Remove DNS NS Records after demoting domain controller with PowerShell

  Get-DnsServerZone | ForEach-Object { Get-DnsServerResourceRecord -ZoneName $_.ZoneName -RRType Ns | Where-Object {$_.RecordData.NameServer -like ‘DCName.fqdn.com.‘} | Remove-DnsServerResourceRecord -ZoneName $_.ZoneName -Confirm:$false }   Replace the bold test with the fully qualified domain name of the name server. Don’t forget to keep the period at the end of it as well.

Directory Services–Cannot Change Password – Constraint Violation nTSecurityDescriptor

  Recently I ran into an issue where trying to enable or disable the option ‘Cannot Change Password’ in Active Directory in my C# code. Using a Domain Administrator account the code worked perfectly fine, but when it was run under a non-administrator I would get “Constrain Violation Occurred” and the following exception "0000051B: AtrErr: […]

Check group membership from AD with Foreign Security Principals

The following code will check if a user is a member of a specific group. This will work with a domain trust and Foreign Security Principals. See the update below! groupName = The sAMAccountName of the group you want to check the members of. SearchDomain = This is the FQDN that you will be searching […]

Get username and domain of Foreign Security Principal from domain trust

You can use this code to determine the DOMAIN\username from the Foreign Security Principal which is really the SID of the account. Pass the full distinguishedName of the ForeignSecurityPrincipal. static string GetUserNameOfFSP(string ForeignSecurityPrincipal) { //Returns with syntax of "DOMAIN\logonname" try { DirectoryEntry user = new DirectoryEntry("LDAP://" + ForeignSecurityPrincipal); SecurityIdentifier sid = new SecurityIdentifier((byte[])user.InvokeGet("objectSid"), 0); NTAccount […]

Authenticate a user against Active Directory including domain trust

Authenticate a user’s credentials with this code against a domain. This also works with a domain trust. static bool AuthenticateUser(string userName, string password, string domain) { bool authentic = false; try { DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, userName, password); object nativeObject = entry.NativeObject; authentic = true; } catch (DirectoryServicesCOMException e) { Console.Write(e.Message); } […]