Active Directory Documentation Team

Hypervisor is not running error: How to fix

2009-10-14T19:25:39Z

Though this is not a direct Active Directory post, I think many of you will find this video I ran across, Hypervisor is not running error: How to fix ( http://www.microsoft.com/video/en/us/details/25d07f2e-b2e0-4c0c-b456-79b08bfe58be ), interesting. Since a lot of us do our testing in a virtual environment, when I run across posts, videos, content, etc. that detail how to fix a problem in the virtual space, I like to share them. If you have a comment, please don’t hesitate to leave it...(read more)

New Fix it technology included in TechNet articles

2009-10-06T22:59:48Z

Microsoft has released a new technology (maybe not so new to many of you) that is designed to automate fixes in KB articles. Instead of performing the manual steps to fix a problem (i.e. sound issues), you can click the Fix it button or link, and a script will run that automatically fixes your issue. Previously, this technology was targeted toward consumer KB articles. Now we have added this solution to the following AD TechNet articles: Configure a client computer for automatic domain...(read more)

Guidance for placing several RODCs in the same site

2009-10-06T22:29:16Z

Lately, there have been lots of questions around placing more than one RODC in the same site for load balancing and disaster recovery purposes. We, the AD UA team, recently published an article, Placing Several RODCs in the Same Site (http://technet.microsoft.com/en-us/library/ee522995(WS.10).aspx). Hopefully, this document should clear up the confusion that some of our customers have around this issue. We look forward to your feedback. Please use the comment tool (on...(read more)

Mergers, acquisitions, or reorganizations may have you considering Active Directory restructuring

2009-10-02T03:49:40Z

Some people call it prune and graft, others call it breaking off a domain from the forest. These things are not supported by Microsoft in Windows Server 2008 R2 or earlier. You cannot move domains between forests, but you can migrate. For more information on this, please, check out Restructuring Limitations . del.icio.us Tags: Active Directory restructure , active directory merger , active directory acquisition , breaking forest by domain , separating domains , dividing forests ....(read more)

What is the Active Directory Management Gateway Service?

2009-09-17T22:21:17Z

The Active Directory Management Gateway Service could be referred to as the Active Directory Web Service (ADWS) for Windows Server 2008 and Windows Server 2003. Why? Well, Windows Server 2008 R2 domain controllers have a built-in service called the Active Directory Web Service and the Active Directory Management Gateway Service is the implementation of that service that can be installed on Windows Server 2003 and Windows Server 2008. You can read more about these services and their purpose in the...(read more)

Announcing the availability of the RTM Version of Windows 7 RSAT Tools

2009-09-17T05:07:00Z

You can find the RTM version of the Windows 7 RSAT tools at the following location: Remote Server Administration Tools for Windows 7 The download page gives instructions on how to install and configure the RSAT tools on Windows 7. The RSAT tools can be installed on computers running Enterprise, Professional, or Ultimate editions of Windows 7. This posting is provided "AS IS" with no warranties, and confers no rights....(read more)

Where is the guidance for Active Directory in the DMZ?

2009-08-19T19:44:28Z

DMZ, which actually stands for demilitarized zone, is a very popular term to refer to the concept of a screened subnet, perimeter network, or essentially a network that is divided from your internal network by a firewall. The problem with the term DMZ is that it is actually a military and political term that is not allowed for use in official documentation on TechNet. So, when you are looking for guidance on TechNet related to firewalls, you should search on both screened subnet and perimeter network....(read more)

Windows Server 2008 and Windows Server 2008 R2 and RSAT Active Directory Users and Computers Automate Metadata Cleanup

2009-08-08T05:14:00Z

Metadata cleanup is a required procedure after a forced removal of Active Directory Domain Services (AD DS). You perform metadata cleanup on a domain controller in the domain of the domain controller that you forcibly removed. Metadata cleanup removes data from AD DS that identifies a domain controller to the replication system. Metadata cleanup also removes File Replication Service (FRS) and Distributed File System (DFS) Replication connections and attempts to transfer or seize any operations master...(read more)

Where is SYSPREP in Windows Server 2008 and Windows Server 2008 R2?

2009-07-23T02:22:00Z

If you are looking to sysprep your computers to remove the unique information, you can find sysprep in its new location under the %windir%\system32\sysprep folder. There isn’t much to the interface, but if you are just trying to remove the unique information, you can select the Generalize checkbox. This posting is provided "AS IS" with no warranties, and confers no rights....(read more)

Active Directory Port Requirements

2009-06-24T09:51:00Z

A few days ago we posted a document to TechNet that outlines some of the various port requirements for Active Directory. We gathered the port information from various KB articles and consolidated them into one document. I think it should serve as a great reference guide for those of you configuring Active Directory communication through internal and external firewalls. It details ports used by trusts, replication, global catalog, DNS, DHCP, etc. It also outlines the new default dynamic port range,...(read more)

New Djoin.exe utility in Windows Server 2008 R2

2009-05-27T07:35:00Z

Windows Server 2008 R2 domain controllers include a new feature named Offline Domain Join. A new utility named Djoin.exe lets you join a computer to a domain, without contacting a domain controller while completing the domain join operation, by obtaining a blob from a Windows Server 2008 R2 domain controller at an earlier point in time. The computer is domain-joined when it first starts, so no restart is needed as with a normal domain join. The general steps for using Djoin.exe are: Run djoin /provision...(read more)

"Account Ops-FC" access control entry (ACE)

2009-04-23T07:53:00Z

Account Operators is a default groups located in the Builtin container. Members of this group can create, modify, and delete accounts for users, groups, and computers located in the Users or Computers containers and organizational units in the domain, except the Domain Controllers organizational unit. Members of this group do not have permission to modify the Administrators or the Domain Admins groups, nor do they have permission to modify the accounts for members of those groups. Members of this...(read more)

When using Active Directory Recycle Bin to recover objects with a large number of link-valued attributes

2009-04-23T07:45:00Z

When you delete or recover an Active Directory object with link-valued attributes, AD DS must process the object’s link value table to maintain referential integrity on the linked attribute’s values. Because deleting or recovering an Active Directory object results in modifications to the object’s link value table, if you attempt to delete or recover an object during its ongoing link-value-table processing time, the operation will be blocked. For example, if you use the Active Directory Recycle Bin...(read more)

Active Directory Domain Services Database Mounting Tool (Snapshot Viewer or Snapshot Browser)

2009-04-21T09:19:00Z

This posting is provided "AS IS" with no warranties, and confers no rights. In Windows Server 2008, there are new tools you can use to create a snapshot of your Active Directory database at a point in time, ntdsutil snapshot , and then you can view the contents of that snapshot by using dsamain.exe . This is a great tool for data recovery and comparing changes made to your Active Directory database when the snapshot was taken and how the database looks today. In cases where you need to perform forest...(read more)

Windows 7 User Account Control (UAC)

2009-04-15T21:05:00Z

UPDATE: A faster way to open the UAC settings in Windows 7 was just brought to my attention by Dean Wells. Click Start , type UAC and press ENTER. Thanks, Dean! If that doesn’t work for some reason, you can do the following: Run wscui.cpl from the Start Search or Run dialog box, or launch it from the command prompt. Then, select the User Account Control settings option on the left side of the screen Then you’ll see the UAC settings for Windows 7 This posting is provided "AS IS" with no warranties,...(read more)