Today, MCTExpert is announcing that our blog site is now available for subscription to users of Amazon's Kindle electronic book. The MCTExpert blog contains the more detailed questions that get asked in my classes that I want to provide a more in depth response to. These are real questions from real Network Administrators in the field. I've had comments from former students that my responses to their questions have helped them pass the Microsoft certification exams. There is a 14 day free trail subscription. Get your daily dose of what other IT professionals are asking about. Click here to go to the Kindle Store.
With the AD Recycle Bin Turned on, What Happens when you Create a User Account with a Password that does not meet the Password Policy?
This was an interesting observation from one of my Windows Server 2012 classes. While working with the AD Recycle bin in a lab, one of my students discovered some interesting accounts that were created. When he created user accounts that did not meet password complexity requirements, an account is temporarily made and then deleted. When a new password is provided that meets the password requirements, then a new account is made. We discovered this in two places. First off in the Active Directory Administrative Center. This is what caused the initial confusion. Take a look. This is in the Deleted Objects OU. You can see multiple deleted accounts for Test2 and one for Test3. Test3 is a valid, functioning user account. Using the PowerShell command Get-ADObject –IncludeDeletedObjects –Filter * –Properties ObjectSID we can see that indeed, two accounts were created, with one of them deleted. Notice the RID portion of the SID is different. ...

Comments