Bulk-create AD users from a CSV in seconds instead of clicking the ADUC wizard for hours. Covers designing the CSV template, generating strong passwords, finding the target OU's distinguishedName, importing the file with Import-Csv, and the Add-NewUsers.ps1 script that splats parameters into New-ADUser with a duplicate check and try/catch error handling.
Audit and harden Active Directory against breached passwords using Lithnet Password Protection and the Have I Been Pwned compromised hash list. Covers installing Lithnet PP on a Domain Controller, syncing the HIBP store, running the Audit-Passwords.ps1 script to find pwned accounts, and configuring the GPO that rejects new pwned passwords on every set/change.
Three reliable ways to check FSMO role holders in Active Directory: the netdom query FSMO command, the Get-ADForest/Get-ADDomain PowerShell cmdlets (and the Get-ADInfo.ps1 script), and the GUI walkthrough across Active Directory Schema, Active Directory Domains and Trusts, and Active Directory Users and Computers.
Why downloaded PowerShell scripts trigger a 'not digitally signed' error and how to fix it. Covers the Mark of the Web (Zone.Identifier) NTFS alternate data stream, three fix options (GUI Unblock, Unblock-File cmdlet, -ExecutionPolicy Bypass), and the execution policy values you should and should not use.
Learn how to configure Group Managed Service Accounts (gMSA) in Active Directory. This step-by-step guide covers creating the KDS Root Key, creating and installing the gMSA with New-ADServiceAccount and Install-ADServiceAccount, verifying with Test-ADServiceAccount, and configuring Services.msc to use the account with automatic password rotation.
Learn how to restore deleted Active Directory objects using the AD Recycle Bin. This guide explains the object lifecycle with and without the Recycle Bin enabled, and walks through restoring a deleted user account using the Active Directory Administrative Center (ADAC) and Windows PowerShell.
Learn how to permanently delete objects from the Active Directory Recycle Bin using PowerShell. This guide explains why the ADAC GUI cannot permanently delete recycled objects and shows the exact Get-ADObject and Remove-ADObject commands to safely and irreversibly remove an AD object before its tombstone lifetime expires.
Add an alternative UPN suffix to your AD forest so users can sign in as user@infotechninja.com without renaming the domain. Walks the optional internal DNS zone, the AD Domains and Trusts registration, the per-user assignment, and the Microsoft 365 hybrid pre-flight (domain verification, UPN audit, sign-in mode). Includes the Set-ADForest / Set-ADUser PowerShell equivalents and the common mistakes (wrong right-click, suffix vs email, forgetting public DNS validation).
Learn how to create and manage Fine-Grained Password Policies (FGPP) in Active Directory using ADAC and PowerShell. Apply separate password requirements to privileged accounts and user groups without touching the Default Domain Policy.
PowerShell 7 (built on .NET 6+) is a genuine upgrade from Windows PowerShell 5.1. It's cross-platform, significantly faster for parallel workloads, and brings modern language features that make complex automation dramatically cleaner.
