8 User Account Properties
Account, Organization, Member of, PW settings, Profile, Policy, Silo, Extensions
6 User Account Special Identities
Anonymous logon, Authenticated users, Everyone, Interactive, Network, Creator owner
9 Default Groups with Admin Privileges
Enterprise Admins, Schema Admins, Admins, Domain Admins, Server Operators, Account Ops, Backup Ops, Print Ops, Certificate Publishers
11 Protected Groups
Acct Ops, Admins, Backup Ops, Cert Publishers, Domain/Schema/Enterprise Admins, Print Ops, RoDCs, Replicator, Server Ops
3 Join computer domain requirements
Appropriate permissions, Member of local Admin group, Machine acct quota (default max 10)
4 Delegating permissions default
Enterprise / Domain Admins, Admins, Acct Ops
5 tools to reset secure channel (SID remains)
AD Users & Comps, AD Admin Center, dsmod, netdom, nltest
Planning OU Strategy
Location-based, Organization-based, Resource-based, Multitenancy-based, or Hybrid strategies
Location-based, Org-based, Resource-based, Multitenancy-based strategies
Loc=(static/Delegation complication). Org=(Not static/Easy categorize). Resource=(Not static/Easy delegate). MT=(Static/Easy delegate/easy tenants)
3 Permissions required to move objects
Delete-child permission on source OU, Write_Prop on object, Create-child on target OU
5 Parts of AD Object Security Descriptor
Object owner, Primary group of owner, Control field (for DACL/SACL), optional DACL, optional SACL
#Retrieve all disabled user accounts
Search-ADAccount -AccountDisabled -UsersOnly
#Retrieve all user accounts inactive for last 5 days
Search-ADAccount -AccountInactive -TimeSpan -5 -UsersOnly
#Retrieve all user accounts whose PW will expire on 7/4/2016
Search-ADAccount -AccountExpiring -DateTime "4/7/2016" -UsersOnly
#Retrieve all computer accounts that are locked out
Search-ADAccount -ComputersOnly -LockedOut