Active Directory Archive

FSMO Role: Domain Naming Master

Domain Naming Master — another forest-wide FSMO role (as well as Schema Master role), i.e. in the entire Active Directory forest can be only one domain controller with operation master role Domain Naming Master. The owner of this role is responsible for operations related with Active Directory domain names:

FSMO Role: Schema Master

Schema Master is another FSMO role which is responsible for making changes to the Active Directory schema. The schema stores descriptions of all Active Directory classes and attributes (LDAP://cn=schema,cn=configuration,dc=<domain>). Changes to the AD schema are rarely made: for example, when you extend the schema using adprep/forestprep, upgrade the domain

FSMO Role: Infrastructure Master

We continue the series of articles about FSMO roles in the Active Directory domain. This time, we will take a closer look at the FSMO role — Infrastructure Master. As been said previously, the Infrastructure Master role is a domain-level role, i.e. in every AD domain there can be

Active Directory FSMO Roles

Flexible single-master operations (FSMO) — operations performed by the Active Directory domain controllers, which require a mandatory server uniqueness for each operation. Various FSMO types can be performed on the same or on multiple domain controllers. Server operating FSMO roles known as Operations Master DC. Most operations in AD

How to transfer FSMO Roles From a Failed Domain Controller

In case domain controller, which owns FSMO (Flexible Single Master Operation) roles, is fail (virus attack, fatal software problems or catastrophic hardware failure etc.), then you need to transfer FSMO roles from a failed to an another (additional) domain controller (for proper Active Directory domain functioning). Consider this tutorial

Configuring Internet Explorer 11 Proxy Settings using GPO

The article shows how to configure proxy settings for Internet Explorer 11 browser using Active Directory Group Policies (GPO). In earlier versions of Internet Explorer (6, 7 and 9) to configure Internet Explorer settings you needed to use the following setting in the Group Policy Editor console: User configuration

Accessing Domain Controller from Local DSRM Account

Login with a local account on the domain controller is basically impossible, since then you are promoting member server to the domain controller (DC), the local accounts database (SAM) become inaccessible. However, this rule has one exception. In case of directory services problems on domain controllers, there is a

Change Default OU permissions in Active Directory

By default, each newly created organizational unit (OU) in the access list includes read permission for the group Authenticated Users (built-in group). This allows all users of the domain to be able to view the contents of any OU in Active Directory using Active Directory Users and Computers snap-in.

Configure Active Directory to Store BitLocker Recovery Keys

In corporate segment one of the advantages of BitLocker Drive Encryption technology is the ability to store the recovery keys for encrypted drives in the Active Directory Domain Services (AD DS). BitLocker recovery key is a 48 and/or 256-bit sequence, which is generated during BitLocker installation. When number of

How to hide specific OU in Active Directory

The first thing you see while opening Active Directory Users and Computers (ADUC) snap-in is AD containers (Organization Unit, OU), in which user accounts, computers and groups are placed. Depending on the size and organizational structure, number of OU in Active Directory can be quite large. In addition, there