Optimize your Active Directory management by adding staff profile pictures for better visibility and disabling users instead of deleting them for improved CRM reporting. Standardize group names, utilize Group Policy for settings, enable auditing of logon attempts, and manage local administrator passwords with LAPS to enhance security and efficiency.
You can upload staff profile pictures into Active Directory. Exchange and Lync will automatically use these profile pictures.
When a user is created in Active Directory (AD), a Global Unique Identifier (GUID) is also created. As the name suggests this is unique for each user and is never duplicated in a domain.
It is an RFC mandated specification email address use to identify the administrator of a mail server. Any errors in email processing are directed to the postmaster address.
The email received at this address is sent to the mail server administrator, in our case the SysAdmins.
The use of standardized group names is a simple yet crucial step towards easier management. Reducing the number of AD groups will make it simpler to manage and allow new staff to figure out what's what faster.
You can save yourself countless confused conversations by standardizing AD Group Names.
Group Policy is simply the easiest way to reach out and configure computer and user settings on network based on Active Directory Domain Services (AD DS). If your business is not using Group Policy, you are missing a huge opportunity to reduce costs, control configuration, keep users productive and happy, and harden security. Think of Group Policy as "touch once, configure many."
It is important as a Network Administrator to know when and where failed login attempts are coming from. Through Group Policy you can enable "Audit logon events".
Group Policy is a fast and effective way to configure Hibernate on multiple PC's.
When using a single account for normal user login and admin tasks the first thing that comes to mind is all of the Group Policy settings associated with that account. This could include scripts, software installations, drive mappings, printers and many other settings that would apply when you log on to a computer in the domain. You wouldn’t want all of these to apply when log on to a Domain Controller of any other servers.
When using service accounts, you should have a specific AD account for each major service.
"Active directory is quickly becoming a critical failure point in any big sized company, as it is both complex and costly to secure..." - PingCastle
PingCastle is an Active Directory auditing tool. It checks your accounts, computers and configuration in AD and gives you a great report on things that should be addressed. It is a tool that should be run periodically - every 3-6 months - to keep AD secure.