One of the least favorite tasks of many administrators is to document. Good administrators also don’t want to manually do things when it can be automated. This is where Active Directory Topology Diagrammer (ADTD) can help to automate documenting your Active Directory environment.
Recently I have been working on a new Active Directory OU design and used the Active Directory Topology Diagrammer to create a Visio diagram for the AS-IS situation. I have to say it worked great. Keep in mind though that it will show the OUs and not any other containers.
Besides documenting AD OUs, the Active Directory Topology Diagrammer can document many other things as well. Take a look at the article “How To Use The Active Directory Topology Diagrammer” or play around with it yourself to see what it can do.
The tool can also be very helpful when:
- You’re in a new environment and need to get a quick overview of the Active Directory.
- When there’s no documentation available or when the available documentation is outdated.
- When you’re auditing the quality of documentation.
For more tools, take a look at my website: http://bjornhouben-web.sharepoint.com/Lists/Applications/Summary.aspx
Like this:
Like Loading...
Tags: Active Directory, Active Directory Topology Diagrammer, AD, ADTD, automate, automation, Diagram, document, document active directory, document AD, documentation, Microsoft, tool, Visio, Windows, Windows Server
Microsoft has released the Security Compliance Manager 3.0 (SCM). This version includes support for Windows Server 2012, Windows 8, and Internet Explorer 10.
SCM enables you to quickly configure and manage computers and your private cloud using Group Policy and Microsoft System Center Configuration Manager. It provides ready-to-deploy policies and DCM configuration packs based on Microsoft Security Guide recommendations and industry best practices, allowing you to easily manage configuration drift, and address compliance requirements for Windows operating systems and Microsoft applications.
Basically in SCM 3.0 you can use predefined baselines, customize them or create completely new ones. Then you can export it from SCM 3.0 and apply it using an Active Directory GPO. To do this, create a new GPO in Group Policy Management, right click the GPO, import settings and complete the wizard.
You can also export existing GPO and then import it into SCM 3.0 and compare the differences.
Like this:
Like Loading...
Tags: Active Directory, AD, best practice, ConfigMgr, DCM configuration, GPO, Internet Explorer 10, policies, policy, Private Cloud, SCCM, SCM, SCM 3.0, Security Compliance Manager, Security Compliance Manager 3.0, settings, System Center Configuration Manager, System Center Configuration Manager 2007, System Center Configuration Manager 2012, Windows, Windows 8, Windows Server 2012
As I already wrote in yesterday’s post Apple – Notes / summary for the “Mac Integration Basics 10.8 Exam”, I’ve mainly been working with Microsoft products all my life. Since recently however, I’m also trying to get more familiar with Apple, Mac products and OS X and am trying to become certified.
One of the reasons, I’d never used Apple products before was because I never really deemed it necessary. Nowadays the number of Mac users seem to be growing and there is more demand for people with Mac / OS X knowledge.
As such my quest for knowledge and certification began. For me personally this meant:
- Using Apple online resources
- Reading books (mainly the great book Apple Pro Training Series: OS X Support Essentials. Before purchasing, you might also want to look for coupon codes as it might save you 30% off or more.)
- Watching computer based training (CBT) videos
- Working with OS X (thanks go out to my employer Open Line for providing me with a MacBook Pro, books and most importantly … TIME)
- Personally I didn’t think it was necessary to take a course at a training center, but some people might prefer this.
- Asking colleagues for help (thanks guys !!!)
- Making sure that I understood everything and if it wasn’t the case, look it up.
- Taking notes / creating this summary blog post that can be used as a reference if needed
- Testing my knowledge using test questions from Revise IT
I’ve taken the exam last friday and passed with 92.5%. Even though I think it was a pretty good score, I still had to make some educated guesses. This made me realize that there’s still a lot to learn and that getting more experience is important as well.
I also want to mention that I took the exam at LAI the training institute for IT professionals in Schiedam (The Netherlands). They were really kind, helpful and service oriented. The waiting area and test room were great and they even provided a pastry and all kind of drinks at no charge. This has been my best test taking experience to date, so keep up the good work guys.
