If you ever have been in a situation where your domain controller crashes or failed and there is no way you intend to bring it back to production then you must remove the failed domain controller objects from Active Directory. In a regular procedure, to remove Domain controller from domain, you will run dcpromo to demote, but in this case, the domain controller is no more, so you have to use the ntdsutil tool to remove the objects from active directory. Also, you will need ntdsutil to remove domain controller from domain in a situation where you have tried to use dcpromo to demote but it failed, then you decided to use dcpromo /forceremoval. The force removal process does not totally clean the DC objects, so you will need to use ntdsutil to complete the process. Read more…
Isaac Oben Active Directory Active Directory, delete domain controller, faild domain controller, ntdsutil
The Knowledge Consistency Checker (KCC) is an active directory process that runs on domain controllers and automatically identifies or calculates the most efficient replication topology for the network using data provided by the network in active directory sites and services. To improve replication traffic in most networks, the ISTG might be enabled so that KCC can logically generate (Create) connection objects based on the physical network layer. This is good because KCC will only create connection objects in active directory if it is required for a particular site.
ISTG Reference numbers:
0:To Enable ISTG
1:To disable automatic intrasite topology generation
16:To disable automatic intersite topology generation
17:To disable both intrasite and inter-site topology generation Read more…
Isaac Oben Active Directory Active Directory, AD, Intersite Replication. Intrasite Replication, ISTG, kcc, Replication
Some newbie to Active Directory structure and design submitted a question on one of the forums to know how sites works in relation to his entire infrastructure, because his company has acquired another firm in a remote location. I thought I should post my response in my blog, just in case same question might came up again.
Active Directory Replication:Each Windows Server Domain controller holds a copy of the Active Directory database and each domain controller must be updated when a change occurs. This process of sending updates between domain controllers is called replication. Replication ensures that Active directory is always up to date and current across the entire network Active Directory environment. Read more…
Isaac Oben Active Directory Active Directory, AD Site Desgin, Inter-site Replication, Intra-Site replication, ISTG, Replication
This came up in one of the Usenet forum, so I decided to seek a solution and post it on my blog. Courtesy to original KB555324 article by MVP Simon Geary. By default windows server 2003 group policies does not have the option where administrators can disable the USB and CD drives for users in their domain. To get this accomplished, a customized .adm template to adjust registry settings will have to be created. Here are the steps on how to get this accomplished.This is a revised version from http://support.microsoft.com/kb/555324. I limited myself to just CD and USB drives. This post is AS IS, and if you decide to use it, apply first in testing environment and also read more about Using Administrative Template Files with Registry-Based Group Policy. Read more…
Isaac Oben Active Directory Active Directory, Custom GPOs, Disable USB, Group Policy Objects
