Active Directory: retrieve the base DN (distinguishedName) attribute of an object

In this tutorial, I will explain how to retrieve the base DN also called distinguishedName in an Active Directory. This attribute is often used to configure LDAP/Active Directory bindings for applications. All Active Directory objects (Users, Computers, Organizational Unit, etc.) have the attribute: distinguishedName and this is unique. I say that the base DN attribute …

Read more



Active Directory: create an organizational unit (OU) in PowerShell

In this “How to” tutorial, we will see how to create an Organizational Unit in an Active Directory with the New-ADOrganizationalUnit cmdlet. Create an OU in PowerShell Open a PowerShell command prompt From a domain controller open a PowerShell window Use the New-ADOrganizationalUnit Cmdlet to Create the OU Enter the following command by adapting the …

Read more



Active Directory: Add an organizational unit – OU

In this “How to” tutorial, we will see how to create an Organizational Unit in an Active Directory with the Active Directory Users and Computers console available on domain controllers in graphical mode. Add an OU in the Active Directory Open the Active Directory Users and Computer console From a domain controller, open the Active …

Read more



PowerShell: sign scripts

In this tutorial, I will explain how to sign your scripts. Before going into the subject, we will see why signing the scripts, the main reason is security. If your environment (computers + servers) is configured to run only signed scripts and a PowerShell script is launched in a malicious file, it will be neutralized …

Read more



DFS: delete a namespace on Windows Server

In this tutorial, I will explain how to delete a DFS namespace on Windows Server. In the vast majority of cases, you won’t normally need this tutorial 😉 Although this operation is relatively simple to perform using the graphical interface, it sometimes happens that it does not go as planned, especially if you have planned …

Read more



DNS: delete a record on Windows Server

In this “How To” tutorial, I will explain how to delete a DNS record on Windows Server with the DNS Manager console. Delete a DNS record Open the DNS Manager console On a server where the DNS Manager console is installed, open it and go to the zone where you want to delete the record. …

Read more



Active Directory: change the KrbTgt account password

In this tutorial, I will explain how to change the password of the KrbTgt account. Before explaining how to change the password of this account, I will give you some explanations. Who is krbtgt? The krbtgt account is a disabled service account in the Active Directory, which is used for the distribution of Kerberos Tickets, …

Read more



Active Directory: Secure Domain Join to Domain Admins

In this tutorial, we will address a security point on an Active Directory environment, which is the domain joining of computers. What you need to know (some administrators don’t know this), all domain users can join a computer to a domain, they can even join up to 10 computers. Domain administrators have no limit as …

Read more



GPO: force DNS computer registration

In this tutorial, I will explain how to force DNS registration of computers by Group Policy (GPO) in an Active Directory environment. Maintaining a clean, up-to-date DNS (Active Directory) zone is not easy, especially with dynamic computer registration. The first step is the activation of automatic cleaning, but it happens that once this is activated, …

Read more



GPO: block programs and prevent software installation – software restriction

In this tutorial, I will explain how by Group Policy (GPO) in an Active Directory environment, block the launch of programs and prevent the installation of certain software with the software restriction policy. By default, if the users are not administrator (local) of the computer, it is not normally possible to install programs, on the …

Read more