Active Directory | Blog Bujarra.com

Using Microsoft IT Environment Health Scanner to diagnose our Active Directory

Today we see a utility called Microsoft IT Environment Health Scanner, it will help us to diagnose our Microsoft environment, at the Active Directory level. First we will install it and see the number of tests it performs, indicating the status of them. In addition, if we have any problem, it will propose a document from the KB of the Microsoft Support website. It's important, as it can serve as support before making any migration or major change, knowing the state of everything.

New Windows 2008 R2: Offline domain join

Otra de las novedades que trae Windows 2008 R2, es la posibilidad de unirnos a un dominio sin conexión, This is, no tenemos por qué tener conectividad entre el equipo y el controlador de dominio para poder unirnos y no tener que generar tráfico entre ambos equipos. Esto es ideal para cuando desplegamos equipos en grandes cantidades o los mandamos a nuestras delegaciones preparados para ser arrancados (generados a partir de imágenes), para no tener que unirles en dominio desde ahí y mediante AIK unirles al dominio mediante un archivo de respuesta (For example).

Using PowerGUI and its PowerPacks

PowerGUI is one of the best free tools, especially for those of us who work with PowerShell environments and still do not feel comfortable, it is a graphic tool that allows us to create, edit, import, export our Windows PowerShell-based scripts. In this document we will see how to install it that has nothing and how we can organize our scripts, as well as being able to see how to use scripts for VMware, Exchange, Active Directory, SQL, Routers, communications, Internet, Systems Center, Operations Manager, Xen, Hyper-V, Citrix, Skype, Reporting, Twitter … everything that relies on PowerShell.

Enabling the Recycle Bin in Windows Active Directory 2008 R2

Windows Server 2008 R2 brings an improvement at the Active Directory level, Finally it will let us recover a deleted element without losing its settings, has introduced the Recycle Bin or 'Recycle Bin Feature' feature. In this document, We'll see how to enable it, since by default it is not enabled or activated if we come from an Active Directory prior to Windows 2008 R2.

Preparing Active Directory for Windows 2008 R2

Requirement to be met before promoting an additional domain controller in our domain. We must prepare our active directory using the ADPREP utility that we will have on the Windows Server CD/DVD 2008 R2 to prepare each domain, The forest, Group Policies and if we are interested in having RODC (Read Only Domain Controller).

Preparing Active Directory for Exchange Server 2010

In this document we will see the commands that we have to execute to prepare our Active Directory and be able to host a Microsoft Exchange Server 2010, whether for a new installation or migration, we will also look at the requirements at the Active Directory level.

Renaming a domain in Windows Server 2008

Well, I hope this never touches you, or at least in a complex organization, In the document we will see what are the steps for a correct renaming of our domain. We will rely on Microsoft's utility called RENDOM.EXE; We will have to take into account certain prerequisites to perform the migration, as well as:

Taking Active Directory Snapshots on Windows Server 2008

Well, the other day I saw this in an official Microsoft doc and it had to be tested. It refers to being able to take snapshots of our Active Directory, for the simple fact of taking it to another computer and performing some tests with LDAP tools for example, or to see how our Active Directory was doing at any given time, in case we have to do an authoritative AD restore and we don't know what an object or container is called (HTTP://www.bujarra.com/?p=1593), or to use with ADrestore to find out what a Tombstone is called (HTTP://www.bujarra.com/?p=1567)… In any case, it is not advisable to have many snapshots that are not going to be used due to loss of performance.

Doing an Authoritative Restore of Active Directory on Windows Server 2008

Well, ahora veremos una pequeña diferencia con el otro tipo de restauración, esta es una restauración autoritativa. Para realizar esta restauración es obligatorio haber realizado antes una restauración no autoritativa (HTTP://www.bujarra.com/?p=1582). Con esta restauración lo que realizamos es una replicación de los objetos que acabamos de restaurar a los otros controladores de dominio, indicando que ‘nuestro’ Directorio Activo es el origen de la réplica. Para realizar está restauración, no debemos reiniciar el servidor DC tras la restauración no autoritativa.

Doing a non-authoritative restore of Active Directory on Windows Server 2008

GOOD, In this document we will see how we can restore our Active Directory backup in case we need it to recover from a catastrophe. To do this,, We will need a backup of the system state (HTTP://www.bujarra.com/?p=1574) or a full copy of the server. This is called performing a non-authoritative restore of Active Directory, since we will not indicate which objects we want it to forcibly replicate to the other domain controllers.