How to configure Inter or Intra-Site Topology Generator (ISTG) in Active Directory

Mar 23rd, 2009

The Knowledge Consistency Checker (KCC) is an active directory process that runs on domain controllers and automatically identifies or calculates the most efficient replication topology for the network using data provided by the network in active directory sites and services. To improve replication traffic in most networks, the ISTG might be enabled so that KCC can logically generate (Create) connection objects based on the physical network layer. This is good because KCC will only create connection objects in active directory if it is required for a particular site.
ISTG Reference numbers:
0:To  Enable ISTG
1:To disable automatic intrasite topology generation
16:To disable automatic intersite topology generation
17:To disable both intrasite and inter-site topology generation Read more…

“Cannot Generate SSPI Context” Error

Mar 18th, 2009

One of our Database Administrators was conducting a Disaster Recovery (DR) test. They dis-joined a production SQL Server out of the production domain and then add DR SQL server with same name to the production domain. After a successful test, the DR SQL server was then removed from production and they then joined the production sql server to the domain again. But to their surprise, no jobs can run, the error was “Cannot Generate SSPI Context”. Authentication is failing, and they were requested to contact their systems admin.   Read more…

Active Directory Site design, 3 things to consider…

Mar 17th, 2009

Some newbie to Active Directory structure and design submitted a question on one of the forums to know how sites works in relation to his entire infrastructure, because his company has acquired another firm in a remote location. I thought I should post my response in my blog, just in case same question might came up again.

Active Directory Replication:Each Windows Server Domain controller holds a copy of the Active Directory database and each domain controller must be updated when a change occurs. This process of sending updates between domain controllers is called replication. Replication ensures that Active directory is always up to date and current across the entire network Active Directory environment. Read more…

Using Group policy Objects to disable USB and CD Rom Drives

Mar 16th, 2009

This came up in one of the Usenet forum, so I decided to seek a solution and post it on my blog. Courtesy to original KB555324 article by MVP Simon Geary. By default windows server 2003 group policies does not have the option where administrators can disable the USB and CD  drives for users in their domain. To get this accomplished, a customized .adm template to adjust registry settings will have to be created. Here are the steps on how to get this accomplished.This is a revised version from http://support.microsoft.com/kb/555324. I limited myself to just CD and USB drives. This post is AS IS, and if you decide to use it, apply first in testing environment and also read more about Using Administrative Template Files with Registry-Based Group Policy. Read more…