Tag: DomainController

Nov 15

Active Directory Replication Overview & USN Rollback: What It Is & How It Happens

If you have experienced event id #2095, then you understand how a USN Rollback can negatively affect AD consistency. What is a USN? The USN (Update Sequence Number) is an Active Directory database instance counter that increments every time a single change is committed to the AD database on a Domain Controller. The USN is …

Continue reading

Nov 02

Domain Controller Virtual Cloning

One of the best new features of Windows Server 2012 is virtual cloning. The ASKPFE blog has an excellent article covering this new feature: Tom Moser here with a post on one of the new ADDS features in Windows Server 2012; Virtual Domain Controller Cloning. Until now, cloning, snapshotting, copying, or pretty much doing anything …

Continue reading

Nov 01

Active Directory Domain Trusts & Trust Password Management

Recently a customer asked me about Active Directory Domain Trusts and how the passwords were managed. I replied with some educated guesses based on how AD manages a variety of passwords. After stating how I thought it worked (and mentioned that I wasn’t sure), I decided to look it up. I was mostly correct. Every …

Continue reading

Oct 29

Windows Server 2012 R2 deprecates FRS (File Replication Service)

Microsoft’s Tip of the Day has the following useful information on Domain Controller File Replication Service (FRS) depercation: FRS (File Replication Service) has been deprecated in Windows Server 2012 R2.  The deprecation of FRS has been accomplished by enforcing a minimum domain functional level of Windows Server 2008.  This enforcement is present only if the …

Continue reading

Sep 27

Powershell Remote Use of Module Commandlets (Remoting Import-Module)

Practically all of my Powershell scripts use an Active Directory commandlet. Ok, so they use several.  I like to query AD to get environmental information so when I run the script, I know what I am working with from an AD perspective. I can’t help it, I’m an AD Guy. In order to run the …

Continue reading

Sep 23

PowerShell Code: Active Directory Domain Controller Discovery

There are several different ways to find AD Domain Controllers (DCs). Here are a few: AD PowerShell Module: Discover the closest Domain Controller running the AD web services (support PowerShell AD cmdlets): import-module activedirectory Get-ADDomainController -discover -forcediscover -nextclosestsite -service ADWS discover – find a DC forcediscover – re-discover a DC and not use a cached …

Continue reading

Sep 19

Read-Only Domain Controller (RODC) Information

The RODC is one of the most interesting new features of Windows Server 2008. RODCs provide the following: Read-only Active Directory Database – Read-only copy of Active Directory provides a more secure option for distant locations such as a branch office. Changes attempted against the RODC are referred to the next upstream DC. Read-only DNS Server …

Continue reading

May 08

Active Directory FSMO Placement Guidance

FSMO Placement Guidance Summary: Make sure the PDC is highly available and connected. Place the PDC on your best hardware in a reliable hub site that contains replica domain controllers in the same Active Directory site and domain. Place the Forest FSMOs on the forest root PDC (schema master & domain naming master). Place the …

Continue reading