What is Admin Count? Before we discuss Admin Count, a little background is needed. AD contains an object called AdminSDHolder. Its purpose is to protect objects. Specifically, objects which are members of administrative groups. AD objects have an attribute called “Admin Count”. The default value is for most objects. Changing the value to “1”, flags the account as protected by AdminSDHolder. By adding a user to an administrative AD group. You change the value to “1”.

I recently needed to create a script for the purpose of migrating data. Due to complexity, a number of scripts were used. This post covers the script I created to remove illegal characters from directory names. Also adjusting for new directory paths. Migration Overview The migration had some quirks. Due to this, a simple A to B move wasn’;t an option. There was some restructuring and many folders were not to coming across.

Theory of Design is a new series for the vBrownBag APAC podcast. Intended to take a vendor agnostic look at design practices and principals. The series will provide the tools needed to assess, build and communicate solutions regardless of the vendor or product classification. The series will cover a number of topics (listed in more detail below), covering areas such as; capacity planning, client engagement, and risks. I am looking for presenters with experience in designing solutions and project delivery, not only from a technology perspective but also a business perspective.

In part 1, we looked at making the necessary changes to AD for LAPS, from extended the schema to modifying the object attribute security. In this part, we will go through deploying the LAPS agent on a workstation. This process is very straight forward, we will use GPO to deploy the agent to our workstation and confirm that the password is now random and stored in AD. During the configuration of the workstation, I set the admin password as “Password1”, secure I know.

In May 2015 Microsoft released Local Administrator Password Solution (LAPS) to help address the issue of keeping local administrator accounts secure. Setting the account password by GPO generally means a large number of computers will have the same password. LAPS provides the ability for workstations to have randomly generated passwords, that are constantly refreshed and easy to retrieve. Managed workstations will set a random password which is stored in an AD attribute called ms-Mcs-AdmPwd.