Browse by Tags

Tagged Content List
  • Blog Post: Using AD Recycle Bin to restore deleted DNS zones and their contents in Windows Server 2008 R2

    Ned here again. Beginning in Windows Server 2008 R2, Active Directory supports an optional AD Recycle Bin that can be enabled forest-wide. This means that instead of requiring a System State backup and an authoritative subtree restore, a deleted DNS zone can now be recovered on the fly. However, due...
  • Blog Post: Designing and Implementing a PKI: Part V Disaster Recovery

    The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation Designing and Implementing a PKI: Part III Certificate Templates Designing and Implementing a PKI: Part IV Configuring SSL for...
  • Blog Post: RESTOREDFSR.VBS Version 3 now available

    Hello folks, Ned here again. The infamous restoredfsr.vbs has now been rewritten (thanks for the prodding MLatCC) and it fixes some bad design limits of the older versions that were caused by time constraints and apathy. For those of you have not had the “pleasure” of restoredfsr.vbs : ...
  • Blog Post: ADAMSync + (AD Recycle Bin OR searchFlags) = "FUN"

    Hello again ADAMSyncers! Kim Nichols here again with what promises to be a fun and exciting mystery solving adventure on the joys of ADAMSync and AD Recycle Bin (ADRB) for AD LDS. The goal of this post is two-fold: Explain AD Recycle Bin for AD LDS and how to enable it Highlight an issue that...
  • Blog Post: Friday Mail Sack: Tuesday To You Edition

    Hi folks, Ned here again. It’s a long weekend here in the United States, so today I talk to you tell myself about a domain join issue one can only see in Win7/R2 or later, what USMT hard link migrations really do, how to poke LDAP in legacy PowerShell, time zone migration, and an emerging issue...
  • Blog Post: Are you backing up ADAM?

    Hi, it's Adam Conkle from the Microsoft Directory Services team. I recently encountered a disaster recovery situation with an ADAM instance where objects were accidentally deleted, and the customer required help performing the restore of those objects from backup. We ran into a major problem that I feel...
  • Blog Post: The importance of following ALL the authoritative restore steps

    Hello, David Everett here again. Recently a customer contacted Microsoft Product Support to determine why the Connect to Domain Controller option in Active Directory Users and Computers (aka: ADUC or dsa.msc) was generating an incomplete list of Domain Controllers (DCs) for one domain. Even though the...
  • Blog Post: Monthly Mail Sack: Yes, I Finally Admit It Edition

    Heya folks, Ned here again. Rather than continue the lie that this series comes out every Friday like it once did, I am taking the corporate approach and rebranding the mail sack. Maybe we’ll have the occasional Collector’s Edition versions. This week month, I answer your questions on: The semi-myth...
  • Blog Post: Restrictions for Unauthenticated RPC Clients: The group policy that punches your domain in the face

    Hi folks, Ned here again. Around six years ago we released Service Pack 1 for Windows Server 2003. Like Windows XP SP2, it was a security-focused update. It was the first major server update since the Trustworthy Computing initiative began so there were things like a bootstrapping firewall, Data Execution...
  • Blog Post: Active Directory Recycle Bin in Windows Server 2008 R2

    Ned here again. Now that the moratorium has ended, I can start talking about new features in Windows 7 and Windows Server 2008 R2. To get things rolling today, I wanted to give you a very brief introduction to the AD Recycle Bin. It's brief because we expect a lot of folks will be using this and we already...
  • Blog Post: Understanding DFSR conflict algorithms (and doing something about conflicts)

    Ned here again. I’m frequently asked to explain the DFSR conflict algorithm – i.e. what happens when files are created or modified on two servers before replication takes place. What we don’t document well is that there are actually three conflict algorithms and they all behave quite...
  • Blog Post: Hard Disk Failure Error Messages in AD Replication?

    Hi everyone, David Beach here today. Here’s a fun AD Replication error from Windows Server 2003: Sitename\DCName via RPC DC object GUID: abc12345-6789-0123-4567-890abcdefabc Last attempt @ 2011-03-15 12:15:15 failed, result 1127 (0x467): While accessing the hard disk, a disk operation failed...
  • Blog Post: Friday Mail Sack: Not Particularly Terrifying Edition

    Hiya folks, Ned here again. In today’s Mail Sack I discuss SP1, DFSR, GPP passwords, USMT, backups, AD disk configurations, and the importance of costumed pets. Boo. Win7/R2 SP1 RC in production USMT ramp up Daily DFSR health reports Recommendations for separating AD folders and...
  • Blog Post: Disk Image Backups and Multi-Master Databases (or: how to avoid early retirement)

    Hi folks, Ned here again. We published a KB a while back around the dangers of using virtualized snapshots with DFSR: Distributed File System Replication (DFSR) no longer replicates files after restoring a virtualized server's snapshot Customers have asked me some follow up questions I address...
  • Blog Post: “Lag site” or “hot site” (aka delayed replication) for Active Directory Disaster Recovery support

    Hi, Gary from Directory Services here and I’m going to talk today about the concept of “lag sites” or “hot sites” as a recovery strategy. I recently had a case where the customer asked if the replication interval for a site link could be set higher than 10,080 minutes (7...
  • Blog Post: Managing the Recycle bin with Redirected Folders with Vista or Windows 7

    Hi, Gary here, and I have been seeing a few more questions regarding the recycle bin on redirected folders . With the advent of Windows Vista there was a change in redirected folders and the support for the Recycle bin. Now each redirected folder has a Recycle Bin associated with it. Windows XP only...
  • Blog Post: Two lines that can save your AD from a crisis

    Editor's note: This is the first of very likely many "DS Quickies". "Quickies" are shorter technical blog posts that relate hopefully-useful information and concepts for you to use in administering your networks. We thought about doing these on Twitter or something, but sadly we're still too technical...
  • Blog Post: Managing RID Pool Depletion

    Hiya folks, Ned here again. When interviewing a potential support engineer at Microsoft, we usually start with a softball question like “what are the five FSMO roles?” Everyone nails that. Then we ask what each role does. Their face scrunches a bit and they get less assured. “The RID Master… hands out...
  • Blog Post: Certificate Authority disaster recovery steps when smartcard logon is required but no valid CRL can be published

    [Editor’s note: this is a reprinted post from the AD Troubleshooting Blog . If you’re not already a subscriber to that blog, you absolutely need to add it to your feed. Ingolfur is a Sr. Support Escalation Engineer in Sweden and a very smart dude - with rather odd hair - who deserves your attention....
  • Blog Post: Friday Mail Sack: Barbados Edition

    Hello world, Ned here again. I’m back to write this week’s mail sack – just in time to be gone for the next two weeks on vacation and work travel . In the meantime Jonathan and Scott will be running the show, so be sure to spam the heck out of them with whatever tickles you. This week...
  • Blog Post: New DFSR Data Restoration Script

    Hi, Ned here. Just a quick heads up - there is a new DFSR data recovery script posted below. This allows you to restore data from the ConflictAndDeleted or PreExisting folders within DFSR, primarily during disaster recovery. As always, we prefer you use your backup system to do this, as the script is...
  • Blog Post: Best practices around Active Directory Authoritative Restores in Windows Server 2003 and 2008

    It’s your guest writer Herbert Mauerer again . A very common AD disaster is an unexpected deletion or modification of objects. Unlike a bad football match or family meeting, you can prepare for that and make the crisis more bearable. In this blog, I will discuss best practices of Windows Server...