Arun Kumar

Alerting on “Password Never Expires” Violations (Active Directory) This article explains what the “Password never expires” setting actually means in Active Directory, why it is risky, and how to build reliable detection and alerting with minimal noise. Why this matters? A password is a shared secret. Over time, shared secrets…

Cleanup Automation Using Lepide and Netwrix Insights “Cleanup” in Active Directory (and adjacent systems like file servers and M365) is rarely a one-time task. It’s an operating model: continuously detect what’s stale or risky, validate it, apply a controlled action, and prove you didn’t break anything. The easiest way to get this right is to turn audit and activity…

Cross-forest account sync and SIDHistory handling Cross-forest account synchronization is what keeps access working when identities move between Active Directory forests. SIDHistory is the bridge that lets the new account carry the old identity’s rights without forcing a mass re-ACL of your entire estate. It is simple in concept, but unforgiving in…

Detecting unmanaged accounts via group audit: advanced comparison guide for AD, Entra, SIEM, and PAM Detecting unmanaged accounts via group audit means using group membership changes and “who got added where” telemetry to surface identities that operate outside expected governance: accounts not onboarded to PAM, not tied to HR/ITSM ownership, not covered by standard…

Risk-based lockout policy tuning: Cloud vs on-prem comparisons, deep mechanics, and technical implementation Risk-based lockout policy tuning is the practice of adjusting lockout behavior based on the assessed risk of an authentication attempt, rather than relying on a fixed “X failed passwords = lockout” rule. The goal is simple: slow attackers down hard while keeping…

A user home folder sounds simple: “give each person a private network location and map it as H:”. In real environments, that “simple” choice becomes a long-running system: identity meets storage, permissions, audits, migrations, quotas, backups, and incident response. That is why assigning home folders dynamically with scripts is not just a convenience trick—it is a…

Automating deletion detection in recycle bin: expert guide for Windows cleanup at scale The Windows recycle bin was designed as a safety buffer, not a data retention system. Yet in many environments it becomes exactly that: a quiet holding pen for sensitive documents, large installers, and “temporary” files that never get revisited. The modern problem is…

Implementing LAPS for local accounts: an expert comparison guide for Active Directory and Entra ID Local administrator accounts are both necessary and dangerous. They are the “break glass” lever for offline recovery and deep troubleshooting, but they also create one of the most reliable paths for lateral movement when passwords are static or…