My friend Rich and his brothers Jared and Chris have started a really great blog that deals with Active Directory and Microsoft technologies. I highly recommed adding this blog to your reading list or favorite RSS reader.
http://cbfive.com/blog/
They already have a good number of entries up so enjoy and I'm sure you will agree that Rich, Jared, and Chris have done a really great job.
Congrats CB5!!!
Thursday, November 12, 2009
Thursday, October 22, 2009
My Friend Wrote a Book
This is one of my non-technical posts...I know I know I need some current tech content...coming soon I promise :)
I have a biological brother very close in age but growing up I also had another really good friend that I considered (and still consider) to be just as much of a brother to me.
He wrote a book this year about the journey of his family and specifically a small town called Howardsville
Kevin JOB WELL DONE!! I know this was something you have wanted to do for years. It is a huge accomplishment to write a book. I have issues writing blog entries and you finished an entire book!!
The book is called HOWARDSVILLE: The Journey of an African-American Community in Loudoun County, Virginia
The local newspaper also wrote an article about the book earlier this year
Article on Howardsville and Kevin's book
A few things not mentioned in that article. They do mention Kevin's Uncle Richard. What they don't mention there is that Richard never made the trip home from Vietnam. He made the ultimate sacrifice for our country. I didn't realize growing up what a big deal that was but now after serving I do know.
The author also mentioned that Kevin and I probably would not have the close friendship if we would grown up in a different era. That is probably true and it is a shame that it was like that for so many years but I really think things are changing for the better. We still have a ways to go but progress has been made.
I can still remember in high school having the most honest discussions about race and it really opened my eyes. I'm definitely a better person for having Kevin as a friend/brother all these years.
So Kevin time for you and the family to move back from Bermuda :)....again Great Job on the book and when do I get a signed copy hahaha
...ok back to thinking about technical content
I have a biological brother very close in age but growing up I also had another really good friend that I considered (and still consider) to be just as much of a brother to me.
He wrote a book this year about the journey of his family and specifically a small town called Howardsville
Kevin JOB WELL DONE!! I know this was something you have wanted to do for years. It is a huge accomplishment to write a book. I have issues writing blog entries and you finished an entire book!!
The book is called HOWARDSVILLE: The Journey of an African-American Community in Loudoun County, Virginia
The local newspaper also wrote an article about the book earlier this year
Article on Howardsville and Kevin's book
A few things not mentioned in that article. They do mention Kevin's Uncle Richard. What they don't mention there is that Richard never made the trip home from Vietnam. He made the ultimate sacrifice for our country. I didn't realize growing up what a big deal that was but now after serving I do know.
The author also mentioned that Kevin and I probably would not have the close friendship if we would grown up in a different era. That is probably true and it is a shame that it was like that for so many years but I really think things are changing for the better. We still have a ways to go but progress has been made.
I can still remember in high school having the most honest discussions about race and it really opened my eyes. I'm definitely a better person for having Kevin as a friend/brother all these years.
So Kevin time for you and the family to move back from Bermuda :)....again Great Job on the book and when do I get a signed copy hahaha
...ok back to thinking about technical content
Friday, October 2, 2009
Geek Network In Europe
My friend Eric went over to Germany for a customer visit and met up with one of our friends in the AD community. Anyone that reads my blog should know and follow Florian's blog too.
Not only are these guys some of the best Active Directory guys around but really cool people and good friends.
Check out Florian's post and pictures
The Geek Network at the Volksfest
New blog posts also coming from me...been very busy lately.
Thanks
Mike
Not only are these guys some of the best Active Directory guys around but really cool people and good friends.
Check out Florian's post and pictures
The Geek Network at the Volksfest
New blog posts also coming from me...been very busy lately.
Thanks
Mike
Monday, August 24, 2009
Extend the AD Delegation Control Wizard
I often see questions in the newsgroups about wanting to delegate control of AD. An example of this would be to delegate control of an OU for example.
Delegation is important because you don't want to just give any "admin" user domain admin rights. They key is to try and limit domain admin and other elevated rights.
There is a delegation of control wizard that is started by right clicking on the OU (I'll be using an OU for this entire blog entry example)and selecting Delegate Control
When you run the wizard you get 11 choices by default at the OU level:
Where does this list of tasks come from and can it be extended?
That list is built from a file called delegwiz.inf That file is located in the\Inf folder. In my case it is in c:\windows\inf.
