Category: Active Directory

Q: Where is Windows Server 2019 FFL/DFL? A: There isn't one. Since there was no updates or changes to the Forest or Domain functional levels of AD, there is not a 2019 level, but only a 2016 level. This is the information about Windows FFL/DFL's: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels This image also shows the various paths and options

The question isn’t can you, but should you virtualize the Primary Domain Controller emulator (PDCe) FMSO role holder. And of course, the answer is, ‘It depends’. Of course it does, why wouldn’t it be black or white? Because there are too many options to consider. Finding the PDCe: There are a few different ways to

Another scary post on Halloween. Scary that is, if you're not following security best practices. This bad actor group exposes a timing issue with O365 safe links. They create a certificate for a site, that looks ligament, and then exploit it as quickly as they can. For example: Securemail.contoso.com. Since the cert is valid and

In the part 1 of this function, we covered an option to set all Exchange servers to use every AD site in an organization, minus any 'deployment' ones. But what if you have a very large organization, with multiple data centers hosting Exchange servers, various regions to support, and you want to target specific locations

In this blog post a few years ago: https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Exchange-Active-Directory-Deployment-Site/ba-p/604329 was a discussion around Exchange AutoDiscoverSiteScope information. The good news is, it worked perfectly in a lab, however, rarely is any production environment like a lab. Thus, there was some missing information. We're updating the article to include solutions to fix the problem. This post is

Need to know a member count of ALL distribution groups and e-mail enabled security groups in your organization that exports to a CSV file? Then this function is for you. Get-GroupMemberCount This function simply creates a .CSV file of all the e-mail enabled groups and current member count. May not be the most elaborate task,

The world is always changing and the password expiring value is one that recently was updated. Microsoft has updated the stance around expiring passwords: https://blogs.technet.microsoft.com/secguide/2019/05/23/security-baseline-final-for-windows-10-v1903-and-windows-server-v1903/ The short answer is, only the expiring portion of the password policy is being discussed. You way want to still expire passwords, but with technologies like Windows Hello, the world

I’d like to introduce you to my MO_Module. It’s a PowerShell module, combining several daily administrative tasks into simple Verb-Noun Functions for engineers to perform their jobs easier. I was developing/maintaining several different PS modules, which became more work, so I thought I’d just combine everything into one single place. Since my primary technologies are

I was recently called into help on a ‘Crit Sit’ (Critical Situation) that a customer had with their Exchange 2010 environment. During the previous night, a few of the Databases that have a total of 3 copies spread across a DAG flipped to different servers. This ultimately was caused by Exchange asking AD a question

Q: Why does the Schema Admin have a mailbox? A: It’s by design! What? Yes, this is normal behavior for Exchange Server 2013 & 2016.  If the account you are using for the install does not have a mailbox, one will be created for that account. Typically, engineers will use an Active Directory (AD) account with a mailbox when