Sometimes it is useful to be able to search for objects in Active Directory based on when they were created or changed, or both. The two attributes that hold this information are whenCreated and whenChanged, and they are present on all AD objects. You use these two attributes like any other in you LDAP queries, …
Category Archives: Active Directory
Availability of the Active Directory GUID converter
The Active Directory GUID converter is now available as a stand-alone HTML Application (HTA) from the download page. http://www.simonsen.bz/Download/guid.hta
Availability of the Group Policy Hide drives calculator and associated template
A long time ago I created an HTML based application to calculate the numeric values required to hide specific combinations of drive letters through Group Policy. I also made a custom template file where you could enter the numeric value directly instead of editing the templates that came with Windows. I used to host these …
Continue reading “Availability of the Group Policy Hide drives calculator and associated template”
ADMT on Windows Server 2008 x64
This nice error popped up when trying to install ADMT v3 on a Windows Server 2008 x64 server: ————————— ADMT Installer ————————— The Active Directory Migration Tool v3 must be installed on Windows Server 2003.
DCPROMO install problem
Trying to install a new child domain in an existing forest I received this error from DCPROMO: ————————— Active Directory Installation Wizard ————————— The wizard cannot gain access to the list of domains in the forest. This condition may be caused by a DNS lookup problem. For information about troubleshooting common DNS lookup problems, please …
Working with Group Policy Restricted Groups policies
What are Restricted Groups? The Restricted Groups security setting in Group Policy allows an administrator to define two properties for security-sensitive groups (“restricted” groups). The two properties are Members and Member Of. In short it lets an Administrator decide which security principals are members of a restricted group, and which groups the restricted group is …
Continue reading “Working with Group Policy Restricted Groups policies”
DS Inconsistency?
DCDiag (included in Windows Server 2003 Support Tools) reported a stange error at a site the other day: C:>dcdiag Domain Controller Diagnosis Performing initial setup: ***ERROR: There is an inconsistency in the DS, suggest you run dcdiag in a few moments, perhaps on a different DC. This was accompanied by the following event in the …
Requesting Web Server certificates from an Enterprise CA
One of the things I have never been able to figure out, is why you cannot request a certificate based on the Web Server template from a Windows Enterprise CA when you are using the CA web pages (<servername>/CertSrv). Ever since Windows 2000 I have occationally stumbeled on this problem but never had time to …
Continue reading “Requesting Web Server certificates from an Enterprise CA”
Returning Search Statistics from Active Directory
When you search Active Directory you have the option of asking the server to return search statistics for your query. This is done by adding an LDAP control to your query. The control is 1.2.840.113556.1.4.970. I was using LDP to test this out on my test forest. The forest runs Windows Server 2003 DCs and …
Continue reading “Returning Search Statistics from Active Directory”
Linked attributes in Active Directory
In Active Directory there is something called linked attributes. They exist in pairs, consisting of a forward-link and a back-link. The linked attribute pair member, of Group objects, and memberOf, of User or Groups is an example. In this particular case member is the forward-link and memberOf is the back-link. Back-links are always calculated automatically …