That file can be modified and Microsoft has a great article that gives you a new file to use and outlines the steps required to make the modifications. That is part of their Best Practices for Active Directory Administration: Appendices
For this blog entry we will specifically use:
Appendix O: Active Directory Delegation Wizard File
As you can see in Appendix O, you copy the contents to notepad and you will replace the current delegwiz.inf file with your new file. As they point out make sure to backup your current file.
After you make the changes you will now notice that you have many more choices compared to the original 11 you got by default.
There are also more advanced ways to delegate control in AD and there are some good third party tools that are also good. Some of those methods will be covered in future blog posts.
Delegation is important because you don't want to just give any "admin" user domain admin rights. They key is to try and limit domain admin and other elevated rights.
There is a delegation of control wizard that is started by right clicking on the OU (I'll be using an OU for this entire blog entry example)and selecting Delegate Control
When you run the wizard you get 11 choices by default at the OU level:
Where does this list of tasks come from and can it be extended?
That list is built from a file called delegwiz.inf That file is located in the
That file can be modified and Microsoft has a great article that gives you a new file to use and outlines the steps required to make the modifications. That is part of their Best Practices for Active Directory Administration: Appendices
For this blog entry we will specifically use:
Appendix O: Active Directory Delegation Wizard File
As you can see in Appendix O, you copy the contents to notepad and you will replace the current delegwiz.inf file with your new file. As they point out make sure to backup your current file.
After you make the changes you will now notice that you have many more choices compared to the original 11 you got by default.
There are also more advanced ways to delegate control in AD and there are some good third party tools that are also good. Some of those methods will be covered in future blog posts.
Thursday, July 30, 2009
Group Policy Recommendations
From the mailbag.
Thiago sent me an email via the blog with a question about learning more about group policy. From Thiago's email
Brian Desmond's book does have a group policy section in it and that is a good place to start. I highly recommend Brian's book to anyone that works with AD. All four books in my recommendation section are great. Brian, Laura, and Kouti's books will help everyone.
There are however some resources I'd recommend for group policy specifically because that is what Thiago asked about.
First thing I'd recommend is to have some sort of lab setup if you can. That can be as simple as a virtual DC and one workstation to start with. As you are reading and learning about group policy it helps to test and play and experiment.
BOOKS
There are a few group policy specific books and both are good. The first one I'd recomend is
Group Policy: Fundamentals, Security, and Troubleshooting by Group Policy MVP Jeremey Moskowitz
That is the 4th edition of Jermey's group policy book and at close to 800 pages you will learn about group policy.
The next book is Microsoft's Group Policy Resource Kit by Derek Melber
This one I use as a reference and it has a lot of great info too. If money is tight I'd go with Jeremy's book first.
Speaking of money being tight there are a lot of great free resources on the web that can be very helpful.
BLOGS
Microsoft's Official Group Policy Team Blog Great blog from the group policy team anyone wanting to learn group policy should have this in their RSS feeds.
The GPO Guy Blog Group Policy MVP Darren Mar-Elia's blog. Hands down Darren is one of the top group policy guru's on the planet and his blog is another must read. More to come from Darren later in this post.
Florian's Blog Florian is a Group Policy MVP from Germany and a friend. His blog deals with group policy and Active Directory. He often thinks of blog entries that no one else does. His Restricted Groups entry is the best blog on the subject on the net.
Other Great Free Resources
TechNet Virtual Labs Having a test lab is very important as I mentioned above, but if you don't have one yet there are a bunch of great group policy labs provided by Microsoft. The virtual labs are a great learning tool.
Darren Mar-Elia also has some great free Group Policy Training Videos on his site. Definitely worth checking those out.
Group Policy Mail List Run by Darren this is a list that anyone wanting to learn more about group policy should subscribe too. Some really smart group policy folks on that list. You will often see very hard problems being discussed on that list.
So that is my list, I know some may wonder where Jeremy Moskowitz's training classes are. You can find Jeremy's training info here I've seen good reviews of Jeremy's class but I've never taken it so I can't personally recommend it but if you or your company has training dollars to spend it is probably going to be worth your time and money.
So what did I miss? Any blaring omissions? Please let me know and I'm sure this will not only answer Thiago's question but it will help others.
