Active Directory Archive

FSMO Role: Schema Master

Schema Master is another FSMO role which is responsible for making changes to the Active Directory schema. The schema stores descriptions of all Active Directory classes and attributes (LDAP://cn=schema,cn=configuration,dc=<domain>). Changes to the AD schema are rarely made: for example, when you extend the schema using adprep/forestprep, upgrade the domain

FSMO Role: Infrastructure Master

We continue the series of articles about FSMO roles in the Active Directory domain. This time, we will take a closer look at the FSMO role — Infrastructure Master. As been said previously, the Infrastructure Master role is a domain-level role, i.e. in every AD domain there can be

Active Directory FSMO Roles

Flexible single-master operations (FSMO) — operations performed by the Active Directory domain controllers, which require a mandatory server uniqueness for each operation. Various FSMO types can be performed on the same or on multiple domain controllers. Server operating FSMO roles known as Operations Master DC. Most operations in AD

How to transfer FSMO Roles From a Failed Domain Controller

In case domain controller, which owns FSMO (Flexible Single Master Operation) roles, is fail (virus attack, fatal software problems or catastrophic hardware failure etc.), then you need to transfer FSMO roles from a failed to an another (additional) domain controller (for proper Active Directory domain functioning). Consider this tutorial

Accessing Domain Controller from Local DSRM Account

Login with a local account on the domain controller is basically impossible, since then you are promoting member server to the domain controller (DC), the local accounts database (SAM) become inaccessible. However, this rule has one exception. In case of directory services problems on domain controllers, there is a

Change Default OU permissions in Active Directory

By default, each newly created organizational unit (OU) in the access list includes read permission for the group Authenticated Users (built-in group). This allows all users of the domain to be able to view the contents of any OU in Active Directory using Active Directory Users and Computers snap-in.

Configure Active Directory to Store BitLocker Recovery Keys

In corporate segment one of the advantages of BitLocker Drive Encryption technology is the ability to store the recovery keys for encrypted drives in the Active Directory Domain Services (AD DS). BitLocker recovery key is a 48 and/or 256-bit sequence, which is generated during BitLocker installation. When number of

How to hide specific OU in Active Directory

The first thing you see while opening Active Directory Users and Computers (ADUC) snap-in is AD containers (Organization Unit, OU), in which user accounts, computers and groups are placed. Depending on the size and organizational structure, number of OU in Active Directory can be quite large. In addition, there

Installing Active Directory Snap-in on Windows 10

One of the main Active Directory domain management tools is the MMC snap-in Active Directory Users and Computers (ADUC). To work with ADUC snap-in in Windows 10, you need first to install the Microsoft Remote Server Administration Tools (RSAT). The RSAT includes various utility and snap-ins to manage Windows

Active Directory Database File Compaction and Defragmentation

Active Directory is a non-relational database and its size increasing over time, the database takes more and more disk space. If you remove the objects from Active Directory, the size of database file will not be changed, but the free space (white space) can be used to store new