We know and love it as an essential sandwich accessory, but good grainy mustard is also a key player in theserecipes, an ideal vehicle for imparting a singular jolt of tang and acidity. Mustard is the definition of a flavor hero.

Smoked Whitefish with Pickled Carrots

Plant yourself in front of this salad.

All the fixings for a Southern-style picnic.

Earthy and roasted, the ultimate seasonal salad

NOTEBOOKDispatches from the Gather Blog

Check in every week to read about whats on our minds and, more importantly, on our plates.

Cocktails? You Can Pickle ThatThree bartenders share easy drink recipe ideas where cornichons loom large.

A Condiment for all ReasonsThe recipes that rely on mustard from some of our favorite cookbooks of 2017

The winter 2018 Senses issue of Gather is a journey through sight, smell, taste, sound, touch, and intuition with food as our guide. Youll find fantasy sensorial menus inspired by sight (shiny), smell (burnt), taste (bitter), and sound (crunch); a chapter exploring the link between cooking and touch; and another on the intersection of food and our most abstract sense, intuition.


Gathering AD Data with e Active Directory PowerShell Module

Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia

Beyond Domain Admins Domain Controller AD Administration

Securing Microsoft Active Directory Federation Server (ADFS)

Microsoft provided several Active Directory PowerShell cmdlets with Windows Server 2008 R2 (and newer) which greatly simplify tasks which previously required putting together lengthy lines of code involving ADSI.

On a Windows client, install theRemote Sever Administration Tools (RSAT)and ensure the Active Directory PowerShell module is installed.

On a Windows server (2008 R2 or newer), run the following commands in a PowerShell console (as an Adminsitrator):

Import-Module ServerManager ; Add-WindowsFeature RSAT-AD-PowerShell

Heres my (poor) ADSI example:

$UserID = JoeUser $root = [ADSI] $searcher = new-object System.DirectoryServices.DirectorySearcher($root) $searcher.filter = (&(objectClass=user)(sAMAccountName= $UserID)) $user = $searcher.findall() $user

Heres the same thing with the AD PowerShell cmdlet:

Note that with PowerShell version 3 and newer, you dont need to run the first line since Powershell will identify the necessary module and auto load it.

Once you have the Active Directory PowerShell module loaded, you can do cool stuff like browse AD like a file system

Discover available PowerShell modules:Get-Module -ListAvailable

Discover cmdlets in a PowerShell module:Get-Command -module ActiveDirectory

Finding Active Directory Flexible Master Single Operation (FSMO) Roles:






Active Directory PowerShell Module Cmdlet Examples:

Get-RootDSEgets information about the LDAP server (the Domain Controller) and displays it. Theres some interesting information in the results like what OS the DC is running.

Get-ADForestprovides information about the Active Directory forest the computer you run the command is in.

Get-ADDomainprovides information about the current domain you are in.

Get-ADDomainControllerprovides computer information specific to Domain Controllers.

This cmdlet makes it easy to find all DCs in a specific site or running an OS version.

Get-ADComputerprovides most of what you would want to know about a computer object in AD.

Run with -Prop * to show all standard properties.

Get-ADUserprovides most of what you want to know about an AD user.

Run with -Prop * to show all standard properties.

Get-ADGroupprovides information about an AD group. Find all security groups by running:

Get-ADGroup -Filter GroupCategory -eq Security

Get-ADGroupMemberenumerates and returns the group members. Use the Recursive parameter to include all members of nested groups.

Get-ADGroupMember Administrators -Recursive

These cmdlets are useful to identify situations that previously required purchasing a product or custom scripting.

The following examples find inactive (stale) computers and users accounts that havent changed their passwords in the last 10 days. Note that this is a lab example. For real-world checks, change this to 60 to 90 days for computers and 180 365 days for users.

Note that the Windows 2012 module includes cmdlet for sites (Get-ADReplicationSite*).

Note this requires that the Group Policy PowerShell module is installed, which is separate from the Active Directory module.

