Fix Active Directory broken security inheritance problem

Ran into a situation at a client location where in Active Directory, the security permissions applied to an OU were not getting inherited permissions on to the objects. Basically, security inheritance was broken.This causes a problem when the administrative accounts or groups needing to modify an attribute on the AD object throw errors, or are … Read moreFix Active Directory broken security inheritance problem

Adding a security group to the Local Administrator Group in AD

Having a local administrator of your workstations can come in handy. Sometimes you might need to logon locally to troubleshoot or rejoin a computer to your domain. You can create a group policy that creates a local admin users and sets the local password. Admins make a common mistake when they want to add a … Read moreAdding a security group to the Local Administrator Group in AD

Creating Security Groups for File Shares in Bulk using PowerShell

Security Groups are great for managing large groups for permissions.  A client requested that they needed to have Read-Only, Read-Write, and Ready-Modify (allow for deleting) for all their file shares for better management. Getting the Share Names In order for me to create the groups I needed the share names. PowerShell to the rescue! Type … Read moreCreating Security Groups for File Shares in Bulk using PowerShell

Remove disabled users from Distribution Lists & Security Groups in Active Directory

One of my clients had several disabled users showing up in distribution lists and security groups and this was creating unnecessary noise in email, alerts, etc. I highly encourage all administrators to keep their AD neat and tidy. The following PowerShell script searches for disabled users in Groups and Distribution Groups and removes them:

Read moreRemove disabled users from Distribution Lists & Security Groups in Active Directory

Find out ‘in cloud’ Distribution Groups

Microsoft Teams was announced yesterday and many want to jump right in. I noticed when users wanted to create teams, new distribution groups started getting added. I wanted to find out my ‘In cloud’ distribution groups and was surprised there was no property for the item.   I was able to find out the groups … Read moreFind out ‘in cloud’ Distribution Groups

Remove group membership of disabled accounts

Majority of the system administrators I’ve met forget this very important rule. When an account is not needed remove its membership from the security/ distribution groups, otherwise you get disabled account showing up in groups, and that looks ugly. You will need Quest ActiveRoles for Powershell installed to get this working. Depending on the size … Read moreRemove group membership of disabled accounts

Microsoft IIS: Disabling the SSL v3 Protocol

Depending on how your Windows servers are configured, you may need to disable SSL v3. Note that older versions of Internet Explorer may not have the TLS protocol enabled by default. If you disable SSL versions 2.0 and 3.0, the older versions of Internet Explorer will need to enable the TLS protocol before they can … Read moreMicrosoft IIS: Disabling the SSL v3 Protocol

Enabling ActiveSync for a Security Group using Powershell