Just a quick note about something that I stumbled on when trying to automate some user account creation processes in Orchestrator 2012: The user account that you configure the AD connector with is the account under which all AD actions are performed. The documentation makes it sound like the Orchestrator service account is what is used, but that's not the case.
Hopefully this helps someone else out, since it took me a couple of hours to track down!
Sunday, May 19, 2013
Tuesday, April 9, 2013
Best practices for configuring a new Active Directory
Name Your Active Directory properly
I've written about this before. If your company website is example.com, the FQDN of the Active Directory should be in the form of ad.example.com, corp.example.com, or another third-level subdomain of the existing publicly used DNS. Avoid using example.com internally and externally. Also avoid making up a TLD like .local or .lan. During promotion of the first DC in a domain, consider setting the NetBIOS name to EXAMPLE instead of the default value, so that users see EXAMPLE\user instead of the ambiguous AD\user or CORP\user. You only get one chance to set the NETBIOS name, so consider it carefully. It's non-trivial to change.
I've written about this before. If your company website is example.com, the FQDN of the Active Directory should be in the form of ad.example.com, corp.example.com, or another third-level subdomain of the existing publicly used DNS. Avoid using example.com internally and externally. Also avoid making up a TLD like .local or .lan. During promotion of the first DC in a domain, consider setting the NetBIOS name to EXAMPLE instead of the default value, so that users see EXAMPLE\user instead of the ambiguous AD\user or CORP\user. You only get one chance to set the NETBIOS name, so consider it carefully. It's non-trivial to change.
Monday, April 8, 2013
Handling tech recruiters and salary negotiations
I got another new job. This is the second one in ten months.
I had some serious concerns about how I was being used at my last job and I wasn't able to correct them, so I felt that I had to leave before it did damage to my long-term prospects. Now, I'm in a much better situation than I was before and I was able to use the earlier round of interviewing as a learning experience for this most recent round.
One thing that almost no one likes dealing with are tech recruiters, but they're a necessary evil. They want to know your salary history. They tell you how their six month contract 50 minutes from your apartment is the best thing that could possibly happen to you. They assure you that the positions that they have open will jumpstart your career. What does that even mean? Are they implying that my career has stalled and that it needs a jumpstart?
I had some serious concerns about how I was being used at my last job and I wasn't able to correct them, so I felt that I had to leave before it did damage to my long-term prospects. Now, I'm in a much better situation than I was before and I was able to use the earlier round of interviewing as a learning experience for this most recent round.
One thing that almost no one likes dealing with are tech recruiters, but they're a necessary evil. They want to know your salary history. They tell you how their six month contract 50 minutes from your apartment is the best thing that could possibly happen to you. They assure you that the positions that they have open will jumpstart your career. What does that even mean? Are they implying that my career has stalled and that it needs a jumpstart?
Thursday, February 28, 2013
Create new users and Exchange 2010 mailboxes in PowerShell
Using a .csv as a data source, you can quickly populate your Active Directory with users and make mailboxes for them at the same time.
Thursday, February 14, 2013
Scripting UPN suffix changes in PowerShell
I've been doing a little consulting work on the side lately. One client is using an alternate UPN suffix to make a "pretty" UPN even though they're using a subdomain for their Active Directory as I recommend here. Since the end users will be instructed to "log in with their email address" it's important that all user accounts have the proper UPN set.
After defining the desired UPN in Active Directory Domains and Trusts, I realized that there was no good way to "force" new accounts use this UPN. The person at the site responsible for adding and removing users generally isn't a full-time IT person, so while you can give instructions, you can't guarantee that they'll be followed. To work around this, I whipped up a few lines of PowerShell and dropped it into task scheduler. It runs every 10 minutes and queries AD for all users in a specific OU structure that have the undesirable UPN and changes it to the desired one.
After defining the desired UPN in Active Directory Domains and Trusts, I realized that there was no good way to "force" new accounts use this UPN. The person at the site responsible for adding and removing users generally isn't a full-time IT person, so while you can give instructions, you can't guarantee that they'll be followed. To work around this, I whipped up a few lines of PowerShell and dropped it into task scheduler. It runs every 10 minutes and queries AD for all users in a specific OU structure that have the undesirable UPN and changes it to the desired one.
Subscribe to:
Posts (Atom)