Active Directory Archive

Active Directory Temporary Group Membership on Windows Server 2016

Often some access rights in Active Directory must be granted temporarily, for a certain period of time. In order to avoid the need to monitor the validity of the issued authorities, they can be created initially temporary. To create temporary permissions in AD there are special mechanisms — Temporary Group

Understanding Global Catalog (Active Directory)

In addition to the 5 FSMO roles in Active Directory, there is the sixth (unofficial) domain controller role — Global catalog (GC). Unlike FSMO roles, any controller in a domain can have a Global Catalog role, i.e. it doesn’t require the uniqueness of a server within an Active directory

FSMO Role: PDC Emulator

The Primary Domain Controller (PDC) Emulator FSMO role is one of the three domain-wide operations master roles, i.e. in each domain there should be only one domain controller which is the owner of this role. Initially, the main task of PDC Emulator was to ensure compatibility with earlier versions

FSMO Role: RID Master

The RID master (Relative Identifier) is one of three FSMO domain-level roles, i.e. each domain must have one domain controller which owns this role. A domain controller with the RID Master role is responsible for allocating a unique RID sequence to each domain controller in its domain, as well

FSMO Role: Domain Naming Master

Domain Naming Master — another forest-wide FSMO role (as well as Schema Master role), i.e. in the entire Active Directory forest can be only one domain controller with operation master role Domain Naming Master. The owner of this role is responsible for operations related with Active Directory domain names:

FSMO Role: Schema Master

Schema Master is another FSMO role which is responsible for making changes to the Active Directory schema. The schema stores descriptions of all Active Directory classes and attributes (LDAP://cn=schema,cn=configuration,dc=<domain>). Changes to the AD schema are rarely made: for example, when you extend the schema using adprep/forestprep, upgrade the domain

FSMO Role: Infrastructure Master

We continue the series of articles about FSMO roles in the Active Directory domain. This time, we will take a closer look at the FSMO role — Infrastructure Master. As been said previously, the Infrastructure Master role is a domain-level role, i.e. in every AD domain there can be

Active Directory FSMO Roles

Flexible single-master operations (FSMO) — operations performed by the Active Directory domain controllers, which require a mandatory server uniqueness for each operation. Various FSMO types can be performed on the same or on multiple domain controllers. Server operating FSMO roles known as Operations Master DC. Most operations in AD

How to transfer FSMO Roles From a Failed Domain Controller

In case domain controller, which owns FSMO (Flexible Single Master Operation) roles, is fail (virus attack, fatal software problems or catastrophic hardware failure etc.), then you need to transfer FSMO roles from a failed to an another (additional) domain controller (for proper Active Directory domain functioning). Consider this tutorial

Configuring GPO Proxy Settings for Internet Explorer 11

The article shows how to configure GPO proxy settings for Internet Explorer 11 browser using Active Directory Group Policies. In earlier versions of Internet Explorer (6, 7 and 9) to configure Internet Explorer settings you needed to use the following setting in the Group Policy Editor console: User configuration