« Previous 1 2 3
Manage Windows AD with PowerShell
Organized
Evaluating Password Protection
If you use Azure AD and have premium licenses, you probably also use the AD Password Protection for Windows feature, which extends password checking on domain controllers to include logic and insights from Azure AD. The feature prohibits users from choosing common or easy-to-guess passwords when changing passwords or from choosing passwords that you list as undesirable in Azure AD [2]. When it runs, the agent required for this on the domain controller logs how many password changes were rejected because they were too weak or are on your undesirables list:
Get-AzureADPasswordProtectionSummaryReport -DomainController NTTEST-DC-01 DomainController: NTTEST-DC-01 PasswordChangesValidated: 4 PasswordSetsValidated: 2 PasswordChangesRejected: 7 PasswordSetsRejected: 5 ...
Conclusions
This AD PowerShell exploration shows that you can automate common searches and tasks with very little overhead and create tiny scripts that you store in your favorite development environment to make your work easier. Often it doesn't take much work at all: If you structure your administration workstation with a good code editor for PowerShell, you can start automating Active Directory quite quickly and flexibly.
Infos
- Remote Server Administration Toolkit: https://docs.microsoft.com/en-us/windows-server/remote/remote-server-administration-tools
- Azure AD Password Protection: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)