Active Directory (AD)

About Active Directory (AD)

Welcome to the Active Directory category page, your comprehensive guide to mastering the world of identity management in Windows Server. Active Directory (AD) is a Microsoft technology used for managing identities and computer resources securely. Here, you will find resources ranging from the basic concepts to advanced implementations. Discover how to manage user accounts, groups, and access controls; configure Group Policy; and deploy domain controllers (DC). Whether you’re a systems administrator, an IT professional, or an enthusiastic learner, this page is your gateway to understanding and leveraging AD efficiently.

FUNDAMENTALS

Datacenter networking servers

What is Active Directory: The Ultimate Guide

Last Update: Mar 13, 2024

Active Directory is Microsoft’s on-premises identity and access management (IAM) service. In this article, learn how Active Directory (AD) makes it easier for IT to manage an organization’s IT resources. Active Directory is especially useful for companies that have to manage lots of endpoints and servers. What is Active Directory and why is it used?…

Servers Hero

Understanding the 5 FSMO Roles in Active Directory

FSMO roles are a crucial piece in Active Directory functionality. Learn about their purpose, types, and how they work together in this guide. Windows Server Active Directory multi-master model A multi-master enabled database, such as Active Directory, provides the flexibility of allowing changes to occur at any domain controller (DC) in the enterprise, but it…

Datacenter networking servers

Active Directory Replication: A Guide for IT Pros

Last Update: Sep 04, 2024

Learn all there is to know about how Active Directory (AD) replication works. This guide covers the basics of how domain controllers (DCs) replicate all of your user accounts, passwords, computers, and other objects in your environment. Learn about how sites define the logical layout of your network and how the tools and features in…

GETTING STARTED

Windows

How To Install Active Directory Users And Computers (ADUC): A Step-by-Step Guide

Last Update: Dec 18, 2024

In this guide, we’ll show you how to install Active Directory Users and Computers (ADUC) and the basics of working with it so you can manage Active Directory. Active Directory Users and Computers (ADUC) is built as an add-on for the Microsoft Management Console (MMC), and it’s the go-to tool for IT Pros to manage…

Servers Hero

How To Use The Active Directory Administrative Center

The Active Directory Administrative Center (ADAC) is a powerful, modern tool for managing Active Directory. Learn how to use it efficiently with our step-by-step guide and tips. What is Active Directory Administrative Center (ADAC)? The Active Directory Administrative Center (ADAC) is a tool designed for IT administrators and IT Pros to manage Active Directory. Users,…

tool keyboard hero img

The Ultimate List of Free Active Directory Tools

Last Update: Dec 18, 2024

While there are numerous paid solutions available, many IT professionals overlook the relative abundance of free Active Directory tools that can streamline management tasks. Besides making your CFO happy, these tools offer robust features that can simplify complex administrative tasks and enhance security. In this blog post, we’ll explore why IT pros should consider integrating…

1725491972 Security Hero

5 Steps to Secure Active Directory

Last Update: Jan 14, 2025

In this guide about Active Directory (AD) security, we’re going to detail five steps that IT admins need to follow to secure Active Directory environments in an organization. There are many best practices you’ll need to be familiar with to ensure Active Directory security, including restricting the use of privileged accounts, monitoring Windows Event Log…

TUTORIALS

1725501059 powershell hero

How to List Active Directory Users with PowerShell

In this article, I’ll show you how to list Active Directory users with PowerShell. While you can also list Active Directory (AD) users in Active Directory Users and Computers, PowerShell provides a much faster way. Check out how to list Active Directory Users with ADUC on Petri if you would prefer to perform this action…

Datacenter networking servers

How to Check FSMO Roles in Active Directory

In this article, I’m going to show you how to check which domain controllers (DC) hold the FSMO roles in Active Directory (AD). FSMO roles are assigned to specific domain controllers and are designed to prevent conflicts once data is replicated. You can also quickly transfer FSMO and seize FSMO roles using PowerShell. How to…

PowerShell

How to Install Active Directory PowerShell Module

Last Update: Sep 23, 2024

In this guide, we’ll show you how to install the Active Directory PowerShell module on almost any version of Windows. Installing the Active Directory (AD) module in PowerShell offers IT pros convenient and secure remote access to administer their AD environments, all without having to interactively log into their domain controllers. Microsoft does not recommend…

LATEST

Cloud Computing

Microsoft to Phase Out Event Alerts in Purview Audit – How to Prepare for the Change

