Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

Browse by Tags

All Tags » Active Director... » Windows Server   (RSS)

Domain Join through an RODC instead of an RWDC

Windows Server 2008 introduces one of the coolest features in AD, being IMHO the Read-Only Domain Controller (RODC). The main goal of the RODC is to improve the AD security and to mitigate risks. It is therefore also preferably deployed at the perimeter Read More...
Posted Friday, January 02, 2009 3:09 AM by Jorge | 0 Comments
Attachment(s): DomainJoinAgainstRODC.vbs.TXT

Creating your own AD Design and gathering information

Have you ever needed to create your own AD design, either for some customer or for your own company? If the answer is YES and you need good information as a reference, check the following. Microsoft has several documents and guides that can help you create Read More...
Posted Friday, January 02, 2009 12:06 AM by Jorge | 0 Comments

Why GPOs with Password and Account Lockout Policy Settings must be linked to the AD domain object to be affective on AD domain user accounts

In the newsgroups I still see questions about how people can leverage GPOs and configure password and account lockout policy settings and link that GPO to some OU so that the configured password and account lockout policy settings only apply to the users Read More...
Posted Tuesday, December 16, 2008 9:49 PM by Jorge | 1 Comments

Notifying users by e-mail their password is going to expire

Windows by default has a mechanism to notify a user when the password is going to expire. By default Windows will start notifying the user 14 days before the password really expires and must be changed. The default value is affective when no other value Read More...
Posted Sunday, July 20, 2008 5:44 PM by Jorge | 8 Comments
Attachment(s): ADPwdExpNotify.zip

AutoEnrollment Control Access Right is missing in AD

A few days ago I was chatting with a colleague of mine in the UK about automated permissions assignment in AD through DSACLS. His reason to do this was because of CLM deployments where you had to use different kinds of Extended Rights that are defined Read More...
Posted Thursday, July 17, 2008 9:13 PM by Jorge | 0 Comments

Migration Support in ADMTv3.1 for Windows Server 2008

In this post I explain what you can do with ADMTv3 and what you cannot do. Additionally I also define common migration steps and provide links to other information sources. ADMTv3.1 has been released a few days ago and it now supports Windows Server 2008 Read More...
Posted Tuesday, July 15, 2008 11:29 PM by Jorge | 0 Comments

Wanna read something cool about RODCs, Hyper-V and PowerShell?

Nathan Muggli, a PM at Microsoft in the AD product group blogged about a cool way to deploy RODC using Hyper-V and PowerShell in an automated way. Read it here . Cheers, Jorge -------------------------------------------------------------------------------------------------- Read More...
Posted Tuesday, June 10, 2008 12:25 AM by Jorge | 0 Comments

RODC Compatility Pack for Legacy OSes

Microsoft released a KB article that describes issues/symptoms with legacy OSes and the Windows Server 2008 RODC including possible workarounds. You can find that KB article here (Description of the Windows Server 2008 read-only domain controller compatibility Read More...
Posted Wednesday, June 04, 2008 2:16 PM by Jorge | 1 Comments

Auditing in Windows Server 2008

To audit stuff in Windows Server you first need to configure a main event category to be enabled for "Successes" and/or "Failures". This must be done through a local GPO on the server or through a GPO in AD which then is linked to an OU containing the Read More...
Posted Tuesday, April 29, 2008 11:19 AM by Jorge | 1 Comments

Auditing when members of specific groups logon to a Vista or 2008 computer

Have you ever had the need to audit when members of specific groups logon to a computer? If yes, unfortunately this is only possible out-of-the-box in both Windows Vista and Windows Server 2008. The feature is called "Auditing Special Groups" and you Read More...
Posted Friday, March 21, 2008 5:23 PM by Jorge | 0 Comments

Windows Server 2008 – Reanimating Objects and Restoring additional Information

This post is an updated version of the following post and now contains RTM information: Windows Server Longhorn – Reanimating Objects and Restoring Additional Information Reanimating Objects and Restoring Additional Information Basically when restoring Read More...
Posted Thursday, March 20, 2008 1:29 PM by Jorge | 4 Comments

Windows Time Service

In addition to a previous post a did, I would like to point you to a Microsoft blog about the Windows Time Service (W32TIME) . That blog contains interesting information. My favorite posts on that blog are: Keeping the Domain On Time (Explaining how Windows Read More...
Posted Wednesday, March 19, 2008 4:57 PM by Jorge | 0 Comments

Are you using at least 1 W2K3 SP1 DC in your AD domains?

During one of the AD Q&A sessions at TechED IT Forum I was kind of surprised that people did not know about a simple "save you're a$$ method" when recovery of objects was needed and especially those objects that contain back-links. The recovery of Read More...
Posted Tuesday, November 20, 2007 11:39 PM by Jorge | 0 Comments

Read-Only Domain Controller presentatie bij LogicaCMG

Sorry for all the others, but this one is of interest for dutch speaking people in the Netherlands interested in the topic. Hallo, Met dit bericht wil ik je graag benaderen voor het volgende. Op woensdag 21 november in Amsterdam en op donderdag 29 november Read More...
Posted Wednesday, October 31, 2007 5:46 PM by Jorge | 0 Comments

Determining the Effective PSO for a User

In " Windows Server 2008 - Fine-Grained Password Policies " I explain the new password and account lockout feature/concept in Windows Server 2008. When using ADUC it is interesting to know what PSO is effective from some user, and better yet, what the Read More...
Posted Tuesday, September 11, 2007 11:43 PM by Jorge | 3 Comments
More Posts Next page »