I ran into something really interesting today that took some time to figure out.. Thought I should post in case anyone else is puzzled by the same scenario (and so that I can remember later).

I was running queries for group memberships and found inconsistencies between what I was seeing in ADUC and what my queries were pulling back. In ADUC, I could see user accounts in a group that did not show up in the query results or when I looked in ADSIEDIT.

Read More →

Being able to easily delegate access to domain systems is essential for administrators to enable necessary IT staff to manage their environments. The proper OU structure along with the deployment of Active Directory GPOs makes this a fairly simple task.

GPOs can be used to add users or groups to local admins or to replace the existing memberships. Using GPOs ensures access is granted uniformly and consistently for a specific group of systems, ideally separated by their OU placement.

Read More →