Follow

Recent Essays

23.12.2021 Listing contents of Active Directory Organization Units with powershell

23.12.2021 Creating Database Through Exchange Management Sell in Exchange Server 2019

09.10.2020 Local User Profiles in Windows 10

09.10.2020 Active Directory Domain installation in Windows Server 2019

07.10.2020 Fiber Optic Cable Technology - Multimode and Singlemode Fiber Optic Cables

Essay Categories

Exchange Server 2019 1

Firewall 1

General 0

Group Policy 0

Microsoft 365 0

Microsoft Azure 0

Microsoft Hyper-V 0

Microsoft Outlook 0

MS SQL Server 0

Network 1

Practical Knowledge 1

Routing-Switching 0

Storage-Backup 0

VMware ESXi 0

Windows 10 1

Windows Powershell 1

Windows Server 2016 1

Windows Server 2019 4

Windows Server 2022 0

Windows Server 2025 0

Recent Videos

14.03.2021 Changing ms-DS-MachineAccountQuota Attribute Limit in Windows Server 2019

08.10.2020 Fiber Optic Cable Technology - Multimode and Singlemode Fiber Optic Cables

Video Categories

Exchange Server 2019 0

General 0

Group Policy 0

Microsoft Active Directory 0

Network 1

Windows Powershell 0

Windows Server 2019 1

Windows Server 2025 0

Editor's Choice

07.10.2020 Fiber Optic Cable Technology - Multimode and Singlemode Fiber Optic Cables

06.10.2020 Configuring DFS-Distributed File System High Availability (HA) in Windows Server 2016

01.10.2020 WatchGuard Firewall Installation and Configuration

01.10.2020 NTFS (Security Permissions) and Sharing Permissions in Windows Server 2019 Part-2

29.09.2020 NTFS (Security Permissions) and Sharing Permissions in Windows Server 2019 Part-1

Our Facebook Group

Mobile Display

You can help the contents reach more people by sharing on social media.

Category: Windows Server 2019

Fırat Boyan 01.10.2020 0

Changing ms-DS-MachineAccountQuota Attribute Limit in Windows Server 2019

A user with a standard Active Directory User Account in Windows Server 2019 has the right to join 10 computers to the domain by default. This may pose a security risk for some organizations. I will be mentioning you how you can change the default value of this limit for a standard Active Directory user in this essay.

We can intervene in the ms-DS-MachineAccountQuota Attribute from two points one of which is ADSI.EDIT and the other one is Powershell.

2- Changing ms-DS-MachineAccountQuota Attribute with Powershell

To change the ms-DS-MachineAccountQuota Attribute through ADSI Edit;

1.1- I am right clickin on ADSI Edit and then clicking on Connect to... option.

1.2- I am selecting the Default naming context option in the Connection Settings window and clicking on the OK button.

1.3- I am right clicking on firatboyan.com Distinguished Name and selecting the Properties option.

1.4- In the window that opens, I am reaching the ms-DS-MachineAccountQuota Attribute under the Attribute Editor and double click on it.

1.5- When we double click on the MachineAccountQuota Attribute, we can change the value. The number 10 here is the value information that a user with a standard Active Directory User Account has the right to be able to join 10 computers by default. This value can be increased or decreased from this area.

ms-DS-MachineAccountQuota

2- Changing ms-DS-MachineAccountQuota Attribute with Powershell

To change the ms-DS-MachineAccountQuota Attribute through Powershell;

2.1- I am typing the Powershell command of Get-ADObject in the Powershell console as follows.

Get-ADObject -Identity ((Get-ADDomain).distinguishedname) -Properties ms-DS-MachineAccountQuota

2.1.1- As a result; ms-DS-MachineAccountQuota is the value information that a user with a standard Active Directory User Account has the right to join 10 computers to the domain by default.

2.1- To change the default value of 10, I am typing the Powershell command of Set-ADdomain in the Powershell console as follows. I am changing the value 10 to 0 (zero) in my example.

Set-ADdomain -Identity -Replace @{"ms-DS-MachineAccountQuota"="0"}

3- After changing the ms-DS-MachineAccountQuota Attribute from the Powershell console, when I reach the ms-DS-MachineAccountQuota Attribute on ADSI Edit, we can see that the value I changed on Powershell also had changed in this field.

It is also possible for you to watch related video content of this essay through Changing ms-DS-MachineAccountQuota Attribute Limit in Windows Server 2019.

I hope it benefits....

You may submit your any kind of opinion and suggestion and ask anything you wonder by using the below comment form.

Author: Fırat Boyan

My name is Fırat Boyan. I was born in Alanya, which is one of the counties of the Antalya city, in 1985. I am a Senior System Engineer, Microsoft Certified Trainer (MCT) and a freelance Sworn Translator from English into Turkish and from Turkish into English affiliated with a Notary Office. I have been living in Istanbul since 2008 and providing service in the field of Information Technologies for 18 years. I currently work for Data Market as a Senior Cloud Engineer and I have been providing System and Network trainings as a Microsoft Certified Trainer (MCT) affiliated with Bilge Adam, which renders trainings in the field of Information Technologies. Besides, I provide IT consulting services for corporate companies as well. Please visit the page About Me to get more detailed information about me and to review the Microsoft certifications I have.

COMMENTS
No comment made for this video yet! Be the first to make comment.
You may submit your any kind of opinion and suggestion and ask anything you wonder by using the below comment form.

Name-Surname * !

E-mail * !

Comment * You may type 750 characters.

Verification Code *

Please, enter the verification code with UPPER-CASE letters.

* Comments are published after being approved.
* E-mail is required for comment approval notification, not published.