Hardware dies, it always has and it always will eventually.  And if you ever had a Windows 2000/2003 domain controller die on you, you’ve no doubt gone through the painless but time consuming process of removing a failed DC.  I wrote an article on it a few years ago and while you might be planning to migrate your DCs to 2008, or already ...

As with each edition of Windows Server, the 2008 release also includes some new additions.  In order to take advantage of some of these new features you need to upgrade your Active Directory Forest and Domain functional levels.  You can read about the Windows 2000/2003 domain and forest functional levels as a refresher if you like, but ...

Here at the LazyAdmin we have talked quite a bit about using BitLocker with Windows Vista. With the introduction of Server 2008 you can now also leverage Bitlocker with your 2008 servers. This is particularly attractive when deploying Read Only Domain Controllers (RODC) to remote locations where physical security is questionable. One BitLocker ...

We have talked about enabling BitLocker Active Directory integration in a previous post now we will take a look at prepping your domain to implement this integration.  To take advantage of the several of the more compelling feature such as RODCs and Windows 2008 domain controllers we first need to extend the AD schema in our current ...

One of the nice things with RODCs is the ability to control cached credentials.  You can also pre-populate passwords for specific users, like a branch office user, in case the branch office connection goes down but this can be a security concern if that server gets stolen.  Server 2008 has a nice way of handling this so you can sleep ...

The next video in our Server Core series is going to cover making our demo server into a RODC or Read-Only Domain Controller.  One pre-requisite for a RODC is an existing Windows 2008 based DC in the domain.  You also need to run adprep /rodcprep before you can add the RODC.  Other than that it is pretty straight-forward but without ...

A while back we did a short series on ADMT. Today, TLA reader Dan Dill, goes further into ADMT with this article on setting up a password migration server for ADMT. The password migration server is a component that will help you to migrate passwords when performing active directory migrations. Once you have your new domain and ADMT setup the ...

So we know how x64 can benefit Exchange 2007 and Terminal Services, but what about one of the most common parts of a Windows network, Active Directory? Similar to the limitations with terminal services and Exchange, AD suffers from the 2GB virtual memory limit of 32 bit OSes. The more objects in the domain the bigger the problem. With larger ...

Just about everyone knows that a Windows operating system may have only one computer name. While this is true, there is a way to add additional NetBIOS names to a Windows operating system, effectively giving the machine additional computer names or identities on the network. TLA reader Jason Boche has submitted this excellent how-to on this ...

When you create a new user or computer account in Active Directory the accounts are created in the CN=Users and CN=Computers containers by default. Although these accounts will inherit GPO's linked to the domain, it is not possible to apply Group Policy directly to these containers. There are two tools included with Windows Server 2003, ...

In the final part of this three part series, James takes us through the steps required to complete the Exchange Server 2003 portion of the domain rename. Once your domain controllers are back up, let's work on exchange to make it work with the renamed domain. You will need to install the XDR-FIXUP tool (see the link at the end of this article). ...

In part two of this three part series, author James Rudley takes us through the actual renaming process. Part one covered the setup of the tools and part three will cover the Exchange Server 2003 portion. Rendom will translate this file into a sequence of directory update instructions that will be executed individually and remotely on each DC in ...

Renaming a domain has been made easier in Windows Server 2003 domains, however it is no walk in the park. James Rudley (forum member saint) recently went through the process and documented it to be posted here. It is a three part article and if you are interested in the domain rename option read on! Part 1 covers the setup. By no means is this ...

Any administrator knows the importance of backups. Backing up GPOs is a good practice to get into before making any changes and Group Policy Management Console (GPMC) makes it easier than ever! To backup the GPO from within GPMC, drill down to the Group Policy Objects node and expand it. You will see a list of all the GPOs you have created, ...

Modifying user attributes in AD can be time consuming when you have a large number of users to edit. You can use VBS to speed the process, and Windows 2003 domains have some ability to mass edit AD users. ADModify is a free tool that allows you to mass edit users in Windows 2000 and 2003 domains. ADModify is a stand-alone tool that requires no ...