If you have experienced event id #2095, then you understand how a USN Rollback can negatively affect AD consistency. What is a USN? The USN (Update Sequence Number) is an Active Directory database instance counter that increments every time a single change is committed to the AD database on a Domain Controller. The USN is …
Tag: DomainController
Nov 02 2014
Domain Controller Virtual Cloning
One of the best new features of Windows Server 2012 is virtual cloning. The ASKPFE blog has an excellent article covering this new feature: Tom Moser here with a post on one of the new ADDS features in Windows Server 2012; Virtual Domain Controller Cloning. Until now, cloning, snapshotting, copying, or pretty much doing anything …
Nov 01 2014
Active Directory Domain Trusts & Trust Password Management
Recently a customer asked me about Active Directory Domain Trusts and how the passwords were managed. I replied with some educated guesses based on how AD manages a variety of passwords. After stating how I thought it worked (and mentioned that I wasn’t sure), I decided to look it up. I was mostly correct. Every …
Oct 29 2014
Windows Server 2012 R2 deprecates FRS (File Replication Service)
Microsoft’s Tip of the Day has the following useful information on Domain Controller File Replication Service (FRS) depercation: FRS (File Replication Service) has been deprecated in Windows Server 2012 R2. The deprecation of FRS has been accomplished by enforcing a minimum domain functional level of Windows Server 2008. This enforcement is present only if the …
Sep 27 2014
Powershell Remote Use of Module Commandlets (Remoting Import-Module)
Practically all of my Powershell scripts use an Active Directory commandlet. Ok, so they use several. I like to query AD to get environmental information so when I run the script, I know what I am working with from an AD perspective. I can’t help it, I’m an AD Guy. In order to run the …
Sep 23 2014
PowerShell Code: Active Directory Domain Controller Discovery
There are several different ways to find AD Domain Controllers (DCs). Here are a few: AD PowerShell Module: Discover the closest Domain Controller running the AD web services (support PowerShell AD cmdlets): import-module activedirectory Get-ADDomainController -discover -forcediscover -nextclosestsite -service ADWS discover – find a DC forcediscover – re-discover a DC and not use a cached …
Sep 19 2014
Read-Only Domain Controller (RODC) Information
The RODC is one of the most interesting new features of Windows Server 2008. RODCs provide the following: Read-only Active Directory Database – Read-only copy of Active Directory provides a more secure option for distant locations such as a branch office. Changes attempted against the RODC are referred to the next upstream DC. Read-only DNS Server …
May 08 2014
Active Directory FSMO Placement Guidance
FSMO Placement Guidance Summary: Make sure the PDC is highly available and connected. Place the PDC on your best hardware in a reliable hub site that contains replica domain controllers in the same Active Directory site and domain. Place the Forest FSMOs on the forest root PDC (schema master & domain naming master). Place the …
- 1
- 2
Recent Comments