background preloader

Active Directory

Facebook Twitter

Updated List of OS Version Queries for WMI Filters – More likely than not, if you’re using Group Policy to push out software installation or registry entries to client machines or servers on the domain, the policy may be different depending on the OS version or architecture.

Updated List of OS Version Queries for WMI Filters –

Examples, Group Policy Objects may need to be filtered by: Desktop / Server Domain Controller / Non-Domain Controller 32-bit / 64-bit If you haven’t used WMI filters before, they show up in Group Policy Management at the bottom, between Group Policy Objects and Starter GPOs. The WMI filters use a query to scope down the application of the Group Policy Object applicability. Active Directory Replication Over Firewalls - TechNet Articles - United States (English) - TechNet Wiki. This article is based on an article in the Microsoft TechNet Library and is presented here to enable those outside of Microsoft who are interested and knowledgeable on this topic to improve it.

Active Directory Replication Over Firewalls - TechNet Articles - United States (English) - TechNet Wiki

How DNS Scavenging and the DHCP Lease Duration Relate – Ask Premier Field Engineering. Hello everyone, Sean Ivey here from the US PFE – Carolinas team.

How DNS Scavenging and the DHCP Lease Duration Relate – Ask Premier Field Engineering

I’m what we refer to as a platforms-AD PFE. Basically I focus on Active Directory and related networking technologies. Recently, and on three separate occasions, I worked with SCCM administrators having issues deploying the SCCM client. Specifically, they were seeing the error “Failed to get token for current process (5)” in ccm.log.

We discovered the problem was related to DNS and DHCP rather than SCCM. The Scenario Consider the following simplified scenario. A DHCP scope has its lease duration set to the default 8 days.The DHCP scope is low on available IP addresses.Client-A has NOT renewed its IP address lease in 8 days, so it has expired.Client-B is requesting a new IP address.The DHCP server assigns Client-B the address that was leased to Client-A. So far so good. (NOTE: if you’re unsure what all of this “scavenging”, “refresh/no refresh” stuff is check out Josh Jones’ blog, it’s great!) Uh-oh, not so good. Figure 1. Don’t be afraid of DNS Scavenging. Just be patient.

DNS Scavenging is a great answer to a problem that has been nagging everyone since RFC 2136 came out way back in 1997.

Don’t be afraid of DNS Scavenging. Just be patient.

Despite many clever methods of ensuring that clients and DHCP servers that perform dynamic updates clean up after themselves sometimes DNS can get messy. Remember that old test server that you built two years ago that caught fire before it could be used? Probably not. DNS still remembers it though. Considering updating your Domain functional level from Windows 2003? Read this! - Exchange Team Blog. Now that Windows Server 2003 end of life (July 14th, 2015) is on the horizon, many customers are updating their Active Directory (AD) Domain Controllers (DC) from 2003.

Considering updating your Domain functional level from Windows 2003? Read this! - Exchange Team Blog

The first item to consider is which Windows Server Operating System (OS) you will be moving to for your DC’s. There are several options to consider today: 2008, 2008R2, 2012, or 2012R2 operating systems. However, no matter which newer OS you move your DC’s to, coming from 2003, the krbtgt account will reset its’ password when you update the Domain Functional Level (DFL), which is the concern that could break Exchange. Default groups: Active Directory. Default groups Many default groups are automatically assigned a set of user rights that authorize members of the group to perform specific actions in a domain, such as logging on to a local system or backing up files and folders.

Default groups: Active Directory

For example, a member of the Backup Operators group has the right to perform backup operations for all domain controllers in the domain. You can manage groups by using the Active Directory Users and Computers snap-in in Microsoft Management Console (MMC). Default groups are located in the Builtin container and the Users container. The Builtin container default groups contain groups that are defined with domain local scope. Trust types: Active Directory. Updated: January 21, 2005.

Trust types: Active Directory

When to create an external trust: Active Directory. When to create an external trust You can create an external trust to form a one-way or two-way, nontransitive trust with domains outside of your forest.

When to create an external trust: Active Directory

External trusts are sometimes necessary when users need access to resources located in a Windows NT 4.0 domain or in a domain located within a separate forest that is not joined by a forest trust, as shown in the figure. When a trust is established between a domain in a particular forest and a domain outside of that forest, security principals from the external domain can access resources in the internal domain. Active Directory creates a foreign security principal object in the internal domain to represent each security principal from the trusted external domain.

These foreign security principals can become members of domain local groups in the internal domain. Well-known security identifiers in Windows operating systems. A security identifier (SID) is a unique value of variable length that is used to identify a security principal or security group in Windows operating systems.

Well-known security identifiers in Windows operating systems

Well-known SIDs are a group of SIDs that identify generic users or generic groups. Their values remain constant across all operating systems. This information is useful for troubleshooting issues that involve security. It is also useful for potential display problems that may be seen in the ACL editor. An SID may be displayed in the ACL editor instead of in the user or group name. What Are Security Principals? Updated: March 28, 2003.

What Are Security Principals?

Print Management Step-by-Step Guide. The document is archived and information here might be outdated Updated: March 26, 2014 Applies To: Windows Server 2008, Windows Server 2008 R2 There are two primary tools that you can use to administer a Windows print server in Windows Server® 2008: Server Manager and Print Management. You can use Server Manager to install the Print Services server role, optional role services, and features. Server Manager also displays print-related events from Event Viewer and includes an instance of the Print Management snap-in, which can administer the local server only. Print Management provides a single interface that administrators can use to efficiently administer multiple printers and print servers and is the primary focus of this document.

The Print Management snap-in is available in the Administrative Tools folder on computers running Windows Vista Business, Windows Vista Enterprise, Windows Vista Ultimate and Windows Server 2008. This guide is targeted at the following audiences: