Below are Microsoft TechNet Wiki pages I have published. They deal with on-premises Active Directory, LDAP, PowerShell, scripting, or the TechNet Wiki itself.
Active Directory: Foreign Security Principals and Special Identities
A foreign security principal (sometimes referred to by the acronym FSP) is an object created by the Active Directory system to represent a security principal in a trusted external forest. FDPs can also represent special identities, such as the "Authenticated Users" group.
Wiki: Active Directory Domain Services (AD DS) Portal
Links to articles in the TechNet Wiki dealing with Active Directory Domain
Services.
Active Directory: Glossary
Glossary of terms and acronyms used in Active Directory Domain Services and
related technologies.
Active Directory: Characters to Escape
Documents characters that must be escaped in Active Directory and how to
handle these characters in VBScript, PowerShell, ADSI, and command line
utilities like dsquery.
Active Directory: LDAP Syntax Filters
Documentation and examples of LDAP syntax filters used to query Active
Directory.
Active Directory: Requirements For Creating Objects
Documentation of requirements for creating various classes of objects in Active Directory.
This article can be used to troubleshoot problems creating objects.
Active Directory: Duplicate Object Name Resolution
Objects in Active Directory must have unique Relative Distinguished Names
(RDN) in their organizational unit or container and unique sAMAccountName
(if they are security objects). This article explains how duplicate objects can be created in Active Directory
and how the system
handles the situations. Describes how to detect and correct these
situations.
Active Directory: Attributes in the Partial Attribute Set
Documentation of Active Directory attributes in the Partial Attribute Set
(PAS), the subset of attributes that is replicated to the Global Catalog.
Documents which attributes are in the PAS by default and how to add other
attributes.
Active Directory: Ambiguous Name Resolution
Explanation of the Ambiguous Name Resolution (ANR) feature available with
the LDAP filter syntax in Active Directory. This allows you to query for
objects by name without knowing which naming attributes the name appears in.
Also describes how to determine which attributes are in the ANR set and how
to add attributes to the set.
Active Directory: Leading Spaces in Names
Quirks that occur when names in Active Directory have leading spaces. How to
find instances of this and how to deal with the situation.
Active Directory: Generalized-Time Attributes
Documentation of Active Directory attributes that represent dates using the
Generalized-Time syntax. Describes how to filter with these attributes.
Active Directory: Large Integer Attributes
Documentation of Active Directory attributes that represent dates using the
Large Integer syntax. These can be large numbers, dates, or time spans.
Documents the values allowed, how to script retrieval of these attribute
values, and the equivalent properties exposed by the Active Directory module
cmdlets.
Active Directory: Fun with Maximum Password Age
Interesting features of the Active Directory maxPwdAge attribute and the
related PowerShell MaxPasswordAge property. For example, explains what
happens if you assign zero to the MaxPasswordAge property using the Set-ADDefaultDomainPasswordPolicy
cmdlet.
Active Directory: Non-Linked Multi-Valued Attribute Size Limits
Active Directory limits the total number of values summed across all non-linked multi-valued attributes of any object. The error is "The administrative limit for this request was exceeded". There are no limits on linked multi-valued attributes.
Active Directory: Allow Linked Multi-Valued Attributes to use LVR
If values were added to linked multi-valued attributes before the Forest Functional Level (FFL) was raised to at least Windows Server 2003, the attribute will not be able to take advantage of linked value replication (LVR). These are called "Legacy" values. Without LVR, the replication of these attributes will be much less efficient.
Active Directory: Bad Passwords and Account Lockout
Not all logon attempts with a bad password count against the account lockout threshold. Passwords that match one of the two most recent passwords in password history will not increment the badPwdCount. Nor will they update the badPasswordTime attribute of the user. Because the lockoutObservationWindow attribute is the amount of time since the badPasswordTime was last updated, this affects how quickly badPwdCount is reset.
Active Directory: Find Orphaned Objects
This article describes a PowerShell script to find all orphaned objects in Active Directory. The script also documents all security principals protected by SDProp.
Active Directory: Document Connection Object Schedules
Connection objects in Active Directory (AD) specify how updates replicate between domain controllers or sites. These objects have a schedule attribute that specifies when replication is scheduled between the replication partners. The schedule attribute can be modified in the AD Sites and Services MMC, or using a script. A PowerShell script has been developed to document the replication schedule assigned to any connection object in AD.
Active Directory: Update Connection Object Schedules
Connection objects in Active Directory (AD) specify how updates replicate between domain controllers or sites. These objects have a schedule attribute that specifies when replication is scheduled between the replication partners. This article describes a PowerShell script to modify the schedule attribute.
Active Directory: Considerations When Implementing a New Password Expiration Policy
Introducing a new password expiration policy for Active Directory users can cause unexpected problems. If passwords did not previously expire, many users will require assistance. When all passwords expire at once, your support personnel can become swamped. This article describes how to make the transition easier.
Active Directory: User Principal Name
When you synchronize on-premises Active Directory users with Azure, Office 365, or InTune, the User Principal Name (UPN) is often used to identify the users. This means that all users that will be synchronized should have the userPrincipalName attribute assigned, and the values should be unique in the Forest. Unfortunately, Active Directory does not enforce this. The userPrincipalName attribute is not mandatory. And while the Active Directory Users and Computers MMC will not allow you to assign a duplicate value, you can assign duplicates in code, such as scripts.
Active Directory: Syntaxes of Attributes
The attributes of objects in Active Directory each have a syntax. This is also called a DataType. There are many different syntaxes available. The subject can be confusing because there is often more than one syntax name for the same attribute. The syntax names can vary, depending on where you look or how you retrieve it. This Wiki documents the syntaxes available in Active Directory.
Active Directory: Document all Attributes of Specified Active Directory Object
This article describes a PowerShell script to document all attributes of a specified Active Directory object. The script documents each attribute lDAPDisplayName, the syntax, if it is multi-valued, if it is operational (also called constructed), and the value or values assigned. If the attribute has no value assigned for the object, this is indicated.
Document Your Active Directory Organization
Describes a PowerShell script in the Microsoft TechNet Gallery to document
your Active Directory organization, based on the manager and directReports
attributes.
PowerShell Script to Search Active Directory
Describes a PowerShell script in the Microsoft TechNet Gallery to search for
information in Active Directory. The script can be used to retrieve
information from Active Directory and to test various LDAP syntax filters.
Filters with PowerShell Active Directory Module Cmdlets
Documentation for LDAP and PowerShell syntax filters that can be used with
the Active Directory module cmdlets, like Get-ADUser. These filters are used
with the -LDAPFilter and -Filter parameters of the cmdlets.
Active Directory: PowerShell AD Module Properties
Documentation of Default, Extended, and Base properties exposed by the PowerShell
Active Directory module cmdlets. Explains how these properties differ from
the actual Active Directory attributes.
Active Directory: Get-ADUser Default and Extended Properties
Documents the Default and Extended properties exposed by the Get-ADUser
cmdlet.
Active Directory: Get-ADComputer Default and Extended Properties
Documents the Default and Extended properties exposed by the Get-ADComputer
cmdlet.
Active Directory: Get-ADGroup Default and Extended Properties
Documents the Default and Extended properties exposed by the Get-ADGroup
cmdlet.
Active Directory: Get-ADObject Default and Extended Properties
Documents the Default and Extended properties exposed by the Get-ADObject
cmdlet.
Active Directory: Get-ADOrganizationalUnit Default and Extended Properties
Documents the Default and Extended properties exposed by the Get-ADOrganizationalUnit
cmdlet.
Active Directory: Get-ADServiceAccount Default and Extended Properties
Documents the Default and Extended properties exposed by the
Get-ADServiceAccount cmdlet.
Active Directory: Get-ADOptionalFeature Default and Extended Properties
Documents the Default and Extended properties exposed by the
Get-ADOptionalFeature cmdlet.
Active Directory: Get-ADFineGrainedPasswordPolicy Default and Extended Properties
Documents the Default and Extended properties exposed by the
Get-ADFineGrainedPasswordPolicy cmdlet.
PowerShell AD Module Cmdlets Cannot Clear, Add, Remove or Replace Back Link Attributes
Several of the PowerShell Active Directory module cmdlets accept the -Clear,
-Add, -Remove, and -Replace parameters. However, these parameters raise an
error if you attempt to use them to modify a back link attribute. For
example, you cannot use Set-ADUser to clear the memberOf attribute of a
user.
PowerShell: Problems with the -ne Operator in Active Directory Cmdlets
This article describes an issue with the PowerShell "not equal to" operator, -ne, when used with the Active Directory module cmdlets. When used with the -Filter parameter you get incomplete results. The cmdlet does not return objects where the Active Directory attribute or PowerShell property has no value.
Wiki: Portal of TechNet Wiki Portals
Links to all Portals in the TechNet Wiki. Each Portal is a list of links to
articles in a technology or subject.
Wiki: Glossary of Technology Acronyms
Acronyms used in Microsoft technologies, with links for more information. This article can no longer be updated, probably because of its length. The last update that actually saved the changes was January 5, 2022. The next Wiki listed below is the same article, published on this web site. It will be updated as needed.
Wiki: Glossary of Tech Acronyms
Acronyms used in Microsoft technologies, with links for more information. This article is the updated version of the previous article, published on this web site. It will be updated as needed.
Wiki: Portal of TechNet Wiki Glossaries
List of all Wiki glossaries. Each glossary is a list of terms, and their
definitions, in a technology area.
Wiki: Cross-Linking
How to use Cross-Linking to improve TechNet Wiki articles, enhance their
discoverability, and increase the number of views.
Wiki: Fix Color Issues in Wiki Articles
Describes a bug in the TechNet Wiki platform when colors are
specified in the HTML by RGB (red, green, blue) values. The bug results in
the colors not rendering in browsers. Explains how to
fix the problem and links to a script that can assist. The VBScript script
in the TechNet Gallery operates on a specified file with the HTML of a Wiki
article. The script finds all instances of colors specified by RGB values
and displays the closest standard color name that can be used to resolve the
issue.
Wiki: Glossary of Acronyms Specific to Microsoft
This is a glossary of acronyms used internally by Microsoft. This is not a
glossary of acronyms related to products or technologies. Other glossaries
cover those. Instead, these acronyms are often encountered in Microsoft blog
posts or other communications with Microsoft personnel. They can refer to
Microsoft groups, management positions, product stages, types of product
updates, certifications, internal Microsoft programs, or Microsoft online
platforms and communities.
Wiki: How to Add Entries to a TechNet Wiki Glossary
Glossaries in the TechNet Wiki help define terms and acronyms commonly used in various Microsoft technologies. New terms and acronyms come into usage frequently. Adding new entries to an existing glossary can be a challenge. This article details recommended procedures to maximize the usefulness of our glossaries.
MSDN/TechNet Forums: How to Strikeout Text in Your Post
How to strike out text in a TechNet/MSDN Forum post
How to Handle Spam in the Forums
Spam posts in the MSDN/TechNet forums have been greatly reduced in the past year. However we will always have to deal with the problem. This article discusses how to recognize spam and the best procedures for dealing with it. The desired outcome is for the forum administrators to ban the user account and delete all of their activity in all forums at once.