Posted on

Who can join a workstation to the Active Directory domain?

By default all domain users have the ability to add a workstation to the domain.

Limits on the number

The limitation on this task is that any one user can add a maximum of 10 workstations to the domain.

Impact

When the user reaches the maximum number of computers joined to the domain, he receives this error message

Who added a workstation to active directory?

To find out who added a workstation to the active directory, simply run this ppowershell script created based on this article:

Using PowerShell to Discover Who Added a Client to Your Domain

Clear-Host

Write-Host "I'm writing ms-DS-MachineAccountQuota"

# List the current value of ms-DS-MachineAccountQuota
Get-ADDomain |
Select-Object -ExpandProperty DistinguishedName |
Get-ADObject -Properties 'ms-DS-MachineAccountQuota' |
Select-Object -ExpandProperty ms-DS-MachineAccountQuota





Write-Host "Number clients in this environment"
Get-ADComputer -Filter * | Measure-Object | Select-Object -ExpandProperty Count
Write-Host "Number users in this environment"
Get-ADUser -Filter * | Measure-Object | Select-Object -ExpandProperty Count


Write-Host ""
Write-Host "Who did this?"
$Clients = Get-ADComputer -Properties ms-ds-CreatorSid, WhenCreated -Filter {ms-ds-creatorsid -ne "$Null"}
$Users = Get-ADUser -Filter *

ForEach ($C in $Clients)
{
ForEach ($U in $Users)
{
If ($U.Sid -eq $C.'ms-ds-creatorsid')
{
$C | Select-Object -Property @{
Name = 'ComputerName'; Expression = {$C.Name}},
@{Name = 'WhenCreated'; Expression = {$C.WhenCreated.DateTime}},
@{Name = "UserName"; Expression = {$U.Name}
}
}
}
}

Change the limit on the number of workstations

It is possible to modify this number by increasing it or bringing it to 0. If it is set to 0, users will have to have particular permissions to be able to add a computer to the domain.

To do this, from the domain controller, launch the adsiedit.msc command.

On the left, position yourself on the main node that begins with “DC=…”. Right-click -> Properties. The key with the number to change is MS-DS-MachineAccountQuota.

 

Restrict adding a workstation to the domain to a group

It is possible to limit the ability to add workstations to the domain to a group of users by acting directly on the GPOs

Computer Configuration → Windows Settings → Security Settings → Local Policies → User Rights Assignment

Look for the “Add workstations to the domain” entry and change it to specify only the users and groups that can perform the add operation.

Posted on

Exchange Online / Microsoft 365 SMTP settings

Generic settings

  • SMTP server: smtp.office365.com
  • Port: 587
  • Requires SSL: Yes
  • Requires TLS: Yes (if available)
  • TLS version : 1.2
  • Authentication: Yes
  • Username: email address
  • Password: Your passwor

User configuration

SMTP sending is not enabled by default.

  • Log in as administrator to the account
  • Tab – Mail
  • Click on “Manage email applications”
  • Select Authenticated SMTP
Posted on

Deploy Xamarin Android App to Google Play Store

Xamarin App basic configuration

Visual Studio Configuration to Debug

AndroidManifest.xml

Open in editor xml (using Visual Studio)

android:debuggable=”true”

Project Propreties

  • Set use Fast Deployment (in the image below is not set)
  • Select apk


Visual Studio Configuration to Play store

AndroidManifest.xml

Open in editor xml (using Visual Studio)

android:debuggable=”false”

Project Propreties

  • Remove use Fast Deployment
  • Select bundle