Marcus Hall

User Tools

Site Tools

Trace:
software:microsoft:windows:activedirectory

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
software:microsoft:windows:activedirectory [2017/03/19 03:30] superwizardsoftware:microsoft:windows:activedirectory [2024/03/02 22:28] (current) – [Viewing the active Directory with ADSIEDIT.MSC] superwizard
Line 1: Line 1:
 +====== Active Directory ======
 +
 +-------------------------------------------------------------------------------------------------------------------------------------------------\\
 +
 +====== Configure Microsoft Entra hybrid join ======
 +
 +<WRAP center round box >
 +Bringing your devices to Microsoft Entra ID maximizes user productivity through single sign-on (SSO) across your cloud and on-premises resources. You can secure access to your resources with Conditional Access at the same time.
 +
 +https://learn.microsoft.com/en-us/entra/identity/devices/how-to-hybrid-join
 +
 +</WRAP>
 +
 +
 +====== Viewing the active Directory with ADSIEDIT.MSC ======
 +
 +http://forums.msexchange.org/m_1800466536/mpage_1/key_/tm.htm#1800466536
 +
 +Active Directory Search Expression = http://msdn.microsoft.com/en-us/library/ms675768%28v=vs.85%29.aspx
 +
 +Also: http://technet.microsoft.com/en-us/library/ee198834.aspx
 +
 +====== List Active Directory Email Addresses ======
 +
 +dsquery user -limit 0 | dsget user -ln -fn -email >employee-list.txt
 +
 +ADSIEdit:
 +
 +http://exchangeinbox.com/article.aspx?i=73
 +
 +File: ListEmailAddresses.zip
 +
 +http://exchangepedia.com/2005/09/how-to-export-all-email-addresses-from-a-domain.html
 +
 +Control Panel's Administrator Tool called Active Directory Users and Computers
 +
 +http://www.cmsconnect.com/praetor/webhelpg2/chapter_7_-_log_viewer/ad_export_users.htm
 +
 +If all you want is the primary SMTP address then the following will do the trick:
 +
 +http://www.petri.co.il/forums/showthread.php?t=7690
 +
 +Another Script
 +
 +http://forums.techarena.in/active-directory/64389.htm
 +
 +
 +
 +http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/uncovering-new-export-list-feature-exchange-server-2007-service-pack1.html
 +
 +
 +
 +
 +====== Server4 Aphelian Connection to Active Directory ======
 +
 +  Host info
 +  Name: activedirectory
 +  Host: etspowergroup.local
 +  Port: 389
 +  Version: 3
 +  Base DN: DC=ETSPowerGroup,DC=local
 +  
 +  User Info
 +  User DN: Matthew Jados,CN=Users,DC=ETSPowerGroup,DC=local
 +  Password: 
 +
 +====== Mac OS/Linux/Windows Single Sign-On ======
 +
 +http://weblog.bignerdranch.com/?p=6
 +
 ====== Well Known Security Identifiers ====== ====== Well Known Security Identifiers ======
  
Line 11: Line 81:
  
 ====== Computer login ====== ====== Computer login ======
 +<WRAP center round box >
 +
 +2022-04-05
 +
 +Deny User or Group to Sign in Locally in Windows 10
 +
 +From <https://winaero.com/deny-user-group-sign-in-locally-windows-10/> 
 +
  
 From: https://community.spiceworks.com/topic/216823-implications-of-removing-nt-authority-authenticated-users-user-from-users-list From: https://community.spiceworks.com/topic/216823-implications-of-removing-nt-authority-authenticated-users-user-from-users-list
Line 20: Line 98:
 A better way would be to do it in the security policy (secpol.msc) A better way would be to do it in the security policy (secpol.msc)
  
-Security Settings > Local Policies > User Rights Assignments > Allow log on locally. Remove the "Users" group from this policy and add those users you want to allow to log on.+Security Settings > Local Policies > User Rights Assignments > **Allow log on locally**.\\  
 +Remove the "Users" group from this policy and\\  
 +add those users you want to allow to log on.
  
 From: https://community.spiceworks.com/topic/199167-active-directory-2008-r2-control-user-login-to-computer From: https://community.spiceworks.com/topic/199167-active-directory-2008-r2-control-user-login-to-computer
Line 26: Line 106:
 ChristopherO ChristopherO
 Mace Mace
-ChristopherO Feb 15, 2012 at 6:54 AM  +ChristopherO Feb 15, 2012 at 6:54 AM \\  
-You could certainly do this in 2003.  If you want to be granular, you will need to update the Users group on each computer - remove Domain Users and add in the specific accounts/groups that can log into that computer.  If it's going to be the same for a large number of computers (ie, users in the Sales group can log into any computer in the Sales department) you can use Restricted Groups in Group Policy - just remember, with Restricted Groups it will remove ALL other users/groups from that local computer group and ONLY allow in what you set in the policy.+You could certainly do this in 2003.\\  
 +If you want to be granular, you will need to update the Users group on each computer\\  
 +- remove Domain Users and add in the specific accounts/groups that can log into that computer.\\  
 +If it's going to be the same for a large number of computers (ie, users in the Sales group can log into any computer in the Sales department) you can use Restricted Groups in Group Policy - just remember, with Restricted Groups it will remove ALL other users/groups from that local computer group and ONLY allow in what you set in the policy.
  
 From: https://community.spiceworks.com/topic/338040-how-to-stop-domain-users-from-logging-into-my-pc From: https://community.spiceworks.com/topic/338040-how-to-stop-domain-users-from-logging-into-my-pc
Line 34: Line 117:
  
 From: http://windowsitpro.com/security/restricting-interactive-user-logons From: http://windowsitpro.com/security/restricting-interactive-user-logons
 +
 +</WRAP>
 +
 +====== Remote Login Active Directory ======
 +
 +Local Secpol.msc security "Allow login Through Terminal Services"
 +
  
 ====== PowerBroker Identity Services ====== ====== PowerBroker Identity Services ======
software/microsoft/windows/activedirectory.1489894212.txt.gz · Last modified: 2017/03/19 03:30 by superwizard