Active Directory Service Recovery Mode (DSRM)

Learn about Active Directory Service Recovery Mode (DSRM) - a critical but often overlooked feature of Active Directory. This article highlights the importance of DSRM, how it works, and the risks associated with unauthorised access. It also presents best practices for handling and changing DSRM passwords. Finally, it discusses the role of DSRM in the context of IT baseline protection. A must read for any administrator who wants to manage their Active Directory database securely and efficiently.

Learn about Active Directory Service Recovery Mode (DSRM) – a critical but often overlooked feature of Active Directory. This article highlights the importance of DSRM, how it works, and the risks associated with unauthorised access. It also presents best practices for handling and changing DSRM passwords. Finally, it discusses the role of DSRM in the context of IT baseline protection. A must read for any administrator who wants to manage their Active Directory database securely and efficiently.

Setting up Office 365 – Part 2

Setup Office 365 - Part 2

This article is part of my migration from my old Office 365 to my new Microsoft 365 Tenant. It is also about setting up Office 365, the other Microsoft 365 topics will follow later. I also have written this article intentionally so that it can also be used for setup outside of a migration scenario. Part 1 was about choosing the right edition, setting up the account and configuring the domains and DNS.

Read more

Setting up Office 365 Part 1

Office365 einrichten - Teil 1

This article is part of my migration from my old Office 365 to my new Microsoft 365 Tenant. It is also about setting up Office 365, the other Microsoft 365 topics will follow later. I also have written this article intentionally so that it can also be used for setup outside of a migration scenario.

Read more

Creating Users Easily with PowerShell

As most people know, I like to make my life easy at work. That doesn’t mean I’m afraid of work, I just like to automate or simplify it where I can. I like to use PowerShell for this.

Another reason besides the convenience or lack of time why you should solve tasks through scripts is a consistent level of quality. Let’s face it, who doesn’t know this, even if there are checklists, you might forget one step when you get distracted.

Read more

Microsoft Azure AD – what do you need it for?

Was ist Azure AD - Teil eins der Reihe - Artkelbild

I am often asked, what actually is this Azure-AD? I thought I could dedicate a blog series to this question, after all it is becoming more and more important. In this series, I will also write about authentication methods, types of identities and objects, licenses and compatible services. In short, everything about Azure Active Directory.

Read more

Properly secure and document group policies

GPOBACKUP Properly secure and document group policies 5

It’s been some time since I started working on the first basic version of the script in August 2014, and posted about it on CONET’s blog. This first version came to just 6 lines of code without the header. Since then a lot has happened and the script has grown in the TechNet Gallery. Time for a new article about the script and its function.

Read more

Administrative templates in Intune – incl. list

Intune ADM Template

In January 2019 I reported about the preview of the administrative templates in Intune. Now it’s time to see what happened. Meanwhile, the function is no longer in the preview phase and it has grown too.

Read more

Using and Auditing PowerShell Scripts with Microsoft Local Administrator Password Solution (LAPS)

A screenshot of a social media post

This article was first published in German on June 04, 2019, on Infrastrukturhelden.de. The translation of this article was published on the 25th July 2019 at LinkedIn. Please read the article on LinkedIn.

Naming concepts for IT environments

Namingconcept Naming concepts for IT environments 9

Why do I need a name concept?

Let’s start with the example server names. As long as the IT team is small, it doesn’t matter. When external employees join or the team grows, it can help. Here are a few examples of naming concepts that I have already encountered, which may not have been quite so understandable at first glance:

Read more

Local Administrator Password Solution (LAPS)

041917 0532 LocalAdmini5 Local Administrator Password Solution (LAPS) 11

In the past, a company-specific standard was usually always used for local administrator passwords. But what do you do if an employee who knows the default password leaves the company?

Right, it should be changed. In the past, Group Policies (GPO) were often used for this, even if the password was in clear text in SysVol. This was fortunately stopped by Microsoft. What other solutions are available? In practice I have seen VBS or PowerShell scripts, the good ones have random passwords, the bad ones only a standard.

But isn’t there a well designed solution from Microsoft? Yes, there is, Local Administrator Password Solution (LAPS).

Read more