I’m looking to create an account similar to a Domain Admin, but without access to domain controllers. In other words, this account will have full Administrator rights to any client machine in the domain, be able to add machines to the domain, but have only limited user rights to the servers. This account will be used by a person in an end-user tech support kind of role. They should have full access to client machines [...]

Modern versions of Windows seem to have a “feature” wherein, at the login screen of a domain-joined machine, if “administrator” is entered as the username, it automatically switches from the domain to the local accounts. If you’re trying to log in as “domain\administrator”, you therefore always have to type in “domain”, whereas this is not necessary for logging into any other domain account. This is getting very annoying so I’m wondering if there is a [...]

So I am currently gathering information in regards to renaming our AD domain name from company.net to company.local. I am reading through the docs on technet.microsoft.com and It states that I would need to prepare the new DNS zones before executing the domain rename. The question I am asking about is regarding the _msdcs subdomain _msdcs.company.net I have read posts of forums where people reported issues after renaming their domain and not having the _msdcs [...]

I’m trying to enumerate the name, samaccountname, and domain that each user in my forest belongs to and write it to a text file. The script that I have now is: Import-Module ActiveDirectory$domains = “root.org”, “child1.root.org”, “child2.root.org”ForEach ($d in $domains){Get-ADUser -Filter * -ResultSetSize $null -Server $d -Properties name, samaccountname | Select-Object name, samaccountname | out-file c:\users\mdmarra\desktop\users.txt -append} What I need is the value of $d at the end of each line as well so that [...]

The network I currently manage will shortly be expanding to cover two sites, and due to the organisation of the company, I have already determined that a site-to-site hardware VPN will be implemented to link the two sites. The WAN link between the two will be between 20-100mb so no issues with bandwidth for AD/DFS etc. replication. I will also likely be looking at installing a single Active Directory domain across both HQ and branch [...]

Right now I have a user who is able to use his domain credentials to log in to any server on our network, except one. The server that he cannot log in to allows other domain users to connect, but when he tries to connect it says that he is unauthorized. When a user is locked out in an Active Directory environment, is it at the domain level or is it on a particular server? [...]

My work is going to roll out a new application (HR, Payroll, etc.) called springbrook to our remote employees. The application runs on one of our physical servers (Win 2008 R2) and to use it locally, I had to map a network drive to the server on the local employee’s computer. I created a desktop shortcut to the app so the user doesn’t have to go inside the mapped drive and run it that way. [...]

Is there a way to find out when user was added to distribution group and by who? Probably thru AD or Exchange Management Console? Or such information is not stored anywhere? Asked by MadBoy If you have Directory Service Change auditing enabled, there would be a 5136 event in the security event log on the domain controller where the change was made. You can also identify when the member attribute was last changed. If the [...]

Note: Wrong assumptions It turned out that the VPN is configured to redirect all name lookups to a different server. So the problem is not the Windows DNS but the VPN Gateway. Original Quesiton I have a remote network 10.12.0.0/16 with a Windows Domain Controller (SBS 2011) and a VPN Gateway. Some Windows PC (no domain member) uses a l2tp VPN to connect to the SBS. It gets a virtual IP in 10.14.0.0/24. The VPN [...]

Earlier I was having issues connecting one of my workstations (client) to my domain, and I thought it was because the domain was not in my possession yet (reference: this question). But, due to the answer I’m led to believe that there is something else going on? I’ve searched the internet and can’t really find out why I’m still having issues, so I figured I’d ask to see what the possible causes of this error [...]