Active Directory Archive

Migrating SYSVOL AD Replication from FRS to DFS

The SYSVOL folder on any Active Directory domain controller stores Group Policies settings and templates, scripts, and other objects that the AD or GPO administrator placed there. And each domain controller has its own copy of GPOs, which over time is synchronized with other domain controllers in the domain.

Active Directory LDAP Query Examples

LDAP queries can be used to search for objects (computers, users, groups) in the Active Directory LDAP database according to certain criteria. To perform LDAP query against the AD LDAP catalog, you can use various utilities (for example ldapsearch), PowerShell or VBS scripts, Saved Queries feature in in the

SamAccountName and UserPrincipalName attributes

User accounts in Active Directory have various attributes, among which there are two interesting attributes: samAccountName and UserPrincipalName (usually it is called UPN), the differences between which are not understood by many Windows administrators. In this article, we will take a look at the difference between the samAccountName and

Using ldapsearch to Query Active Directory Objects

The ldapsearch utility is one of the important tools for the administrator of the LDAP (Lightweight Directory Access Protocol) server. It allows you to get any data that is available in the LDAP directory. Currently the most common LDAP implementations are OpenLDAP and Microsoft Active Directory. The ldapsearch utility

Changing Active Directory krbtgt Account Password

Krbtgt user account is automatically created when promoting a new Active Directory domain. However, many AD administrators do not have sufficient knowledge of this account, which is very important from security point of view and the entire domain operation. Let’s try to fix it! The krbtgt account with RID

Using DCPromo to Promote AD Domain Controllers

The DCPROMO console utility is used on Windows Server to install the ADDS (Active Directory Domain Services) role, promoting a member server to the AD domain controller or demoting it. dcpromo /unattend[:filename] /adv /uninstallBinaries /CreateDCAccount /UseExistingAccount:Attach [:{Promotion | CreateDcAccount | UseExistingAccount | Demotion}] /?:Promotion, /?:CreateDCAccount, /?:UseExistingAccount, and /?:Demotion Dcpromo

Repadmin Tool: Checking Active Directory Replication Status

To keep your Active Directory domain in a healthy state, you should periodically check the replication between domain controllers using the repadmin and dcdiag tools (we looked at using the dcdiag utility in a previous post. The Active Directory replication is fully automated, and proper planning and configuration of

The Processing of Group Policy Failed

There are a number of reasons why The processing of Group Policy failed error could happen. When you try to run gpupdate /force you receive the following error: User policy could not be updated successfully. The following errors were encountered. The processing of Group Policy failed. Windows attempted to

Viewing Active Directory Groups Using DSGet Group

The dsget utility can be used to view various information about Active Directory catalog objects. In this article we will show how to use the dsget group command to list info about different groups in the AD domain. To use the dsget command, the Microsoft Windows Administration Tools Pack

Changing Local and Active Directory User Password Using PowerShell

The administrator can change the password of the local users on the computer using the Local Users and Groups (lusrmgr.msc) graphic snap-in. To change the password of an AD domain user, the Active Directory Users and Computer (ADUC) GUI console is mainly used. However, in some cases, the administrator