Active Directory

How can I run Active Directory management tools as another user (one with administrative privileges)? As a security best practice, it is recommended that you do not log on to your computer with administrative credentials. Running your computer as a member of the Administrators group makes the system vulnerable to Trojan horses attacks and other security…

How can I require Windows 98 clients to logon to the domain instead of pressing “cancel” at the welcome screen? By default Windows 9x doesn’t require a valid network username and password combination for a user to bypass the logon and gain access to the local machine. This functionality can be changed to require validation…

Why do Windows 2000-based clients connect only to the Domain Controller that was upgraded first in a Mixed-Mode Domain? After you upgrade the first of multiple Windows NT Server 4.0-based domain controllers to Windows 2000 or to Windows Server 2003, all of the domain‘s Windows 2000 Professional and Windows XP-based clients connect to that domain…

In some environments the company policy requires that security logs of Domain Controllers are configured to retain information X days into the past. Requiring such a setting means 2 things: You can not configure the Event Log to override events as needed (if the log reaches it’s maximal size) The log file can grow to…

Directory Update – Update your Active Directory and Global Address List (GAL) information One of the most annoying daily tasks that help desk personnel and user account administrators face each day is keeping their user’s information updated in the Active Directory. The time involved in making just a few changes a week for a small…

Can I rename my Windows 2003 Domain? Can I move Child Domains between different trees in Active Directory? Yes you can, by using the Windows Server 2003 Active Directory Domain Rename Tools. The Windows Server 2003 Active Directory Domain Rename Tools provide a secure and supported methodology to rename one or more domains (as well…

How can I forcibly transfer (seize) some or all of the FSMO Roles from one domain controller (DC) to another? Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation), as described in Understanding FSMO Roles in Active Directory. The five FSMO roles are: Schema master – Forest-wide…

What are the network setting required for a computer to join a domain? In order to be able to join a Windows 2000 or Windows Server 2003 domain you must properly configure your XP/W2K computer. Note: XP Home Edition is not designed to join domains; only workgroups. To join domains, use XP Professional version or…

One of the major headaches when dealing with Active Directory is the issues of accidental deletion of objects by un-trained or malicious people. Of course one must have the right permissions in Active Directory in order to be able to delete any object from it, but this does happen now and then. For example, you…

This is a part 2 of my MCSE and System Administrator job interview sample questions. See previous part at: Part 1 – Networking This article set is targeted at both the interviewer (who needs a pool of valid questions they can ask) and to the candidate (who wants a pool of sample questions they can…