Marcus Hall

User Tools

Site Tools

Trace:
software:microsoft:windows:activedirectory

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
software:microsoft:windows:activedirectory [2015/09/15 17:14] superwizardsoftware:microsoft:windows:activedirectory [2024/03/02 22:28] (current) – [Viewing the active Directory with ADSIEDIT.MSC] superwizard
Line 1: Line 1:
 +====== Active Directory ======
 +
 +-------------------------------------------------------------------------------------------------------------------------------------------------\\
 +
 +====== Configure Microsoft Entra hybrid join ======
 +
 +<WRAP center round box >
 +Bringing your devices to Microsoft Entra ID maximizes user productivity through single sign-on (SSO) across your cloud and on-premises resources. You can secure access to your resources with Conditional Access at the same time.
 +
 +https://learn.microsoft.com/en-us/entra/identity/devices/how-to-hybrid-join
 +
 +</WRAP>
 +
 +
 +====== Viewing the active Directory with ADSIEDIT.MSC ======
 +
 +http://forums.msexchange.org/m_1800466536/mpage_1/key_/tm.htm#1800466536
 +
 +Active Directory Search Expression = http://msdn.microsoft.com/en-us/library/ms675768%28v=vs.85%29.aspx
 +
 +Also: http://technet.microsoft.com/en-us/library/ee198834.aspx
 +
 +====== List Active Directory Email Addresses ======
 +
 +dsquery user -limit 0 | dsget user -ln -fn -email >employee-list.txt
 +
 +ADSIEdit:
 +
 +http://exchangeinbox.com/article.aspx?i=73
 +
 +File: ListEmailAddresses.zip
 +
 +http://exchangepedia.com/2005/09/how-to-export-all-email-addresses-from-a-domain.html
 +
 +Control Panel's Administrator Tool called Active Directory Users and Computers
 +
 +http://www.cmsconnect.com/praetor/webhelpg2/chapter_7_-_log_viewer/ad_export_users.htm
 +
 +If all you want is the primary SMTP address then the following will do the trick:
 +
 +http://www.petri.co.il/forums/showthread.php?t=7690
 +
 +Another Script
 +
 +http://forums.techarena.in/active-directory/64389.htm
 +
 +
 +
 +http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/uncovering-new-export-list-feature-exchange-server-2007-service-pack1.html
 +
 +
 +
 +
 +====== Server4 Aphelian Connection to Active Directory ======
 +
 +  Host info
 +  Name: activedirectory
 +  Host: etspowergroup.local
 +  Port: 389
 +  Version: 3
 +  Base DN: DC=ETSPowerGroup,DC=local
 +  
 +  User Info
 +  User DN: Matthew Jados,CN=Users,DC=ETSPowerGroup,DC=local
 +  Password: 
 +
 +====== Mac OS/Linux/Windows Single Sign-On ======
 +
 +http://weblog.bignerdranch.com/?p=6
 +
 +====== Well Known Security Identifiers ======
 +
 +From: https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
 +
 +<code>
 +SID: S-1-5-11
 +Name: Authenticated Users
 +Description: A group that includes all users whose identities were authenticated when they logged on. 
 +Membership is controlled by the operating system.
 +</code>
 +
 +====== Computer login ======
 +<WRAP center round box >
 +
 +2022-04-05
 +
 +Deny User or Group to Sign in Locally in Windows 10
 +
 +From <https://winaero.com/deny-user-group-sign-in-locally-windows-10/> 
 +
 +
 +From: https://community.spiceworks.com/topic/216823-implications-of-removing-nt-authority-authenticated-users-user-from-users-list
 +
 +Andre Canis
 +Jalapeno
 +Best Answer
 +Andre Canis Apr 17, 2012 at 6:08 AM 
 +A better way would be to do it in the security policy (secpol.msc)
 +
 +Security Settings > Local Policies > User Rights Assignments > **Allow log on locally**.\\ 
 +Remove the "Users" group from this policy and\\ 
 +add those users you want to allow to log on.
 +
 +From: https://community.spiceworks.com/topic/199167-active-directory-2008-r2-control-user-login-to-computer
 +
 +ChristopherO
 +Mace
 +ChristopherO Feb 15, 2012 at 6:54 AM \\ 
 +You could certainly do this in 2003.\\ 
 +If you want to be granular, you will need to update the Users group on each computer\\ 
 +- remove Domain Users and add in the specific accounts/groups that can log into that computer.\\ 
 +If it's going to be the same for a large number of computers (ie, users in the Sales group can log into any computer in the Sales department) you can use Restricted Groups in Group Policy - just remember, with Restricted Groups it will remove ALL other users/groups from that local computer group and ONLY allow in what you set in the policy.
 +
 +From: https://community.spiceworks.com/topic/338040-how-to-stop-domain-users-from-logging-into-my-pc
 +
 +From: https://community.spiceworks.com/topic/126427-restrict-certain-users-from-login-on-certain-computers
 +
 +From: http://windowsitpro.com/security/restricting-interactive-user-logons
 +
 +</WRAP>
 +
 +====== Remote Login Active Directory ======
 +
 +Local Secpol.msc security "Allow login Through Terminal Services"
 +
 +
 ====== PowerBroker Identity Services ====== ====== PowerBroker Identity Services ======
  
 From: http://www.powerbrokeropen.org/ From: http://www.powerbrokeropen.org/
 +Download: http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True
 +
 +linux login active directory
  
 <code> <code>
software/microsoft/windows/activedirectory.1442337279.txt.gz · Last modified: 2015/09/15 17:14 by superwizard