Find The Distinguished Name for the Active Directory user

some times you need to use the distinguished name for users in AD , this name doesn’t come in Active Directory Users and Computers, so to find such name there are multiple ways you can find them on the link which I’m sharing, but the one i will mention here is by using DSQUERY command:

Dsquery user forestroot –samid “XYZ”

Resources:

http://wiki.zimbra.com/wiki/LDAP_Active_Directory

Advertisements

Give non Administrator user an Access to read the Event logs in Active Directory

I had a Firewall Appliance which requires to read AD logs by using a normal AD user, to fulfill this requirement i found a very good article i want to summarize it and share it with you:

  • First thing we want to Modify the Local Security Policy on the Domain Controller, but this step cant be done if you go directly to the Local Security Policy from the Administrative Tools, to do this you have to go to the Group Policy Management :

Note: you have to use Administrative Privilege ( Domain Admin or Local Administrator on the Server) 

image

go to Domain Controllers –> Default Domain Controller Policy

Right click —-> Edit

Under Computer Configuration—> Windows Settings —> Security Settings —-> Local Policy —> User Rights Assignment

Select and double click on Manage auditing and Security Log

 

image

image

Select Add User or Group —> Browse to add the user —> then OK —> OK

  • The Second Step is to open WMI Manager:

  Go to RUN on start Menu —> Type “wmimgmt.msc

Right click on WMI control —-> select Properties —> security Tap —-> Expand ROOT —->Select Security Folder —> then Security on the bottom of the Box

 

image

Press Add to add the user —-> on the permission check the allow box for Execute Methods —> then OK

image

 

Now this user has the access to read the security AD event log only.

If you have more than one Domain Controller, you have to do the same settings on all of them.

you can test this by login using the same user name, open the server manager —> connect to different computer ( the DC ) —> open the event logs , you will see you have only access to the security logs.

                          Resources:

                        http://www.manageengine.com/products/active-directory-audit/help/admin/domain-settings/authentication-for-collecting-audit-data.html#wmi