How to find a user’s password expiration date with PowerShell

Retrieve the information This information can be found in the user’s Active Directory’s objects with the Get-ADUser cmdlet. However, the msDS-UserPasswordExpiryTimeComputed attribute is a constructed attribute. According to Microsoft: Constructed attributes have the property that they are attributes for which the attribute value is computed by using other attributes, sometimes from other objects. And because […]

How to configure computer delegation with PowerShell

By configuring computer delegation with PowerShell, you can determine whether you can access an Active Directory (AD) computer from another computer. This article will demonstrate the difference between unconstrained delegation, constrained delegation to any service, and constrained delegation to specified services. Contents of this article: The concept of computer delegation in a nutshell Two different […]

Clean up orphaned Foreign Security Principals

Foreign Security Principals or FSPs have existed since Windows Server 2000. However, you could work as a system administrator for years without even noticing their presence because the mechanism behind them is almost fully transparent—almost. Contents of this article: FSPs in a nutshell Why an FSP becomes an orphan How to identify and clean up […]