Category Archives: PowerShell

Security Thoughts: Passwords in Group Policy Preferences (CVE-2014-1812)

Last week, Microsoft released Security Bulletin MS04-025, including guidance and an update that resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Active Directory Group Policy preferences are used to distribute passwords across the domain – a practice that could allow an attacker to retrieve and decrypt the […]


When you lose a bet…

People who know me, know me as a guy who likes to motivate people with random bets. It’s not intrinsic motivation, but it’s the kind of motivation that gets things done. A few weeks ago, I made a bet with a couple of colleagues. These colleagues were competing in the Winter 2014 worldwide PowerShell Scripting […]


Why I don’t like the Quest Active Directory PowerShell Cmdlets

Many Active Directory admins use and like the Quest Active Directory PowerShell Cmdlets, that are part of the free ActiveRoles Management Shell for Active Directory. They have been freely available since 2007 and have been the long trusted scripting companion for many. I am not one of them. It’s nothing personal. Let me explain.   […]


Active Directory in Hyper-V environments, Part 9

This entry is part 9 of 10 in the series Active Directory in Hyper-V environments

I have written a lot about Active Directory Domain Controllers and Hyper-V in this series. So far you’ve seen recommendations on host configuration, guest configuration, security and converting physical Active Directory Domain Controllers to virtual ones. Today, I’m covering anti-affinity.


Five Things you should know about using DirSync with Password Sync

In version 1.0.6385.12 of the Windows Azure Directory Synchronization tool (or DirSync for short) Microsoft introduced the ability for administrators to synchronize password(hashe)s to Azure Active Directory. I’ve blogged about the DirSync tool in the past, when the 32bit tool was deprecated, and today, with the Password Sync functionality, I feel I have good reason […]


Active Directory Services and PowerShell manageability

As you might be aware, every Microsoft server product has the requirement to be manageable through PowerShell and System Center. The PowerShell requirement is formulated as part of the Common Engineering Criteria (CEC). With PowerShell available as a version 3 product (and part of Windows Server 2012) it’s time to see how the teams, responsible […]


PowerShell, LDIFDE, CSVDE and Protection from Accidental Deletion

When you build test environments regularly, at some point you’ll want to fill your Active Directory quickly. If, for instance, you have a data set with Organizational Units (OUs), user accounts and groups, you’ll want to quickly import this data. If, on the other hand, in your business you’re allowed to use the user information […]


KnowledgeBase: ADDSDeployment module with the -Whatif argument shows incorrect DNS results

Microsoft released a KnowledgeBase article titled “ADDSDeployment module with the -Whatif argument shows incorrect DNS results” This KnowledgeBase article describes unexpected behavior in the PowerShell Cmdlets within the ADDSDeployment PowerShell module when you use the -WhatIf argument without specifying the -installdns argument.


KnowledgeBase: "Access is denied" error message when you create a child domain remotely by using Install-ADDSDomain

Microsoft has issued a new KnowledgeBase article that addresses an issue when you use the Install-ADDSDomain PowerShell Cmdlet from the ADDSDeployment PowerShell module remotely to create a child domain. This issue is related to PowerShell remoting and the fact that the Install-ADDSDomain PowerShell Cmdlet doesn’t perform a pre-check on the password to create the DNS […]


Options that are only available when you promote Windows Server 2012 to a Domain Controller with PowerShell

The new Domain Controller Promotion process in Windows Server 2012 with the Active Directory Domain Services Configuration Wizard, is a nice new way to promote Windows Server 2012-based hosts to Domain Controllers, since it enables: Remote promotion of Windows Server 2012-based hosts to Domain Controllers Promotion of a group of Windows Server 2012-based hosts to […]