Active Directory Archive

How to transfer FSMO Roles From a Failed Domain Controller

In case domain controller, which owns FSMO (Flexible Single Master Operation) roles, is fail (virus attack, fatal software problems or catastrophic hardware failure etc.), then you need to transfer all FSMO roles from a failed to an another (additional) domain controller (for proper Active Directory domain functioning). Consider this

Configuring Internet Explorer 11 Proxy Settings using GPO

The article shows how to configure proxy settings for Internet Explorer 11 browser using Active Directory Group Policies (GPO). In earlier versions of Internet Explorer (6, 7 and 9) to configure Internet Explorer settings you needed to use the following setting in the Group Policy Editor console: User configuration

Accessing Domain Controller from Local DSRM Account

Login with a local account on the domain controller is basically impossible, since then you are promoting member server to the domain controller (DC), the local accounts database (SAM) become inaccessible. However, this rule has one exception. In case of directory services problems on domain controllers, there is a

Change Default OU permissions in Active Directory

By default, each newly created organizational unit (OU) in the access list includes read permission for the group Authenticated Users (built-in group). This allows all users of the domain to be able to view the contents of any OU in Active Directory using Active Directory Users and Computers snap-in.

Configure Active Directory to Store BitLocker Recovery Keys

In corporate segment one of the advantages of BitLocker Drive Encryption technology is the ability to store the recovery keys for encrypted drives in the Active Directory Domain Services (AD DS). BitLocker recovery key is a 48 and/or 256-bit sequence, which is generated during BitLocker installation. When number of

How to hide specific OU in Active Directory

The first thing you see while opening Active Directory Users and Computers (ADUC) snap-in is AD containers (Organization Unit, OU), in which user accounts, computers and groups are placed. Depending on the size and organizational structure, number of OU in Active Directory can be quite large. In addition, there

Installing Active Directory Snap-in on Windows 10

One of the main Active Directory domain management tools is the MMC snap-in Active Directory Users and Computers (ADUC). To work with ADUC snap-in in Windows 10, you need first to install the Microsoft Remote Server Administration Tools (RSAT). The RSAT includes various utility and snap-ins to manage Windows

Active Directory Database File Compaction and Defragmentation

Active Directory is a non-relational database and its size increasing over time, the database takes more and more disk space. If you remove the objects from Active Directory, the size of database file will not be changed, but the free space (white space) can be used to store new

Fix Trust relationship failed issue without domain rejoining

In this article we will discuss the causes of “Trust relationship failed …” error and some solutions on how to restore secure channel between workstation and domain. In what case we can get this error? For example, when user is trying to login to workstation or server with domain

Active Directory auditing: No simple road to success

Auditing Active Directory almost always finds place at the top of the administrator’s to-do list. There are a number of pressing needs that make auditing indispensable. For instance, a single unwanted change such as user deletion or access right modification may have monumental effect on the health of the