Active Directory
I was going to write an article about authoring your own MMC consoles and I may still do that, however the main reason why I would want to create my own MMC console and lock it down is if I were delegating certain tasks to a junior administrator (like user management in Active Directory).
It turns out that Daniel Petri has already written an excellent article which shows how an administrator can create a “Taskpad” which is essentially a custom MMC console which is locked down to a set of specific administrative tasks. This taskpad can then be used by a...
Remember: If only some of your Domain Controllers are Global Catalogs make sure that the domain controller that holds your Infrastructure FSMO role1 is not a Global Catalog. The reason for this is that a global catalog that holds the infrastructure master role will stop looking for and removing phantom objects in your directory since it will have no phantom objects (we all know global catalogs hold partial information on every object in the directory) because it knows about every object in the directory if even a little. However, if all your domain controllers are global catalogs, then it...
With the advent of Active Directory, the old school Security Accounts Manager (SAM) account names are almost a thing of the past, not that anyone got the memo. Most people still authenticate to their domain using their SAM account name, which is usually DOMAIN\username; with DOMAIN being the NETBIOS name for the AD domain. While this is still (as previously mentioned) widely used and acceptable, in my opinion there is a more appealing method for having users log into their accounts on Active Directory networks, and that is using the User Principal Name (or UPN) suffix. A UPN...