging, Verbose mode, verification, VGA, video conferencing, vimeo, virtual interface, Virtual Private Network, VMware Fusion, VNC, VoiceOver, VPN, VPN on demand, web site, WebDAB, website, WEP, What's Keeping Me, Whois, wi-fi, Wi-Fi Diagnostics, Wide-Area Bonjour, Widget, Widgets, Windows, Windows Server, Windows Server 2008, WINS, WKM, workflow, WPA, WPA Enterprise, WPA2, WPA2 Enterprise, Write, Write Only, XML, XMPP, XProtect.plist, Xserve, Yahoo, Zero Configuration Networking, Zeroconf, zip, zoom

PowerShell – Determine which Active Directory objects are protected from accidental deletion

09 Jan

In yesterday’s post I showed some commands to protect all or specific Active Directory objects from accidental deletion.

In some situations (by example preparing for a change) you might want to know which objects are protected from accidental deletion and which are not. Also when multiple people make changes in an Active Directory it might prove difficult to keep track of the changes.

To determine the protection status of AD objects, I use a script that checks the ACL of the AD Object. When Everyone is explicitly Denied access, it is protected from accidental deletion.

Leave a comment

Posted by Bjorn Houben on January 9, 2013 in Automation, ICT, Microsoft, Powershell, Windows, Windows 2008, Windows 2012

Tags: Active Directory, AD, automation, Microsoft, Powershell, protect from accidental deletion, protected from accidental deletion, Script, Scripting, Windows, Windows Server, Windows Server 2008, Windows Server 2012

PowerShell – Protect Active Directory objects from accidental deletion

08 Jan

In a previous blog post I explained how to enable the Active Directory Recycle Bin which allows you to restore deleted active directory object.

But even though it’s great to be able to restore objects, it is even better to prevent accidental deletion. What accidental deletion basically does, is modify the permissions on an AD object to Deny Everyone so you won’t be able to delete it by accident.

More information about protection from accidental deletion can be found in “Preventing Unwanted/Accidental deletions and Restore deleted objects in Active Directory” and “Windows Server 2008 Protection from Accidental Deletion“.

In Windows Server 2012 with all the new cmdlets, it has become much easier to enable protection from accidental deletion.

By example, you could use these commands:

#Get-ADobject class names
get-adobject -filter * | select objectclass | group objectclass

#Protect specific AD object classes from accidental deletion
get-adobject -filter * | where{($_.ObjectClass -eq “container”) -or ($_.ObjectClass -eq “organizationalunit”) -or ($_.ObjectClass -eq “user”) -or ($_.ObjectClass -eq “group”) -or ($_.ObjectClass -eq “computer”)} | Set-ADObject -ProtectedFromAccidentalDeletion $true

#Protect all AD organizational units from accidental deletion
Get-ADOrganizationalUnit -filter * | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

#Protect all AD objects from accidental deletion
Get-ADobject -filter * | Set-ADObject -ProtectedFromAccidentalDeletion $true

1 Comment

Posted by Bjorn Houben on January 8, 2013 in Automation, ICT, Microsoft, Powershell, Windows, Windows 2008, Windows 2012

Tags: accidental deletion, Active Directory, AD, automation, Microsoft, Powershell, protect from accidental deletion, protection from accidental deletion, Script, Scripting, Windows, Windows Server, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

PowerShell – Lower the Active Directory functional level

06 Jan

I’ve been around in the Windows world for quite some time and have studied quite a bit as well. As such I have always been taught that upgrading the functional level was irreversible. It also didn’t help that I got my Windows 2008 certification through beta exams before R2 was released and even before there were any books available.

Thanks to this blog post however, it came to my attentention that it is possible to lower the Forest and Domain Functional Level from 2008R2 to 2008 or from 2012 to 2008R2.

All of this can only be done using PowerShell as you can read in “Step by Step guide to lower Active Directory functional level” by Aman Sahota.

Leave a comment

Posted by Bjorn Houben on January 6, 2013 in ICT, Learning, Microsoft, Tutorials, Windows, Windows 2012

Tags: Active Directory, AD, domain functional level, forest functional level, functional level, guide, lower domain functional level, lower forest functional level, lower functional level, Powershell, raise domain functional level, raise forest functional level, raise functional level, step by step, step-by-step guide

PowerShell – Enable Active Directory Recycle Bin

04 Jan

Many companies and people in the past have encountered where they lost users, groups or other resources from Active Directory either by disaster or human error. Since Windows Server 2008 R2, you can use the Active Directory Recycle Bin to easily recover from this.

The AD Recycle Bin features requires a forest functional level of Server 2008 R2 or higher and is disabled by default. Also, once it has been enabled it cannot be disabled.

With Windows Server 2008 R2 you could only enable the AD Recycle Bin using Windows PowerShell and you could also only restore objects using CLI. With Windows Server 2012 you can both enable and restore very easily from the GUI using Active Directory Administrative Center (ADAC).

The script can be found here.

The script basically performs the following steps:

Determine the current forest.
Use parts of the current forest name to dynamically generate a command that is appropriate for every environment to enable the Active Directory Recycle Bin Feature.
If the Active Directory Recycle Bin Feature hasn’t been enabled yet, enable it.

Even though it has become very easy to do using the GUI in Windows Server 2012, automating is Always better. Therefore I also added it to the script I used in: Home LAB Setup guide – 04 Configuring Server 2012 VM as DC with DNS and DHCP using PowerShell

1 Comment

Posted by Bjorn Houben on January 4, 2013 in Automation, ICT, Learning, Microsoft, Powershell, Tutorials, Windows, Windows 2012

Tags: Active Directory, active directory recycle bin, AD, AD Recycle Bin, automation, Powershell, recycle bin, Script, Scripting, Windows

blog.bjornhouben.com

Tag Archives: Active Directory

Create Active Directory Visio diagram automatically using Active Directory Topology Diagrammer ADTD

Microsoft – Security Compliance Manager 3.0 (SCM) has been released

PowerShell – Determine which Active Directory objects are protected from accidental deletion

PowerShell – Protect Active Directory objects from accidental deletion

PowerShell – Lower the Active Directory functional level

PowerShell – Enable Active Directory Recycle Bin

Bloglovin

Planet PowerShell

Recent blog posts

Categories

Search

Tag cloud

Links

Archives

Disclaimer

Blogroll

Tag Archives: Active Directory

Share using:

Like this:

Share using:

Like this:

Share using:

Like this:

Share using:

Like this:

Share using:

Like this:

Notes / summary for the “OS X Support Essentials 10.8 Exam”

Share using:

Like this:

Share using:

Like this:

Share using:

Like this:

Share using:

Like this:

Share using:

Like this:

Bloglovin

Planet PowerShell

Recent blog posts

Categories

Search

Tag cloud

Links

Archives

Disclaimer

Blogroll