Menu Sidebar


How to Generate a Group Policy Report

This may be a noob topic, but it is an important one. Depending on the size of your organization you could have a few Group Policy Objects (GPO) or you could have many. Sometimes it is very hard find out why a workstation or server is acting the way it is. I would say that […]

Active Directory and Kerberos SPNs Made Easy!

What Is an SPN? An SPN is a reference to a specific service, for example, an instance of SQL or a web application run by IIS. Since SPNs are specific, they reference not only what the service is (such as an SQL server), but also which hostname runs the instance and on which port it’s […]

Speed up Active Directory & DNS replication between Sites

Using the standard GUI Microsoft Management Consoles to make the change to speed up Active Directory replication is not possible. The best result of using administrator consoles will be to increase domain replication between domain controllers to 15 minutes. These large time values were instituted into Active Directory at version 1 because inter-site connections during that era of computing and networking were much lower in bandwidth with the most common being frame-relay or […]

The Lazy Way To Do Active Directory Inventory

From time to time admins have to run an inventory of what is running in the AD environment. This is a good practice for audits, inventory, removing decommissioned servers, or any other good reason. The details that are required are like when was computer/ server created, when was it last logged into, what is the […]

PKI CA – Manage certificate templates

Certificate templates are a feature available on enterprise CA. Certificates templates enable to preconfigure certificate settings for enrollment (or auto enrollment). Enrollment is the process to obtain a certificate signed by the CA. The client that has obtained a certificate by enrollment is called the enrollee. I will show you how to create a certificate […]

Lists all users last logon time

As administrators we often want to check which users have not logged in for quite a while, or what accounts recently accessed a system, etc. The following script list all users and their last logon time. With the lastloggeduser.csv we can get fancy with excel to find differences based on age and more.


Set password never to expire for users in a particular domain (Bulk mode)

Let me start by saying that I don’t recommend doing this at all. Password Never Expires is bad security practice, but there are situations that might require it. I had a similar request on how this could be done. Setting it for multiple users:

Setting it for a single user:


Adding Western Digital MyBook to the Domain

Basically, the MyBook “advanced” interface allows for you join the device to the domain and to specify AD users and groups for folder permission, but they won’t help you troubleshoot when it doesn’t work.  And it doesn’t work by default on a Windows 7 or OSX machine. So here’s the 2 issues most people run […]

Newer Posts

Mohammed Wasay

Dallas based Design Technologist & Hybrid Developer