I’m looking forward to attending the OS X Server 10.8 course at LAI the training institute for IT professionals at the end of March. I’ll try to create another blog post about this as well.
But now back to the important stuff, here are my notes/summary. I hope it is useful. If you find any errors or have any suggestions, please leave a comment.
Notes / summary for the “OS X Support Essentials 10.8 Exam”
Read the rest of this entry »
Like this:
Like Loading...
Tags: .mobileconfig, .Spotlight-v100, .spx, 32-bit, 64-bit, 802.1X, About this Mac, Access Control Entries, Access Control Lists, accessibility, ACE, ACL, ACSP, ACTC, Active Directory, Activity Monitor, AD, ad-hoc, ad-hoc network, Address Book, Address Resolution Protocol, address space layout randomization, Administrative user, advanced search, Advanced Technology Attachment, AES, AFP, AFP 2, AFP 3.1, Agents, AirDrop, Alias, alternative data stream, AoL, APIPA, APM, App Store, appfirewall.log, Apple, Apple Certified Associate, Apple Certified Associate - Mac Integration 10.8, Apple Certified Support Professional, Apple Certified Support Professional (ACSP) 10.8, Apple Certified Technical Coordinator (ACTC), Apple Certified Technical Coordinator (ACTC) 10.8, Apple Filing Protocol, Apple Hardware Test, Apple ID, Apple Mac OS X, Apple menu, Apple online mail Setup Assistant, Apple Partition Map, Apple Remote Desktop, Apple Rmeote Desktop, AppleFileServer, AppleScript, AppleVNCServer, application, Application Resource Troubleshooting, Application Sandboxing, Application Support, Application Troubleshooting, Applications, ARD, ARDagent, ARP, assistive technologies, Associate certification for Mac Integration, audio conferencing, authentication, authorize, auto discover, Auto Resume, Auto Save, Automatic Resume, automatic updates, Automator, backlight, backup, Backups.backupdb, backwards compatible, bidirectional, binary encoded, Bluetooth, Bluetooth PAN, BlueTooth Preferences, Bluetooth shairng, Bonjour, Boot Camp, boot rom version, boot.efi, bootd, booter, bootpd, browser, BSSID, Build, bundles, cable, cabling, CalDAV, Calendars, Calendears, camera, Carbon, CardDAV, central software update server, certificate, Certificate assistant, certificates, certification, certify, chmod, chown, CIDR, CIFS, Cisco IPSec, Classic Compatibility environment, Classless Inter Domain Routing, Classless InterDomain Routing, CLI, client-server architecture, Cocoa, code signed, collaboration services, command, Command Line Interface, Commands, Common Unix Printing System, configuration, Configuration Profile, Connect To Server, Connection Doctor, Console, Contacts, Core Audio framework, corrupt, corruption, CPU, Cross Platform, CrytpoCard, CUPS, customization, Daemons, daisy-chained, dark-wake, dark-wakes, dark-waking, darkwake, darkwakes, Dashboard, data management, deactivate, delete, desktop, Device driver, DFS, DHCP, DHCP services, diagnose, diagnostic, digital camera, digital display, Directory, Directory utility, disconnect, Discoverable mode, disk images, Disk Utility, display, DisplayPort, Distributed File Service, DNS, DNS services, Dock, Document management, Document Versions, documents, Domain Naming System, downloads, drag-and-drop installation, Driver, Drop Box, dscacheutil -flushcache, Dual-Link DVI, duplex, Duplicate, DVD or CD sharing, DVI, dynamic disk repartition, dynamic disk repartitioning, Dynamic Host Configuration Protocol, Dynamic memory, Dynamic service discovery, e-mail, effective permissions, EFI, eject, Encrypted IMAP, Encrypted POP, Encrypted SMTP, encryption, Ethernet, Everyone, EWS, Exam, Exchange, Exchange Web Services, Execute, execute disable, ExFAT, expansion buses, export, ExpressCard 34, Extended