If you have a hub and spoke site topology, it may not be a good idea for certain (Or all) spoke dc’s to be advertising, via dns services, the ability to provide authentications services. If you have a remote site with a dc that fails it is usually best that the spoke send its users … Continue reading "Preventing Spoke DC’s from Advertising in the Hub Site for Authentication Availability"
Decommissioning a dc requires all domain services that currently reside on a server need to be moved to other dc’s. You need to move any fsmo roles from this dc to another dc (KB255960) To learn where the roles reside run the command netdom query fsmo If the PDCe fsmo role resided on this … Continue reading "How to Decommission a Domain Controller"
The first set of steps is to get a good pc into the production domain. Once this pc is a member it needs to be promoted and be a healthy participant in the network. The new DC then needs to be removed from the network before it is restarted (From its restore) to prevent any … Continue reading "Create A Test Domain (Old Style)"
To establish secure communications between DC’s defined and variable ports (High Ports) need to be able to communicate. In the scenario defined below the internal dc’s have no outbound restrictions, inbound is restricted to a need to have with the restriction of 200 RPC ports are set for on demand need. The following port … Continue reading "Windows 2000/2003 Replication through a Firewall"
If you would like to promote a Windows 2008 server core o/s to a RODC but the server is at a remote location, you can run into multiple road blocks. Firewall ports need to be opened, remote management needs to be enabled plus you need configuration information configured. The following text should help assist you … Continue reading "How to Remotely Promote Server Core to a Read Only Domain Controller (RODC)"
An external forest trust relies on NetBIOS name resolution, dns is not involved. All trust communication traffic flows between the Windows 2003 PDCe and the PDC. It doesn’t matter how you have your LMHosts table setup or your firewall setup the trust is only going to work with these two being able to talk to … Continue reading "External Forest Trust Configuration with a Firewall – Windows 2003 and NT4"
This blog will detail how I created an Active Directory (AD) user provisioning tool with PowerShell. It probably won’t be what you expect; the amount of front end entry is almost non-existent. The key to consistency within your enterprise is to take as much of the human element out of the picture as possible. Without … Continue reading "How to Create an Active Directory User Provisioning System"
I find myself quite often trying to keep straight all the different replication activities that can occur within an Active Directory (AD) domain. There is: Intrasite Replication Urgent Replication Intersite Replication Intersite Change Notification Replication Reciprocal Replication Immediate Replication Manual Replication Replication between Domain Controllers (DC’s) occurs without administrative intervention. Replication provides the multimaster database … Continue reading "Active Directory Replication Types"
One thing you want to prevent in Active Directory is an Islanded DC, one in which you have lost connectivity to. If a DC is disconnected beyond its "Tombstone Lifetime" it will begin to accumulate Lingering objects. This isn't something you ever want to happen and if you are put in this situation I would … Continue reading "Preventing Lingering Object Replication in Active Directory"
Sorry about the formatting, I will have to retype at some point… This covers Windows 2008 R2 and all previous Windows o/s's Let me start off by saying, if you are considering using this procedure, it should be your LAST option. This is by no means is a supported Microsoft procedure and use of it could … Continue reading "Restoring a DC from a Snapshot"