When creating an AD LDS instance you are prompted to specify an account to use as the service account. At this point you can specify either the Network Service account or another account. Unless you have a particular need, you should choose the built-in Network Service account. If you opt for a domain-based service account you have to jump through a whole lot of hoops to get things working. Also, you typically end up giving your domain-based service account more permissions than are strictly necessary (as described later in this article). The Network Service account on the other hand provides an easy set up option and is a good choice from a security perspective given that the account has limited access to the local computer.

 

This article is the third in a series providing tips for common LDAP searches.

Problem: Your user accounts in Active Directory do not have an email address associated with them, you have a lot of user accounts, and you must get an SMTP address associated with the accounts immediately. This script will perform the AD Voodoo for you, automagically.

Managing and updating the UserAccountControl AD attribute to fix problem AD accounts through admin scripting

Fast, simple mass creation of domain user objects with SMTP mailbox addresses using DSADD.

This article is the second in a series providing tips for common LDAP searches.

Have you ever been concerned that you might not have the very latest Group Policy ADM files?

This article is the first in a series providing tips for common LDAP searches.

Provides an overview of a great little router that you can easily run in your VMWare environment.

This article describes a permissions issue experienced with Outlook 2007. Outlook clients were unable to view messages when in on-line mode, with the following error displayed: "Cannot display the folder. You do not have sufficient permission to perform this operation on this object. See the folder contact or your system administrator." The error was related to permissions on the Exchange Organization object in Active Directory. Permissions assigned to the Everyone group had been removed. Restoring the permissions to the defaul resolved the issue. The article describes how the problem was identified and the resolution steps required.