Thanks
Mike
Thiago sent me an email via the blog with a question about learning more about group policy. From Thiago's email
"...Im planning to buy in Amazon the Active Directory Book made by Brian Desmond MVP DS ( http://briandesmond.com/ad4/ ) But I would like to have your suggestion to a book that give me a inside about AD and Group Policy....because I don't wanna keep reading that basic concepts. Want more that "how to create GPO, how GPP works, how to map drives..."
Brian Desmond's book does have a group policy section in it and that is a good place to start. I highly recommend Brian's book to anyone that works with AD. All four books in my recommendation section are great. Brian, Laura, and Kouti's books will help everyone.
There are however some resources I'd recommend for group policy specifically because that is what Thiago asked about.
First thing I'd recommend is to have some sort of lab setup if you can. That can be as simple as a virtual DC and one workstation to start with. As you are reading and learning about group policy it helps to test and play and experiment.
There are a few group policy specific books and both are good. The first one I'd recomend is
Group Policy: Fundamentals, Security, and Troubleshooting by Group Policy MVP Jeremey Moskowitz
That is the 4th edition of Jermey's group policy book and at close to 800 pages you will learn about group policy.
The next book is Microsoft's Group Policy Resource Kit by Derek Melber
This one I use as a reference and it has a lot of great info too. If money is tight I'd go with Jeremy's book first.
Speaking of money being tight there are a lot of great free resources on the web that can be very helpful.
Microsoft's Official Group Policy Team Blog Great blog from the group policy team anyone wanting to learn group policy should have this in their RSS feeds.
The GPO Guy Blog Group Policy MVP Darren Mar-Elia's blog. Hands down Darren is one of the top group policy guru's on the planet and his blog is another must read. More to come from Darren later in this post.
Florian's Blog Florian is a Group Policy MVP from Germany and a friend. His blog deals with group policy and Active Directory. He often thinks of blog entries that no one else does. His Restricted Groups entry is the best blog on the subject on the net.
TechNet Virtual Labs Having a test lab is very important as I mentioned above, but if you don't have one yet there are a bunch of great group policy labs provided by Microsoft. The virtual labs are a great learning tool.
Darren Mar-Elia also has some great free Group Policy Training Videos on his site. Definitely worth checking those out.
Group Policy Mail List Run by Darren this is a list that anyone wanting to learn more about group policy should subscribe too. Some really smart group policy folks on that list. You will often see very hard problems being discussed on that list.
So that is my list, I know some may wonder where Jeremy Moskowitz's training classes are. You can find Jeremy's training info here I've seen good reviews of Jeremy's class but I've never taken it so I can't personally recommend it but if you or your company has training dollars to spend it is probably going to be worth your time and money.
So what did I miss? Any blaring omissions? Please let me know and I'm sure this will not only answer Thiago's question but it will help others.
Thanks
Mike
Thursday, July 23, 2009
Find Enabled Users in the Domain Admin Group
Sorry I've been out for a while, I'm back now with a quick hitter and more entries coming...well at least I have them planned in my head :)
I often receive requests from the security group to send them all user accounts in the domain admin group. What I've found is that there are often both disabled and enabled accounts. All they want is enabled accounts.
For this quick hitter I'll use my favorite tool. ADFIND by top MVP Joe Richards
adfind -default -f "name= domain admins" member -list | adfind -bit -f "&(objectcategory=person)(objectclass=user)(!useraccountcontrol:AND:=2)" samaccountname -nodn
There are other ways to do that in adfind but I really love playing with adfind being piped into adfind (great feature by joe)
Can anyone see another quick hitter coming about from this...how do you do this in powershell?...what about nested groups (see previous blog entry)...more to come :)
Update from Shariq via comments
I won't be doing a quick hitter for Powershell...thanks for the assist Shariq
Get-QADgroupmember "domain admins" | Get-QADuser -enabled
I also highly recommend checking out Shariq's Blog
Thanks Shariq!!
I often receive requests from the security group to send them all user accounts in the domain admin group. What I've found is that there are often both disabled and enabled accounts. All they want is enabled accounts.
