Information wants to be free!
Microsoft announced today that they will offer two features in Windows Azure Active Directory free of charge; Access Control and Core Directory and Authentication. Access Control provides centralized authentication and authorization by integrating with consumer identity providers such as Facebook or by using an on-premises deployment of the Windows Server Active Directory service. With Access …
Continue reading “More free stuff in Windows Azure Active Directory”
I though I would just remind everyone about Microsoft’s official Active Directory (and related) blogs. These are great places to get good technical info about AD directly from the source. Check them out! Active Directory Blog Ask the Directory Services Team Blog Group Policy Blog Windows PKI blog Happy reading!
Introduction Active Directory sites, site links and site link bridges exist to be able to tell the directory service about the network’s physical topology. Specifically to identiy which parts of it are well connected and where there are slow WAN links. The rule of thumb here is that all systems that are connected with at …
Continue reading “Enabling notify-driven replication across Active Directory sites”
Every installation of Windows based on the Windows NT code base has a builtin admin account called Administrator. Every installation of Active Directory Directoy Services also has a builtin admin account called Administrator. (If you are running a version of Windows other than English, your accounts may be named something else.) This account provides complete access …
Continue reading “What’s special about the builtin Administrator account?”
Windows Server 2008 R2 Domain Controllers have left Windows NT 4.0 behind. Windows Server 2008 would still let the old guy play along, but no more. This fact is not apparant until you start to look closer: DCPromo in Windows Server 2008 R2 will not let you select Windows 2000 mixed mode for your domain functional level. …
Sometimes I need a “copy” of an Active Directory domain, partition or LDS instance. Usually this is when I remove decomissioned domains in a multi-domain forest and want to keep a record of what was left when I deleted it. You can do this With LDIFDE.EXE. Here is an example command to make a full …
Continue reading “Poor-man’s Active Directory backups (export really)”
Computers have accounts in Active Directory and log on just as user accounts do. The “user name” of a computer is its name with a dollar sign appended, e.g: MYPC1$. The password is set by the machine when it is joined to the domain and changed every 30 days by the machine. Just as with …
Continue reading “Script to find outdated computer objects in Active Directory”
Out of pure frustration with the fact that the Active Directory Migration Tool (ADMT) is unable (unwilling is my guess) to do security translation for users’ Remote Desktop Services (RDS) roaming profiles, I decided to take matters into my own hands and created the script below. It is not very refined just now, but I …
Continue reading “If you won’t translate RDS profiles; I will!”
Universal groups (UG) are stored in the Global Catalog (GC). But what exactly is the Global Catalog, and how does it store objects? Does it store anything at all! And how do Universal Groups work anyway? Active Directory Domain Controllers (DC) have exactly one database. It is stored in %windir%NTDS and is called NTDS.DIT. DIT …
The good old Active Directory Migration Tool (ADMT) has reached version 3.2 making it compatible with Windows 7/Server 2008 R2 and x64. ADMT started it’s Microsoft life as licensed software from One point. I’ve been using this baby since version 2.0. It offers what you need to perform intra or inter-forest Active Directory migrations/restructures, but …
Continue reading “Some Active Directory Migration Tool (ADMT) Notes”