Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

Browse by Tags

All Tags » FAQs & How-Tos   (RSS)

How to deploy 64 bit R2 DCs in a 32 bit W2K3 AD environment

Let's say your AD consists of only 32 bit W2K3 (SP1) DCs without R2. Now you want to introduce a 64 bit R2 DC. As you know, you need to extend the AD schema to support the R2 features. When using the 32 bit version of R2 you just fire up ADPREP from the Read More...
Posted Friday, January 05, 2007 9:30 AM by Jorge | 1 Comments

NTLM and Kerberos authentication explained the easy way

Kerberos authentication is always used when: Both endpoints are at least W2K or higher AND In case of a trust, Kerberos is supported Kerberos is supported within an AD forest and between AD forests when a forest trust is used. In all other cases NTLM Read More...
Posted Thursday, December 28, 2006 9:29 PM by Jorge | 2 Comments

Migrating stuff with ADMTv3

ADMTv3 has been out for a while and is the free Microsoft Migration Tool available for use (besides other small tools that can help you during your migration like NETDOM, SUBINACL, ROBOCOPY, etc.). It can be downloaded here Besides the tool you can also Read More...
Posted Wednesday, December 27, 2006 1:46 PM by Jorge | 6 Comments

The Infrastructure Master FSMO and the GC role

This is so simple and people still ask questions in the newsgroups about it. It has been answered sooooooooo many times it almost hurts typing this over and over again.... Concerning the Infrastructure Master FSMO role and the GC role look at it from Read More...
Posted Tuesday, July 18, 2006 7:41 PM by Jorge | 0 Comments

How to check that FORESTPREP and DOMAINPREP replicated to all DCs?

I have written this post because the following question has been asked a few times: "How do I know that the forest updates have replicated to all DCs in the forest" "How do I know that the domain updates have replicated to all DCs in the domain" The procedure Read More...
Posted Tuesday, June 06, 2006 8:18 PM by Jorge | 2 Comments
Filed under:

Delegation of control...how?

A tip for delegation (per organization this may depend, but this should give you a hint how to do it): ALWAYS use separate admin accounts to perform admin tasks Define the admin roles in your organization Define all the admin tasks performed by those Read More...
Posted Tuesday, May 16, 2006 10:20 PM by Jorge | 0 Comments
Filed under:

Example NT4 to AD upgrade

So you want to in-place upgrade your current NT4 domain to an AD domain and keep the same NetBIOS domain name. This is AN EXAMPLE how to do it. Make sure you change anything that is specific to your environment and check everything has been taken into Read More...
Posted Monday, May 01, 2006 8:44 PM by Jorge | 1 Comments
Filed under:

Moving FSMO roles from one DC to another DC

When moving a FSMO from one DC to another DC you have two possibilities... transfering and seizing You transfer a FSMO role when both the source DC as the target DC is up and running. There is no need to worry about the exchange of information concerning Read More...
Posted Thursday, January 05, 2006 12:28 PM by Jorge | 1 Comments
Filed under:

Creating a taskpad and delegating several admin tasks

For information on how to create and use Taskpad Views see: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/3d0c783c-7789-4400-953b-d22a501ae535.mspx http://www.winsupersite.com/showcase/win2k_taskpad.asp http://www.petri.co.il/create_taskpads_for_ad_operations.htm Read More...
Posted Thursday, January 05, 2006 10:51 AM by Jorge | 2 Comments
Filed under:

How to increase the rIDAvailablePool of the domain?

For some reason (e.g. disaster recovery) you want to increase the rIDAvailablePool of the domain. So here how to do that. * Start LDP * -> Connection -> Connect * Enter the FQDN of the RID Master FSMO or leave it blank if LDP is run on the RID Master Read More...
Posted Friday, December 09, 2005 6:45 PM by Jorge | 3 Comments
Filed under:

Which DCs are used when promoting a server to a DC?

When running DCPROMO on a server to promote it to DC two possibilities exist what query is used by the server to locate a DC... --> The server is a STAND ALONE SERVER and is going to be promoted to a DC: In this case the server does not know to which Read More...
Posted Wednesday, December 07, 2005 8:19 PM by Jorge | 11 Comments
Filed under:

Cleaning up the AD metadata of a DC or an AD domain

The demotion of a DC was not successful or the DC crashed or was removed without ever demoting it, as it should, to a non-DC. For that reason its metadata still exists in AD and needs to be removed! See the articles below for how to cleanup the metadata Read More...
Posted Saturday, December 03, 2005 8:16 PM by Jorge | 7 Comments
Filed under:

How to move a DC to another site?

In this case you need to change the IP of a DC and move it to another AD site --> Assuming it only has the DC/GC role.... <-- (steps with a @ are not mandatory but is just a safe measure as I have seen some occasions where those steps were needed...) Read More...
Posted Friday, November 25, 2005 9:49 AM by Jorge | 2 Comments
Filed under:

How to determine on what DC a password was changed for a user?

If account management is enabled and set for success, when changing a password you can look for event IDs 627, 628 or 642. The DC that registers on or more of these event IDs for a certain account is the DC where the change occured. Event ID 627 with Read More...
Posted Thursday, November 24, 2005 10:08 PM by Jorge | 1 Comments
Filed under:

How to distribute DHCP scopes among multiple DHCP servers?

For distributing scopes among multiple DHCP servers two well known rules are available. Google for (only the text before the =): 50/50 dhcp = (central setup) and 80/20 dhcp = (local and remote setup) You should make sure only one DHCP servers leases a Read More...
Posted Thursday, November 24, 2005 3:56 PM by Jorge | 0 Comments
Filed under:
More Posts Next page »