Two lines that can save your AD from a crisis

Editor’s note:  This is the first of very likely many “DS Quickies”.  “Quickies” are shorter technical blog posts that relate hopefully-useful information and concepts for you to use in administering your networks.  We thought about doing these on Twitter or something, but sadly we’re still too technical to be bound by a 140-character limit 🙂 For those… Read more

ADAMSync + (AD Recycle Bin OR searchFlags) = "FUN"

Hello again ADAMSyncers! Kim Nichols here again with what promises to be a fun and exciting mystery solving adventure on the joys of ADAMSync and AD Recycle Bin (ADRB) for AD LDS. The goal of this post is two-fold: Explain AD Recycle Bin for AD LDS and how to enable it Highlight an issue that… Read more

Cluster and Stale Computer Accounts

Hi, Mike here again. Today, I want to write about a common administrative task that can lead to disaster: removing stale computer accounts from Active Directory. Removing stale computer accounts is simply good hygiene– it’s the brushing and flossing of Active Directory. Like tartar, computer accounts have the tendency to build up until they become… Read more

Friday Mail Sack: LeBron is not Jordan Edition

Hi folks, Ned here again. Today we discuss trusts rules around domain names, attribute uniqueness, the fattest domains we’ve ever seen, USMT data-only migrations, kicking FRS while it’s down, and a few amusing side topics. Scottie, don’t be that way. Go Mavs. Creating trusts between forests with duplicate names Enforcing sAMAccountName uniqueness The biggest domain… Read more

AD LDS Schema Files Demystified

Hi, Russell here. When installing Active Directory Lightweight Domain Services (AD LDS) instances, it is quite possible to paint oneself into a corner rather quickly. That’s because LDS comes with minimal schema definitions. To truly make LDS useful to your applications, one must have an understanding of how best to take advantage of the included… Read more

Using AD Recycle Bin to restore deleted DNS zones and their contents in Windows Server 2008 R2

Ned here again. Beginning in Windows Server 2008 R2, Active Directory supports an optional AD Recycle Bin that can be enabled forest-wide. This means that instead of requiring a System State backup and an authoritative subtree restore, a deleted DNS zone can now be recovered on the fly. However, due to how the DNS service… Read more

Best practices around Active Directory Authoritative Restores in Windows Server 2003 and 2008

It’s your guest writer Herbert Mauerer again. A very common AD disaster is an unexpected deletion or modification of objects. Unlike a bad football match or family meeting, you can prepare for that and make the crisis more bearable. In this blog, I will discuss best practices of Windows Server 2003 and 2008 forest level… Read more

The AD Recycle Bin: Understanding, Implementing, Best Practices, and Troubleshooting

Ned here again. Starting in Windows Server 2008 R2, Active Directory now implements a true recycle bin. No longer will you need an authoritative restore to recover deleted users, groups, OU’s, or other objects. Instead, it is now possible to use PowerShell commands to bring back objects with all their attributes, backlinks, group memberships, and… Read more

Active Directory Recycle Bin in Windows Server 2008 R2

Ned here again. Now that the moratorium has ended, I can start talking about new features in Windows 7 and Windows Server 2008 R2. To get things rolling today, I wanted to give you a very brief introduction to the AD Recycle Bin. It’s brief because we expect a lot of folks will be using this and… Read more