How to find a user’s password expiration date with PowerShell

Retrieve the information This information can be found in the user’s Active Directory’s objects with the Get-ADUser cmdlet. However, the msDS-UserPasswordExpiryTimeComputed attribute is a constructed attribute. According to Microsoft: Constructed attributes have the property that they are attributes for which the attribute value is computed by using other attributes, sometimes from other objects. And because […]

How to configure computer delegation with PowerShell

By configuring computer delegation with PowerShell, you can determine whether you can access an Active Directory (AD) computer from another computer. This article will demonstrate the difference between unconstrained delegation, constrained delegation to any service, and constrained delegation to specified services. Contents of this article: The concept of computer delegation in a nutshell Two different […]

Which certificate template should I use for Domain Controllers

In fact, you have three possibilities: Domain Controller (Windows Server 2000) Domain Controller Authentication (Windows Server 2003) Kerberos Authentication (Windows Server 2008 and above) This explanation comes from Russell Tomkins a Microsoft Premier Field Engineer in a very good post which you can find here: Creating Custom Secure LDAP Certificates for Domain Controllers with Auto […]