Category: 70-640 Active Directory Configuring

Script for enable adrecycle bin in Windows 2008R2

Using this small script we can easily enable the active directory recycle bin feature in windows 2008r2.we have to copy the code to text editior and save it as a powershell script format(ps1).

 

 

 

Import-Module ActiveDirectory
$strforestname=(Get-AdForest).name
Enable-AdoptionalFeature ‘Recycle Bin Feature’ -Scope ForestOrconfigurationSet -Target $strforestname

 

*note-Remember to set the execution policy before running any of the powershell script(refer the below link)

http://technet.microsoft.com/en-us/library/ee176961.aspx

 

 

Users and computer accounts manage with dsquery-dsrm-dsmove

Using dsmove its very easy to rename computer accounts/user accounts in the active directory.

EX

dsmove “CN=darshana,OU=Users,OU=hr,dc=mydomain,dc=local” –newname “darshanasam”

In this example im renaming user account which is locate in the users child ou under hr parent ou.

dsmove user rename

dsmove user rename2

Continue reading “Users and computer accounts manage with dsquery-dsrm-dsmove”

Active Directory Fine Grained password Policy

When we used windows 2000 and windows 2003 domain we could use only one password policy(Password complexity settings, account lockout settings) with our domain. It was using default domain policy. But windows 2008 onwards we can use multiple password policies with our domain. We can use adsiedit or active directory PowerShell module for creating new password policy objects. With this example im using windows 2008 R2 with powershell for creating new password policy.

1.New-ADFineGrainedPasswordPolicy   This commandlet we can use for create new password policy.

New-ADFineGrainedPasswordPolicy –Name “Branch 01 PSO” –Precedence 500 –ComplexityEnabled  $False –Description “This password policy for Branch office” –DisplayName “Branch01 PSO” –LockoutDuration “0.12:00:00” –LockoutObservationWindow “0.00:15:00” –LockoutThreshold 10 –MinPasswordLength 4

Accroding to the this example this password policy creating for the users those who are in one of branch office. Minimum password policy for them are 4 letters, also complexity is disabled. It means they can use just simple passwords like 1234.

1

Once we create this policy we can apply this password policy for user or user group. Therefore we can use Add-ADFineGrainedPasswordPolicySubject commandlet.

in this example we applying this policy(Branch01 PSO) for user group Branch01-users.

2

Active Directory Recycle Bin

We can enable active directory recycle bin feature on windows 2008 R2 Domain controller. We can enable this feature in either domain level or forest level. If we are going to enable this feature on forest level the forest functional level should be Windows 2008 R2.

1

Enable-ADOptionalFeature ‘Recycle Bin Feature’ –Scope ForestORConfigurationSet –Target ‘mydomain.lk’

Continue reading “Active Directory Recycle Bin”

Offline domain join

Windows 2008R2 server/computer or Windows 7 computers we can add to the domain without having any of the connectivity of the server(DNS or ActiveDirectory).

For this case we do not to raise any of the functional leval.(Forest or domain).This method is very much usefull when we are reinstalling the operating systems of the pcs on a separate location(Branch Office).Therefore we can use DJOIN.exe tool

1

Continue reading “Offline domain join”

Create bulk users from csvde.exe

This tool we can use for import and export data from the Active directory and store those data in comma separated format(CSV)

For creating csv file that easy to use excel 2010 or excel 2007

2

Figure 1.0

This is the one of the example csv file which has entered some sample data.Once we enter the data we can save this as a csv on a domain controller or additional domain controller

3

Now we can start the import user accounts using csvde.exe

4

5

6

All the user accounts are in disabled mode because we cannot give the password from the csvde

6