Active Directory Archive
Migrating SYSVOL AD Replication from FRS to DFS
The SYSVOL folder on any Active Directory domain controller stores Group Policies settings and templates, scripts, and other objects that the AD or GPO administrator placed there. And each domain controller has its own copy of GPOs, which over time is synchronized with other domain controllers in the domain.
Active Directory LDAP Query Examples
LDAP queries can be used to search for objects (computers, users, groups) in the Active Directory LDAP database according to certain criteria. To perform LDAP query against the AD LDAP catalog, you can use various utilities (for example ldapsearch), PowerShell or VBS scripts, Saved Queries feature in in the
SamAccountName and UserPrincipalName attributes
User accounts in Active Directory have various attributes, among which there are two interesting attributes: samAccountName and UserPrincipalName (usually it is called UPN), the differences between which are not understood by many Windows administrators. In this article, we will take a look at the difference between the samAccountName and
Using ldapsearch to Query Active Directory Objects
The ldapsearch utility is one of the important tools for the administrator of the LDAP (Lightweight Directory Access Protocol) server. It allows you to get any data that is available in the LDAP directory. Currently the most common LDAP implementations are OpenLDAP and Microsoft Active Directory. The ldapsearch utility
Changing Active Directory krbtgt Account Password
Krbtgt user account is automatically created when promoting a new Active Directory domain. However, many AD administrators do not have sufficient knowledge of this account, which is very important from security point of view and the entire domain operation. Let’s try to fix it! The krbtgt account with RID
Using DCPromo to Promote AD Domain Controllers
The DCPROMO console utility is used on Windows Server to install the ADDS (Active Directory Domain Services) role, promoting a member server to the AD domain controller or demoting it. dcpromo /unattend[:filename] /adv /uninstallBinaries /CreateDCAccount /UseExistingAccount:Attach [:{Promotion | CreateDcAccount | UseExistingAccount | Demotion}] /?:Promotion, /?:CreateDCAccount, /?:UseExistingAccount, and /?:Demotion Dcpromo
Repadmin Tool: Checking Active Directory Replication Status
To keep your Active Directory domain in a healthy state, you should periodically check the replication between domain controllers using the repadmin and dcdiag tools (we looked at using the dcdiag utility in a previous post. The Active Directory replication is fully automated, and proper planning and configuration of
The Processing of Group Policy Failed
There are a number of reasons why The processing of Group Policy failed error could happen. When you try to run gpupdate /force you receive the following error: User policy could not be updated successfully. The following errors were encountered. The processing of Group Policy failed. Windows attempted to
Viewing Active Directory Groups Using DSGet Group
The dsget utility can be used to view various information about Active Directory catalog objects. In this article we will show how to use the dsget group command to list info about different groups in the AD domain. To use the dsget command, the Microsoft Windows Administration Tools Pack
Changing Local and Active Directory User Password Using PowerShell
The administrator can change the password of the local users on the computer using the Local Users and Groups (lusrmgr.msc) graphic snap-in. To change the password of an AD domain user, the Active Directory Users and Computer (ADUC) GUI console is mainly used. However, in some cases, the administrator
