Active Directory

How can I change the Recovery Console Administrator password on a Domain Controller? When you promote a Windows 2000 Server-based computer to a domain controller, you are prompted to type a Directory Service Restore Mode Administrator password. This password is also used by Recovery Console, and is separate from the Administrator password that is stored…

Background By default, anonymous LDAP operations, except rootDSE searches and binds, are not permitted on Windows 2003 domain controllers. This means that when trying to perform unauthenticated search in Active Directory, you can query for attributes of the RootDSE object only – any other query will result in domain controller requesting authenticated bind to LDAP…

For a planned Active Directory, how can I predict how much memory will my new Domain Controllers require, and how many of them I need? The Active Directory service Sizer tool lets you estimate the hardware required for deploying Active Directory in an organization based on the organization’s profile, domain information and site topology. Based…

How does Ntdsutil.exe know it’s in Directory Restore mode? NTDSUTIL is a tool used for many Active Directory database maintenance tasks, such as defragmenting the DB, moving the DB and/or log files to a different place, cleaning the DB and more. NTDSUTIL will allow you to perform many of it’s functions while the DC is…

How do I defragment the Active Directory to make it smaller in size? The size of NTDS.DIT will often be different sizes across the domain controllers in a domain. Remember that Active Directory is a multi-master independent model where updates are occurring in each of the domain controllers with the changes being replicated over time…

When migrating to Windows 2000 Active Directory Services, many organizations choose the path of restructuring rather than upgrading. This involves building a pristine Windows 2000 ADS environment and then adding the organization’s users, groups, and computer accounts rather than upgrading a Windows NT4 domain. Of course, with a clean ADS domain structure, you still have…

How can I easily perform management operations in AD from a customized Taskpad? As your AD infrastructure grows, and the number of objects within it constantly changes, you might find that managing the growing number of users, groups and computers is becoming more than a headache. Fortunately for us, one of Active Directory’s best features…

How do I change the intrasite replication interval in Windows 2000 for domain information? Active Directory intrasite replication for naming context data doesn’t occur until 5 minutes after a change. When you make a change to the naming context (i.e., domain) data, the DC’s local copy of Active Directory (AD) records the change, then the…

Welcome to the world of knowledge! Archive – Q3-Q4 – 2005 [menus/archive_q3_q4_2005.htm] See Site News for more new and updated articles. Tell me what you think Did my site help you? Do you think you have anything to add or to comment on the information provided here? Please drop me a line or two and…

This article deals with the mechanism of deploying and verifying GPO deployment. It will not deal in the GPO itself and the settings inside it (these settings and configurations will be discussed in different articles). Note that this article was written and contributed to the site by Amir Meron. Group Policy is a one of…