A distribution group is a mail-enabled Active Directory group used to send a message to a group of recipients who are members of that group. Administrators can manage some of the properties and permissions of distribution groups using the Exchange Administration Center (formerly Exchange Management Console). However, this article explains how to perform many common distribution group management tasks using the Exchange Management Shell cmdlets Set-DistributionGroup and Add-DistributionGroupMember.

Back in the early 1990s, website managers decided they needed a way to remember data about users, and the cookie was born. Browser cookies, also known as http cookies, are small text files that are deposited on your computer while you are visiting a website. Depending on your internet activity, you could have dozens or even hundreds of them stored on your computer. These computer cookies have been a center of controversy since their introduction.

Active Directory Administrative Center (ADAC) is a Microsoft tool that admins can use to manage objects in Active Directory. ADAC is available in Windows Server 2008 R2 and higher. ADAC is a graphical interface on top of Windows PowerShell. This means that every time an action is carried out through ADAC, Windows PowerShell cmdlets are executed in the background.

The Get-ADComputer cmdlet retrieves a single computer or several computers from Active Directory.

The Get-ADGroup cmdlet enables IT admins to retrieve information about one or more Active Directory groups in the following ways: Get-ADGroup searches some of the default properties of a group. To search for specific properties, use the Properties parameter.

Administrators often need to find out which Active Directory groups a certain user (or machine, group, or service account) is a member of. They have several options for discovering this information, including.

RID hijacking is a persistence technique used by adversaries who have compromised a Windows machine. In a nutshell, attackers use the RID (relative identifier) of the local Administrator account to grant admin privileges to the Guest account (or another local account). That way, they can take actions using the Guest account, which is normally not under the same level of surveillance as the Administrator account, to expand their attack while remaining undetected.

When I try to join a new Windows workstation or server to an Active Directory (AD) domain, I sometimes encounter the following error: “An Active Directory Domain Controller (AD DC) for the domain ‘domainname’ could not be contacted.” This error can occur due to any of several reasons, from a simple incorrect DNS server IP address to a much more complex issue.

Attackers use a variety of tactics to spread laterally across on-premises Windows machines, including Pass-the-Ticket, Pass-the-Hash, Overpass-the-Hash and Golden Tickets attacks. But similar techniques are also effective in moving laterally from a compromised workstation to connected cloud resources, bypassing strong authentication measures like MFA. This article explains how attackers can perform lateral movement to the cloud with an attack called Pass-the-PRT.

Configuration drift seems inevitable — the gradual but unintentional divergence of a system’s actual configuration settings from its secure baseline configuration. Proper configuration of your infrastructure components is vital for security, compliance and business continuity, but setting changes are often made without formal approval, proper testing and clear documentation.