The blog of Darren Mar-Elia — the GPOGUY and founder of SDM Software
Just a quick note to let everyone know that the 4th edition of the Active Directory Book from O’Reilly is out, courtesy of AD MVP Brian Desmond. For those of you who aren’t familiar with this book, its an invaluable resource for Active Directory Administrators, and Brian has added his considerable AD expertise to this latest update, which has a long history and distinguished history of authors. Definitely worth checking out!
Tags:
Well, Active Directory MVP and well-known speaker Guido Grillenmeier from HP has taken my AD tombstone reanimation cmdlets and fashioned a very cool PowerShell script that uses the cmdlets and the new AD snapshot mounting feature in Server 2008 to not only restore deleted objects but also restore their attributes that are lost when the object is deleted. Guido is presenting an AD recovery talk at TechEd in Orlando tomorrow and the script will be featured in that talk. If you are at TechEd, I highly recommend you check out his talk.
Guido has also provided some great feedback on my tombstone reanimation cmdlets so look for a 1.1 version of them very soon!
You can download Guido’s PowerShell script here !
Thanks Guido!
Tags
Active Directory, tombstone reanimation, PowerShell, SDM Software
NetPro is hosting their annual Directory Experts Conference next week in Chicago. If you haven’t been to this show, its a great place to mean all the giant brains in the Active Directory world and learn some cool things about AD and related technologies. If you are going, look me up when you’re there. I’m giving two Group Policy sessions on Tuesday of next week, as well as hosting, with Kevin Sullivan of the MS GP product team, a GP "birds of a feather" session on Tue at 4:30pm. My first session will be focused on automating Group Policy management using scripting technologies, including PowerShell. The second session will focus on Group Policy performance, and I’ll be looking at ways to design "performant" GP infrastructures. It should be a good show, and especially because the "Dean and Joe" show is back for another year!
I look forward to meeting old and new friends there!
Tags:
Netpro, Active Directory, Group Policy, Directory Experts Conference
As you may have heard, Microsoft is finally providing the ability to have fine-grained password policies within a single AD domain. That means you can now have different password policies for different user groups within AD. This feature is described nicely in Jorge de Almeida’s excellent blog entry.
Well, now our friends at SpecOps have come out with a free GUI tool for managing these new "PSO" objects in AD. This tool looks really nice so check it out!
Its a good alternative to Joe Richards’ free command-line tool for managing PSO, called PSOMgr.
Despite the desperate need for doing this, the one thing that I don’t like about the new fine-grained password policy is that its a completely separate mechanism for managing password policy from the existing GPO-based method, which, by the way, is still in Server 2008. In the absence of Fine-grained password policies set in AD, the default is still whatever you’ve defined on your domain-linked GPO. This can get confusing since you will need two mechanisms for determining effective password policy across all users. I think Jorge’s advice in his blog is good–once you implement Fine-grained password policies, implement it for all users so that you essentially don’t need to care what Group Policy is doing with account policy anymore. That will simplify management of this stuff tremendously!
Tags:
Group Policy, Active Directory, Fine-grained Password Policy, SpecOps, Joeware
