software:microsoft:windows:activedirectory
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
software:microsoft:windows:activedirectory [2015/06/05 03:01] – created superwizard | software:microsoft:windows:activedirectory [2024/03/02 22:28] (current) – [Viewing the active Directory with ADSIEDIT.MSC] superwizard | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Active Directory ====== | ||
+ | |||
+ | -------------------------------------------------------------------------------------------------------------------------------------------------\\ | ||
+ | |||
+ | ====== Configure Microsoft Entra hybrid join ====== | ||
+ | |||
+ | <WRAP center round box > | ||
+ | Bringing your devices to Microsoft Entra ID maximizes user productivity through single sign-on (SSO) across your cloud and on-premises resources. You can secure access to your resources with Conditional Access at the same time. | ||
+ | |||
+ | https:// | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | ====== Viewing the active Directory with ADSIEDIT.MSC ====== | ||
+ | |||
+ | http:// | ||
+ | |||
+ | Active Directory Search Expression = http:// | ||
+ | |||
+ | Also: http:// | ||
+ | |||
+ | ====== List Active Directory Email Addresses ====== | ||
+ | |||
+ | dsquery user -limit 0 | dsget user -ln -fn -email > | ||
+ | |||
+ | ADSIEdit: | ||
+ | |||
+ | http:// | ||
+ | |||
+ | File: ListEmailAddresses.zip | ||
+ | |||
+ | http:// | ||
+ | |||
+ | Control Panel' | ||
+ | |||
+ | http:// | ||
+ | |||
+ | If all you want is the primary SMTP address then the following will do the trick: | ||
+ | |||
+ | http:// | ||
+ | |||
+ | Another Script | ||
+ | |||
+ | http:// | ||
+ | |||
+ | |||
+ | |||
+ | http:// | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ====== Server4 Aphelian Connection to Active Directory ====== | ||
+ | |||
+ | Host info | ||
+ | Name: activedirectory | ||
+ | Host: etspowergroup.local | ||
+ | Port: 389 | ||
+ | Version: 3 | ||
+ | Base DN: DC=ETSPowerGroup, | ||
+ | | ||
+ | User Info | ||
+ | User DN: Matthew Jados, | ||
+ | Password: | ||
+ | |||
+ | ====== Mac OS/ | ||
+ | |||
+ | http:// | ||
+ | |||
+ | ====== Well Known Security Identifiers ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | SID: S-1-5-11 | ||
+ | Name: Authenticated Users | ||
+ | Description: | ||
+ | Membership is controlled by the operating system. | ||
+ | </ | ||
+ | |||
+ | ====== Computer login ====== | ||
+ | <WRAP center round box > | ||
+ | |||
+ | 2022-04-05 | ||
+ | |||
+ | Deny User or Group to Sign in Locally in Windows 10 | ||
+ | |||
+ | From < | ||
+ | |||
+ | |||
+ | From: https:// | ||
+ | |||
+ | Andre Canis | ||
+ | Jalapeno | ||
+ | Best Answer | ||
+ | Andre Canis Apr 17, 2012 at 6:08 AM | ||
+ | A better way would be to do it in the security policy (secpol.msc) | ||
+ | |||
+ | Security Settings > Local Policies > User Rights Assignments > **Allow log on locally**.\\ | ||
+ | Remove the " | ||
+ | add those users you want to allow to log on. | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | ChristopherO | ||
+ | Mace | ||
+ | ChristopherO Feb 15, 2012 at 6:54 AM \\ | ||
+ | You could certainly do this in 2003.\\ | ||
+ | If you want to be granular, you will need to update the Users group on each computer\\ | ||
+ | - remove Domain Users and add in the specific accounts/ | ||
+ | If it's going to be the same for a large number of computers (ie, users in the Sales group can log into any computer in the Sales department) you can use Restricted Groups in Group Policy - just remember, with Restricted Groups it will remove ALL other users/ | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | From: http:// | ||
+ | |||
+ | </ | ||
+ | |||
+ | ====== Remote Login Active Directory ====== | ||
+ | |||
+ | Local Secpol.msc security "Allow login Through Terminal Services" | ||
+ | |||
+ | |||
+ | ====== PowerBroker Identity Services ====== | ||
+ | |||
+ | From: http:// | ||
+ | Download: http:// | ||
+ | |||
+ | linux login active directory | ||
+ | |||
+ | < | ||
+ | RE: | ||
+ | Inbox | ||
+ | JJ_AIX | ||
+ | Reply from JJ_AIX on Sep 14 at 4:03 PM Thanks guys , I appreciate it , I saw ... | ||
+ | 2:34 PM (22 hours ago) | ||
+ | nawzs-se | ||
+ | 12:55 AM (12 hours ago) | ||
+ | |||
+ | Reply from nawzs-se on Sep 15 at 12:49 AM | ||
+ | Well, Powerbroker Open is free, if you can manage without a support agreement. .. | ||
+ | It'll take care of the unified logon, the paid version can also handle GPOs for your linux and unix systems. | ||
+ | On the other hand, we use sssd and that one works well too. | ||
+ | One small but important difference between the two setups is that with sssd (or nslcd) you need to set the unix attributes in your ldap directory ( such as uid, | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ====== rd-gateway-ports-and-certificates ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | In this deployment, RD Gateway needs the ports to be opened on the internal firewall for the following purposes: | ||
+ | To authenticate users | ||
+ | To authorize users | ||
+ | To resolve the DSN names of internal resources | ||
+ | To forward RDP packets from the client | ||
+ | To get the Certificate Revocation List | ||
+ | To send RADIUS requests (in a central NPS server scenario) | ||
+ | </ | ||
+ | |||
+ | |||
+ | ====== ADSI Edit ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | ADSI Edit is implemented as a snap-in that runs in the Microsoft Management Console (MMC). The | ||
+ | name of the default console containing ADSI Edit is AdsiEdit.msc. You can add the snap-in to any | ||
+ | .msc file through the Add/Remove Snap-in menu option in the MMC, or you can just open the AdsiEdit.msc | ||
+ | file from Windows Explorer. | ||
+ | </ | ||
+ | |||
+ | |||
====== Backup of Active Directory ====== | ====== Backup of Active Directory ====== | ||
software/microsoft/windows/activedirectory.1433473306.txt.gz · Last modified: 2015/06/05 03:01 by superwizard