Retrieve the information This information can be found in the user’s Active Directory’s objects with the Get-ADUser cmdlet. However, the msDS-UserPasswordExpiryTimeComputed attribute is a constructed attribute. According to Microsoft: Constructed attributes have the property that they are attributes for which the attribute value is computed by using other attributes, sometimes from other objects. And because […]
By configuring computer delegation with PowerShell, you can determine whether you can access an Active Directory (AD) computer from another computer. This article will demonstrate the difference between unconstrained delegation, constrained delegation to any service, and constrained delegation to specified services. Contents of this article: The concept of computer delegation in a nutshell Two different […]
In fact, you have three possibilities: Domain Controller (Windows Server 2000) Domain Controller Authentication (Windows Server 2003) Kerberos Authentication (Windows Server 2008 and above) This explanation comes from Russell Tomkins a Microsoft Premier Field Engineer in a very good post which you can find here: Creating Custom Secure LDAP Certificates for Domain Controllers with Auto […]
Given that the Description property of the Get-GPO cmdlet has a Set method, this can be done with a simple one-liner.
Sometimes you open an Access Control List and discover an orphan SID. However, before removing the permission you want to know to which account this SID was matching. The SID matched to a local account In this case, you are done. There is no way to find to which account name the SID was matching. […]