Every now and then a lab must be created that has the AD structure as your rpoduction environment for testing purposes. (As is my case) To fully test my ADMT tool, I recreated a production AD domain structure using the following commands: csvde -f \outusers.csv -d "dc=thebank,dc=com" -l "DN,objectClass,ou,description,distinguishedName,cn,department,title,mail,telephonenumber,mobile,physicalDeliveryOfficeName,sAMAccountName" -r "(objectClass=user)" csvde -f \outou.csv -d "dc=thebank,dc=com" -l "DN,objectClass,ou,description,distinguishedName,cn,department,title,mail,telephonenumber,mobile,physicalDeliveryOfficeName" -r "(objectClass=organizationalUnit)" csvde -f \outgroups.csv -d "dc=thebank,dc=com" -l "DN,objectClass,ou,description,distinguishedName,cn,department,title,mail,telephonenumber,mobile,physicalDeliveryOfficeName,sAMAccountName" -r "(objectClass=group)" csvde -f \outcomputers.csv -d "dc=thebank,dc=com" -l "DN,objectClass,ou,description,distinguishedName,cn,department,title,mail,telephonenumber,mobile,physicalDeliveryOfficeName" -r "(objectClass=computer)"   These commands effectivily export computer, group, ou and user objects from AD. To import them, issue the following command: csvde -i -k -f path_of_csv_file.csv NOTE: The -k switch just tells the command to ingnore errors.

How many of us have had a call that someone could not log on to their computer, only to find that they were trying to log on to the local machine instead of the domain? Worse yet, what if you have a forest with multiple domains? Server 2008 and Windows Vista, Windows 7 If you are the lucky administrator of a Windows 2008 or 2008 R2 Active Directory with just Windows Vista and Windows 7 clients then your job is easy. There is a group policy found in Computer Configuration\Administrative Templates\System\Logon called “Assign a default domain for logon“. Enable this policy, enter your domain’s name and you are finished. Server 2003 and Windows XP However, what if you are one of the many who still run an older version of  Active Directory or happen to have tens, hundreds or thousands of those faithful Windows XP clients operating? You will need…

This article will explain how to create multiple Global Address Lists and Assign them to a specific user base. This "Hack" came into play when a client of mine needed two different email entities in one organization. Meaning, that they worked for the same company but only emailed the people in their respective offices. The first thing to do to create a separate GAL is to run the powershell cmdlet as follows: New-GlobalAddressList -Name "New GAL"  -IncludedRecipients 'AllRecipients' -ConditionalStateorProvince 'AL' This does 2 things: It includes all recipient types and it only includes recipients in the state of Alabama. (Which is how these departments are devided) After Creating the new GAL and including only Recipients in the State of AL, I ran a second powershell script to modify the msExchQueryBaseDN user attribute. This is the LDAP attribute responsible for the DN of the GAL. My modifying this attribute, you point…

Here is a brief description of the default management role groups created automatically when you install Exchange 2010: Delegated Setup - This management role group gives members the ability to run the Exchange 2010 setup program and therefore deploy, but not administer, a new Exchange 2010 server. Deployment can only be performed on servers that have already been provisioned by an administrator with additional permissions. Discovery Management - A member of the Discovery Management role group has the ability to perform searches of all mailboxes within the Exchange organization as well as implement the Legal Hold feature of Exchange 2010. We shall be looking at this management role group in detail later in this article series. Help Desk - The Help Desk management role group gives members permissions that are typically required by members of a help desk, such as modifying users’ details such as their address and phone number.…