Ramblings, ideas, problems, and solutions

Tag: AD

  • Free text search in ADUC

    A critical component to successfully closing a lot of the tickets I handle at work is the ability to search for – and find – Active Directory User, Computer, and Group objects. In about eight of ten instances, I’m able to do so using the standard search types (searching for Users, Contacts, and Groups or Computers). Sometimes, however, I need to find each and every object that has a name containing some predefined string. When that string might be found anywhere in the name, the standard search fails me pretty consistently. Luckily, there is another search type: Custom Search. Here’s how to use it:

    (more…)

  • A better way of finding users’ group memberships

    More than six years ago, I wrote a post, detailing how I could identify users’ Active Directory group memberships. While the method I detailed certainly works, it isn’t as simple as it might have been. Having recently found myself needing to perform that very same task again, I decided to revisit this topic, to show how I did it this time around.

    (more…)

  • AD: Inspecting object attributes

    A little while ago, I was asked about when a specific user last logged in with their active directory (AD) user account. While looking up that information was easily done, finding out how to look up the information was a mite more challenging. There are a number of ways of achieving it; including command line and Powershell commands. My preferred way of doing it is using the Attribute Editor in Active Directory Users and Computers (ADUC). Here’s how:

    (more…)

  • Unable to make Active Directory group member of another group

    Some time ago, I was working on a request to limit access to a folder to members of four AD groups. Following the established practice at my employer, I created the group to grant access to the folder, and the one to control who has access. I made the latter a member of the former, and went to add the members. Two of the AD groups that were to have access were added, no problem. The other two were not. Not only that, I couldn’t even find them when searching for them,

    (more…)

  • Fixing “The security database on the server does not have a computer account for this workstation trust relationship”

    When working in a corporate environment with Active Directory, you may, from time to time, encounter computers that users cannot log on to, as they receive an error message saying:
      (more…)