Ever wondered why size of Active Directory database is different on domain controllers? You might ask yourself if Active Directory supports MultiMaster technology, then all objects reside in database on all domain controllers, so if that is true, why the size of database (NTDS.DIT) is completely different on one domain controller to another?
Considering this fact, each day we face new problems and requirements which we need to deal with. During these years there have been so many requests from System Administrators or specialist to have a feature in Active Directory which allows administrators to select a user to login only once in a time and prevent multiple logins from a user account in Active Directory.
As you all know the #wannacry malware hit the whole world in the last few days. The vulnerability behind this malware was leaked out by ShadowBrokers. Since the spreading rate of this vulnerability is greatly increasing, it is considered an obligation to prevent from this.
Today, in modern days of technology, the concept of auditing has become one of the interesting facts in Information Technology (IT). Back in days, when I was probably playing with my SNES, the concept of auditing was so hard to follow with built-in applications and consoles, but today, you can find many applications which either covers a specific part of auditing or support a huge number of services and applications. Among them, it is rare to find a solution which covers a whole range of services and audits, but ‘LepideAuditor Suite’ is one of those rare. In this article we will talk about this application.
After long delay of being absent, I managed to fetch some time in order to pen down an article and share my thoughts about on of the features of Active Directory which has been always in total darkness for me. ‘List Object Mode’.
Greetings again,
Sorry for not being here for a long period of time. Recently I faced a strange issue which made me to pen down an article about it. So I will share this experience in case you may encounter it in near future.
While updating group policy clients my client was receiving an error indicating that the group policy folder in SYSVOL is not accessible. At first I thought that it might be related to some problems in DFS share and NETLOGON but it seemed everything was working perfectly because there was no error in DFS event log of the domain controllers.
A friend of mine recently had problems regarding uploading certificates to GAL. As a matter of fact the users were unable to upload certificates when they choose "Publish To GAL". In this case the most errors you get is "Microsoft office Outlook was unable to publish your certificates. The server may be offline or your certificates may be invalid".
Recently I faced a request from a client wanting a Dynamic Security Group in Active Directory which automatically update its members.. However we do have the concept of dynamic objects in Active Directory (I promise to speak on that on another article), but this one was completely different. The client wanted to have a security group which automatically removes the disabled users from it. So I started a lovely conversation with my lovely friend PowerShell.
Ever wanted to add your custom attribute to Delegation Wizard feature of Active Directory? Then you came to the right place. Sometime it can happen that default attributes of ‘Delegation Wizard’ are not just enough for you and you would like to add more options to it. In order to do that, you have to edit delegwiz.inf file which you can simply find it on a Domain Controller.
Account lockout feature is one of the powerful methods in order to prevent password related attacks. Using this method victim user account will be locked out after a number of failed attempts in a specific period of time. This feature has found its way to a lot of other technologies these days. My cellphone will be locked out after three wrong passwords and will not be able to work for about 2 minutes.
Although this policy can help you to prevent attackers from guessing user’s password, it is important to consider the risk provided by this solution in your environment because authorized users can lock themselves by mistyping their passwords when they do not remember the password. This problem can be quite costly for your organization, because locked out accounts will be unable to logon unless their accounts unlocks automatically after specific period of time or get unlocked by an administrator