Top 3 Active Directory Techniques That Are Often Overlooked
Active Directory is a powerful directory services platform with a rich feature set. Unfortunately many organizations barely scratch the surface when it comes to utilizing Active Directory techniques that could make system administration much easier. Following are the top 3 neglected techniques that we come across when talking to system administrators and IT managers.
1. Dump The Login Scripts
Mapping network drives via login scripts served us well for many years, especially vbscripts. But with Group Policy Preferences (GPP) drive mappings can be 100% GUI based. During a recent Active Directory migration project for a large school district we used GPP for all drive mappings instead of login scripts. The system administrators for the school district had no prior AD or vbscripting experience so this was a welcome solution. GPP is also useful for performing other tasks previously done with Active Directory start up scripts, such as changing environment, application and registry settings based on different criteria. To download Microsoft's Group Policy Preferences Overview whitepaper go here.
2. Stop Fumbling With Printers
Just like login scripts we now have more efficient ways to deal with 
printers. The old school method involved mapping printers with, you guessed it, login scripts. Then we moved on to publishing the printers in Active Directory and presenting them to users based on their location. And now? GPP to the rescue once again.
During the same project mentioned above we deployed printers to school staff all over the district using GPP. GPP allowed us to assign printers based on criteria known a item-level targeting such as IP subnet and group membership. We also assigned the default printer using GPP.
Besides mapped drives and printers, GPP allows everyday system administrators to do a lot the tricks only the most skilled scripters could do in the past. Going into detail about all of the benefits of GPP and the various settings requires a separate post, which we will do at a later date. For now take a look at the graphic to the right to see different criteria available when configuring settings via GPP.
3. Active Directory Snapshots
Shadow copy for Windows file servers is nothing new to most Windows system administrators. What seems to still be new to many administrators is the shadow copy process for Active Directory, which creates point in time snapshots of the volume that stores Active Directory. Using AD snapshots you can view AD information that is days or even weeks old without restarting your domain controller in directory services restore mode (DSRM). This is a great way to compare the current state of an AD object such as a user or group, with a version of the object from days or weeks ago. For the complete procedure on creating and mounting AD snapshots take a look here.
There you have it. Three simple techniques designed to make your job a lot easier. Again, these are the things we notice quite a bit when talking to customers, but perhaps you have a top 3 list of your own. Feel free to share them with us in the comments section! And don't forget to subscribe to our blog in the upper left hand corner of this page.