File Allocation Table, eXtensible Messaging and Presence Protocol, Extensions, Facebook, FAT, FAT32, Fibre Channel, File Allocation Table, file archives, File Quarantine, file server, File shairng, File share, File Sharing, file sharing protocols, File Sharing services, file system, File System shortcuts, file systems, fileserver, FileVault, FileVault 2, FileVault2, Find My iPhone, Find My Mac, Finder, Finger, Firewall, Firewire, firmware, Firmware Password Utility, flash disk, flash drive, Flash Storage, flickr, font, Fonts, force quit, forked file system, forward lookup, Framework plug-in, Framworks, Free Berkely Software Distribution, FreeBSD, fsck, FTP, FTPS, full disk encryption, full restore, Gatekeeper, Gbit, Get Info, Gigabit, Gmail, Go, Gopher, GPRS/3G, GPT, group, guest, guest user, gui, GUID, hard link, hardware, HDMI, hex, HID, hidden files, hidden folders, hidden items, home folder, Host Sharing Services, HP Jetdirect, HTTP, HTTPS, hub, Human Input Device, iChat, iCloud, iCloud iMessage, iClpid integration, IEEE-1394, IM, iMac, Image Capture App, Image Capture Framework, IMAP, iMessage, import, incorrect, index rebuild, Info, Inspector, installation method, installation package, InstallESD.dmg, Instant Messaging, internet, Internet Printing Protocol, Internet protocol, iOS, IP, IP address, iPad, iPhone, iPod, IPP, IPsec, IPv4, IPv6, iTunes, Jabber, Java applications, Java preferences, Java SE 6, Java SE 7, Journaled, Kerberos, kernel, Kernel Extension, kernel_task, KEXT, Keyboard, keychain, Keychains, Keynote, killall -HUP mDNSResponder, L2TP, L2TP over IPsec, LaunchAgents, launchd, LaunchDaemons, Launchpad, LDAP, Legacy AFP, Legacy Applications, Legacy FileVault, library, Library Randomization, Line Printer Daemon, link-local, listening key, local snapshot, location services, lock, lock screen, Login Keychain, login message, loginwindow, logout, Logs, Lookup, LPD, mac, MAC address, Mac App Store, Mac App Store and identified developers, Mac Integration Basics 10.8, Mac Integration Basics 10.8 Exam, Mac mini, Mac OS Extended, Mac OS X, Mac OS X 10.8 Mountain Lion, Mac Pro, MacBook, MacBook Air, MacBook Pro, machine authentication, mail, malware, managed user, manual restore, MAPI, Master Boot Record, Master Password, MAx OS Extended (Journaled), Maximum Transmission Unit, MBR, MCS, MDM, memory, Messages, Messages Screen Sharing, Messaging services, metadata, Microsoft Exchange, Migration Assistant, mobile device management, modifier keys, Modulation and Coding Scheme, mount, Mountain Lion, Mouse, mouse keys, Movies, MS DOS, MTU, Music, named, NAT, natd, Native OS X applications, Netbios, NetBoot, Netstat, network, Network Address Translation, network configuration, Network Diagnostics, Network File System, Network folder, network servcies, Network Service, network service account settings, Network Utility, NFS, NIS, No Access, notes, notifications, Numbers, NVRAM, octet, Open Directory, Open in Low Resolution, Open Systems Interconnection Reference model, OpenType, Oracle, Organizationally unique identifier, OS X, OS X 10.8, OS X 10.8 Mountain Lion, OS X internet recovery, OS X Launch Services, OS X Mountain Lion, OS X Recovery, OS X Server, OSI, OSI model, OUI, Outline fonts, Owner, packages, Pages, pair, parental controls, paring, partitioning, Password, password hint, passwords, PCI Express, PCIe, PDF, PDF tools, peer-to-peer, per-user authentication, peripheral buses, peripherals, Permissions, Personal Firewall, Photo Stream, PHY, Pictures, PID, Ping, plist, Point-to-Point Protocol over Ethernet, Point-to-Point Tunneling Protocol, policy banner, POP, port, Port Scan, Portable Document Format, ports, POSIX, POST, PostScript, PostScript Printer