Welcome to the Active Directory category page, your comprehensive guide to mastering the world of identity management in Windows Server. Active Directory (AD) is a Microsoft technology used for managing identities and computer resources securely. Here, you will find resources ranging from the basic concepts to advanced implementations. Discover how to manage user accounts, groups, and access controls; configure Group Policy; and deploy domain controllers (DC). Whether you’re a systems administrator, an IT professional, or an enthusiastic learner, this page is your gateway to understanding and leveraging AD efficiently.
Last Update: Mar 13, 2024
Active Directory is Microsoft’s on-premises identity and access management (IAM) service. In this article, learn how Active Directory (AD) makes it easier for IT to manage an organization’s IT resources. Active Directory is especially useful for companies that have to manage lots of endpoints and servers. What is Active Directory and why is it used?…
FSMO roles are a crucial piece in Active Directory functionality. Learn about their purpose, types, and how they work together in this guide. Windows Server Active Directory multi-master model A multi-master enabled database, such as Active Directory, provides the flexibility of allowing changes to occur at any domain controller (DC) in the enterprise, but it…
Last Update: Sep 04, 2024
Learn all there is to know about how Active Directory (AD) replication works. This guide covers the basics of how domain controllers (DCs) replicate all of your user accounts, passwords, computers, and other objects in your environment. Learn about how sites define the logical layout of your network and how the tools and features in…
Last Update: Dec 18, 2024
In this guide, we’ll show you how to install Active Directory Users and Computers (ADUC) and the basics of working with it so you can manage Active Directory. Active Directory Users and Computers (ADUC) is built as an add-on for the Microsoft Management Console (MMC), and it’s the go-to tool for IT Pros to manage…
The Active Directory Administrative Center (ADAC) is a powerful, modern tool for managing Active Directory. Learn how to use it efficiently with our step-by-step guide and tips. What is Active Directory Administrative Center (ADAC)? The Active Directory Administrative Center (ADAC) is a tool designed for IT administrators and IT Pros to manage Active Directory. Users,…
Last Update: Dec 18, 2024
While there are numerous paid solutions available, many IT professionals overlook the relative abundance of free Active Directory tools that can streamline management tasks. Besides making your CFO happy, these tools offer robust features that can simplify complex administrative tasks and enhance security. In this blog post, we’ll explore why IT pros should consider integrating…
Last Update: Jan 14, 2025
In this guide about Active Directory (AD) security, we’re going to detail five steps that IT admins need to follow to secure Active Directory environments in an organization. There are many best practices you’ll need to be familiar with to ensure Active Directory security, including restricting the use of privileged accounts, monitoring Windows Event Log…
In this article, I’ll show you how to list Active Directory users with PowerShell. While you can also list Active Directory (AD) users in Active Directory Users and Computers, PowerShell provides a much faster way. Check out how to list Active Directory Users with ADUC on Petri if you would prefer to perform this action…
In this article, I’m going to show you how to check which domain controllers (DC) hold the FSMO roles in Active Directory (AD). FSMO roles are assigned to specific domain controllers and are designed to prevent conflicts once data is replicated. You can also quickly transfer FSMO and seize FSMO roles using PowerShell. How to…
Last Update: Sep 23, 2024
In this guide, we’ll show you how to install the Active Directory PowerShell module on almost any version of Windows. Installing the Active Directory (AD) module in PowerShell offers IT pros convenient and secure remote access to administer their AD environments, all without having to interactively log into their domain controllers. Microsoft does not recommend…
Microsoft is preparing to retire the event alerts feature in its Purview Audit solution. The company announced on the Microsoft 365 Admin Center that this change will take effect in March 2025. Microsoft Purview Audit is an auditing solution designed to support organizations in conducting forensic and compliance investigations. It provides high-bandwidth access to audit…
Group Policy WMI Filtering is a powerful feature that allows administrators to apply Group Policy Objects (GPOs) and Group Policy preferences based on specific attributes of target computers, servers, and users. By leveraging Windows Management Instrumentation (WMI) queries, IT professionals can create highly targeted and dynamic GPOs that respond to the unique needs of their…
Last Update: Jan 14, 2025
In this guide about Active Directory (AD) security, we’re going to detail five steps that IT admins need to follow to secure Active Directory environments in an organization. There are many best practices you’ll need to be familiar with to ensure Active Directory security, including restricting the use of privileged accounts, monitoring Windows Event Log…
Active Directory groups are essential tools for managing and organizing users, computers, and other resources within a Windows domain. This article will provide an in-depth exploration of Active Directory (AD) groups, including their types, purposes, and best management practices. Whether you’re a seasoned IT professional or just beginning your journey with Active Directory, this guide…
Last Update: Jan 06, 2025
Cybersecurity researchers have warned about a critical vulnerability in Windows Lightweight Directory Access Protocol (LDAP), posing a significant threat to unpatched Windows Servers. This flaw could be exploited to trigger server crashes or enable unauthorized remote access. What is LDAP? LDAP (Lightweight Directory Access Protocol) is a popular protocol for accessing and managing directory services…
What are the benefits of a Hybrid Azure AD (Microsoft Entra ID) Join? I hear this question a lot; especially since I’ve published many videos referring to Hybrid Azure AD joins as a bad idea. Synchronizing existing on-premises Active Directory (AD) devices to Entra ID is beneficial, but for new devices, leveraging the security and…
Last Update: Dec 11, 2024
When trying to join a computer to an Active Directory domain, you may sometimes encounter the “an Active Directory Domain Controller could not be contacted” error. In this post, I’ll explain the different DNS and IP settings you can check to fix this error and finally join your computer to a domain. How can you…
Last Update: Dec 03, 2024
Microsoft has announced the public preview of a new custom claims provider feature for Azure Active Directory (Azure AD). The custom extension allows organizations to call an API and map custom claims into the security token during the authentication process. The custom extensions feature enables Azure Active Directory (Azure AD) users to interact with external…
Multi-Factor Authentication (MFA) has become important for user security within Active Directory environments. By implementing additional verification steps, MFA makes it more difficult for adversaries to gain unauthorized access and it is essential for any organization aiming to secure its Active Directory infrastructure. However, despite investing heavily on MFA to stop cyberattacks, top research reports…
How do you add a new domain controller (DC) to your existing Active Directory (AD) domain? In this post, I will show you how to quickly add a new DC to AD. This article applies to: Windows Server 2025, Windows Server 2019, Windows Server 2022, and Windows Server 2016 Check the domain and forest functional…
In this guide, I’ll show you how to add a new forest to your existing Active Directory environment. There may be compliance or security requirements dictating you add a new forest. This article applies to: Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025. However, just a note, you can add…
In this guide I’ll show you how to add a child domain to an existing forest. If you have, for example, contoso.com as your single Active Directory forest domain, you may want to add some logical separation. You can add a child domain, corp.contoso.com, to your forest during the DC promotion wizard. This article applies…