The find operation is my friend in ADUC, but where exactly are the AD objects you find? What OU? What if you search for ‘Mark’ and there are four ‘Marks’ in your forest?
Mark Parris has a nifty little tip: http://wp.me/pJxvX-4l
This is why I love the ‘net. On Mark’s blog post from which I stole the [...]
Tags: Active Directory
Did you know …
Fully Qualified Domain Name (FQDN): The Fully Qualified Domain Name (FQDN) of an object cannot exceed 64 characters.
Group Memberships: Users, Groups and Computer accounts can be classified as Security Principals and as such Security Principals can be a member of approximately 1015 Groups. This is to do with access token size limitations.
Maximum [...]
Tags: Active Directory · Documentation · Miscellaneous · Performance
Mark Parris (Microsoft MVP) has a post about reducing client authentication loads on a DC.
Essentially, to reduce the number of client authentication requests processed by a DC, adjusting the server’s DNS weight and/or priority will do the trick. Specifically, the number of client authentications is decided by the weight while to ensure the DC does [...]
Tags: Active Directory · Performance · Protocols · Server
Microsoft has released an updated Active Directory design guide. Although it mentions the healthcare sector, it should provide a basis for designing an AD regardless of sector.
Thanks to Mark Parris for the link.
Tags: Active Directory · Documentation
Working some more with my new Windows Server 2008 R2 virtual machine, I discovered that the server manager console has a “Resources and Support” section per role; roles being the function or service the server provides (AD domain Services, DNS, etc.)
Kind of a nomenclature mess, but who am I to complain?
Tags: Active Directory
In playing around some more with my new server 2008 R2 VM, I discovered new options for managing AD, including the ability to restore data from AD snapshots.
This article in the most excellent magazine, simple-talk.com, provides clear instructions on just exactly how one can use this new capability. Good writing too, by Ben Lye.
Tags: Active Directory · Backup · Disaster Recovery
So there I am, working away in my new VM of Server 2008 R2 which Id just made a Domain Controller, when I decided to load the ActiveDirectory module in PoSH (Power Shell) then play around with AD-specific commands. (Im in the process of generating a list of useful resources to our delegated OU administrators [...]
Tags: Active Directory · Errors · Journal · PowerShell
Once again, I find I dont know as much about the inner workings of Active Directory. Joe of joeware dissects a TechNet article about AdminSDHolder which uses his fine tool (AdFind) to query AD for security information. Joe finds a few things lacking in the article (calls it rough.)
Once again, it strikes me that one [...]
Tags: Active Directory · Journal · Miscellaneous
This is major good news from the MS folks: I recently discovered it is possible to automate metadata cleanup, required after the forced removal of an AD Domain Controller.
Even better, on DCs running Windows Server 2008, deleting the DCs computer object in ADUC (Active Directory Users and Computers MMC) initiates the cleanup process automatically.
More information [...]
Tags: Active Directory · Server · Windows
How many reboots does it take for a Windows XP machine to screw in a light bulb?
I have no idea, but I know how many reboots it sometimes takes for some of my Group Policies to be applied, including most annoying, the GP-deployed software: two or more!
Tags: Active Directory · Documentation · SysAdmin