When adding objects to an Active Directory group, the Computers option is not checked by default. This will save a lot of clicks if that was checked by default.

It would be great to have ADMX Templates not as MSI files but ZIP files, so you don't need to install it. Only extraction. Saves lot of time for me.

When set the Windows 10 to Dark Theme, change the color of Active Directory from the Server and from the Administrative Tools from Windows 10 to a Dark Theme also!

Manyou33.page

It would be good to see the layout of AD domains, forests, servers and clients(?) as an additional role within AD services to allow a visualisation of the current AD structure.
Similar to the SQL Database Diagram implementation within SQL Server software.
Perhaps even an API could be made available to integrate it into documentation tools like Visio

Hi,

To put it in a LAB scenario.

Conditional forwarder site2.location1.country1.company.org cannot be created if the Forward zones has location1.country1.company.org -> "A problem occurred while trying to add the conditional forwarder. A zone configuration problem occurred."

I delegate site2 under location1.country1.company.org pointing to external IPs - Successful.

Now if i create a Conditional forwarder site2.location1.country1.company.org it gets created and works even if i delete the delegation done in step 2.

I am not sure if this supported model, but would like to know this approach is documented anywhere? or i am wrong in understanding it.

Thank you.

Before removing the ADDS role the DC needs to be demoted to a regular server. The only way to get the link to the GUI is to create an error by trying to remove the ADDS role when you KNOW you cannot do so. Trying to do so will produce the error and the error message will give you the link.
Isn't that kind of stupid? Why first make me do something wrong to get the link to do it right?

The Get-ADUser cmdlet should optionally return a "PasswordExpirationDate" attribute that is derived from "msDS-UserPasswordExpiryTimeComputed" and shown in a friendly format.

This is already done for PasswordLastSet from pwdLastSet and perhaps other attributes.

Without this enhancement, we must parse and convert the time such as:
$user = Get-ADUser -Properties msDS-UserPasswordExpiryTimeComputed sAMAccountName
([datetime]::fromfiletime([int64]::parse(($user)."msDS-UserPasswordExpiryTimeComputed"))).tostring()

Or we resort to non-PowerShell tools:
net user sAMAccountName /domain

With companies changing UPN's on user accounts due to things like O365 migrations, make it possible to change and set the default UPN used for new user creation in a domain.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/4f14412f-dd81-4b9a-b6b5-aa69100e87d0/intermittent-not-enough-space-errors-when-doing-ldap-queries-against-2019-domain-controller?forum=winservergen

Change Get-ADFSAccountActivity to return all users in ADFS Activity database, like supporting a -All parameter. Then users can be searched using powershell of users that have triggered lockout or failed given amount of times. Currently users have to be retrieved one by one which is tedious at best

The Set-GpPermission PowerShell cmdlet generates a prompt when attempting to remove the "Authenticated Users" permission from a GPO. There is no way to avoid this, which makes programmatic GPO creation very difficult. Please add a "-Force" parameter to avoid this prompt, or make the "-Confirm:$False" parameter also apply to this prompt.

Add a feature to search and list all policies with a specific setting pending on the OU you have selected. pending on the OU you have selected.

Support other methods using MFA for Primary Authentication, based on what the user's preferences are (as setup in aka.ms/mfasetup)

Not being able to specify primary authentication method per relying party is something I run into all the time. Can you please fix this? More and more vendors support SAML-based authentication and ADFS but none of them have a way of requesting Certificate Authentication as a primary authentication method. I do not want to change this on a global level, because we have other relying parties which use WIA. I'm guessing you have everything you need for this already, please fix!

000

000

GPResult served us well when support was done manually on each client from the keyboard. What we need now is a cmdlet that we can use when remoting into a PC and get results that are applied to the PC, including polices that are not applied.