In Windows Server 2012, Microsoft introduced the new streamlined Active Directory Domain Services Configuration Wizard, that in most Microsoft documentation is labeled the successor to dcpromo.exe. I’m a big fan of the new wizard, but there’s one feature I don’t use: the automatic Active Directory preparation steps it can perform for you to update the … Continue reading "I’m still an ADPrep kinda guy"
Category: Active Directory
Active Directory
Transitioning your Windows Server 2003 Domain Controllers to Windows Server 2012
Your organization might still be running their Active Directory Domain Services on top of Windows Server 2003-based Domain Controllers. You might be looking to replace these servers with Windows Server 2012-based Domain Controllers, either to utilize the new features, make the most out of your virtualization project or to simply do away with the aging … Continue reading "Transitioning your Windows Server 2003 Domain Controllers to Windows Server 2012"
Why I don’t like the Quest Active Directory PowerShell Cmdlets
Many Active Directory admins use and like the Quest Active Directory PowerShell Cmdlets, that are part of the free ActiveRoles Management Shell for Active Directory. They have been freely available since 2007 and have been the long trusted scripting companion for many. I am not one of them. It’s nothing personal. Let me explain. … Continue reading "Why I don’t like the Quest Active Directory PowerShell Cmdlets"
Cross-forest Migrating Dynamic Access Control
Six months ago, I wrote on 10 Things you need to be aware of before deploying Dynamic Access Control. As point 8, I told that the Active Directory Migration Tool (ADMT) does not support cross-forest migrating Dynamic Access Control (DAC). As an Active Directory admin, ADMT, obviously, would be the first tool to look you … Continue reading "Cross-forest Migrating Dynamic Access Control"
Cases where VM-GenerationID doesn’t help make Active Directory virtualization-safe, Part 2
Yesterday, I talked about the new Active Directory virtualization safeguards in Windows Server 2012 (and beyond) and how Joe Richards triggered me to think about cases where the Active Directory virtualization safeguards (powered by the new VM-GenerationID) don’t help make Active Directory virtualization-safe(r). In the first post, I talked about how the Active Directory virtualization … Continue reading "Cases where VM-GenerationID doesn’t help make Active Directory virtualization-safe, Part 2"
Cases where VM-GenerationID doesn’t help make Active Directory virtualization-safe, Part 1
Joe Richards posted an interesting blogpost a while ago on why Active Directory VM-GenerationID functionality is not an alias for Active Directory anti-USN Rollback functionality. In it, he makes some valid claims: You are only protected in very limited set of very certain very specific circumstances. The VM-GenerationID "triggers" are dependent upon the virtualization platform. … Continue reading "Cases where VM-GenerationID doesn’t help make Active Directory virtualization-safe, Part 1"
KnowledgeBase: "Organization Preparation FAILED" error when you install Exchange Server 2007 or 2010
This week, Microsoft has released KnowledgeBase article 2872882 today, detailing a situation where you’d receive an “Organization Preparation FAILED” error when you try to Prepare the Active Directory for Exchange Server 2007 or Exchange Server 2010.
Rebooting Windows Server 2012-based Domain Controllers into Directory Services Restore Mode
As Christoffer Andersson, a fellow Directory Services MVP explained in the 4th post of his Inside NTDS.dit series, some deletions do not end up in the Active Directory Recycle Bin and as an Active Directory admin you might still need to perform restores using Directory Services Restore Mode (DSRM).
Options that are only available when you promote Windows Server 2012 to a Domain Controller with PowerShell
The new Domain Controller Promotion process in Windows Server 2012 with the Active Directory Domain Services Configuration Wizard, is a nice new way to promote Windows Server 2012-based hosts to Domain Controllers, since it enables: Remote promotion of Windows Server 2012-based hosts to Domain Controllers Promotion of a group of Windows Server 2012-based hosts to … Continue reading "Options that are only available when you promote Windows Server 2012 to a Domain Controller with PowerShell"
New features in Active Directory Domain Services in Windows Server 2012, Part 20: Dynamic Access Control (DAC)
For the last years, we’ve been modeling the business into group memberships and their associated access control lists. For some organizations this has even led to changing the way they performed business from before they automated their business processes. For other organizations, this has resulted in token bloat. It’s time someone changed that and introduced … Continue reading "New features in Active Directory Domain Services in Windows Server 2012, Part 20: Dynamic Access Control (DAC)"