Preventing Spoke DC’s from Advertising in the Hub Site for Authentication Availability

If you have a hub and spoke site topology, it may not be a good idea for certain (Or all) spoke dc’s to be advertising, via dns services, the ability to provide authentications services. If you have a remote site with a dc that fails it is usually best that the spoke send its users … Continue reading "Preventing Spoke DC’s from Advertising in the Hub Site for Authentication Availability"

Windows 2000/2003 Replication through a Firewall

To establish secure communications between DC’s defined and variable ports (High Ports) need to be able to communicate. In the scenario defined below the internal dc’s have no outbound restrictions, inbound is restricted to a need to have with the restriction of 200 RPC ports are set for on demand need.   The following port … Continue reading "Windows 2000/2003 Replication through a Firewall"

How to Remotely Promote Server Core to a Read Only Domain Controller (RODC)

If you would like to promote a Windows 2008 server core o/s to a RODC but the server is at a remote location, you can run into multiple road blocks. Firewall ports need to be opened, remote management needs to be enabled plus you need configuration information configured. The following text should help assist you … Continue reading "How to Remotely Promote Server Core to a Read Only Domain Controller (RODC)"

External Forest Trust Configuration with a Firewall – Windows 2003 and NT4

An external forest trust relies on NetBIOS name resolution, dns is not involved. All trust communication traffic flows between the Windows 2003 PDCe and the PDC. It doesn’t matter how you have your LMHosts table setup or your firewall setup the trust is only going to work with these two being able to talk to … Continue reading "External Forest Trust Configuration with a Firewall – Windows 2003 and NT4"

How to Create an Active Directory User Provisioning System

This blog will detail how I created an Active Directory (AD) user provisioning tool with PowerShell.  It probably won’t be what you expect; the amount of front end entry is almost non-existent. The key to consistency within your enterprise is to take as much of the human element out of the picture as possible.  Without … Continue reading "How to Create an Active Directory User Provisioning System"

Active Directory Replication Types

I find myself quite often trying to keep straight all the different replication activities that can occur within an Active Directory (AD) domain. There is: Intrasite Replication Urgent Replication Intersite Replication Intersite Change Notification Replication Reciprocal Replication Immediate Replication Manual Replication Replication between Domain Controllers (DC’s) occurs without administrative intervention. Replication provides the multimaster database … Continue reading "Active Directory Replication Types"

Preventing Lingering Object Replication in Active Directory

One thing you want to prevent in Active Directory is an Islanded DC, one in which you have lost connectivity to.  If a DC is disconnected beyond its "Tombstone Lifetime" it will begin to accumulate Lingering objects.  This isn't something you ever want to happen and if you are put in this situation I would … Continue reading "Preventing Lingering Object Replication in Active Directory"