Open in app

Sign in

Write

Sign in

Microsoft Active Directory Tasks

Ashwin Kumar Ramasamy
9 min readFeb 19, 2025

--

Practical tasks on MS AD

Introduction

Microsoft Active Directory (AD) is a service developed by Microsoft for Windows domain networks. It is primarily used for managing permissions and access to networked resources. Here are some key features and

Active Directory Image

components:

Domain Services: AD allows administrators to create and manage domains, including users and computers within those domains. It provides a centralized database (the AD database) where these objects are stored.

Authentication and Authorization: AD is crucial for authenticating users and computers in a Windows environment. It uses protocols like Kerberos andNTLM for secure authentication processes.

Group Policy: This feature lets administrators manage and configure operating system settings and user environment configurations from a central location. Group Policies can be applied to users and computers collectively or individually.

LDAP Support: Active Directory uses the Lightweight Directory Access Protocol (LDAP) for accessing and maintaining distributed directory information services.

Hierarchical Structure: AD is structured in a hierarchical model that includes forests, trees, domains, and organizational units (OUs). This structure helps in organizing resources and applying policies.

Replication: AD supports replication across multiple domain controllers to ensure that updates are distributed and changes are consistent throughout the network.

Single Sign-On (SSO): With AD, users can log in once and gain access to various resources without needing to log in multiple times.

Integration with Other Services: AD can be integrated with other services like Azure Active Directory for cloud-based identity management.

Tasks

Exercise 1 — AD Basics

  1. Promote a Windows server to a domain controller
  2. How to know if our machine is connected to Domain or Workgroup? Check it in System
  3. What are the essential system components need to efficient running of ADDS?
  4. How to connect to client machine to the server machine?
  5. Share a file on another machine which is connected to workgroup
  6. Show the NTDS.dit file location and try to change to other location
  7. Show the Sysvol file location and try to change to other location
  8. Show the SAM DB file location and try to change to other location
  9. What are steps to promote a DC in existing forest?
  10. Create a forest, tree and domain for the divisions in Engine corporation unit
  11. Change the user from one domain to another domain in a tree and observe what will happen.
  12. An employee from the US office can able to access his ID card in Chennai office how?
  13. When a connected server goes offline, what will be the next steps for contacting next DC?
  14. We can able to login to our computer without our office network in the home. How is the DC connection and authentication process established now?
  15. Create a RODC and observe the differences between normal DC(s) to RODC
  16. How to check the NETBIOS name in windows server?
  17. Powershell command to check the list of DC’s
  18. Where does LDAP server is located in windows server?
  19. How do I promote my system as a DC in second time?
  20. Create a objects like User, Computer, Contact, OU and Group in ADUC, Powershell, ADSI edit and Script
  21. Is our organization using AD technology to manage the domain network? If so, relate the real time objects with AD objects.
  22. Where to reset a user’s password in ADUC?
  23. Powershell command to reset user’s password in AD
  24. Move a objects from one domain to another domain in a forest using movetree.exe tool
  25. Change object permissions directly in ADUC, Restrict permission for a User and login with that user and check.
  26. Create two OUs and assign different permissions and check.
  27. How to protect OU form accidental deletion?
  28. How to see an objects SID and GUID in AD? (dsquery)
  29. Where to see the group policy objects in AD?
  30. What are the default GPO’s present in GPMC?
  31. Try to open a Group policy console and editor using commands
  32. Update a group policy object using command
  33. Where to see all the power shell history in AD? (ADAC)

Exercise 2

  1. Where to see and configure the partitions of AD?
  2. Open the ADSI tool using command and explore all the containers present in there
  3. Try to querying the AD objects using ADSI tool
  4. Try to delete and disable a schema
  5. Where to see the EDB.log file?
  6. Open the ADUC and explore the containers Built in, Computers, Domain Controllers, Foreign Security Principals, Lost and Found etc
  7. Explore the configuration partition containers in ADSI tool
  8. Extend the schema using MMC console
  9. Create a attribute in schema and assign that attribute to user class and verify it in attribute editor.
  10. Create an auxiliary class and add that auxiliary class to an object?
  11. Remove the same attribute from the schema and verify it
  12. Create a ADC for the same domain and check whether the replication are done initially.
  13. Force the replication using commands and tools
  14. Where to see the sites information in AD?
  15. Using power shell how can we see the sites information in AD?
  16. How to monitor the replication process in a windows server?
  17. Schedule a replication with ADSS tool
  18. How to Replicate specific objects in AD?
  19. Where to see the meta data information about replication?
  20. Check the USN values with two DC’s while updating the user properties
  21. How to know our DC is GC or not?
  22. How to add and remove any domain controller to the GC?
  23. Change the default AD database location
  24. Assign the master roles to different DC’s using command and validate it.
  25. Try to assign schema master role to other DC and observe
  26. Assign a infrastructure master role to a DC which is acting as a GC. And check out whether the infrastructure master functionalities are perform properly.
  27. How do I find my PDC emulator?
  28. Try to run the PDC Emulator and RID master roles on the same DC
  29. Enable and try to disable the AD Recycle bin?
  30. Restore the deleted objects using recycle bin
  31. Where to see the tombstone period?
  32. Change the tombstone period and check it.
  33. Try to delete all the deleted objects in a AD recycle bin
  34. Check the functional levels of your AD DC using tool and poweshell.
  35. Try to raise and lower the forest and domain functional level in active domain controller.

