Making Sure Only Your PDC is Scavanging DNS Records

I recently looked over out DNS server settings, and I found out that more than one DNS server (DC in our case) was scavenging records.
In order to put that right, I made a small script that makes sure that only the PDC is scavenging records:

param(
 $scavengeInterval = 7
)

Get-ADDomainController ...
more ...

Brute Force Guessing for User Passwords

Our security team complained to me that they found a lot of users with trivial passwords simply by trying to log in as them.
They asked me to write them a script to speed up the process, so I wrote them my brute force guessing script.
It's not very ...

more ...

Automaticlly Updating DNS Server Addresses In A Domain Machine

The Problem

I was recently requested to make sure that our machine's network interface cards (NICs) have their DNS queries pointed to "the correct servers".
I decided that every machine should point to its domain's DNS servers, and it's their job to redirect queries (if needed) to ...

more ...

Updating VMware discovery info in Active Directory

Recently I decided I want to store physical discovery data (name, physical location, host if it's a VM) on the machine's account in Active Directory, because we have a lot of machines and during a crisis we sometimes forget where they are.
I started with our VMware infrastructure ...

more ...

Some Things I Didn't Know About People Picker

Recently I got to mess with SharePoint 2010's People Picker - a control that emulates Windows' "Directory Object Picker", allowing the user to select security principals

  • Active Directory's People Picker:
  • The SharePoint 2010 Variant:

After the Devs asked me to customize it for them, I went rummaging through the ...

more ...

Windows Event Collection

I've recently implemented an enterprise-wide solution of event collection in our organization, using Windows' built-in mechanism called the Windows Event Collector.
This mechanism allows you to collect events from computers running Windows NT5+ (XP/Server 2003 and greater) into Windows NT6+ (Vista/Server 2008 and greater) machines. The only ...

more ...

Remotely Viewing Machine Certificates With Minimal Permissions

We've started remotely monitoring our certificate stores on critical servers, and wanted the monitoring software to be able to remotely connect to our servers' personal certificate stores.
I quickly found a script to enumerate all certificates in a specific store on a remote computer:

function Get-Cert( $computer=$env:computername ...
more ...

Active Directory's Object Specific ACEs and PowerShell

I recently checked the option of handing out AD permissions through PowerShell scripts, and I found out that setting object-specific ACEs is not trivial scriptwise.
Active Directory ACE (access control entries) are different from your regular ACEs (for example, NTFS), because they can be used to grant permissions only on ...

more ...

Solving and preventing "Topology Discovery failed, error 0x80040a02"

Recently our Exchange 2003 environment broke down when we demoted our last ancient DCs. We panicked and re-promoted them, but no avail. The Exchange servers won't finish loading (they'd get stuck on "Applying computer settings", while actually waiting for the Microsoft Exchange System Attendant service to finish starting ...

more ...

Checking for conflicting oIDs

I got word that this script was useful for some other IT team, so it's definitely blog-worthy!

The Story

I've inherited some AD forests with their schema extended by in-house software, using oIDs belonging to an MS pool, meaning that those numbers might be used by future schema ...

more ...