-
Active Directory Domain Services Virtualization
his topic lists resources that are available for using virtualized domain controllers. Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100) Virtualized Domain Controller Technical Reference (Level 300) Virtualized Domain Controller Cloning Test Guidance for Application Vendors Support for using Hyper-V Replica for virtualized domain controllers
-
Managing RID Pool Depletion
Today, I discuss how to protect your company from uncontrolled RID pool depletion and keep your domain bustling for decades to come. Background Relative Identifiers (RID) are the incremental portion of a domain Security Identifier (SID). For instance: S-1-5-21-1004336348-1177238915-682003330–2100 ==> S-1-5-Domain Identifier–Relative Identifier A SID represents a unique trustee, also known as a “security principal” – typically users, groups, and computers – that Windows uses for access control. Without a matching SID in an access control list, you cannot access a resource or prove your identity. It’s the lynchpin. Every domain has a RID Master: a domain controller that hands each DC a pool of 500 RIDs at a time. A domain contains…
-
DFS Locks
If Win2008+ DFS Replication tries to replicate open files and 16 of them are locked at once, would DFSR cease to replicate any further until at least one unlocked? No, those files are skipped and retried. DFSR will retry after one second, two seconds, four seconds, up to twelve times with a maximum timeout of 5 minutes between each retry. DFSR will then stop retrying that file for 10 minutes and re-enter the same retry cycle infinitely. The DFSR events are throttled and the events doesn’t match the actual number of retries. Locked files definitely have a negative effect – all these retries aren’t free – but you will not completely block…
-
Active Directory Domain Services (AD DS) Troubleshooting Survival Guide
This page categorizes the Active Directory troubleshooting information that is spread all over the Internet, so you can get to the resource you need to solve your specific issue. Table of Contents Troubleshooting Overviews Collecting Information Useful Utilities Active Directory Events Event Sources Active Directory Limitations Active Directory Replication Issues Services or Access Denied Performance Issues See Also Troubleshooting Overviews You might want to check out these overviews, flow charts, and general Active Directory troubleshooting strategy resources if you are not quite sure where to start: Active Directory Troubleshooting Flow Chart (PDF by Sean Deuby) Active Directory Troubleshooting Overview (written for Windows 2000, but much of it still applies) High-level Methodology for Troubleshooting Active…
-
DNS servers TYPES
Types of DNS server Primary DNS server: A primary DNS server is created when a primary zone is added. It is a DNS server which holds primary zones for a particular domain. Primary DNS server acts as the zone’s central point of update. Newly created zones are always this type. We can deploy primary zones in one of two ways: as standard primary zones or primary zones integrated with Active Directory. Standard Primary Zones: A Standard primary zone is the only zone type that can be edited or updated because the data in the zone is the original source of the data for all domains in the zone. Updates made…
-
Forwarders and Conditional forward in DNS
Forwarders: If the query is not resolvable by the local DNS it is being forwarded to another DNS server for name resolution Allows you to configure the local DNS server to forward DNS queries to upstream DNS servers, called forwarders You can specify the IP addresses of upstream DNS servers to which queries should be directed if the local DNS server cannot provide a response through its cache or zone data. When to Use Forwarders: In some cases, network administrators might not want DNS servers to communicate directly with external servers. For example, if your organization is connected to the Internet by means of a slow wide area link, you…
-
DNS How to Secure your DNS server
For more detail click here. Restrict Zone Transfers Configure AD Integrated Zones Configure the Discretionary Access Control List (DACL) Allow Only Secure Dynamic Updates Configure the Global Query Block List Configure the Socket Pool Configure Cache Locking Restrict DNS servers to listen only on selected interfaces Configure Internal Root Hints Disable Recursion on the DNS Server Secure the DNS Cache Secure Zone Transfers with IPsec Configure the DNS Socket Pool 1 In domain Server, open Windows PowerShell and type : Get-DNSServer This command displays the current size of the DNS socket pool (on the fourth line in the ServerSetting section). Note that the current size is 2,500. Please take note that the…
-
DHCP Console Icons Reference
DHCP console icons added for Windows Server 2012 Click the link Icon Description Failover is configured on the DHCP server DHCP scope policies DHCP scope policies: Deactivated DHCP scope policy option DHCP server policies DHCP server policies: Deactivated DHCP server policy option DHCP server/scope policy DHCP server/scope policy: Query busy (shown while the server is being queried) DHCP server/scope policy: Offline (cannot connect to the server) DHCP server/scope policy: Deactivated DHCP server/scope policy: Offline and deactivated
-
Microsoft tools and usage
memory dump analyse rpcdump
-
Active Directory Event ID
http://social.technet.microsoft.com/wiki/contents/articles/15232.adds-audit.aspx Event ID Description 4741 – A computer account was created. 4742 – A computer account was changed. 4743 – A computer account was deleted. 4739 – Domain Policy was changed. 4782 – The password hash an account was accessed. 4727 – A security-enabled global group was created. 4728 – A member was added to a security-enabled global group. 4729 – A member was removed from a security-enabled global group. 4730 – A security-enabled global group was deleted. 4731 – A security-enabled local group was created. 4732 – A member was added to a security-enabled local group. 4733 – A member was removed from a security-enabled local group. 4734 –…