Fix Active Directory broken security inheritance problem

Ran into a situation at a client location where in Active Directory, the security permissions applied to an OU were not getting inherited permissions on to the objects. Basically, security inheritance was broken.This causes a problem when the administrative accounts or groups needing to modify an attribute on the AD object throw errors, or are … Read more

Adding a security group to the Local Administrator Group in AD

Having a local administrator of your workstations can come in handy. Sometimes you might need to logon locally to troubleshoot or rejoin a computer to your domain. You can create a group policy that creates a local admin users and sets the local password. Admins make a common mistake when they want to add a … Read more

Creating Security Groups for File Shares in Bulk using PowerShell

Security Groups are great for managing large groups for permissions.  A client requested that they needed to have Read-Only, Read-Write, and Ready-Modify (allow for deleting) for all their file shares for better management. Getting the Share Names In order for me to create the groups I needed the share names. PowerShell to the rescue! Type … Read more

Remove disabled users from Distribution Lists & Security Groups in Active Directory

One of my clients had several disabled users showing up in distribution lists and security groups and this was creating unnecessary noise in email, alerts, etc. I highly encourage all administrators to keep their AD neat and tidy. The following PowerShell script searches for disabled users in Groups and Distribution Groups and removes them:

Read more

Find out ‘in cloud’ Distribution Groups

Microsoft Teams was announced yesterday and many want to jump right in. I noticed when users wanted to create teams, new distribution groups started getting added. I wanted to find out my ‘In cloud’ distribution groups and was surprised there was no property for the item.   I was able to find out the groups … Read more

Remove group membership of disabled accounts

Majority of the system administrators I’ve met forget this very important rule. When an account is not needed remove its membership from the security/ distribution groups, otherwise you get disabled account showing up in groups, and that looks ugly. You will need Quest ActiveRoles for Powershell installed to get this working. Depending on the size … Read more

Enabling ActiveSync for a Security Group using Powershell