Welcome to The Experts Community! We've created this site so that the general community of Active Directory administrators has a place to ask AD-related questions, as well as questions related to identity management in general. This is also a repository of content, including numerous papers and other resources, and links to other useful Web sites, books, and online materials. We encourage you to participate: Create an account, subscribe to an RSS feed, ask a question, or offer an answer. Thanks for visiting!


Questions
»All Questions · »Ask a Question
Fresh Resources
»All Resources
Latest Article

Get Local Account Password Expiration

» by JeffHicks on Tue 16 Mar 2010 · No replies

Last week I posted a revision to a PowerShell script from the Microsoft AD team on discovering when a user's password was going to expire.  Of course that's only half the battle. You probably still have local user accounts to keep track of like the local Administrator. Wouldn't you like to get the same information? There are no cmdlets for working with local user accounts, so I took a script from my book, Managing Active Directory with Windows PowerShell: TFM (SAPIEN Press 2008) and updated it for PowerShell 2.0. Even though the book is primarly about AD, there are several chapters on working with local users and groups. Anyway, I put together this 2.0 function. Function Get-LocalUserPWdExpiration { [cmdletBinding()] Param (     [Parameter(Mandatory=$False,        Position=0,        ValueFromPipeline=$True,       HelpMessage="The name of the computer to query. The default is the local computer.")]       [string] $computername=$env:computername,             [Parameter(Mandatory=$False,        Position=1,        ValueFromPipeline=$False,   &nb
...continue reading "Get Local Account Password Expiration"


More Articles
»All Articles
Announcements

Tell Us Why You Want to Go to TEC 2010! -- Win a Free Conference Pass (No Purchase Necessary)

» by Rich on Thu 18 Feb 2010 · No replies

We are pleased to announce a new contest to hear why you want to attend The Experts Conference 2010 happening April 25-28 in Los Angeles featuring advanced training on Microsoft Directory & Identity, Exchange and SharePoint technologies ... "for the experts, by the experts"
...continue reading "Tell Us Why You Want to Go to TEC 2010! -- Win a Free Conference Pass (No Purchase Necessary)"

»More Announcements

Get Local Account Password Expiration

» by JeffHicks on Tue 16 Mar 2010 · No replies

Last week I posted a revision to a PowerShell script from the Microsoft AD team on discovering when a user's password was going to expire.  Of course that's only half the battle. You probably still have local user accounts to keep track of like the local Administrator. Wouldn't you like to get the same information? There are no cmdlets for working with local user accounts, so I took a script from my book, Managing Active Directory with Windows PowerShell: TFM (SAPIEN Press 2008) and updated it for PowerShell 2.0. Even though the book is primarly about AD, there are several chapters on working wit
...continue reading "Get Local Account Password Expiration"

Active Directory Round Up 3/12/2010

» by JeffHicks on Fri 12 Mar 2010 · No replies

The end of another week means another round up of Active Directory and Identity related news.First up, several AD bloggers recommended an ebook by Matias Woloski, Claims-Based Identity and Access Control Guide. This is a free PDF covering patterns and practices for service authentication and authorization on the web. Here's the summary from the online version at MSDN.Imagine a world where you don't have to worry about authentication. Imagine instead that all requests to your application already include the information you need to make access co
...continue reading "Active Directory Round Up 3/12/2010"

Lost and Found

» by Anonymous on Fri 12 Mar 2010 · 1 reply

I turned on advanced features in AD Users and Computers on my 2003 DC. I found a folder called Lost and Found. What is this for?  Right now it's empty.  If anything ever shows up should I just delete it?
...continue reading "Lost and Found"

Get AD User Password Expiration

» by JeffHicks on Wed 10 Mar 2010 · No replies

Last week I came across a post on the Microsoft Active Directory team blog about finding when a user password expires. The blog posted a PowerShell script that uses the ActiveDirectory cmdlets. The function takes a user name you pass it, get's password information and lets you know if the password has expired or when it is going to expire. It works and gets the job done. However, I decided to take it a step further. One of my concerns with the original version is that it can't be used in the pipeline. What if you want to get password information for a group of users, but sort them by the password expiration date or onl
...continue reading "Get AD User Password Expiration"

Active Directory Design Guide released 3/1/2010

» by Rick on Tue 09 Mar 2010 · No replies

Microsoft has released a 117 page design guide for Active Directory in a healthcare organization around current best practices. This should be applicable to most organizations.
...continue reading "Active Directory Design Guide released 3/1/2010"

Active Directory Round Up 3/5/2010

» by JeffHicks on Fri 05 Mar 2010 · No replies

I've realized I don't spend nearly enough time on Microsoft Technet related sites.  This week I came across some useful screencasts on Active Directory in Windows Server 2008 R2. The screencasts are short at around 6 minutes but provide enough information to get you going. Since I doubt I'm not the only one who missed out, I figured I'd share what I found.  First, take a look at a preview on the Active Directory Recycle Bin. You might also take a look at the one on the Active Di
...continue reading "Active Directory Round Up 3/5/2010"

Computer Account Passwords

» by Anonymous on Wed 03 Mar 2010 · 1 reply

How often are computer account passwords changed in Active Directory? We have some computers that have been out of touch for 30-45 days - will they be a problem?
...continue reading "Computer Account Passwords"

Search AD users in SBS

» by Anonymous on Tue 02 Mar 2010 · 1 reply

I need to search an active directory for objects created recently, Is there such a way? SBS 2003
...continue reading "Search AD users in SBS"

I am using AD 2003, I want to change other's machine local admin password from AD, how I will do it?

» by Anonymous on Tue 02 Mar 2010 · 2 replies

I am using AD 2003, I want to change other's machine local admin password from AD, how I will do it?
...continue reading "I am using AD 2003, I want to change other's machine local admin password from AD, how I will do it?"

ABC CLI DNS

» by JeffHicks on Tue 02 Mar 2010 · No replies

It is a well-known truism that a happy and healthy DNS means a happy and healthy Active Directory. However, managing DNS can sometimes be cumbersome, especially if you have a number of DNS servers to juggle, or wish to take advantage of automation techniques. There are now PowerShell cmdlets from Microsoft for managing DNS, but there is a very powerful command line tool called DNSCMD. I believe at one point it was a resource kit tool, but you'll find it on most Windows platforms. I'm going to walk through a few basic DNS commands on a Windows 7 desktop to manage DNS on a Windows Server 2008 R2 DNS server.To see everything you can do with DNSCMD, open a command prompt and typeDNSCMD /?You''ll get a long list of options. To get more detailed
...continue reading "ABC CLI DNS"