Welcome to The Experts Community! We've created this site so that the general community of Active Directory administrators has a place to ask AD-related questions, as well as questions related to identity management in general. This is also a repository of content, including numerous papers and other resources, and links to other useful Web sites, books, and online materials. We encourage you to participate: Create an account, subscribe to an RSS feed, ask a question, or offer an answer. Thanks for visiting!


Questions
»All Questions · »Ask a Question
Fresh Resources
»All Resources
Latest Article

Get AD User Password Expiration

» by JeffHicks on Wed 10 Mar 2010 · No replies

Last week I came across a post on the Microsoft Active Directory team blog about finding when a user password expires. The blog posted a PowerShell script that uses the ActiveDirectory cmdlets. The function takes a user name you pass it, get's password information and lets you know if the password has expired or when it is going to expire. It works and gets the job done. However, I decided to take it a step further. One of my concerns with the original version is that it can't be used in the pipeline. What if you want to get password information for a group of users, but sort them by the password expiration date or only select those that will expire within a certain number of days? The existing function can't do any of that since all it does is write a string message to the pipeline. There is no object. So I revised the function to write a custom object to the pipeline that shows the user name, distinguishedname, whether the password is expired, when it will expire, if it can expire, the password age and when it was last set.  Yes, I could probably write an expression using Get-ADUser to return the same results, but since the AD post was already written I decided to start with it. I always encourage people to think "object"-ively.  Here's ;my version with a slightly different name. function Get-ADUserPwdExpiration{ #requ
...continue reading "Get AD User Password Expiration"


More Articles
»All Articles
Announcements

Tell Us Why You Want to Go to TEC 2010! -- Win a Free Conference Pass (No Purchase Necessary)

» by Rich on Thu 18 Feb 2010 · No replies

We are pleased to announce a new contest to hear why you want to attend The Experts Conference 2010 happening April 25-28 in Los Angeles featuring advanced training on Microsoft Directory & Identity, Exchange and SharePoint technologies ... "for the experts, by the experts"
...continue reading "Tell Us Why You Want to Go to TEC 2010! -- Win a Free Conference Pass (No Purchase Necessary)"

»More Announcements

Get AD User Password Expiration

» by JeffHicks on Wed 10 Mar 2010 · No replies

Last week I came across a post on the Microsoft Active Directory team blog about finding when a user password expires. The blog posted a PowerShell script that uses the ActiveDirectory cmdlets. The function takes a user name you pass it, get's password information and lets you know if the password has expired or when it is going to expire. It works and gets the job done. However, I decided to take it a step further. One of my concerns with the original version is that it can't be used in the pipeline. What if you want to get password information for a group of users, but sort them by the password expiration date or onl
...continue reading "Get AD User Password Expiration"

Active Directory Design Guide released 3/1/2010

» by Rick on Tue 09 Mar 2010 · No replies

Microsoft has released a 117 page design guide for Active Directory in a healthcare organization around current best practices. This should be applicable to most organizations.
...continue reading "Active Directory Design Guide released 3/1/2010"

Active Directory Round Up 3/5/2010

» by JeffHicks on Fri 05 Mar 2010 · No replies

I've realized I don't spend nearly enough time on Microsoft Technet related sites.  This week I came across some useful screencasts on Active Directory in Windows Server 2008 R2. The screencasts are short at around 6 minutes but provide enough information to get you going. Since I doubt I'm not the only one who missed out, I figured I'd share what I found.  First, take a look at a preview on the Active Directory Recycle Bin. You might also take a look at the one on the Active Di
...continue reading "Active Directory Round Up 3/5/2010"

Computer Account Passwords

» by Anonymous on Wed 03 Mar 2010 · 1 reply

How often are computer account passwords changed in Active Directory? We have some computers that have been out of touch for 30-45 days - will they be a problem?
...continue reading "Computer Account Passwords"

Search AD users in SBS

» by Anonymous on Tue 02 Mar 2010 · 1 reply

I need to search an active directory for objects created recently, Is there such a way? SBS 2003
...continue reading "Search AD users in SBS"

I am using AD 2003, I want to change other's machine local admin password from AD, how I will do it?

» by Anonymous on Tue 02 Mar 2010 · 2 replies

I am using AD 2003, I want to change other's machine local admin password from AD, how I will do it?
...continue reading "I am using AD 2003, I want to change other's machine local admin password from AD, how I will do it?"

ABC CLI DNS

» by JeffHicks on Tue 02 Mar 2010 · No replies

It is a well-known truism that a happy and healthy DNS means a happy and healthy Active Directory. However, managing DNS can sometimes be cumbersome, especially if you have a number of DNS servers to juggle, or wish to take advantage of automation techniques. There are now PowerShell cmdlets from Microsoft for managing DNS, but there is a very powerful command line tool called DNSCMD. I believe at one point it was a resource kit tool, but you'll find it on most Windows platforms. I'm going to walk through a few basic DNS commands on a Windows 7 desktop to manage DNS on a Windows Server 2008 R2 DNS server.To see everything you can do with DNSCMD, open a command prompt and typeDNSCMD /?You''ll get a long list of options. To get more detailed
...continue reading "ABC CLI DNS"

Users in AD

» by Anonymous on Mon 01 Mar 2010 · 2 replies

Hi, Can you please help me... Is their away of getting a list of users from Active Directory into a text file using a batch file or vb script??????
...continue reading "Users in AD"

Actice Directory Round 2/26/2010

» by JeffHicks on Fri 26 Feb 2010 · 1 reply

Here's what has been happening in the AD world the last week.First up, MVP Sean Deuby has contributed an important blog post regarding authentication changes in Windows Server 2008 R2, Windows 7 and NTLM. The big change is the minimum requirement for 128 bit encryption.  This obviously has consequences if your domain controllers are moving to R2 but you still have a fair number of down level clients.  Check out Sean's article for all the details.I also came across a very useful post by Dave Stork about continue reading "Actice Directory Round 2/26/2010"

Take Note of User Management

» by JeffHicks on Wed 24 Feb 2010 · 1 reply

I’m an old-school kind of admin. I believe in documenting changes. Not only so other people know what’s going on, but also for yourself. Certainly if you are in a regulated environment or have compliance requirements you have no choice. You probably also have a change management solution. However, for the rest of you let me share a PowerShell v2 function that you can use which makes it easier to keep track of changes you make to user objects in Active Directory. The Active Directory user object has a notes property that is intended for documentation. You can view it on the user’s Telephones tab in Active Directory Users and Computers. You can also view it with Get-QADUser. PS C:\> (get-qaduser jhicks).Notes
...continue reading "Take Note of User Management"