Get-ADDomainControllerfilter * `select hostname,IPv4Address,IsGlobalCatalog,IsReadOnly,OperatingSystem `format-table -auto

Get-ADReplicationPartnerMetadata(Windows Server 2012 and newer)

Get-ADReplicationPartnerFailureprovides information on DC replication failure status.

Get-ADReplicationUptodatenessVectorTabletracks replication status between Domain Controllers.

These examples and more are in these presentation slides:

(Visited 11,193 times, 30 visits today)

Active Directory PowerShell ModuleActive Directory TrustsAD cmdletsAD PowerShell cmdletsAdd-WindowsFeature RSAT-AD-PowerShellADSIBackup domain GPOsEnumerate Domain TrustsFind AD Kerberos Service AccountsFinding Active Directory Flexible Master Single Operation (FSMO) RolesGet AD site information.Get-ADComputerGet-ADDomainGet-ADDomainControllerGet-ADForestGet-ADGroupGet-ADGroupMemberGet-ADReplicationPartnerFailureGet-ADReplicationPartnerMetadataGet-ADReplicationUptodatenessVectorTableGet-ADUserGet-Command -module ActiveDirectoryGet-Module -ListAvailableGet-RootDSEImport-Module ServerManagerInventory Domain ControllersPowerShellPowerShell Find inactive computersPowerShell Find inactive users

I improve security for enterprises around the world working for

Read the About page (top left) for information about me. 🙂

Hi Sean, I have benefited from your expertise for many years. Thanks very much !

Is there a way to prevent authenticated folks who are not authorized from running these commands?

Not built-in and working to get these blocked would be non-trivial. Not that this is the same type of data that authenticated users can gather via LDAP.

Check out the PowerShell module PowerView:

There is a way to prevent cmdlets or functions for PS remote session. Look at Securing Privileged Access document from Microsoft. From there look at Just enough admin and you find how to restrict PS usage

NolaCon (2018) Active Directory Security Talk Slides Posted

Attacking Read-Only Domain Controllers (RODCs) to Own Active Directory

Securing Microsoft Active Directory Federation Server (ADFS)

Gathering AD Data with the Active Directory PowerShell Module

Beyond Domain Admins Domain Controller AD Administration

Trimarc Active Directory Security Services

Have concerns about your Active Directory environment? Trimarc helps enterprises improve their security posture.

Attack Methods for Gaining Domain Admin Rights in

PowerShell Encoding Decoding (Base64)

Securing Windows Workstations: Developing a Secure Baseline

The Most Common Active Directory Security Issues and

Building an Effective Active Directory Lab

Securing Domain Controllers to Improve Active

Detecting Offensive PowerShell Attack Tools

Microsoft Local Administrator Password Solution (LAPS)

Finding Passwords in SYSVOL Exploiting Group

PowerShell Version 5 is Available for Download (again)

Security Conference Presentation/Video

Content Disclaimer: This blog and its contents are provided AS IS with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 – 2017.

Content Disclaimer: This blog and its contents are provided AS IS with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned.

5 Smarty-Pants Ways to Collect Emailfrom Facebook Fans

Aaron Lee is the Founder & m, a fashion blog that sharesstyle for short men. Follow him on Twitter at @askaaronlee

Changing itsnews feed algorithm, its design, its rules, its ad units…

In the world of tech, you either adapt and innovate or you die.

Where does this leave businesses trying to market themselves on Facebook?

In the same position actually — you also must adapt or die.

And more and more you must pay — ie. devote more of your budget to Facebook ads to make sure youre reaching fans.

Thats fine — and buying Facebook ads should bring you good results if you do it right.

But before you start pouring too much money into ads, Id advise you to firstbuild relationships with your fansoutside of Facebook.

That way you can insulate your business from the volatility and change mentioned above.

Whats the best way to build relationships with your fans outside of Facebook?

Simple. Create an email list and collect their email addresses.

In this blog post, Ill show you 5 clever ways to do that.

Use your current email service provider (Mailchimp, Constant Contact, Aweber, etc.) by connecting yourFacebook tab.

Here are some providers that can help you get this set up:

Once youve done that, youll add a tab to your Facebook profile.

