Category Archives: Active Directory

PTA, AADJ and the “User must change password at next log on” flag

OK, the title has a whole bunch of acronyms which may not be entirely familiar. Actually…if we’re being really picky I should probably say a whole bunch of initialisms, but that would digress into a whole different article when a perfectly good Wikipedia article already exists for that. 🙂 Anyway, PTA is the accepted short form… Read More »

Powershell snippet to enable change notification on all site links

Qasim Zaidi has an old but really good blog entry on enabling change notification for Active Directory site links.  For a long time now I’ve encouraged my customers (those with decent bandwidth between sites) to enable change notifications on site links rather than wait the 15 minutes (minimum) for replication between sites. Qasim’s blog references a Powershell… Read More »

Attribute-Based Active Directory Group Membership

Unfortunately Active Directory doesn’t yet provide dynamic security groups in the way that, for example, Exchange provides dynamic distribution groups.  Sometimes it is useful to maintain a group’s membership based on a specific attribute, or set of attributes.  Here’s a quick Powershell example that shows how to maintain the membership based on the presence of… Read More »

Power to the people!

You now have the ability to provide product feature requests and changes relating to Windows Server that go direct to the Product Group.  Not only that, but you can build a base of voter support to drive your suggestions across the line. windowsserver.uservoice.com I really like this concept as it removes the difficulties associated with getting your… Read More »

Dump a list of all schemaIDGUIDs with Powershell

There are well known methods for setting Access Control Entries (ACEs) on Active Directory objects using Powershell. One example is the following:   http://blogs.msdn.com/b/adpowershell/archive/2009/10/13/add-object-specific-aces-using-active-directory-powershell.aspx   The method relies on you knowing the schemaIDGUID of the schema object classes you are working with (e.g. User, Computer, Group). Unless you know your way around AD it’s not… Read More »

MSExchange Mailbox Replication Error 1121

I recently had a interesting issue where I was seeing the 1121 error below in the Application log on one of my Exchange 2013 servers every minute.   Log Name: Application Source: MSExchange Mailbox Replication Date: 14/01/2015 2:23:34 p.m. Event ID: 1121 Task Category: Request Level: Error Keywords: Classic User: N/A Computer: ex1.contoso.com Description: The… Read More »