active-directory - The Network Stack

The Network Stack

active-directory

A collection of 8 posts

SSH with Duo MFA and Active Directory

Duo has thorough documentation for adding MFA to your SSH sessions, but there are a couple additional steps needed to also integrate with Active Directory. This post will go through the installation for both Duo and Active Directory for Ubuntu 16.04. For other Linux distros, the Duo documentation linked

Active Directory Powershell

Using this page to keep track of all the useful powershell "mini-scripts" I've used: Copy users from one security group to another security group Add-ADGroupMember -Identity destination-group-name -Members (Get-ADGroupMember -Identity source-group-name -Recursive) Add enabled users from an OU to a security group Get-ADUser -SearchBase 'OU=Your-OU,DC=corp,DC=company,

active-directory

Active Directory Transfer Roles

If you need to transfer the Active Directory FSMO roles to a new server, these simple steps were easy to follow. Took about 5 minutes. http://www.techieshelp.com/how-to-transfer-fsmo-roles-graphical-and-command-line/

Windows SSL Certificate Installation

The Digicert cert utility for Windows make the process so much easier: To generate the CSR: https://www.digicert.com/util/csr-creation-microsoft-active-directory-ldap-2012-digicert-utility.htm To install the Cert: https://www.digicert.com/ssl-certificate-installation-microsoft-active-directory-ldap-2012.htm For LDAPS on a domain controller, I did not have to import the cert file into the

active-directory

Active Directory Health Check

Migrated a DC and wanted to do some basic AD health checks. From the cmd prompt (domain joined pc with sufficient privileges or on the DC): Replication Info: repadmin /replsummary repadmin /showrepl Query FSMO role holders, which should confirm that they are online: netdom query fsmo General Server Diagnosis: dcdiag

Export User List of AD Security Group

If you need to get a list of all members in an AD Security Group, open up powershell and try the following commands from a DC: 1. This command will list all the members and the OU structure they below to: dsquery group -name "GroupName" | dsget group -members 2. Add

active-directory

Active Directory Delegating Permissions

I needed to delegate permissions to helpdesk (instead of making them domain admins) to create and modify users, and modify group membership. This is slightly different from some of the built in permission groups, since we didn't want helpdesk to delete users. Permissions are delegated at the OU level, and

palo alto networks

Palo Alto Firewall AD Group Mapping

These commands will help troubleshoot and resolve issues with Active Directory groups on your PAN firewall. 1. Shows every AD group added to the PAN firewall: show user group list 2. Shows the user and IP address mapping (or specific user): show user ip-user-mapping all 3. Gives more detailed statistics