active directory

Repair computer that lost domain trust

A task the System Administrators have to deal with over and over is repairing a computer losing the trust relationship with Active Directory. Because of the ever increasing complexity of applications and settings, the traditional remove from domain , delete computer object form AD and join again is a terrible idea. Deleting the Computer object would delete all Bitlocker keys as well as wipe LAPS information associated with the device. A simple Powershell command will do the trick of restoring the trust: Test–ComputerSecureChannel –Repair

TucanData DataExplorer

The TucanData DataExplorer was initially developed by RFL Systems (company acquired by TucanData in September 2016 – more info about at The solution provides extensions to enterprise applications, enhancing reports and data visualisation capabilities. TucanData’s DataExplorer is a cutting-edge data visualisation platform which helps enterprises to consume and distribute strategic business information. The solution was created to help System Center Configuration Manager (SCCM) administrators to analyse and monitor SCCM data as well as provide an easy way to allow a non-technical person to understand the SCCM Data. The solution has expanded since its conception and today it also has Active Directory, Office 365, System Center Service Manager (SCSM) and Hyper-V modules. It provides the following benefits: – Straightforward and easy to use. Visualisation of what you want is just a drag and drop click away; – Ready to use. There is no need to spend time creating queries and…

Awesome news – Book & Software

Hi All, i have some awesome news to share with you. 1st news, yesterday my new SCCM e-book was finally released. It took some time to write up and test. With 197 pages divided in 33 chapters, you’ll find lots of good info. The book has also over 160 powershell scripts, so you can automate almost (if not all) SCCM tasks you’ll be performing on day to day basic. And on top of that, it is free. To download, access, fill up the form and download the PDF. 2nd news, yesterday we also released a new version of our Dashboard software, now called DataExplorer with modules for SCCM, SCSM, Hyper-V, Active Directory and Office365. To download a trial version of the software, access, fill up the form and download the Setup file.

SCCM-Schema Extension via PowerShell

Hi All, life as consultant has to be always quick and without any mistakes, so automation is the key here. and to start, lets do something that we don’t do every day…Extend the Active Directory for SCCM 1st, execute Extadsch.exe (source from c:\SCCMCBSource)  

  2nd- Create the System Management Container and assign the correct security rights (Group is SCCM Servers)  

  that’s it for today.

Data Explorer v1.1 release

Hi All, Today, we are proud to announce: BI Dashboard has been renamed to Data Explorer Data Explorer has been extended and now has modules for not only SCCM, but also for Active Directory and Office 365 A new version (v1.1) is now available Since the release of the v1.0, our development team have been busy and with release of v1.1, we have fixed 39 issues and added 55 new functionalities. A full list of the changes can be found here. And we are also working hard to keep our documentation website always up to date. We will be updating our online and offline documentation often, so keep your eyes open on Try it now! Make sure you download the software here and enjoy a 45 days trial. Hope you will enjoy and feel free to ask questions and provide feedback.

Microsoft Policy Analyzer

I love group policy. I believe this is one of the main reasons why companies use Windows instead of an alternative OS like Linux or Mac OS. Group Policy gives you control over your environment, enabling, disabling, configuring, restricting and enforcing settings for the OS or any application you want. If a machine is on the domain, you know the settings will apply. I provide Active Directory consulting very often and in most cases I have to troubleshoot Group Policy settings. This can prove challenging in some environments as the way they were created is not easy to grasp. Microsoft just released (22 Jan 2016) a tool to help you analyse group policy settings. You can choose a group of policies and the tool will treat it as one, highlighting conflicts and duplication. The tool is still in its early stages, but it is a great start. Find out more…

MVP Summit – Hackaton

Hi All, during the MVP Summit, we had a nice work with the Product Team where the MVP group asked some features to be added to the product and that could be coded in a Week and that may be added to the project in a later version (as we hope those will make it) I have to say that we had great projects, in total 10 projects led by MVP’s and coded by Microsoft… Team 1 – Active Have you ever needed to know what machines are active? you need this, they delivered a way to see what machines are online, they integrated with Cortana and etc. I have to say, really great project Team 2 – Wizards Have you ever used the console to do stuff and needed to select the same option over and over? this is the “fix”. It will allow you to save the options…

Disable Authenticated User from beeing able to join computers to the domain

One of the things I still can’t understand is why users should be allowed to join computers to the domain. One Best Practice I always follow is to change the maximum number of machines an authenticated user can join to the domain to ZERO. Users with permissions to create objects on specific OUs, by being Domain Admins or through delegated rights (use the delegation wizard) will still be able to create computer objects, and join computers to the domain. To accomplish that follow the procedure bellow: ADSIedit > Default Naming Context > “DC=domain,DC=com” > Properties > Attribute Editor: Set: ms-DS-MachineAccountQuota to 0 Summary: ms-DS-MachineAccountQuota stores a numeric value of the number of computers that a user is allowed to join to the domain (actually it is the number of computer objects that that user is allowed to create in a domain). When a machine is joined to the domain, the…