Certificate Templates Microsoft created certificate templates for you to use as a starting point. They are meant to be duplicated and configured for your specific needs. All Enterprise CA servers issue certificates based on one or more of the certificate …
The below PowerShell script will generate a CSV file that lists each replication subnet in Active Directory Sites and Services. The list includes the site associated with the subnet, and whether or not a domain controller is in the site. …
Some notes for deploying a single online Enterprise Root Certification Authority (CA) using Active Directory Certificate Services (ADCS) in a lab environment. For this lab deployment, ADCS is installed on a Windows Server 2016 domain controller (do not do this …
Some notes about the process and steps for renewing (rolling over) the self-signed Active Directory Federation Service (ADFS) token-signing and token-decrypting certificates. This applies to ADFS v3.0 on Windows Server 2012 R2 and ADFS v4.0 on Windows Server 2016. …
You have a domain joined computer, and you want to add a domain user or domain group to one of the computer’s local groups. If you have administrative permissions on the domain joined computer, this can be done quickly with …
Some PowerShell commands to quickly add a Windows 2012 R2 server to an active directory domain in a lab environment. This includes configuring the NIC, renaming the server, and creating the AD computer account in a defined OU path. …
Some PowerShell commands to quickly build a Windows Server 2012 R2 DC for a new forest/domain in a lab environment. This includes some configuration changes to DNS, setting an external time source, building an OU structure, and creating administrative user accounts. …
Windows 7 Command to Update Group Policy on the Local Computer. Run the command prompt as Administrator. gpupdate gpudpate /Force Windows 7 Command to View Group Policy Settings on the Local Computer. Run the command prompt as Administrator. gpresult /R …
You cannot disable a Security Group in the same way a user account is disabled. However, you can change a Security Group to a Distribution Group, which disables all access provided by the group, but does not modify the group’s …
The first Domain Controller in a Forest should be configured to use a reliable, external, time source, and usually this DC has the PDC Emulator role. However, if the PDC Emulator role is moved to another DC, it’s best practice …