Powershell: Collect information about locked AD Accounts in SQL Database

Small background: Working with ~ 20 domain controllers and thousands of users makes DC Security Log really short in time. I mean – there are thousands of security logs, but all I can browse is only last ~ 50 minutes, older logs are archived / removed. Sometimes, it makes simple things impossible. For example, I […]

Finding & Transferring FSMO roles using powershell

I think it’s a part of IT nature to spend 15 minutes on scripting things that you actually could achieve in 1 minute using GUI, but you can’t change the nature, right? 🙂 One of the things I have to do from time to time is change of FSMO roleholders by simply transferring them (keep […]

Checking which DC is being used during user logon process

In environments with multiple sites / subnets and domain controllers you may be looking for such information really often. There are at least three options to determine which DC was used for authentication of client. First two possibilities are almost the the same (they are based on the same environment variable). You can either type […]

AD – Delegate permissions to add / delete / move / modify computer objects

Our goal here is to delegate permissions for creating, deleting, moving, modifying computer objects in specified OU by specified group without being given full control over the object or OU. Go to OU Properties -> Security -> Advanced -> Add, then select principal (group or user you want to delegate permissions to), type – Allow. Permissions Tab […]

Fixing orphaned Inter Site Topology Generators (ISTG) entries

Inter Site Topology Generators – in shortcut ISTG, is used as repadmin command to generate report of all topology generators in a AD forest. Unfortunatelly it happens that instead of your DC name, you will see long ID number instead (starting with 0ADEL: …). It can happen when DC was removed improperly (metadata cleanup was not […]