For this quick hitter I'll use my favorite tool. ADFIND by top MVP Joe Richards
adfind -default -f "name= domain admins" member -list | adfind -bit -f "&(objectcategory=person)(objectclass=user)(!useraccountcontrol:AND:=2)" samaccountname -nodn
There are other ways to do that in adfind but I really love playing with adfind being piped into adfind (great feature by joe)
Can anyone see another quick hitter coming about from this...how do you do this in powershell?...what about nested groups (see previous blog entry)...more to come :)
Update from Shariq via comments
I won't be doing a quick hitter for Powershell...thanks for the assist Shariq
Get-QADgroupmember "domain admins" | Get-QADuser -enabled
I also highly recommend checking out Shariq's Blog
Thanks Shariq!!
Wednesday, July 1, 2009
I'm a Microsoft MVP now -- Thank You
I received an email earlier today telling me that I was awarded the MVP for directory services.
This is a really great honor and something I'm very proud of. I really enjoy working in the community and more importantly I enjoy learning from others too. I obviously didn't get to this point alone so I want to take some time to thank some key people that have helped me throughout my career.
Starting back in my Army days I can't say enough and thank those that serve. One of the best things I took away from my time in the Army was some of the good friends I made. So to Daryl, Will, and Todd thank you all. You all were like brothers during my time in and I'm proud to call you friends. Additonal thanks to Todd and all those currently serving during this time of war. Hoooaaaahhh!!
I had a few internships that got me in the door but my first real job was supporting a medium size agency in DoD. I really cut my teeth there and have to single out some folks there too.
First and foremost Kevin Buckman for being a great government manager. No way I'd be where I am today without Kevin's support during those early days. Thank you Kevin!! Honorable mention to Terri C. and Jim R.
Richard Guidorizzi -- thank you Richard for the second half of my DoD career at that agency. You really helped me more than you know and always believed in me and I'll never forget what you did. Honorable mention to Leslie Butler, a great senior manager and owner of the company I worked for.
Mark, David R., Garret, and Richard(again) - the discussions that we still have to this day are really great and I learn from each and every one of you. Definitely all friends for life
A great list of admins and engineers that I worked with at DoD:
Mark, David, Garret, Larry, Greg, Lili, Cesar, Kyle, Louis, Brian T, Stuart, Steve Mc, Alex, Guy, Todd, Steve B, Matt, Jeff H, Kevin D. and last but not least Rusty. I know I missed a lot of people but thanks to everyone there. We made it through a lot there including 9/11. I can still vividly remember watching the Pentagon burn. We will always be bonded by that experience.
Thanks to Keith, TJ, Ryan, Ditter, and John at my next agency. Not the most high speed job but at least I made some good friends. Did we pause the DEN yet haha
At my current job at Unisys there are a few key people that I definitely need to thank. Mark and Eric Jansen are on the top of that list. Really enjoyed the projects I worked on with them. It is so great to work with others that are good and know their stuff. We learned from each other and I think we made a solid and real impact for the agency we supported.
Thanks to the "geek network" Florian, Eric, Mark, Rich, Dave, Brian, and Troy B. We have some good discussions and I've learned a lot from all of you guys.
Thanks to everyone at Experts-Exchange. I hang out in the Active Directory section there and I've learned a lot and hopefully helped a lot of people too. Have to give thanks to some of the other top people over there. Chris Dent, Americom, bluntTony, TigerMatt, Laura Hunter, Brandon Shell, and Brian Desmond.
Thanks to other MVPs that I have learned from for years and years. Top of that list is definitely Joe Richards. Joe is just cool as hell and knowledgeable beyond belief. His tools are a huge part of what I do. I remember the first time I emailed Joe offline and he responded with a very long and thoughtful answer. He didn't blow me off or treat me like I was a pee-on. Thank you Joe for all your work in the community. I really look forward to meeting you at the MVP summit next year.
Other great MVPs that I'd like to thank. I've met some of you in person. Others I only know via email but Thanks to: Joe, Brian Desmond, Laura Hunter, Florian F., Jorge, Mark Minasi, and Darren Mar-Elia.
Thanks to the Directory Services team at Microsoft. Ned, Rob, and everyone else that writes for the AskDS blog. Really great blogs and thanks for what you all do for the community.
Last but not least my brother Andy...thanks Andy I would not be here without you man.
I know I probably forgot people but again I didn't get here alone and I'll continue with help and support from great people.
Ok now this blog entry is starting to sound like one of those rambling Oscar speeches. The red light came on 5 minutes ago and now I'm getting the hook...I've overstayed my welcome :)
Thanks
Mike
Subscribe to:
Posts (Atom)
Posts
