All posts tagged “activedirectory

comment 0

Change Active Directory User Password Expiration Mode

To change an Active Directory users password expiration mode you can use this PowerShell snippet:

Import-Module ActiveDirectory

Get-ADGroupMember "Group1" -Recursive |
Get-ADUser -Properties PasswordNeverExpires |
where {$_.enabled -eq $true -and $_.PasswordNeverExpires -eq $false} |
select -First 50 | %{

    Write-Host $_.UserPrincipalName
    Set-ADUser $_ -PasswordNeverExpires $true
}

Latest version of this snippet: https://gist.github.com/7913696

comment 1

Assign Temporary Administrator Rights for ActiveDirectory Users via SharePoint list

In my company the user only have user rights on their computers. As you should know you’ll face many problems with this restriction.

Many users want to install third party software on their computers or add a printer at home. To reduce argues and make the user happy, I’ll assign administrator rights for a temporary time.

Based on a predefined GPO and based on a list showing which user has administrator rights in a specified time period, my PowerShell script creates new temporary GPO to assign local administrator rights.

Read More

comment 0

Archive ActiveDirectory Users and their Mailbox

One of my company’s requirements is the retention time of 10 years for user accounts and their mailbox data, I have to admit, this might not be common or even recommended.
However I have to deal with it.

One problem to face is the availabilty of user account names, by the number of about 500 employees there’s a hight change that two or even more people are having the same name.

To clean up the available names in the system I’ve written a script that renames a users identity and the mailboxes address.
So let’s see what this script does:

Read More

comments 2

Project: Setup Windows 7 Kiosk

The goal of this project is a simple Windows 7 Kiosk installation with nothing else as the newest version of internet explorer installed. A user should not be allowed to do something than can malfunction the system or even elevating the user privileges. I want to show you in this post which GroupPolicies I’ve used and what configurations I made to set up this type of installation.

First I want to commit my principles for working with ActiveDirectory and Group Policies:

  • If not needed a GroupPolicy shouldn’t contain any registry keys.
    • Group Policies instructions are much easier to read.
  • Only AMDX templates are allowed, this means no AMD templates or anything else.
    • AMDX won’t in contrast to AMD templates becopied to the client, they stay in the SYSVOL Policy Definition folder on the domain controller.
  • The Group Policy objects should be reusable.
  • Configuring the minimum.

Read More

comment 0

Find dead SharePoint ActiveDirectory Groups

The are three ways to handle access rights in SharePoint.

  • Using ActiveDirectory Groups
  • Using SharePoint Groups
  • Using both of them

I personally recommend to use the first suggestion. Managing the access rights in one system is much easier to administrate, no switching or log off for administration work.

In our SharePoint installation I create for each securable resource and rights type a ActiveDirectory group and assign them organization groups.

A huge disadvantage of this strategy is that after a period of adding ActiveDirectory groups it’s hard to know which of those groups are really required.

Read More