Active Directory Replication Types

Reading Time: 3 minutes I find myself quite often trying to keep straight all the different replication activities that can occur within an Active Directory (AD) domain. There is: Intrasite Replication Urgent Replication Intersite Replication Intersite Change Notification Replication Reciprocal Replication Immediate Replication Manual Replication Replication between Domain Controllers (DC’s) occurs without administrative intervention. Replication provides the multimaster database … Continue reading "Active Directory Replication Types"

Preventing Lingering Object Replication in Active Directory

Reading Time: 2 minutes One thing you want to prevent in Active Directory is an Islanded DC, one in which you have lost connectivity to.  If a DC is disconnected beyond its "Tombstone Lifetime" it will begin to accumulate Lingering objects.  This isn't something you ever want to happen and if you are put in this situation I would … Continue reading "Preventing Lingering Object Replication in Active Directory"

Windows 7/Vista clients require elevated privileges to install or update a print driver

Reading Time: < 1 minute Our Help Desk support staff was really perplexed.  They were getting hammered by phone calls whenever a print driver was updated and the Windows 7 clients attempted to upgrade the print driver.  Windows XP clients had no problems upgrading, so obviously there was a UAC issue. After doing some research a new setting was discovered … Continue reading "Windows 7/Vista clients require elevated privileges to install or update a print driver"

Restoring a DC from a Snapshot

Reading Time: 5 minutes Sorry about the formatting, I will have to retype at some point… This covers Windows 2008 R2 and all previous Windows o/s's Let me start off by saying, if you are considering using this procedure, it should be your LAST option.  This is by no means is a supported Microsoft procedure and use of it could … Continue reading "Restoring a DC from a Snapshot"

Windows DCDiag Generating – Error 0x6ba "The RPC server is unavailable."

Reading Time: < 1 minute Once you arrive to Windows 2008 with Advanced Firewall and you run DCDiag you could end up with "error 0x6ba The RPC server is unavailable."  This is the result of the remote DC not allowing RPC connections from the firewall being enabled. To remove this error and allow DCDiag to be run remotely, open up … Continue reading "Windows DCDiag Generating – Error 0x6ba "The RPC server is unavailable.""

Upgrade Certificate Server from 32 to 64 bit

Reading Time: < 1 minute In some older documents Microsoft stated that there was no support for upgrades from 32 to 64 bit: http://technet.microsoft.com/en-us/library/cc755153(WS.10).aspx This is no longer the situation and there is support to migrate 32 to 64 bit, the Active Directory Certificate Services Migration Guide covers the steps required: http://technet.microsoft.com/en-us/library/ee126170(WS.10).aspx This process went smooth and the previous tech … Continue reading "Upgrade Certificate Server from 32 to 64 bit"

Windows 7/2008 Kerberos Default Encryption and Windows 2003/2000

Reading Time: 2 minutes With the latest o/s release Microsoft modified the default encryption method from RC4 to AES when first attempt to commenicate with a Ticket Granting Ticket Service Request.  As long as the client whether it be Windows 7 or Windows 2008, communicates with a Windows 2008 R2 Domain Controller (DC) everything is all good.  However if the client … Continue reading "Windows 7/2008 Kerberos Default Encryption and Windows 2003/2000"

Invalid service type: RpcSs when running DCDIAG

Reading Time: < 1 minute After recently bringing up a RODC in my default site, all my 2003 RWDC's in all my sites flipped to a single process which is not a good thing for DC's.  I can't be absolutely certain this was the cause but the errors occured on the same day of the RODC promotion. The erorr in … Continue reading "Invalid service type: RpcSs when running DCDIAG"

RODC – Password Replication Policy and Password Cache Management

Reading Time: 4 minutes With the advent of Read Only Domain Controllers (RODC) remote offices no longer have to present a risk for your Active Directory (AD) enterprise secrets.  RODC's by default do not cache ANY user or computer passwords.  This can present a problem if there is a loss of connectivity between the remote site's RODC and a Read … Continue reading "RODC – Password Replication Policy and Password Cache Management"

KMS Server won't activate additional servers

Reading Time: 2 minutes I have had my KMS server up and running for several years without any problems.  Recently I was working on a new 2008 Standard Server and it wouldn't activate. I attempted to first use the standard GUI on the Windows Activation screen.  I was even surprised it popped up since KMS usually just works.  I selelcted … Continue reading "KMS Server won't activate additional servers"