Over the course of my career, I’ve worked with several Active Directory environments that ran the domain’s DNS zones on 3rd party DNS products like Infoblox or BIND instead of directly on the domain controllers. GSS-TSIG and secure dynamic updates work great with these non-Windows DNS servers when configured properly. But sometimes, getting the settings right can be tricky for the DNS admins and having a way trigger a DC’s record registration process while troubleshooting is…

If you’ve ever had to setup an HTTPS website in the past couple years, you’ve most likely heard of Let’s Encrypt which is arguably the largest public certificate authority in the world. Not only are their certificates free, the entire ordering and renewal process can be completely automated using a recently finalized protocol standard known as ACME (RFC 8555).

In a previous post, I introduced a new PowerShell module called PwnedPassCheck. It can be used to check passwords and hashes against a list of over half a billion compromised passwords exposed in data breaches thanks to Troy Hunt’s incredibly useful haveibeenpwned.com. In this post, I’ll demonstrate how to use the module in conjunction with Michael Grafnetter’s amazing DSInternals module to quickly audit existing passwords in Active Directory against the compromised list.

Until Microsoft fixes the bug with the AD PSDrive provider, use the fully qualified PSPath to the object instead of the “AD:” PSDrive path like this: