@marcinozga said in Any Way to Automate Adding a New Computer to an AD Group?: @flaxking said in Any Way to Automate Adding a New Computer to an AD Group?: @marcinozga said in Any Way to Automate Adding a New Computer to an AD Group?: Ansible can do that. https://docs.ansible.com/ansible/latest/modules/win_domain_group_membership_module.html#win-domain-group-membership-module You can add new PCs to domain, and change their group membership, you just need to know computer names in advance. Which is just a layer on top of Powershell. The Active Directory Powershell module is still required. It's not required, or that module is included already in Windows 10 by default. Because I haven't had to install it on any machine I managed with Ansible. "win_domain_group_membership requires the ActiveDirectory PS module to be installed" https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/windows/win_domain_group_membership.ps1 They have it in the documentation as well "This must be run on a host that has the ActiveDirectory powershell module installed." https://docs.ansible.com/ansible/latest/modules/win_domain_group_module.html

@JaredBusch I have a couple clients using Synology for their auth needs and it's been working extremely well.

@wrx7m said in PowerShell - Off-boarding Script: @dafyre said in PowerShell - Off-boarding Script: @wrx7m said in PowerShell - Off-boarding Script: @dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text Anyway, I am not sure where, in my script, I should place that function. You'd put the actual function at the top of your script, and then just $myPassword=convertFrom-SecureToPlain -securepassword $MySecurePassword Wherever you need the password in plain text form. Thanks. It mostly works. The only problem is that it isn't actually using the password I specify at the top. It is somehow generating its own and then writing it at the end. I put in write-host "Plain Text Says: $plainText" and it shows the password that I typed in for the secure variable at the beginning, followed by the one that it generated. Plain Text Says: $#@%4#@177 Jof91348 Works fine for me here.... Check and make sure you don't have an extra write-host or anything somewhere.

@Donahue said in Where do I start with replacing the whole MS AD stack: sing reservations. I think your knowledge of FG is not allowing you to do this, just create a new interface with the desired subnet and leave or tick DHCP option. And they you can do it what you want with it. Create an IPv4 policy to give access to internet to the new interface.

@wrx7m said in PowerShell - Create New AD User Using Prompts and Variables: If I get rid of the attempt to combine the 2 existing variables into a 3rd, I get this error. New-ADUser : A positional parameter cannot be found that accepts argument '+'. At \\FP02\it\Scripts\AD\AD-InitialUserCreationVariables.ps1:5 char:1 + New-ADUser -Name "$GivenName $Surname" ` + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [New-ADUser], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.NewADUser Like this I think: New-ADUser -Name "$($GivenName) $($Surname)"` From: https://blogs.technet.microsoft.com/stefan_stranger/2013/09/25/powershell-sub-expressions/

@obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment: @scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment: @obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment: @stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment: I believe the forest level with Samba can only be 2008R2 though. If you're not using Windows AD, what's it matter? If he's merging in DFS, it might. It's rare to do, but could matter. Oh I see, so Windows AD and other services were involved at some point. Depending on what you want to do, sometimes AD has to support it.

@nerdydad - Yes, you do get a skimped down version of Azure AD with the O365 license. The prerequisites mention using Azure AD, but don't say which one, except where they say that the Premium version is optional for auto enrollment with intune. Although, they have several plans/tiers, including 2 premium tiers.

You can try the following command: (get-aduser -filter *).count For only Enabled User Accounts (get-aduser -filter *|where {$_.enabled -eq "True"}).count For only Disabled User Accounts (get-aduser -filter *|where {$_.enabled -ne "False"}).count

Another example taken from another script: import-module activedirectory $domain = "domain.mydom.com" $DaysInactive = 90 $time = (Get-Date).Adddays(-($DaysInactive)) # Get all AD computers with lastLogonTimestamp less than our time Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties LastLogonTimeStamp | # Output hostname and lastLogonTimestamp into CSV select-object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv OLD_Computer.csv -notypeinformation

Have not used it, I'm afraid.

@dbeato said in AD User Tool: Bulk AD User: @Dashrender Then, he needs to force it with Powershell no just a GUI.... Agreed.

I'll add a note for clarity given the title... SaltStack does not do authentication like AD does. AD does not do patching of any sort like Salt does. Salt is an alternative to common myths about AD functionality, but not to actual AD functionality. But you can use Salt to do distributed local authentication management, which does replace the need for AD, but is very different than what is being discussed here. In this case Salt is replacing GPO, not AD.

@msff-amman-Itofficer said in Beginner SaltStack Question: Can minions be placed in folders or groups ? (Coming from AD perspective): @scottalanmiller ohh shit, how did that get passed me... Great, thanks again.

@mlnews said in How to configure Ubuntu Linux server as a Domain Controller: http://www.techrepublic.com/article/how-to-configure-ubuntu-linux-server-as-a-domain-controller-with-samba-tool/ Samba 4 and samba-tool make getting up and running with AD on Linux pretty quick and easy. Sounds nice, I'll need to make time to look at this.

@JaredBusch said in AD on top of something that depends on it: No, JB would say, FFS stop conflating shit. A hypervisor is not a server or desktop OS. LOL same difference

@adam.ierymenko said: @JaredBusch Hmm... so they charge a ton for what that GitHub project does? If the need for split-brain DNS is all it is, I really don't see how this is a hard problem. They also charge a lot for what ZeroTier does.