August 18, 2008
We are all aware how helpful the repadmin tool has become (available thru Windows Support Tools in Windows Server 2003 and earlier) for troubleshooting the replication issues. In Windows Server 2008, this tool along with others come pre-packaged within the OS. You no longer have to install the Support Tools to rein in the benefits [...]
Filed under: Active Directory, Windows Server 2008 | Comments (0)
June 8, 2008
Sounds like a no-brainer, but there is catch. I installed DHCP role on my Server Core that I had previously set up as Read-only Domain Controller, using this command.
start /w ocsetup DHCPServerCore
And then I went ahead and set the service configuration to “auto” with this command,
sc config dhcpserver start= auto (note the space [...]
Filed under: Server Core, Windows Server 2008 | Comments (0)
April 19, 2008
The Windows Server 2008 Server Core installation does support Read Only Domain Controllers (RODC). This support makes Server Core ideal for brance office scenarios. To make a Server Core part of your domain as RODC, you use the unattended answer file with the following text with your settings and passwords
[DCInstall]
InstallDNS=Yes
ConfirmGC=Yes
RebootOnCompletion=Yes
ReplicaDomainDNSName=2008.lab
ReplicaOrNewDomain=readonlyreplica
ReplicationSourceDC=dc3.2008.lab
SafeModeAdminPassword=
SiteName=Default-First-Site-name
UserDomain=2008.lab
UserName=admin08
Password=
CreateDNSDelegation=No
You can place the text file [...]
Filed under: Active Directory, Server Core, Windows Server 2008 | Comments (0)
April 9, 2008
In a previous post we discussed the FSMO Roles and we know that one of the FSMO Roles is RID Master. What a RID Master does and whats its significant, let’s recap. RID Master - Each object must have a globally unique number (GUID). The RID master makes sure each domain controller issues unique [...]
Filed under: Active Directory | Comments (0)
March 31, 2008
Every domain has a default setting for ms-DS-MachineAccountQuota value 10. This means that any user can add up to 10 machines to a domain. You can modify this object in directory by using ADSIedit tool to prevent this behavior.
Warning: Using ADSIedit can have adverse effects on your Active Directoy environment, if not handled with proper [...]
Filed under: Active Directory, Windows | Comments (0)
March 29, 2008
Where Account Lockouts save us from brute force password attacks and help us standardize our environment for password policies, sometimes it can be painful to troubleshoot and find out why and where it happened. Microsoft does provide us with the ‘Account Lockout Management Tools’ suite which can be very handy to diagnose the root cause [...]
Filed under: Active Directory, Group Policy, Windows | Comments (0)
March 24, 2008
Maybe the most forgotten password is the one for Directory Services Restore Mode (DSRM) because it’s created only when a DC is built, and used only during critical DC recovery operations, which hopefully does not happen very often. Not knowing this password can prevent a successful recovery.
If you don’t know your DSRM password and haven’t [...]
Filed under: Active Directory, Windows | Comments (0)
March 6, 2008
In my last post, I talked about what FSMO roles are how to retrieve them thru GUI. In this post I am showing you a quick way to tell what DCs are holding which FSMO roles in your forest/domain. It can be done by running NETDOM QUERY FSMO command at one of your DCs.
Notice, that [...]
Filed under: Active Directory, General, Server Core, VMware | Comments (0)
February 29, 2008
FSMO (pronounced - fiz-mo) roles are essentially domain controllers with higher power than their peer DCs hence the name Flexible Single Master Operation, the word flexible is perhaps in there since you do have the flexibility to move these roles around (the word floationg has been referenced at some places as well). From the name [...]
Filed under: Active Directory, Windows | Comments (0)
February 26, 2008
Updating schema for your forest is not something you do very often, however, it is a requirement when you introduce a Windows server 2003 DC in a Windows 2000 domain or when you introduce the first Windows Server 2008 in your Windows Server 2003 domain. (There may be other times when you have to do this such as [...]
Filed under: Active Directory | Comments (0)