Finding Groups that have disabled users in them

This is just a quick powershell script to find all users who are a member of a certain group (of certain groups).
We were running out of licenses for one of the products we use internally. This product is tied to group memberships. Instead of clicking on each indivual group or disabled user (approximate 40 groups or 560 disabled users), I figured I would draft up a quick powershell to do the work for me.

Continue reading Finding Groups that have disabled users in them

Resetting DSRM or Directory Services Restore Mode password in Server 2012 R2

Today I needed to reset a DSRM password, not because we forgot it, but more due to wanting to have different passwords for our domain controllers.

Although, you could have the same password for each Domain Controller – this is not always secure. If your server gets compromised and they hack the DSRM password, they will try that exact password on a different server in order to gain access to it.

What is DSRM?

DSRM is a special boot mode (or option) for Windows Server Domain Controllers (ONLY). Think of it as a kind of “SafeMode” for directory services. With DSRM, the administrator is able to repair, recover or restore Active Directory services.  DSRM is configured during the promotion of Active Directory Services. This Administrator account that you configure is completely unrelated and separate to the DOMAIN\Administrator account.

Continue reading Resetting DSRM or Directory Services Restore Mode password in Server 2012 R2