Active Directory Replication Types

I find myself quite often trying to keep straight all the different replication activities that can occur within an Active Directory (AD) domain. There is: Intrasite Replication Urgent Replication Intersite Replication Intersite Change Notification Replication Reciprocal Replication Immediate Replication Manual Replication Replication between Domain Controllers (DC’s) occurs without administrative intervention. Replication provides the multimaster database … Continue reading "Active Directory Replication Types"

Preventing Lingering Object Replication in Active Directory

One thing you want to prevent in Active Directory is an Islanded DC, one in which you have lost connectivity to.  If a DC is disconnected beyond its "Tombstone Lifetime" it will begin to accumulate Lingering objects.  This isn't something you ever want to happen and if you are put in this situation I would … Continue reading "Preventing Lingering Object Replication in Active Directory"

Windows 7/Vista clients require elevated privileges to install or update a print driver

Our Help Desk support staff was really perplexed.  They were getting hammered by phone calls whenever a print driver was updated and the Windows 7 clients attempted to upgrade the print driver.  Windows XP clients had no problems upgrading, so obviously there was a UAC issue. After doing some research a new setting was discovered … Continue reading "Windows 7/Vista clients require elevated privileges to install or update a print driver"

Windows DCDiag Generating – Error 0x6ba "The RPC server is unavailable."

Once you arrive to Windows 2008 with Advanced Firewall and you run DCDiag you could end up with "error 0x6ba The RPC server is unavailable."  This is the result of the remote DC not allowing RPC connections from the firewall being enabled. To remove this error and allow DCDiag to be run remotely, open up … Continue reading "Windows DCDiag Generating – Error 0x6ba "The RPC server is unavailable.""

Upgrade Certificate Server from 32 to 64 bit

In some older documents Microsoft stated that there was no support for upgrades from 32 to 64 bit: http://technet.microsoft.com/en-us/library/cc755153(WS.10).aspx This is no longer the situation and there is support to migrate 32 to 64 bit, the Active Directory Certificate Services Migration Guide covers the steps required: http://technet.microsoft.com/en-us/library/ee126170(WS.10).aspx This process went smooth and the previous tech … Continue reading "Upgrade Certificate Server from 32 to 64 bit"

Windows 7/2008 Kerberos Default Encryption and Windows 2003/2000

With the latest o/s release Microsoft modified the default encryption method from RC4 to AES when first attempt to commenicate with a Ticket Granting Ticket Service Request.  As long as the client whether it be Windows 7 or Windows 2008, communicates with a Windows 2008 R2 Domain Controller (DC) everything is all good.  However if the client … Continue reading "Windows 7/2008 Kerberos Default Encryption and Windows 2003/2000"

RODC – Password Replication Policy and Password Cache Management

With the advent of Read Only Domain Controllers (RODC) remote offices no longer have to present a risk for your Active Directory (AD) enterprise secrets.  RODC's by default do not cache ANY user or computer passwords.  This can present a problem if there is a loss of connectivity between the remote site's RODC and a Read … Continue reading "RODC – Password Replication Policy and Password Cache Management"

KMS Server won't activate additional servers

I have had my KMS server up and running for several years without any problems.  Recently I was working on a new 2008 Standard Server and it wouldn't activate. I attempted to first use the standard GUI on the Windows Activation screen.  I was even surprised it popped up since KMS usually just works.  I selelcted … Continue reading "KMS Server won't activate additional servers"