Posts by IsaacOben:
Remove a demoted or failed DC from Active Directory using Ntdsutil.exe
June 26th, 2009If you ever have been in a situation where your domain controller crashes or failed and there is no way you intend to bring it back to production then you must remove the failed domain controller objects from Active Directory. In a regular procedure, to remove Domain controller from domain, you will run dcpromo to demote, but in this case, the domain controller is no more, so you have to use the ntdsutil tool to remove the objects from active directory. Also, you will need ntdsutil to remove domain controller from domain in a situation where you have tried to use dcpromo to demote but it failed, then you decided to use dcpromo /forceremoval. The force removal process does not totally clean the DC objects, so you will need to use ntdsutil to complete the process. Read the rest of this entry “
Access-based Enumeration (ABE)and DFS:How to hide folders from unauthorized users
April 13th, 2009Access-based enumeration (ABE) allow users to view/list only files and folders that they hace access to. This feature hides other files and folders from prying eyes. It was introduced with windows server 2003. It is not enabled by default. I have put together some detail instructions on how to configure ABE. Read the rest of this entry “
How to configure Inter or Intra-Site Topology Generator (ISTG) in Active Directory
March 23rd, 2009The Knowledge Consistency Checker (KCC) is an active directory process that runs on domain controllers and automatically identifies or calculates the most efficient replication topology for the network using data provided by the network in active directory sites and services. To improve replication traffic in most networks, the ISTG might be enabled so that KCC can logically generate (Create) connection objects based on the physical network layer. This is good because KCC will only create connection objects in active directory if it is required for a particular site.
ISTG Reference numbers:
0:To Enable ISTG
1:To disable automatic intrasite topology generation
16:To disable automatic intersite topology generation
17:To disable both intrasite and inter-site topology generation Read the rest of this entry “
“Cannot Generate SSPI Context” Error
March 18th, 2009One of our Database Administrators was conducting a Disaster Recovery (DR) test. They dis-joined a production SQL Server out of the production domain and then add DR SQL server with same name to the production domain. After a successful test, the DR SQL server was then removed from production and they then joined the production sql server to the domain again. But to their surprise, no jobs can run, the error was “Cannot Generate SSPI Context”. Authentication is failing, and they were requested to contact their systems admin. Read the rest of this entry “
Active Directory Site design, 3 things to consider…
March 17th, 2009Some newbie to Active Directory structure and design submitted a question on one of the forums to know how sites works in relation to his entire infrastructure, because his company has acquired another firm in a remote location. I thought I should post my response in my blog, just in case same question might came up again.
Active Directory Replication:Each Windows Server Domain controller holds a copy of the Active Directory database and each domain controller must be updated when a change occurs. This process of sending updates between domain controllers is called replication. Replication ensures that Active directory is always up to date and current across the entire network Active Directory environment. Read the rest of this entry “
Recent Comments