project database

Manage Active Directory user accounts

To manage Active Directory user accounts; that’s quite a statement.  It evokes an image of constantly working on a user account, ensuring its accuracy, checking on its well being, and probably calling the user herself every once in a while to see how life is going.  It is also one of the phrases that brings…

project database

Computer objects in Active Directory security groups

In Active Directory, a computer object is a security principal. This means that just as with a user, you can give permissions for resources and assign security group memberships to the computer.  Applying permissions to security groups instead of OUs is a generally accepted best practice.  For user objects, you can delegate part of this…

project database

Computer objects in AD security groups

A computer object is a security principal. This means that just as with a user, you can give permissions for resources and assign security group memberships to the computer.  Applying permissions to security groups instead of OUs is a generally accepted best practice.  For user objects, you can delegate part of this and automate most…

project database

The case for Active Directory groups multiple owners

Active Directory groups get a single owner in Active Directory & Exchange which is set in the ManagedBy attribute.  But businesses don’t tend to work that way, Active Directory groups are often “matrix managed”, they have more than one user that should be responsible for the upkeep of that group. Exchange 2010 is bridging that…

project database

Mail enable an Active Directory security group. Or not.

I recently had a conversation with a customer who said that he doesn’t allow mail enabled Active Directory security groups.  Another customer was in the same meeting who said that he wished he could disable that ability.  Two proofpoints that Active Directory administrators do not want to mail enable security groups.  Unfortunately, we were discussing…

project database

The 3 most common dynamic Active Directory groups

Maintaining the accuracy of all Active Directory groups is important but as George Orwell may have said (and I’m paraphrasing here), “All Active Directory groups are equal, but some Active Directory groups are more equal than others.”  I say this because some Active Directory groups have to be accurate.  And because some are easier to keep…

project database

Can Active Directory be put in the Cloud?

Imanami was recently quoted in Windows IT Pro on Active Directory’s 10th anniversary.  Part of that discussion was whether Active Directory could be put in the cloud. “That’s tough,” Haaverson says. “AD is protected with a vengeance. Why would you want to push it to the cloud? What do you do if the Internet goes…

project database

GAL synchronization between forests

In today’s M&A-heavy environment, GAL synchronization between two or more forests is becoming more and more important.  IT departments are regularly called upon to integrate two organizations’ global address lists on the first day that the merger is complete, expecting employees to be able to see the new organizations as one even if the backend…