Active Directory (AD)

When trying to join a computer to an Active Directory domain, you may sometimes encounter the “an Active Directory Domain Controller could not be contacted” error. In this post, I’ll explain the different DNS and IP settings you can check to fix this error and finally join your computer to a domain. How can you…

Microsoft has announced the public preview of a new custom claims provider feature for Azure Active Directory (Azure AD). The custom extension allows organizations to call an API and map custom claims into the security token during the authentication process. The custom extensions feature enables Azure Active Directory (Azure AD) users to interact with external…

Multi-Factor Authentication (MFA) has become important for user security within Active Directory environments. By implementing additional verification steps, MFA makes it more difficult for adversaries to gain unauthorized access and it is essential for any organization aiming to secure its Active Directory infrastructure. However, despite investing heavily on MFA to stop cyberattacks, top research reports…

How do you add a new domain controller (DC) to your existing Active Directory (AD) domain? In this post, I will show you how to quickly add a new DC to AD. This article applies to: Windows Server 2025, Windows Server 2019, Windows Server 2022, and Windows Server 2016 Check the domain and forest functional…

In this guide, I’ll show you how to add a new forest to your existing Active Directory environment. There may be compliance or security requirements dictating you add a new forest. This article applies to: Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025. However, just a note, you can add…

In this guide I’ll show you how to add a child domain to an existing forest. If you have, for example, contoso.com as your single Active Directory forest domain, you may want to add some logical separation. You can add a child domain, corp.contoso.com, to your forest during the DC promotion wizard. This article applies…

You are woken by a call at 7am to find out your Active Directory (AD) infrastructure has been hit by ransomware. The helpdesk is overwhelmed by calls from users who can’t log in and management is already demanding to know how long it will take to restore. You break into a cold sweat realizing IT…

Microsoft has recently raised concerns about the increasing threat of a sophisticated attack method known as Kerberoasting. In response, the company has outlined the attack’s methodology, associated risks, and key strategies to help organizations defend against these cyber threats. What is Kerberoasting and how does it work? Kerberoasting is a cyberattack technique that compromises the…

In this article, I’m going to show you how to check which domain controllers (DC) hold the FSMO roles in Active Directory (AD). FSMO roles are assigned to specific domain controllers and are designed to prevent conflicts once data is replicated. You can also quickly transfer FSMO and seize FSMO roles using PowerShell. How to…

FSMO roles are a crucial piece in Active Directory functionality. Learn about their purpose, types, and how they work together in this guide. Windows Server Active Directory multi-master model A multi-master enabled database, such as Active Directory, provides the flexibility of allowing changes to occur at any domain controller (DC) in the enterprise, but it…

How can I forcibly seize FSMO Roles from one domain controller (DC) to another? Windows Server Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation). The five FSMO roles are: Seize FSMO roles using PowerShell You can seize FSMO roles using the PowerShell Move-ADDirectoryServerOperationMasterRole cmdlet. The syntax for the…

In this article, you will learn how to transfer FSMO roles in Active Directory quickly using the command lines tools and GUI. Windows Server Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation). In most cases an administrator can keep the FSMO role holders (all 5 of them) in…