Active Directory – Modify all users in an OU to “Password Never Expires”
KB ID 0000532 Problem A while back I did a job for a school, many weeks later their users have had to change their passwords. Nothing strange there, the problem is now their teachers DONT want to have their passwords changing at all. For a single user you can simply edit the user object and set it to “Password Never Expires” for a LOT of users this can be more time consuming. Solution Warning: There is a caveat! If the...
Bulk Export Users From One Domain, and Import Into Another
KB ID 0000794 Problem I’ve written in the past about bulk importing users with CSVDE, but what if you want to move/migrate your users to another domain? You first need to export all the users, then import them into the new domain. Solution Step 1 Export Domain Users to CSV File 1. Here all my users are in one OU, if that OU has ‘nested OU’s within it that’s OK. 2. The command to ‘export’ is as...
Windows – ‘The directory service has exhausted the pool of relative identifiers’
KB ID 0000797 Problem I got this error when attempting to bulk create users with CSVDE (see below). But you may simply see it when trying to create a user, or other AD object. Unwilling To Perform The server side error is “The directory service has exhausted the pool of relative identifiers.” Solution Well that is a scary looking error! Firstly make sure you can see all your FSMO role servers. Locate your FSMO Role...
How To View (and Delete) Printers From Active Directory
KB ID 0000835 Problem Printers are ‘pruned’ out of active directory after time, but I was pushed for time, and the ‘helpful users’ were clicking and installing the old printer(s) from the replaced server. Instead of the new ones, so I had to manually rip them out. Solution How to Display Printers in Active Directory 1. Your first challenge is actually seeing the printers, Windows Key+R > dsa.msc {Enter}. 2....
Set Cisco ASA for Kerberos Authentication
KB ID 0000039 Problem You want to set up a Cisco ASA to authenticate users (VPN access for example). Solution Kerberos can only be used as an authentication protocol on the ASA, so its fine for allowing VPN connections but not for assigning policies etc. To work both the ASA and the domain need to be showing accurate time. Step 1: Set the ASA to get time from an External NTP Server 1. Log onto the ASA > Go to “Enable...