Category Archives: PowerShell

New features in Active Directory Domain Services in Windows Server 2012 R2, Part 4: PowerShell Cmdlets

Managing an on-premises Active Directory Domain Services infrastructure through the Graphical User Interface (GUI) can get daunting. And boring. Luckily, for most repetitive tasks you can resort to the command line, or in more recent versions of Windows Server to PowerShell. Windows Server 2012 already comes equipped with PowerShell Cmdlets to manage your Active Directory […]


I’ll be speaking at Ngi-NGNs ‘Systems Management: Beyond Control’ event

I’ve been associated with the Dutch Networking User Group (NGN) for almost five years now. I’ve been speaking at their events and have helped others achieve the same goal. NGN has recently joined forces with the Dutch Platform for IT Professionals (Ngi), and an old tradition has been dusted off: We’re organizing a Windows Server-themed […]


Security Thoughts: Passwords in Group Policy Preferences (CVE-2014-1812)

Last week, Microsoft released Security Bulletin MS04-025, including guidance and an update that resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Active Directory Group Policy preferences are used to distribute passwords across the domain – a practice that could allow an attacker to retrieve and decrypt the […]


When you lose a bet…

People who know me, know me as a guy who likes to motivate people with random bets. It’s not intrinsic motivation, but it’s the kind of motivation that gets things done. A few weeks ago, I made a bet with a couple of colleagues. These colleagues were competing in the Winter 2014 worldwide PowerShell Scripting […]


Why I don’t like the Quest Active Directory PowerShell Cmdlets

Many Active Directory admins use and like the Quest Active Directory PowerShell Cmdlets, that are part of the free ActiveRoles Management Shell for Active Directory. They have been freely available since 2007 and have been the long trusted scripting companion for many. I am not one of them. It’s nothing personal. Let me explain.   […]


Active Directory in Hyper-V environments, Part 9

I have written a lot about Active Directory Domain Controllers and Hyper-V in this series. So far you’ve seen recommendations on host configuration, guest configuration, security and converting physical Active Directory Domain Controllers to virtual ones. Today, I’m covering anti-affinity.


Five Things you should know about using DirSync with Password Sync

In version 1.0.6385.12 of the Windows Azure Directory Synchronization tool (or DirSync for short) Microsoft introduced the ability for administrators to synchronize password(hashe)s to Azure Active Directory. I’ve blogged about the DirSync tool in the past, when the 32bit tool was deprecated, and today, with the Password Sync functionality, I feel I have good reason […]


Active Directory Services and PowerShell manageability

As you might be aware, every Microsoft server product has the requirement to be manageable through PowerShell and System Center. The PowerShell requirement is formulated as part of the Common Engineering Criteria (CEC). With PowerShell available as a version 3 product (and part of Windows Server 2012) it’s time to see how the teams, responsible […]


PowerShell, LDIFDE, CSVDE and Protection from Accidental Deletion

When you build test environments regularly, at some point you’ll want to fill your Active Directory quickly. If, for instance, you have a data set with Organizational Units (OUs), user accounts and groups, you’ll want to quickly import this data. If, on the other hand, in your business you’re allowed to use the user information […]


KnowledgeBase: ADDSDeployment module with the -Whatif argument shows incorrect DNS results

Microsoft released a KnowledgeBase article titled “ADDSDeployment module with the -Whatif argument shows incorrect DNS results” This KnowledgeBase article describes unexpected behavior in the PowerShell Cmdlets within the ADDSDeployment PowerShell module when you use the -WhatIf argument without specifying the -installdns argument.