Archive for the ‘Active Directory’ Category

Have you ever worked in an environment where because of regulations and compliance, you are required to maintain all terminated and former employees group membership long after they have left the company and their accounts disabled. Leaving their membership in groups makes the group hard to audit because it will contain both active and disabled […]

Jan 26th, 2014 | Filed under Active Directory

Domain Administrators sometime face a scenerio in which they have multiple workstations or member servers as part of a domain and will like to restrict/control which user should be members of any of the built-in local groups, such as Administrators, Backup Operators, Remote Desktop Users, Power Users etc. Rather than attempting to accomplish this manually, it will be […]

Oct 3rd, 2009 | Filed under Active Directory

Just thought I should list the step by step process for performing authoritative restore in active directory for windows server 2003. But first, just a brief summary of the difference between an authoritative and a non authoritative restore.  A non Authoritative restore is hardware failures or other software issues that results in the complete restoration […]

Jul 4th, 2009 | Filed under Active Directory

In previous post I outline some guidelines on how to remove demoted domain controller from domain using ntdsutil.exe. In this post, I will give guides on removing a naming context, be it a child domain or a DNS zone from Active Directory usning ntdsutil.exe. First. make sure that no domain controller or replica objects exists […]

Jul 4th, 2009 | Filed under Active Directory

If you ever have been in a situation where your domain controller crashes or failed and there is no way you intend to bring it back to production then you must remove the failed domain controller objects from Active Directory. In a regular procedure, to remove Domain controller from domain, you will run dcpromo to […]

Jun 26th, 2009 | Filed under Active Directory