Description, Power Nap, Power On Self Test, PowerNap, PowerPC, PPD, PPoE, PPTP, preference file, PreferencePanes, Preferences, Preview, print, Print & Scan, print job, printer queue, Printer Sharing, printer spool, Printing, privacy, Process Features, Process ID, Process Security, Process Types, profile, Profile Manager, profiles, property list, Protected memory, protocols, Proxy, public, Quick Look, QuickTime, raid, Read, Read & Write, Read Only, Real Mem, Received Signal Strength Indication, reconnect, recovery, Recovery Disk Assistant, Recovery Key, referral, Remote Apple Events, Remote Disc, Remote Login, Remote Management, Reset permissions, resetpassword, restore, restore DVD, Retina, Retina display, Reverse lookup, Root, Root user, Rosetta, RSA SecurID, RSSI, RTSP, S-Video, Safari, safe boot, safe downloads list, Safe Sleep, sandbox, Sandboxing, SATA, Scanner sharing, Screen Sharing, SCSI, Secure Empty Trash, secure erase, Secure FTP, secure memory, security, Security & Privacy, self-assigned, Serial ATA, Serial Attached SCSI, Serial Number, Server Message Block, Services For Macintosh, Setup Assistant, SFM, SFTP, Shared, shared secret, sharing only user, shortcuts, Shutdown, side-by-side, Sidebar, Single Sign On, single user mode, Sites, sleep mode, Small Computer System Interface, SMB, smbd, SMTP, Socks, speakable items, speed, spoken commands, spool, Spotlight, Spotlight index, spotlight plug-ins, spotlight search, srm, SSD, SSH, SSH daemon, SSH File Transfer Protocol, sshd, SSO, standard user, Startup Items, startup keyboard shortcut, startup keyboard shortcuts, startup shortcuts, StartupItems, StdExclusions.plist, Stealth, Stealth mode, sticky keys, storage, storage buses, sudo, summary, Symbolic link, Symmetric multiprocessing, system, System Administrator, System information, system kernel, system launchd, System Memory, System Preferences, System Profiler, System resources, System Screen Sharing, System Security, System Security Settings, system sleep, system startup, SystemStarter, target disk mode, TCP, TCP/IP, Terminal, TextEdit, Thunderbolt, Time Capsule wireless base station, Time Machine, Time Machine local snapshot, TOSLINK, Traceroute, trackpad, Trash, troubleshooting, Troubleshooting Utility, TrueType, Twitter, UDP, UEFI, UFS, Universal Serial Bus, Universally Unique ID, UNIX, UNIX BSD, UNIX commands, Unix File System, UNIX permissions, unmount, update, updating applications, USB, USB cellular, user, user account, user account information, User authentication, User Datagram Protocol, user launchd, users, Users & Groups, UUID, vector fonts, verbose logging, Verbose mode, verification, VGA, video conferencing, vimeo, virtual interface, Virtual Private Network, VMware Fusion, VNC, VoiceOver, VPN, VPN on demand, web site, WebDAB, website, WEP, What's Keeping Me, Whois, wi-fi, Wi-Fi Diagnostics, Wide-Area Bonjour, Widget, Widgets, Windows, Windows Server, Windows Server 2008, WINS, WKM, workflow, WPA, WPA Enterprise, WPA2, WPA2 Enterprise, Write, Write Only, XML, XMPP, XProtect.plist, Xserve, Yahoo, Zero Configuration Networking, Zeroconf, zip, zoom
In yesterday’s post I showed some commands to protect all or specific Active Directory objects from accidental deletion.
In some situations (by example preparing for a change) you might want to know which objects are protected from accidental deletion and which are not. Also when multiple people make changes in an Active Directory it might prove difficult to keep track of the changes.
To determine the protection status of AD objects, I use a script that checks the ACL of the AD Object. When Everyone is explicitly Denied access, it is protected from accidental deletion.
Like this:
Like Loading...
