Download – Windows Security Audit Events Spreadsheet

Title: Windows Security Audit Events Spreadsheet
Published: 12/02/2015
Publisher: Microsoft Corporation
Version: November 2015
File name: WindowsSecurityAuditEvents.xlsx
Size: 70 KB
Download URL: Click here for download

Pop Quiz:

1) What’s the Event ID for an Account Lockout?

2) What about the Event ID denoting that permissions were changed on an object?

3) Or the Event ID for locking or unlocking a workstation?

Don’t worry, I can’t remember those off the top of my head either. And that usually means sifting through bookmarked links, PDFs or hitting Google to look it up.

Fortunately, Microsoft has an Excel spreadsheet detailing 412 different Event IDs related to Windows Security Audit Events. Those 400+ Event IDs are broken up into the following nine categories:

  • Account Logon
  • Account Management
  • Detailed Tracking
  • DS Access
  • Logon/Logoff
  • Object Access
  • Policy Change
  • Privilege Use
  • System

Another example but in this case physical casino security personnel will be on top of the barricades and they will be patrolling the building, like hvad er et pund i danske kroner.

In an unprecedented move, officials in the city of Valencia launched a national protest. The protest, attended by more than 30,000 people, was organized on social media across the country in support of the new law.

The protesters included representatives from local government districts, the local media, social media and religious institutions including faith clubs.

The spreadsheet also contains a tab with a complete description of the event message. This is a great tool for creating event monitors. Download and enjoy!

VN:F [1.9.20_1166]
Rating: 10.0/10 (2 votes cast)

PowerShell Cheat Sheet for Active Directory

Old school MicrosoftAll right, pop quiz, hotshot:

Do you still use any of the following commands?

  • CSVDE
  • DCPROMO
  • DNSCMD
  • DSACLS
  • DSADD
  • DSGET
  • DSMOD
  • DSMOVE
  • DSQUERY
  • DSRM
  • GPRESULT
  • GPUPDATE
  • IPCONFIG
  • NETDOM
  • NETSTAT
  • NLTEST
  • NSLOOKUP
  • PING
  • REPADMIN

If you answered ‘yes’ to one or more of the previous items, you failed.

ALL of those commands have been replaced by PowerShell.

And they were replaced over a year and a half ago.

News flash: You’re falling further behind in your IT career.

“But PowerShell is hard to remember…” which is true.

Good news though. There’s a handy 4-page cheat sheet to help wean you off the sour milk of the command prompt and get you eating the solid food of PowerShell.

Title: PowerShell Command Line Conversion Guide: Active Directory
Published: 01/02/2013
Publisher: Microsoft Corporation
File name: PowerShell Cmd Line Conversion Guide AD.pdf
Pages: 4
Size: 48 KB
Download URL: Click here for download

PowerShell Command Line Conversion Guide: Active Directory

Enjoy your meal!

VN:F [1.9.20_1166]
Rating: 7.0/10 (3 votes cast)

Download – Active Directory Replication Status Tool

Title: Active Directory Replication Status Tool
Published: 04/17/2014
Publisher: Microsoft Corporation
Version: 1.1
Size: 5.7 MB
File name: adreplstatusInstaller.zip
Download URL: Click here for download

DESCRIPTION

The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest. ADREPLSTATUS displays data in a format that is similar to REPADMIN /SHOWREPL * /CSV imported into Excel but with significant enhancements.

CAPABILITIES

  • Expose Active Directory replication errors occurring in a domain or forest
  • Prioritize errors that need to be resolved in order to avoid the creation of lingering objects in Active Directory forests
  • Help administrators and support professionals resolve replication errors by linking to Active Directory replication troubleshooting content on Microsoft TechNet
  • Allow replication data to be exported to source or destination domain administrators or support professionals for offline analysis
VN:F [1.9.20_1166]
Rating: 5.0/10 (3 votes cast)

Download – Test Lab Guide – Windows Azure AD

Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using DirSync with Password SyncTitle: Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using DirSync with Password Sync
Author: Bill Mathers
Published: 01/15/2014
Publisher: Microsoft Corporation
Pages: 48
Size: 1.8 MB
File name: DirSync_TLG.docx
Download URL: Click here for download

DESCRIPTION

This document will assist IT professionals, administrators, architects, and developers with in creating a test lab that uses Windows Azure Active Directory and Windows Server AD.

CONTENTS

  1. Set Up the Configuring the Windows Server 2012 Base Configuration Test Lab for Public Cloud Technologies
  2. Sign-up for a Windows Azure 30-Day Trial
  3. Create a Windows Azure AD Tenant
  4. Prepare the Windows Azure AD Tenant for Synchronization
  5. Create Organizational Units and Test Users in Windows Server AD
  6. Download and Install DirSync
  7. Configure DirSync to specific Organizational Units
  8. Run DirSync and Verify Results
VN:F [1.9.20_1166]
Rating: 9.7/10 (3 votes cast)

PowerShell – Move AD FSMO Roles in Server 2012

Over the long weekend we worked on two projects:

  1. Upgrade the Hyper-V hosts on the cluster at the data center
  2. Finish prepping a new Hyper-V host and Domain Controller for a new branch office with a new subnet

imageSince the cluster at the data center holds all of the Active Directory FSMO roles we needed to transfer the roles to an alternate location on the MPLS network so that project 1 didn’t slow down or stop project 2.

PowerShell to the rescue!

WHICH SERVER HOLDS THE FSMO ROLES?

Open PowerShell as an Administrator and type:

netdom query fsmo

You’ll see each of the 5 FSMO roles and which domain controller holds them.

Using PowerShell to transfer FSMO roles

The 5 FSMO roles are numbered 0-4:

0 – PDCEmulator
1 – RIDMaster
2 – InfrastructureMaster
3 – SchemaMaster
4 – DomainNamingMaster

Why do we care what those numbers are? Because we can move the FSMO roles very quickly and save a lot of typing.

For example, which PowerShell command is easier to type?

Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

Or this one?

Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4

Personally, if you’re moving all the roles at once to the same DC (like when doing some server maintenance) the 0,1,2,3,4 is easy.

Once you type in either of those commands you are prompted with several options for confirmation.

Y, A, N, L, S or ?

Moving FSMO roles with PowerShell

OPTIONS:

If you choose “Y” for Yes, PowerShell will prompt you to move each role,
then move to the next role, like this.

PowerShell FSMO role transfer - individual confirmation

If you choose “N” for No, PowerShell will skip transferring that role.

If you choose “A” for All, PowerShell will try to transfer all 5 roles to Target-DC.

If the transfer of a FSMO role fails PowerShell will let you know loud and clear.

PowerShell FSMO role transfer message

CONFIRMATION:

Unfortunately, if the transfer is successful you basically don’t get any confirmation of the role transfer.

You’ll need to run NETDOM QUERY FSMO to double-check who has the roles.
NETDOM QUERY FSMO to double-check FSMO role location

Side note – Once nice thing about using PowerShell to transfer the FSMO roles is that you can script the transfer to run at a scheduled time (so you don’t forget to put the roles back where they should be later).

Also, I didn’t have to load the Active Directory PowerShell module – Windows Server 2012 does that for me automatically.

VN:F [1.9.20_1166]
Rating: 9.4/10 (84 votes cast)