Friday, 29 June 2018

HOW TO ORGANIZE YOUR ORGANIZATIONAL STRUCTURE (OU)

HOW TO ORGANIZE YOUR ORGANIZATIONAL STRUCTURE (OU) PROPERLY


Hi Ya,

I have seen many messy Active Directory Structure where there is mixture of users and computers. Creating and targeting policy is a messy. When you built your AD,it  will look like the picture on the right.

They are the default Microsoft AD OU structure. These OU has specific Purpose.
OU
CONTENTS
Builtin
The Builtin container holds default service administrator accounts and domain local security groups. These groups are pre-assigned permissions needed to perform domain management tasks.
Computers
The Computers container holds all computers joined to the domain without a computer account. It is the default location for new computer accounts created in the domain.
Domain Controllers
The Domain Controllers OU is the default location for the computer accounts for domain controllers.
ForeignSecurityPrincipals
The ForeignSecurityPrincipals container holds proxy objects for security principals in NT 4.0 domains or domains outside of the forest.
LostAndFound
The LostAndFound container holds objects moved or created at the same time an Organizational Unit is deleted. Because of Active Directory replication, the parent OU can be deleted on one domain controller while administrators at other domain controllers can add or move objects to the deleted OU before the change has been replicated. During replication, new objects are placed in the LostAndFound container.
NTDS Quotas
The NTDS Quotas container holds objects that contain limits on the number of objects users and groups can own.
Program Data
The Program Data container holds application-specific data created by other programs. This container is empty until a program designed to store information in Active Directory uses it.
System
The System container holds configuration information about the domain including security groups and permissions, the domain SYSVOL share, DFS configuration information, and IP security policies.
Users
The Users container holds additional predefined user and group accounts (besides those in the Builtin container). Users and groups are pre-assigned membership and permissions for completing domain and forest management tasks.

 Source:  https://sites.google.com/a/pccare.vn/it/ent-admin-pages/default-containers

Many engineers will just create users, computer or security group inside one of these OU or  Just create OU  saying users and workstation. Personally I don't like engineers doing this because this makes harder to manage the OU structure and it will create mess on long run. Instead creating a separate organizational unit (OU) naming as your Organization name would just do good.



If you have a small to medium organization to maintain, do create a a separate parent OU relating to your organizational name. Add sub OU creating Users , computers and Groups to organize.



This makes way way  convenient to maintain Active Directory (AD). This not only help you to understand your AD, It will also easy on applying group policy to apply. This is because you can create sub OU inside the parent OUs

For example if my Organization have floors or room, I can create OU under that name and place my computer base on floors. Easily apply printing Group policy to the computer base on floor 1.





Wednesday, 27 June 2018

HOW TO DELETE THE DOMAIN USER PROFILE CORRECTLY

HOW TO DELETE THE DOMAIN USER PROFILE CORRECTLY



Hi ya,

I believe every one has deleted user folder from
"C:\Users" to make some space on the windows drive or C drive.
Deleting user folder on a domain environment may cause user to login with a temporary profile. This is because when  new user log in a computer they also create SID records on the windows registry. Deleting user folder on "C:\Users"  wont delete the registry record.

In order to avoid messing up the registry , here is the right way to delete the user folder.
Login is as administrator account on the computer where you need to delete the user folder.

1. Open Run or (Windows + R)
2. Type in "SYSDM.CPL" and Hit Enter

This will open your system Properties 

3. Go to "Advanced" tab 
4. Click on User profile "Settings"




5. Select the profile you want to delete and press delete


The above is the Microsoft recommended way to remove the profile .


OTHER WAYS TO DELETE  DOMAIN USER PROFILE

#Note: This can also help the people who are getting temporary login profiles.

Login as administrator account on the computer

1. Always make a note of the user name that you are going to delete
2. Delete selected user folder from the  "C:\Users"
3. Open Run or (Windows + R)
4. Type in "REGEDIT" and Hit Enter
5. Click on File then Export
6. Give a name and location to back up your registry.
#Step 5 and 6 is to be on safe side , if you accidentally delete wrong SIDs or Mess up the regedit.
7. Navigate to the following location  

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList



8. Browse through the Profile list and their username will show on Profileimagepath
9. Delete the records



Good luck !!

Friday, 22 June 2018

HOW TO TYPE ALL MSC (MICROSOFT MANAGEMENT CONSOLE) COMMAND LIKE IT PRO

HOW TO TYPE ALL MSC (MICROSOFT MANAGEMENT CONSOLE) COMMAND LIKE IT PRO




Hi all, 
If you are wondering how to open MSC command like an IT PRO. You can remember this commands and act like an IT Pro.

DSA.MSC
Active Directory Users & Computers
DSA.MSC /DOMAIN=domainname

DSA.MSC /SERVER=servername

DSSITE.MSC
Active Directory Sites & Services
GPEDIT.MSC
local Group Policy Editor
VIRTMGMT.MSC
Hyper V manager
MSTSC.MSC
Remote Desktop
DHCPMGMT.MSC
DHCP Manager
DISKMGMT.MSC
Disk Management
DNSMGMT.MSC
DNS Manager
COMPMGMT.MSC
Computer Management
EVENTVWR.MSC
Event Viewer
DEVMGMT.MSC
Device Manager
FSMGMT.MSC
Shared Folders
SERVICES.MSC
Service Configuration
RSOP.MSC
Resultant Set of Policy
SECPOL.MSC
Local Security Policy
LUSRMGR.MSC
Local Users and Groups
DFRG.MSC
Disk Defragmenter
REGEDIT.EXE
Run Registry Editor
MMC.EXE
Microsoft Management Console
PERFMON.MSC
Performance Monitor
DCPOL.MSC
Domain Controller Security Policy
DOMAIN.MSC
Active Directory Domains & Trust
DOMPOL.MSC
Domain Security Policy
DFSGUI.MSC
Distributed File System
IAS.MSC
Internet Authentication Service
INETMGR
Internet Information Service (\Windows\system32\inetsrv)
RRASMGMT.MSC
Routing and Remote Access
TSCC.MSC
Terminal Services


APPWIZ.CPL
Add/Remove Programs
TIMEDATE.CPL
Date/Time Properties
DESK.CPL
Display Properties
INETCPL.CPL
Internet Properties
MAIN.CPL
Mouse Properties
MAIN.CPL KEYBOARD
Keyboard properties
FONTS
For Fonts folder
NCPA.CPL
Network Connection
SYSDM.CPL
System properties


CMD.EXE
Command Prompt
MSINFO32.EXE
Hardware and software configuration information
MSCONFIG
System Configuration
WINVER
Windows Version
CONTROL
Control panel
NETPLWIZ
User Account
MRT
Microsoft Windows Malicious Software Removal Tool
FIREWALL.CPL
Firewall
Good Luck !!