Exercise 3 - (User Basics + Pwd/Acc Policies)

  1. Try to create users with the same name.
  2. Try to create two users with the same password.
  3. Give value to all attributes and check how it is stored in the attribute editor
  4. Check the UAC values changes while changing the attributes and checkboxes
  5. Under Account options: Enable Password Never expires. Check where this value getting stored?
  6. Try to create a user without giving a password.
  7. Disable the user and check it with the attribute editor.
  8. Try to login a user who is having restricted login hours day.
  9. Try to login a user with a computer who is having denied access to that machine.
  10. Try to unlock the account and check it with attribute editor.
  11. The user is login with a RDS in other computer check whether the profile path given in profile path is working or path given in RDS tab is working.
  12. Don’t give path in RDS tab and give the path in profile path tab now check it by login with other computer.
  13. Starting a remote desktop session from powershell in AD
  14. Where we use canonical name and where we use distinguished name?
  15. Enginecorp\ashwin: whether it is a canonical name or user principle name?
  16. Whether we are login our domain connected computer using userPrincipalName or SAMAccountName?
  17. What attribute will change if I rename a user?
  18. Delegate permissions to the user and group
  19. Revoke the permissions to the user and group
  20. Open Delegation of control wizard and explain each options present
  21. Why do we need AD Delegation when we have GPO?
  22. What will happen if the delegated user left the organization?
  23. What are the ways to execute LDAP query?
  24. Create a LDAP query in saved query container in ADUC and execute it.
  25. Write an efficient LDAP query to find out all the locked-out users in a domain?
  26. Create customized query to retrieve various objects using LDAP based on two or more attributes.
  27. Delete the AD objects using ldp.exe browser.
  28. Retrieve the deleted objects using ldp.exe browser.
  29. Try to run the ldp.exe browser from the client machine.
  30. Create a blank password policy for creating a user without password value.
  31. Create an account lockout policy and link it to specific OU, users or groups.
  32. Where to reset the locked out account?
  33. Create an account lockout threshold policy and link it to specific OU, users or groups.

Excersise 4-User Advanced + Group Object

  1. Create any logon script in the form of host file and apply it to any users environment tab and check it.
  2. Set the active session limit for the user and check it.
  3. Remove the default primary group and add the new primary for the user object.
  4. Where to see the object created and modified date information?
  5. Add or remove permission to the user
  6. View the permission that are granted to the user
  7. Change the owner of the user object
  8. Set auditing on a user object to track changes that are made to the account.
  9. How to change an attribute to a non replicated attribute?
  10. Where to see the last logon and lastlogontimestamp attributes?
  11. Can I be able to make a non replicated attribute to a replication attribute?
  12. Change the non replicated attribute to a replication attribute?
  13. Create Group using ADUC, Power shell, ADSI Edit
  14. Create a nested group object.
  15. Where does the group object is implemented in an organization?
  16. Add a computer and contact object to the group.
  17. Add the universal group to the domain local group as a member.
  18. Add the global group to the universal group.
  19. Apply security group permissions for the domain local group to a resource.
  20. Add the members from other groups to the group and apply the permissions and see whether the right permissions are functioning in respective groups.
  21. Enable the group membership auditing
  22. Check the user account status with UAC flags?

Exercise 5 — Other Objects

  1. Create Computer using ADUC, Power shell, ADSI Edit
  2. How the logical computer object is implemented in a physical computer machine?
  3. How to remove a particular computer object from delegation?
  4. Disable the computer account.
  5. Create Contact using ADUC, Power shell, ADSI Edit
  6. Member-of tab in contact object notates which org whether the third party org or our org?
  7. How security permissions are stored in AD?
  8. When I apply any restrictions to a folder or file, when if I move those files or folders to another location whether the permissions get works?
  9. When I give write access but not read access whether I can able to see the file were I written?
  10. A user having read access in sharing and modify access in security (folder permission) of a same folder in a file system what will happen whether the user can able to modify the files?
  11. When the file owner gets lockout or left from organization, what will happen to the respective file ? who will take control of that file access?
  12. When a user is a part of two groups A and B. were he is having a deny access for a same file in group A and allow permission of a same file in group B ? what happen whether he should able to access the file ?
  13. Is share permission alone enough for share access?
  14. How to audit the file access?
  15. If you want to audit failed access to a folder, when any sub folders into the folder will get affected?
  16. To audit files and folders, you must be logged on as a member of which group ?
  17. How to limit the no of users shares?
  18. How to disable inheritance in files?
  19. What we used before NTFS? Can we able to use NTFS in Linux or mac OS?

Excercise 6 — GPO

  1. Create a group policy A to hide wallpaper in all computer objects connected to the domain.
  2. Apply the group policy A to a container called ManageEngine and create another policy for a user who is the member of the ManageEngine container to display the wallpaper. Now login with the user account and check whether he can able to see the wallpaper or not.
  3. Create a desktop shortcut and a folder using Group Policy Preferences, and target the preference to a client computer.
  4. Add the Group Policy Creator Owners group to the Default Domain Policy in the GPMC, add individual members to that group, and manage permissions and check.
  5. Different ways to link GPO to Container.
  6. Delegate the GPO to others.
  7. Enforce and block the inheritance
  8. Commands related to GPO force
  9. What will happen if we delete GPO folder in SYSVOL?
  10. Write a WMI query to filter out computers that run on Windows 7 operating system
  11. Create a security filter to apply the GPO only for particular users and computers
  12. How to verify the administrative template location in GPMC?
  13. Backup and recover the AD using windows backup tool.
  14. Backup and recover the GPO.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Active Directory
Ad
Windows Server
Gpo

--

--

Ashwin Kumar Ramasamy
Ashwin Kumar Ramasamy

Written by Ashwin Kumar Ramasamy

37 Followers
40 Following

Passionate in software development, network security and technical training.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams