Marcus Hall

User Tools

Site Tools

Trace:
software:microsoft:windows:activedirectory

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
software:microsoft:windows:activedirectory [2017/03/18 05:33] superwizardsoftware:microsoft:windows:activedirectory [2022/04/06 04:02] – [Computer login] superwizard
Line 1: Line 1:
 +====== Active Directory ======
 +
 +-------------------------------------------------------------------------------------------------------------------------------------------------\\
 +
 +====== Viewing the active Directory with ADSIEDIT.MSC ======
 +
 +http://forums.msexchange.org/m_1800466536/mpage_1/key_/tm.htm#1800466536
 +
 +Active Directory Search Expression = http://msdn.microsoft.com/en-us/library/ms675768%28v=vs.85%29.aspx
 +
 +Also: http://technet.microsoft.com/en-us/library/ee198834.aspx
 +
 +====== List Active Directory Email Addresses ======
 +
 +dsquery user -limit 0 | dsget user -ln -fn -email >employee-list.txt
 +
 +ADSIEdit:
 +
 +http://exchangeinbox.com/article.aspx?i=73
 +
 +File: ListEmailAddresses.zip
 +
 +http://exchangepedia.com/2005/09/how-to-export-all-email-addresses-from-a-domain.html
 +
 +Control Panel's Administrator Tool called Active Directory Users and Computers
 +
 +http://www.cmsconnect.com/praetor/webhelpg2/chapter_7_-_log_viewer/ad_export_users.htm
 +
 +If all you want is the primary SMTP address then the following will do the trick:
 +
 +http://www.petri.co.il/forums/showthread.php?t=7690
 +
 +Another Script
 +
 +http://forums.techarena.in/active-directory/64389.htm
 +
 +
 +
 +http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/uncovering-new-export-list-feature-exchange-server-2007-service-pack1.html
 +
 +
 +
 +
 +====== Server4 Aphelian Connection to Active Directory ======
 +
 +  Host info
 +  Name: activedirectory
 +  Host: etspowergroup.local
 +  Port: 389
 +  Version: 3
 +  Base DN: DC=ETSPowerGroup,DC=local
 +  
 +  User Info
 +  User DN: Matthew Jados,CN=Users,DC=ETSPowerGroup,DC=local
 +  Password: 
 +
 +====== Mac OS/Linux/Windows Single Sign-On ======
 +
 +http://weblog.bignerdranch.com/?p=6
 +
 +====== Well Known Security Identifiers ======
 +
 +From: https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
 +
 +<code>
 +SID: S-1-5-11
 +Name: Authenticated Users
 +Description: A group that includes all users whose identities were authenticated when they logged on. 
 +Membership is controlled by the operating system.
 +</code>
 +
 ====== Computer login ====== ====== Computer login ======
 +<WRAP center round box >
 +
 +2022-04-05
 +
 +Deny User or Group to Sign in Locally in Windows 10
 +
 +From <https://winaero.com/deny-user-group-sign-in-locally-windows-10/> 
 +
 +
 +From: https://community.spiceworks.com/topic/216823-implications-of-removing-nt-authority-authenticated-users-user-from-users-list
 +
 +Andre Canis
 +Jalapeno
 +Best Answer
 +Andre Canis Apr 17, 2012 at 6:08 AM 
 +A better way would be to do it in the security policy (secpol.msc)
 +
 +Security Settings > Local Policies > User Rights Assignments > **Allow log on locally**.\\ 
 +Remove the "Users" group from this policy and\\ 
 +add those users you want to allow to log on.
  
 From: https://community.spiceworks.com/topic/199167-active-directory-2008-r2-control-user-login-to-computer From: https://community.spiceworks.com/topic/199167-active-directory-2008-r2-control-user-login-to-computer
Line 5: Line 96:
 ChristopherO ChristopherO
 Mace Mace
-ChristopherO Feb 15, 2012 at 6:54 AM  +ChristopherO Feb 15, 2012 at 6:54 AM \\  
-You could certainly do this in 2003.  If you want to be granular, you will need to update the Users group on each computer - remove Domain Users and add in the specific accounts/groups that can log into that computer.  If it's going to be the same for a large number of computers (ie, users in the Sales group can log into any computer in the Sales department) you can use Restricted Groups in Group Policy - just remember, with Restricted Groups it will remove ALL other users/groups from that local computer group and ONLY allow in what you set in the policy.+You could certainly do this in 2003.\\  
 +If you want to be granular, you will need to update the Users group on each computer\\  
 +- remove Domain Users and add in the specific accounts/groups that can log into that computer.\\  
 +If it's going to be the same for a large number of computers (ie, users in the Sales group can log into any computer in the Sales department) you can use Restricted Groups in Group Policy - just remember, with Restricted Groups it will remove ALL other users/groups from that local computer group and ONLY allow in what you set in the policy.
  
 From: https://community.spiceworks.com/topic/338040-how-to-stop-domain-users-from-logging-into-my-pc From: https://community.spiceworks.com/topic/338040-how-to-stop-domain-users-from-logging-into-my-pc
Line 13: Line 107:
  
 From: http://windowsitpro.com/security/restricting-interactive-user-logons From: http://windowsitpro.com/security/restricting-interactive-user-logons
 +
 +</WRAP>
 +
 +====== Remote Login Active Directory ======
 +
 +Local Secpol.msc security "Allow login Through Terminal Services"
 +
  
 ====== PowerBroker Identity Services ====== ====== PowerBroker Identity Services ======
software/microsoft/windows/activedirectory.txt · Last modified: 2024/03/02 22:28 by superwizard