How to configure authorative time Server in Domain. One of the most important configurations required in your Active Directory forest is the configuration of the Windows Time Service. Below is the time synchronization hierarchy. Time Synchronization in an AD DS Hierarchy To configure authorative Time Server role refer below steps. 1. If you have firewall […]
DNS configuration best practice on Domain Controllers, Clients and Member Servers
MULTIHOMING Domain controllers is not recommended, it always results in multiple problems. 1. Domain Controllers should not be multi-homed 2. Being a VPN Server and even simply running RRAS makes it multi-homed. 3. DNS even just all by itself, is better on a single homed machine. 4. Domain Controllers with the PDC Role are automatically […]
Migrate SBS 2008 Domain to Windows 2008
Migrate SBS 2008 to Windows 2008 Server Step 1: Backup the SBS 2008 Box (Make sure SBS 2008 is in Healthy State) Step 2: Introduce Windows 2008 to the SBS 2008 Domain Use the below link to make it an additional domain controller in the same domain as SBS 2008 Installing an Additional Domain Controller http://technet.microsoft.com/en-us/library/cc733027(WS.10).aspx […]
Universal groups, global groups, domain local groups
AD Group types: universal groups, global groups, domain local groups Groups Distribution Groups — Used for email. Useful for programs such as MS Exchange. Security Groups – Used to secure file/folders, printers, etc. Local – Stored on the local SAM (Local Computers) Domain Local – Stored on Domain Controllers. Global Groups – Gives you a […]
How to determine your AD and Exchange Schema version
How to tell what version of AD/Exchange you have. To find the current Active Directory Schema Version, you can use one of the following methods: Note: The internal root domain that we use in this demo is: “domain.com “. 1. Using “ADSIEdit.msc” or/and “LDP.exe” tools: Navigate to: “CN=Schema,CN=Configuration,DC=domain,DC=com” and review the current […]
Domain Rename for Windows 2003/2008
Domain Rename for Windows 2003/2008 Prerequisites for a domain rename in a simple single domain forest for windows 2003/2008: •Enterprise Administrator credentials are required. •The domain should be well formed and healthy. Ran dcdiag /q and repadmin /replsum to check for any errors and fix the same before you proceed. Ran gpotool can check all […]
Metadata Cleanup of a Domain controller
Delete orphan DCs from Active Directory The following commands should be run to cleanup orphan domains and domain controllers. At the command prompt, type ntdsutil ntdsutil: metadata cleanup Metadata cleanup: connections Server connections: connect to server yourserver.yourdomain.com (i.e. the root forest domain controller) Binding to yourserver.yourdomain.com ……. Connected to yourserver.yourdomain.com using credentials of locally logged […]
How to find and remove lingering objects in Active Directory
How to Troubleshoot Lingering Objects Lingering Object : An object which has been deleted on a domain controller and even garbage collected but it still remains on another domain controller is termed as a Lingering Object Some of the biggest annoyances for any Active Directory administrator are odd little things called lingering objects. These have […]
Authoritative /Non-Authoritative Restore in Windows2008
How to restore Server 2008 Active Directory (Non-Authoritative / Authoritative Restore) Windows Server Backup Windows Server Backup the Windows Server Backup feature provides a basic backup and recovery solution for computers running the Windows Server® 2008 operating system. Windows Server Backup introduces new backup and recovery technology and replaces the previous Windows Backup (Ntbackup.exe) feature that […]
How to transfer or seize FSMO roles
How to transfer or seize FSMO roles The first Microsoft Windows 2000 Active Directory (AD) domain controller in a forest is granted five FSMO roles when you run the Dcpromo.exe program and install the AD. There are two FSMO roles that are forest wide and three that are per domain. If child domains are created, […]