One of the great things that is introduced in Windows 2008 is the introduction of Fine Grained Password Policies. What is FGP? With a Windows 2000/2003 domain, it has only been possible to have a single password policy that applied to everyone in your domain. Most domains, though, do have some accounts that have higher … [Read more…]
After a lot of work in upgrading our domain controllers, I have finally completed upgrading all of our DCs to Windows Server 2008 R2! Now that I have done so, I am ready to begin enjoying some of the benefits of having all 2008 R2 DCs. So, for me, the first step is to turn … [Read more…]
So, one of the things I have always known is that it is important to have a test environment prior to making changes in your normal production domain/forest. One of the challenges I have always seen with this is how to create a test environment that closely matches what you have in production. Recently, I … [Read more…]
This week, I am having the opportunity to attend a class specifically on Group Policy (taught by Jeremy Moskowitz). The class has been excellent and has helped me to learn some great Group Policy troubleshooting tips. In going through some of the labs, one of the things I noticed is that some of the options … [Read more…]
One of the challenges in Active Directory is making sure that regular cleanup occurs in AD looking for inactive users and computers. In the past, for me, this has been an entirely manual process. It meant that I would take time once a quarter to generate reports, review the large number of users/computers and disable … [Read more…]
This is mainly as a reminder for me where to find this information. Jorge has a great write up describing the process that a client uses to find the closest DC. Two things that interest me are some commands that can be used to determine both site and the closest DC: This command will get … [Read more…]
Sometimes, it is a challenge to know what groups a user actually is in. In particular, this includes not just direct membership groups, but also indirect membership (nested groups). You may have added a user to a group, but aren’t sure if the user is actuallly getting the security token for that group when they … [Read more…]
I thought I might mention that the MS Active Directory team had an excellent posting this week discussing the basics of Active Directory. This is a good place to go for a summary of AD.
Sorry I haven’t posted anything lately. I have been busy getting ready to do a number of domain migrations over the next couple of months. This has been a major project that I have been involved with at work. We have a total of 14 AD domains, and I am responsible for migrating 13 child … [Read more…]
Group policy preferences (GPP) are a set of new group policy extensions that came out at the same time as Windows Server 2008. The great part about it, though, is that the GPP does not require 2008 DCs and are backwards compatible with XP, Server 2003 and Vista. Client Installation In order to use GPP, … [Read more…]