Tags: Active Directory, AD, automation, Microsoft, Powershell, protect from accidental deletion, protected from accidental deletion, Script, Scripting, Windows, Windows Server, Windows Server 2008, Windows Server 2012
In a previous blog post I explained how to enable the Active Directory Recycle Bin which allows you to restore deleted active directory object.
But even though it’s great to be able to restore objects, it is even better to prevent accidental deletion. What accidental deletion basically does, is modify the permissions on an AD object to Deny Everyone so you won’t be able to delete it by accident.
More information about protection from accidental deletion can be found in “Preventing Unwanted/Accidental deletions and Restore deleted objects in Active Directory” and “Windows Server 2008 Protection from Accidental Deletion“.
In Windows Server 2012 with all the new cmdlets, it has become much easier to enable protection from accidental deletion.
By example, you could use these commands:
#Get-ADobject class names
get-adobject -filter * | select objectclass | group objectclass
#Protect specific AD object classes from accidental deletion
get-adobject -filter * | where{($_.ObjectClass -eq “container”) -or ($_.ObjectClass -eq “organizationalunit”) -or ($_.ObjectClass -eq “user”) -or ($_.ObjectClass -eq “group”) -or ($_.ObjectClass -eq “computer”)} | Set-ADObject -ProtectedFromAccidentalDeletion $true
#Protect all AD organizational units from accidental deletion
Get-ADOrganizationalUnit -filter * | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true
#Protect all AD objects from accidental deletion
Get-ADobject -filter * | Set-ADObject -ProtectedFromAccidentalDeletion $true
Like this:
Like Loading...
Tags: accidental deletion, Active Directory, AD, automation, Microsoft, Powershell, protect from accidental deletion, protection from accidental deletion, Script, Scripting, Windows, Windows Server, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
I’ve been around in the Windows world for quite some time and have studied quite a bit as well. As such I have always been taught that upgrading the functional level was irreversible. It also didn’t help that I got my Windows 2008 certification through beta exams before R2 was released and even before there were any books available.
Thanks to this blog post however, it came to my attentention that it is possible to lower the Forest and Domain Functional Level from 2008R2 to 2008 or from 2012 to 2008R2.
All of this can only be done using PowerShell as you can read in “Step by Step guide to lower Active Directory functional level” by Aman Sahota.
Like this:
Like Loading...
Tags: Active Directory, AD, domain functional level, forest functional level, functional level, guide, lower domain functional level, lower forest functional level, lower functional level, Powershell, raise domain functional level, raise forest functional level, raise functional level, step by step, step-by-step guide
Many companies and people in the past have encountered where they lost users, groups or other resources from Active Directory either by disaster or human error. Since Windows Server 2008 R2, you can use the Active Directory Recycle Bin to easily recover from this.
The AD Recycle Bin features requires a forest functional level of Server 2008 R2 or higher and is disabled by default. Also, once it has been enabled it cannot be disabled.
With Windows Server 2008 R2 you could only enable the AD Recycle Bin using Windows PowerShell and you could also only restore objects using CLI. With Windows Server 2012 you can both enable and restore very easily from the GUI using Active Directory Administrative Center (ADAC).
The script can be found here.
The script basically performs the following steps:
- Determine the current forest.
- Use parts of the current forest name to dynamically generate a command that is appropriate for every environment to enable the Active Directory Recycle Bin Feature.
- If the Active Directory Recycle Bin Feature hasn’t been enabled yet, enable it.
Even though it has become very easy to do using the GUI in Windows Server 2012, automating is Always better. Therefore I also added it to the script I used in: Home LAB Setup guide – 04 Configuring Server 2012 VM as DC with DNS and DHCP using PowerShell
Like this:
Like Loading...
Tags: Active Directory, active directory recycle bin, AD, AD Recycle Bin, automation, Powershell, recycle bin, Script, Scripting, Windows
General
Last Friday I attended the first Dutch Powershell User Group meeting in Eindhoven at Master IT Training and it was great. There were a lot of knowledgeable and passionate people and the interactive sessions were great as well. Thanks go out to all attendees, but especially to the ones presenting and organizing the event.
The fact that we were asked to leave the building (because it was getting pretty late and they wanted to lock up), also stresses the passion of all attendees because. If this wasn’t the case we probably would’ve stayed a lot longer.
Be sure to check out the Dutch PowerShell User Group (DuPSUG) website and Twitter on a regular basis for articles and future events. Ed Wilson also wrote a post of the meeting on the “Hey, Scripting Guy! Blog”.
Photos
Original photo on flickr
Sessions
Below are the sessions with some info about the speakers and their sessions. I also added notes I took and other information I looked up afterwards. If you come across any errors or have comments, please leave a reply so I can fix it.
Read the rest of this entry »
Like this:
Like Loading...
Tags: Active Directory, AD, AD DS, ADDS, ADSISEARCHER, Apache Subversion, CIM, CodePlex, Common Information Model, dcom, distributed com, DuPSUG, Dutch PowerShell User Group, Ed Wilson, Eindhoven, Event, git, Integrated Scripting Environment, ISE, Jaap Brasser, Jeff Wouters, LDAP, Master IT, Mercurial, Powershell, Powershell 3.0, PowerShell Remoting, Powershell v3, Richard Siddaway, rpc, snippets, splatting, SVN, team foundation server, Team Foundation Server 2012, Team Foundation Service, TFS, The Scripting Guy, The Scripting Wife, Version control, Windows, Windows 2012, Windows 2012 Server, Windows 8, Windows Server 2012, WinRM, WMI, workflow, ws-man
Today I attended the free “IT Camps Windows Server 2012” event in Eindhoven at Master-it in Eindhoven and I really liked it. It was a real hands-on IT Camp in which they tell you some interesting things about Server 2012, while you are also able to immediately use the technologies you learn about. Ofcourse it’s also a great work to get to know new interesting people.
They also used feedback from previous IT Camps very well. This was very noticeable because now everyone was able to join the hands-on labs. Because of better preparations there was also still plenty of time to explore all assignments and go into more details.
Many thanks to Tony Krijnen and Daniel van Soest from Microsoft for this great event.
There are still IT Camp events planned, but I don’t know if you can still register for them. Check the link below for more information about the event contents, dates and locations:
http://www.microsoft.com/netherlands/evenementen/event.aspx?eventid=675&date=20121016&eventtype=TechNet#locations
Like this:
Like Loading...
Tags: Active Directory, AD, Cluster, Clustering, DAC, Dynamic Access Control, Eindhoven, Event, Events, Free, hans-on, Hyper-V, Info Support, IT Camp, IT Camp Windows Server 2012, lab, labs, Master IT, Master IT Training, Powershell, Server Manager, Storage Spaces, The Netherlands, Training, Windows 2012, Windows 2012 Server, Windows Server 2012
Since Microsoft has recently released their latest server OS calles Windows Server 2012, they’re hosting free one day “IT Camps Windows Server 2012” events.
Check the link below for more information about the event contents, dates and locations:
http://www.microsoft.com/netherlands/evenementen/event.aspx?eventid=675&date=20121016&eventtype=TechNet#locations
I’ve attended an IT camp for Hyper-V in Server 2008 R2 in the past and I liked the concept. Back then however there were some points of improvements with regards to preparation and the number of attendees that could actively participate in the hands-on labs. I have learned from this experience and will not miss out on this again.
I’m going to attend the Eindhoven event on the 16th of October, so please let me know if you’re attending this event as well so we can meet up.
PS: For participating in the hands-on labs you need to bring your own laptop that meets the requirements stated in the event description.
Like this:
Like Loading...
Tags: Active Directory, AD, Cluster, Clustering, DAC, Dynamic Access Control, Eindhoven, Event, Events, Free, hans-on, Hyper-V, Info Support, IT Camp, IT Camp Windows Server 2012, lab, labs, Master IT, Master IT Training, Microsoft, Powershell, Server Manager, Storage Spaces, The Netherlands, Training, Windows 2012, Windows 2012 Server, Windows Server 2012
blog.bjornhouben.com 