Category: Active Directory
-
Domain Controller Health Service Lockdown Issue with SCOM 2016
I came to this realization last year, but I don’t think I wrote about it. When monitoring domain controllers, specifically domain controllers running on Windows Server 2016, and specifically with System Center Operations Manager 2016 (and later, I assume) have a bit of an issue when you deploy the SCOM Agent to the server. It deploys,…
-
Active Directory Recycle Bin
A few years ago, Microsoft introduced the Active Directory Recycle Bin to Windows Server. Wonderful! It is not enabled out of the box, but it is reasonably simple to enable… except, it is not. Firstly, you can do it in the GUI… Open the Active Directory Administrative Center, navigate to local (local), and then in the…
-
DCPromo No More… PowerShell!
I needed to build a new domain controller for a friend’s company recently. It is something that I have done so many times over the past two decades that some things are just instinctive… like typing dcpromo to create a domain controller. Right… I had forgotten about that. dcpromo has been deprecated. You could go…
-
SCM is gone… Say Hi to SCT.
For the past several years nearly every client of mine (that I have consulted on Active Directory) has been introduced to the Microsoft Security Compliance Manager (SCM), a great tool that helped create Group Policy Objects (GPOs) for any number of Organizational Units (OUs), including Default Domain Policy, Domain Controller Policy, Client Workstation Policy, and…
-
Distinguished Names: How do I…
Yeah yeah, I know… A little while ago I talked about how to determine the Distinguished Name (DN) of an Active Directory Object, and I got a flurry of requests for doing it with PowerShell. Now, normally I do like to show you how to do things via the GUI, and then what the PowerShell…
-
Creating a New AD Forest in Windows Server Core (Revisited)
Several years ago Steve Syfuhs and I sat down and figured out how to create a new Active Directory forest in Windows Server Core. It was an interesting experience, and even though I later gave rights to that article to the Canadian IT Pro Team (at the time it was Damir Bersinic) when you search…
-
BitLocker Recovery
Like all of you I never expect a day that starts with a call to IT Helpdesk to go well. Fortunately this story has a happy ending. This morning I got to my desk and discovered that my laptop corrupted somehow last night. No problem – Windows 8 has some great self-healing tools built in,…
-
Activation Headaches: Here is your aspirin!
This post was originally written for the Canadian IT Pro Connection. There are three concepts in Microsoft licensing that people often mistake for a single entity, when in fact the three are connected but very separate. They are: Licensing Activation Product Keys Because the three are so tied together it is easy to get yourself…
-
Following My Own Advice: New DCs at SWMI
Earlier this year I published an article in which I told you that it was okay to virtualize your domain controllers; however in the piece I opposed the idea of doing a P2V (physical to virtual) migration of them, or to upgrade them from one version of the OS to another. This weekend I followed…
-
Virtualizing your Domain Controllers
I am asked all the time what the best practices are for domain controllers in a virtualized environment. There are several that I will call out, but let’s begin with the simplest rule. You should never have ONE domain controller. This rule is not only true in virtualized environments, it is always true. If you…
The World According to Mitch 