Use this method to promote your businesss newsletter on your Facebook page. Heres howPeg Fitzpatrickdoes it.

The 2nd method encourages your fans to exchange their emails in return for something valuable — like an ebook, video, white paper or infographic.

Check out howMari Smithuses ebook on her Facebook page to incentivize fans to share their emails.

It works too! I actually subscribed to this one.

You can alsouse your Cover Phototo promote your incentives!

For example, check out this neat trick we did recently.

When you click on the cover image, we provide a link to subscribe to the ebook.

If youre selling a product, you can also give coupons to fans in exchange for their emails.

This helps entices them to share their emails while also incentivizing them to buy your products.

Running a contest is also a great way to collect emails from Facebook fans. But youll need to use an app to run it.

Timeline contestsare free and easy to organize — but they dont allow you to collect email addresses.

However, when you use apps, you can. And if you make fans compete for something they want, theyre much more likely to hand over their emails to enter the competition.

Malaysia Airlinesran this contest to collect emails from Facebook fans:

Pro Tip: Try to incentivize fans to promote your contest to their friends.

You can do this by increasing their chances of winning (allowing more than one entry, for example) if they share the contest with their friends.

ThisFacebook marketingtechnique involves partnering with another person or business to co-promote some kind of giveaway.

Gary Vaynerchukcrushed it with this method while promoting his book.

He basically partnered with other companies and gave them a chance to getexposure while also promoting the book and providing prizes for fans.

So its a win for Gary, the partner company and the audience!

My last tip involves driving traffic away from Facebook to your homepage or blog.

With thenew news feed algorithm update, link posts have better reach than ever.

This means you have a better chance than ever todrive fans back to your websiteand capture their email addresses.

The best way to do this is to share well-written, valuable blogposts — and then have an email opt-in on your blog posts:

We use this method on thePost Planner blogand get thousands of new subscribers every month!

Pro Tip: In order to maximize the success of your link posts and get the most engagement on them as possible, be sure to include a relevant, eye-catching photo along with your link.

If you need help finding photos to post on Facbook, we recommend trying the Viral Photos feature withinPost Planner.

There you will find thousands of photos to choose from. Its predictive content (already proven successful on Facebook) so you will be setting your posts up for success right out of the gate!

Each photo is ranked with 1-5 stars, and you can choose the ones that best fit your audience. You can also create folders of content from your favorite Facebook pages.

Youll have it all at your fingertips ready to post!

Email marketing is one of the most powerful ways to build online relationships. Dont miss out on the opportunity to develop trust and credibility with your audience.

Are you using any of these 5 methods to collect emails from Facebook fans?If not, how else are you using your Facebook page to capture email addresses?Please let me know in the comments below.

Now that you know the ins and outs of capturing email addresses on Facebook.. whats next?

Grab your copy of our free infographic below and learn 12 secret Facebook features youre going to love!

Want to reach more people on Facebook? If so, you need to learn as much as you can about Facebooks news feed algorithm. If youre ready to grow your business on Facebook, grab the all-new guide, How The Facebook Algorithm Really Works. (and how to beat it in 2018)

Want to make Facebook Live a part of your social media marketing strategy? Read this first! 10 things you need to know before you go Live on Facebook.

Ever wonder what type of content you should share on social media? Grab these ideas! 9 awesome types of social media content you can start using today.

Want more tips like this straight to your mailbox?

The folks at Post Planner will show you how for free.

Join our Community of 165,000+ Social Marketers

© 2011-2018 Post Planner, Inc. All Rights Reserved.

No thanks, Im not interested in amazing results


In order to enter your ad information just go to theSubmittab now. This will place your information into the publishers hands.

To keep things real simple, when you hit the submit button it will present you with a confirmation page that you can print. The confirmation page can also be sent in E-mail to you if you prefer toKeep It Green.

You will need to be aregistereduser to establish your own account. Once signed into GatherAds, go to the My Ads menu item at the top of the page, you will have access to your previous ad submissions. You can browse through your submissions by date. Select one, edit it, and resubmit. Its that simple.