An end-to-end walk through on how to configure SharePoint 2010 and ADFS v2 together to use SAML claims authentication. I’ll includes steps and PowerShell scripts to demonstrate and will try and bring all of the pieces together in one big posting. (more…)
Ldp.exe is a graphical user interface (GUI) tool that can be used for general administration of a Lightweight Directory Access Protocol (LDAP) directory service. You can use this procedure and Ldp.exe to administer an Active Directory Lightweight Directory Services (AD LDS) instance. You must connect and bind to the instance and then display the hierarchy (tree) of a distinguished name of the instance. You can then browse to an object in the tree and right-click the object to administer it. (more…)
Regardless of whether you want to change a local user password or an Active Directory user password you need to go through a two-step process. First you bind to the user account in question, and then you use ADSI’s SetPassword method to assign the user a new password. That’s it: two steps and you’re done. (more…)
What does Ntdsutil.exe do?
By default, Active Directory records only critical error events. To instruct Active Directory to record other events in the directory service log, modify the registry. For more information about how to use the Windows 2000 registry editors, see the Windows 2000 Server Help. Caution (more…)
TEST A BACKUP OF YOUR DOMAIN FIRST A new OS Domain Controller installation should always start with use from the support tools to check the Domain and Domain Controllers for errors that must be resolved before continuing. The following command line tools and programs will help you to verify if some problems exist within your Domain and the Domain Controllers. (more…)
At my previous company we had a script that would get triggered on a domain controller if an Active Directory account got locked out because of too many login attempts. It was really helpful in being proactive when someone got locked out. I decided my current company needed something like that too, and I found a really easy Powershell script that did the trick. You can download that script here (AD Lockout Alert Script) then do the following on your domain controller to send out the alerts:
- Open Powershell on your domain controller and run the following to allow the execution of scripts: (more…)