Chapter 5 Active Directory Administration

Prerequisite:

Problem1: The administrator password does not meet the requirement. we recommend that you use the net user command-line tool with the /passwordreq

Solution: open a CMD window, type

net user Administrator <password> /passwordreq:yes

The <password> is the password you would set.

ADAC

Active Directory Administrative Center (ADAC) is the primary tool for performing day-to-day tasks in the administration of an Active Directory environment.

Recycle bin

Enable Recycle bin: in the ADAC, right click on the domain name, click “Enable recycle bin...”, note that this is not reversible.

Check the object in the bin: Click the arrow to the right of the domain name, choose Deleted Objects.

Empty recycle bin: There is no GUI to delete object in recycle bin, but we can use powershell. Following one empty all the objects:

Get-ADObject -Filter 'isDeleted -eq $true -and Name -like "*DEL:*"' -IncludeDeletedObjects | Remove-ADObject -Confirm:$false

To delete a specific one, e.g, user name peter, you can use

Get-ADObject -Filter 'isDeleted -eq $true -and Name -like "*DEL:*"' -and Name -like "*peter*" -IncludeDeletedObjects | Remove-ADObject -Confirm:$false

Restore-ADobject CMDLET syntax:

Restore-ADObject -Confirm:$false -Identity:”8713b0xxxxxxxx” -Server:”test.hom.com”

The Identity can be found in ADAC, right click the user, property, scroll down to extentions, then “attribute editor” find the objectGUID. Use this as the identity in the command.

Anyway, if we are in the core environment, How to get this by command???

This is the one for existing user: Get-ADuser -identity Bella

New-ADFineGrainedPasswordPolicy -Name:”Fallback” -Precedence:”3″ -MaxPasswordAge:”9″

All the parameters should be in the double quotation mark ” ” .

Remove-ADFineGrainedPasswordPolicy //enter, then you will need to input the name.

Create users in bulk:

PS C:\> Import-Csv C:\data\new-users.csv | New-ADUser -PassThru | `
 Set-ADAccountPassword -Reset `
 -NewPassword (ConvertTo-SecureString -AsPlainText "Pa$$w0rd" -Force) `
 -PassThru | Enable-ADAccount

The command takes the string “Pa$$w0rd” and converts it from plain text to a secure string so that it can be used by the –NewPassword parameter of the Set-ADAccountPassword cmdlet The –Force parameter is needed to suppress the confrimation prompt generated by use of the –AsPlainText parameter