One of the new features in Windows Server 2016 will be the Active Directory Expiring Links feature, which enables time-bound group membership, expressed by a time-to-live (TTL) value. Here is how it works: Enabling the Expiring Links Feature The Expiring Links feature had been a standalone feature in early Windows Server 2016 builds, but as of TP4, it is a part of the broader Privileged Access Management (PAM) feature. It • Read More »
Tags: Active Directory, LDAP, PowerShell, Security
Have you ever wondered how the automatically generated passwords of Group Managed Service Accounts (GMSA) look like? Well, you can fetch them from Active Directory in the same way as Windows Servers do and see yourself. Here is how: Creating a GMSA To start experimenting, we need to have a GMSA first, so we create one:
|
1 2 3 4 5 6 7 |
# Create a new KDS Root Key that will be used by DC to generate managed passwords Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10) # Create a new GMSA New-ADServiceAccount ` -Name 'SQL_HQ_Primary' ` -DNSHostName 'sql1.adatum.com' |
We can check the result in the Active Directory Users and Computers console: Unfortunately, the built-in GUI • Read More »
Tags: Active Directory, LDAP, PowerShell, Security