Active Directory Archive

Accessing Domain Controller from Local DSRM Account

Login with a local account on the domain controller is basically impossible, since then you are promoting member server to the domain controller (DC), the local accounts database (SAM) become inaccessible. However, this rule has one exception. In case of directory services problems on domain controllers, there is a

Change Default OU permissions in Active Directory

By default, each newly created organizational unit (OU) in the access list includes read permission for the group Authenticated Users (built-in group). This allows all users of the domain to be able to view the contents of any OU in Active Directory using Active Directory Users and Computers snap-in.

Configure Active Directory to Store BitLocker Recovery Keys

In corporate segment one of the advantages of BitLocker Drive Encryption technology is the ability to store the recovery keys for encrypted drives in the Active Directory Domain Services (AD DS). BitLocker recovery key is a 48 and/or 256-bit sequence, which is generated during BitLocker installation. When number of

How to hide specific OU in Active Directory

The first thing you see while opening Active Directory Users and Computers (ADUC) snap-in is AD containers (Organization Unit, OU), in which user accounts, computers and groups are placed. Depending on the size and organizational structure, number of OU in Active Directory can be quite large. In addition, there

Installing Active Directory Snap-in on Windows 10

One of the main Active Directory domain management tools is the MMC snap-in Active Directory Users and Computers (ADUC). To work with ADUC snap-in in Windows 10, you need first to install the Microsoft Remote Server Administration Tools (RSAT). The RSAT includes various utility and snap-ins to manage Windows

Active Directory Database File Compaction and Defragmentation

Active Directory is a non-relational database and its size increasing over time, the database takes more and more disk space. If you remove the objects from Active Directory, the size of database file will not be changed, but the free space (white space) can be used to store new

How to Fix Exchange Server Error 00002098

This article will help you to solve the problem with the creation of a mailbox. It occurs when you are trying to create a mailbox for an existing user. Here is an error code: Active directory response: 00002098: SecErr: DSID-03150E49, problem 4003 (INSUFF_ACCESS_RIGHTS) First time we have encountered this

Active Directory auditing: No simple road to success

Auditing Active Directory almost always finds place at the top of the administrator’s to-do list. There are a number of pressing needs that make auditing indispensable. For instance, a single unwanted change such as user deletion or access right modification may have monumental effect on the health of the

Join Domain and Login over a VPN Connection

This is a short tutorial on how to join a computer to a domain over a VPN connection. This was very useful for us this weekend. We had to reformat a computer, and needed to setup their profile again under their login. Join Domain on VPN We didn’t want

Event ID 7000 – Service Control Manager

If you landed here you are probably receiving the following error: The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console