Microsoft is preparing to retire the event alerts feature in its Purview Audit solution. The company announced on the Microsoft 365 Admin Center that this change will take effect in March 2025. Microsoft Purview Audit is an auditing solution designed to support organizations in conducting forensic and compliance investigations. It provides high-bandwidth access to audit…

Windows-11-notebook-tablet

Understanding Group Policy WMI Filtering

Group Policy WMI Filtering is a powerful feature that allows administrators to apply Group Policy Objects (GPOs) and Group Policy preferences based on specific attributes of target computers, servers, and users. By leveraging Windows Management Instrumentation (WMI) queries, IT professionals can create highly targeted and dynamic GPOs that respond to the unique needs of their…

1725491972 Security Hero

5 Steps to Secure Active Directory

Last Update: Jan 14, 2025

In this guide about Active Directory (AD) security, we’re going to detail five steps that IT admins need to follow to secure Active Directory environments in an organization. There are many best practices you’ll need to be familiar with to ensure Active Directory security, including restricting the use of privileged accounts, monitoring Windows Event Log…

1725492266 security hero

Unlocking the Power of Active Directory Groups: A Comprehensive Guide

Active Directory groups are essential tools for managing and organizing users, computers, and other resources within a Windows domain. This article will provide an in-depth exploration of Active Directory (AD) groups, including their types, purposes, and best management practices. Whether you’re a seasoned IT professional or just beginning your journey with Active Directory, this guide…

Cloud Computing

Critical Active Directory Vulnerability Could Let Attackers Crash Windows Servers

Last Update: Jan 06, 2025

Cybersecurity researchers have warned about a critical vulnerability in Windows Lightweight Directory Access Protocol (LDAP), posing a significant threat to unpatched Windows Servers. This flaw could be exploited to trigger server crashes or enable unauthorized remote access. What is LDAP? LDAP (Lightweight Directory Access Protocol) is a popular protocol for accessing and managing directory services…

Windows 11 2022 Update

The Pros and Cons of Hybrid Azure AD Join

What are the benefits of a Hybrid Azure AD (Microsoft Entra ID) Join? I hear this question a lot; especially since I’ve published many videos referring to Hybrid Azure AD joins as a bad idea. Synchronizing existing on-premises Active Directory (AD) devices to Entra ID is beneficial, but for new devices, leveraging the security and…

Windows

How to Fix the “An Active Directory Domain Controller for the Domain Could Not Be Contacted” Error

Last Update: Dec 11, 2024

When trying to join a computer to an Active Directory domain, you may sometimes encounter the “an Active Directory Domain Controller could not be contacted” error. In this post, I’ll explain the different DNS and IP settings you can check to fix this error and finally join your computer to a domain. How can you…

Microsoft Azure

Azure AD Custom Claims Providers Feature Let Users Customize Authentication Flows

Last Update: Dec 03, 2024

Microsoft has announced the public preview of a new custom claims provider feature for Azure Active Directory (Azure AD). The custom extension allows organizations to call an API and map custom claims into the security token during the authentication process. The custom extensions feature enables Azure Active Directory (Azure AD) users to interact with external…

1725491972 Security Hero

Achieving True MFA in Active Directory by Securing Every Authentication Factor

Multi-Factor Authentication (MFA) has become important for user security within Active Directory environments. By implementing additional verification steps, MFA makes it more difficult for adversaries to gain unauthorized access and it is essential for any organization aiming to secure its Active Directory infrastructure. However, despite investing heavily on MFA to stop cyberattacks, top research reports…

Datacenter networking servers

How to Add a Domain Controller to an Existing Domain (PowerShell)

How do you add a new domain controller (DC) to your existing Active Directory (AD) domain? In this post, I will show you how to quickly add a new DC to AD. This article applies to: Windows Server 2025, Windows Server 2019, Windows Server 2022, and Windows Server 2016 Check the domain and forest functional…

Datacenter networking servers

How to Add a New Forest to Active Directory (Server Manager)

In this guide, I’ll show you how to add a new forest to your existing Active Directory environment. There may be compliance or security requirements dictating you add a new forest. This article applies to: Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025. However, just a note, you can add…

1725496402 Servers Hero

Add a Child Domain to an Existing Forest (Server Manager)

In this guide I’ll show you how to add a child domain to an existing forest. If you have, for example, contoso.com as your single Active Directory forest domain, you may want to add some logical separation. You can add a child domain, corp.contoso.com, to your forest during the DC promotion wizard. This article applies…

Go to page