Active Directory Archive

Add User to Active Directory Group Using Add-ADGroupMember

The Active Directory Module for Windows PowerShell includes the Add-ADGroupMember cmdlet, which can be used to add user to Active Directory security or distribution groups. In order to use cmdlets from the ActiveDirectory module, at first you must load this module into your PowerShell session (on domain controllers with

Active Directory Migration to Windows Server 2016

In this article we’ll take a closer look on how to migrate Active Directory domain from Windows Server 2012 R2 to Windows Server 2016. Suppose you have an Active Directory domain named contoso.com and one domain controller dc.contoso.com. You want to install a new DC dc01.contoso.com with Windows Server

AD Replication Error 1722 The RPC server is unavailable

In this article we’ll take a look at the basic ways to fix Error 1722: The RPC server is unavailable when performing replication between Active Directory domain controllers. You can face an error 1722 The RPC server is unavailable both in the domain controller logs and when you try

Upgrading Active Directory Schema

An Active Directory Schema is a description of all directory objects and attributes of the Windows domain. The AD schema reflects the basic structure of the catalog and is critical for its proper functioning. Typically, the AD schema is extended/upgraded for several reasons, the most common of which in

Fix: Active Directory Domain Controller Could Not Be Contacted

In this article, we’ll take a look on why it’s not possible to join a new computer to the Active Directory domain with an error Active Directory Domain Controller could not be contacted. What does Active Directory Domain Controller Could Not be Contacted Error Looks Like? A user or

AD Account Keeps Locking Out

Sometimes there are situations when AD account keeps locking out, this happen when you try to log on to a domain computer and getting an error on the login screen: The referenced account is currently locked out and may not be logged on to. This notification means that the

Active Directory Cached Credentials Overview

When log on to a computer with a domain account the user enters credentials, which are passed to the nearest domain controller for authentication. If there are no available domain controllers in the network, then there is no one can verify the credentials and the user cannot logon to

Active Directory Temporary Group Membership on Windows Server 2016

Often some access rights in Active Directory must be granted temporarily, for a certain period of time. In order to avoid the need to monitor the validity of the issued authorities, they can be created initially temporary. To create temporary permissions in AD there are special mechanisms — Temporary Group

Move FSMO Roles and Upgrade Domain to Windows Server 2016

In this article we will show you how to promote a new domain controller with Windows Server 2016 in the Active Directory domain, move FSMO roles from an old domain controller (running Windows Server 2012 R2/2008), raise the domain functional level to Windows Server 2016 and then demote the

Understanding Global Catalog (Active Directory)

In addition to the 5 FSMO roles in Active Directory, there is the sixth (unofficial) domain controller role — Global catalog (GC). Unlike FSMO roles, any controller in a domain can have a Global Catalog role, i.e. it doesn’t require the uniqueness of a server within an Active directory