While we seldom manually do it, there may be time where one needs to do some fixes during troubleshoots of AD database file - The C:\Windows\NTDS\ntds.dit. DIT stands for Directory Information Tree. Here are some scenarios that one may see:
Common question (Which doesn't need NTDSutil tool): How do you undefined the AD domain password policy i.e. Maximum password length, Minimum password age, Enforce password history? Set the threshold to 0 for each of these i.e. Maximum password length, Minimum password age, Enforce password history undefines them.
Ken Sim, Technical Evangelist, Microsoft Corporation, MCT
Thank you for la info Ken. Very useful
Thank you Alfredo, I love to share knowledge to the IT community, thank you man!
Really its very userful tips for AD Administrators.
Very informative article. Thank you Kim.
Please add 2003 server, it is the last server version that requires DSRM login other than server 2000. THANKS FOR VERY INFORMATIVE ARTICLE. Thanks again Ken.