Active Directory: Core Concepts, Architecture and Best Practices

Recently I’ve faced a quite interesting problem when some users are unable to authenticate on some domain services due to exceeding the maximum size of the Kerberos ticket. In this…

Active Directory is a reliable, but complex and critical service, and the operability of the whole enterprise network depends on it. A system administrator should constantly check if Active Directory…

Windows Server Core is a good platform to host the Active Directory domain controller role due to fewer resource requirements, increased stability and security (due to less code and updates).…

In this article, we will show how to update (install) new GPO administrative templates (admx) in the Active Directory domain when upgrading a Windows 10 or Windows Server 2016/2019 build…

When a domain user logs on to Windows, their credentials are saved on a local computer by default (Cached Credentials: a user name and a password hash). This allows the…

In this article we will look at how to find out the date a user was created in Active Directory; how to use PowerShell to get information from the domain…

The version of Active Directory in Windows Server 2016 introduces an interesting feature that allows you to temporarily add a user to an AD security group. This feature is called…

Managed Service Account (MSA) is a special type of Active Directory account that can be used to securely run services, applications, and scheduled tasks. The basic idea is that the…

Microsoft Security Baseline contains recommended settings Microsoft suggests for Windows workstations and servers to provide secure configuration and protect domain controllers, servers, computers, and users. Microsoft has developed reference Group…

The Set-ADUser cmdlet allows to modify user properties (attributes) in Active Directory using PowerShell. Traditionally, a graphic MMC snap-in dsa.msc (Active Directory Users and Computers, ADUC) is used to edit…