This week, Microsoft has released KnowledgeBase article 2872882 today, detailing a situation where you’d receive an “Organization Preparation FAILED” error when you try to Prepare the Active Directory for Exchange Server 2007 or Exchange Server 2010.
Category: Active Directory
Active Directory
Rebooting Windows Server 2012-based Domain Controllers into Directory Services Restore Mode
As Christoffer Andersson, a fellow Directory Services MVP explained in the 4th post of his Inside NTDS.dit series, some deletions do not end up in the Active Directory Recycle Bin and as an Active Directory admin you might still need to perform restores using Directory Services Restore Mode (DSRM).
Options that are only available when you promote Windows Server 2012 to a Domain Controller with PowerShell
The new Domain Controller Promotion process in Windows Server 2012 with the Active Directory Domain Services Configuration Wizard, is a nice new way to promote Windows Server 2012-based hosts to Domain Controllers, since it enables: Remote promotion of Windows Server 2012-based hosts to Domain Controllers Promotion of a group of Windows Server 2012-based hosts to … Continue reading "Options that are only available when you promote Windows Server 2012 to a Domain Controller with PowerShell"
New features in Active Directory Domain Services in Windows Server 2012, Part 20: Dynamic Access Control (DAC)
For the last years, we’ve been modeling the business into group memberships and their associated access control lists. For some organizations this has even led to changing the way they performed business from before they automated their business processes. For other organizations, this has resulted in token bloat. It’s time someone changed that and introduced … Continue reading "New features in Active Directory Domain Services in Windows Server 2012, Part 20: Dynamic Access Control (DAC)"
New features in Active Directory Domain Services in Windows Server 2012, Part 19: Offline Domain Join Improvements
With Windows 7 and Windows Server 2008 R2 Microsoft introduced a new Active Directory feature called Offline Domain Join (ODJ). This feature allows for clients to be joined to an Active Directory domain, without the need of having a direct connection to any of the Domain Controllers for the Active Directory domain.
Reusing a Role Installation XML file in Windows Server 2012 to install the Active Directory Domain Services Role
Ranging from multi-server management to over 2400 PowerShell Cmdlets, Windows Server 2012 delivers on the promise of standards-based management and automation capabilities. Part of the new Domain Controller Promotion process is installing the Active Directory Domain Services role onto a stand-alone or member server. This activity needs to be completed before the new Active Directory … Continue reading "Reusing a Role Installation XML file in Windows Server 2012 to install the Active Directory Domain Services Role"
New features in Active Directory Domain Services in Windows Server 2012, Part 15: Deferred Index Creation
As already mentioned in the previous blog post on RID Improvements in Windows Server 2012, Active Directory environments are sometimes cathedrals of Microsoft technology; they’re big, they’re old and a lot of effort has been put into them to get them into the shape they’re in today.
You can only set the DFL to Windows Server 2012 when you create a new domain tree on a Windows Server 2012-based computer
Remember in the Beta of Windows Server 2012 (then called Windows Server “8”) you couldn’t specify the Windows Server 8 Forest Functional Level (FFL) in the new Active Directory Domain Services Configuration Wizard when you created a new forest? My fellow Directory Services MVP Mike Kline wrote a blogpost on this issue, where he explains … Continue reading "You can only set the DFL to Windows Server 2012 when you create a new domain tree on a Windows Server 2012-based computer"
New features in Active Directory Domain Services in Windows Server 2012, Part 9: Connected Accounts
Windows 8 and Windows Server 2012 are cloud-optimized Operating Systems. One of the areas where this is visible is the ability to connect domain accounts to Microsoft accounts (formerly known as Windows Live IDs). In this blogpost I’ll show you how this functionality works and how you can disable this functionality altogether or granularly with … Continue reading "New features in Active Directory Domain Services in Windows Server 2012, Part 9: Connected Accounts"
New features in Active Directory Domain Services in Windows Server 2012, Part 8: Group MSAs (gMSAs)
Back in Windows Server 2008 R2, Managed Service Accounts (MSAs) solved the problem of unsecure service accounts. Managing them was a nightmare, even if you knew what you were doing. Now, In Windows Server 2012, Microsoft addresses a couple of these challenges This blogposts shows how.