Retrieve the information This information can be found in the user’s Active Directory’s objects with the Get-ADUser cmdlet. However, the msDS-UserPasswordExpiryTimeComputed attribute is a constructed attribute. According to Microsoft: Constructed attributes have the property that they are attributes for which the attribute value is computed by using other attributes, sometimes from other objects. And because […]
By configuring computer delegation with PowerShell, you can determine whether you can access an Active Directory (AD) computer from another computer. This article will demonstrate the difference between unconstrained delegation, constrained delegation to any service, and constrained delegation to specified services. Contents of this article: The concept of computer delegation in a nutshell Two different […]
Given that the Description property of the Get-GPO cmdlet has a Set method, this can be done with a simple one-liner.
Sometimes you open an Access Control List and discover an orphan SID. However, before removing the permission you want to know to which account this SID was matching. The SID matched to a local account In this case, you are done. There is no way to find to which account name the SID was matching. […]
Foreign Security Principals or FSPs have existed since Windows Server 2000. However, you could work as a system administrator for years without even noticing their presence because the mechanism behind them is almost fully transparent—almost. Contents of this article: FSPs in a nutshell Why an FSP becomes an orphan How to identify and clean up […]