Trust relationships between AD domains allow users from one domain to authenticate to another domain. Trusting relationships are most often configured when merging or migrating multiple organizations.
Continue reading “Create Trust Relationship Between Active Directory Forests”
Active Directory Certificate Services (AD CS) allows you to deploy your own PKI infrastructure on a domain network and use it to issue and manage certificates. In this article, we will look at a typical Certification Authority (CA) deployment scenario: installing a root CA and subordinate enterprise AD CS on two Windows Server hosts, and configuring Group Policy to issue certificates in a domain.
Continue reading “Install Active Directory Certification Authority (ADCS) on Windows Server”
The Active Directory Recycle Bin allows a domain administrator to restore any deleted object (user, computer, security group) in the AD domain. AD Recycle Bin is available in all versions of Active Directory starting with Windows Server 2008 R2. In this article, we will show how to enable the Active Directory Recycle Bin and restore a deleted user.
Continue reading “Active Directory Recycle Bin: How to Enable and Restore Delete Objects”
Best security practices for Windows domain networks recommend disabling local user accounts on computers and servers in an Active Directory domain. Local users who have administrative permissions on a computer can be a weak point in the security of your network. You can use tools such as Windows LAPS (Local Administrator Password Solution) to set unique, complex passwords for local administrators, or you can use AD Group Policies to completely disable local administrator and user accounts.
Continue reading “Disable Local User Accounts in Windows with GPO and PowerShell”
A number of errors can occur when you try to join a Windows machine to an Active Directory domain. Most of them are fairly typical and can be fixed quite easily, as the cause of the problem is shown right there in the error window.
Continue reading “Fix: Unable to Join Computer to Active Directory Domain”
In this article, we will look at how to solve the problem of syncing passwords from on-premises Active Directory to Azure via Azure AD Connect.
Continue reading “Fixing Azure AD Connect Password Sync Issues”
If you try to rename an Active Directory domain controller the way you rename domain member computers/servers (by using the sysdm.cpl console or the Rename-Computer PowerShell cmdlet)), a warning will appear:
Domain controllers cannot be moved from one domain to another, they must first be demoted. Renaming this domain controller may cause it to become temporarily unavailable to users and computers. For information on renaming domain controllers, including alternate renaming methods, see Renaming a Domain Controller (http://go.microsoft.com/fwlink/?LinkID=177447). To continue renaming this domain controller, click OK.
Continue reading “How to Rename a Domain Controller in Active Directory?”
After an emergency shutdown of a physical server with an Active Directory domain controller role, the BSOD with an error stop code 0x00002e2 appears on boot. The error points out that the Active Directory database (NTDS.DIT) is damaged. In this article, we will figure out how to fix the ntds.dit file and start a domain controller (in our case, it is a server running Windows Server 2019).
Continue reading “Domain Controller Crashes on Boot with Stop Code 0xc00002e2”
By default, Grafana allows you to sign in only with local user accounts. But you can use an LDAP database (Active Directory or FreeIPA) to authenticate users in Grafana.
Continue reading “Configure LDAP (Active Directory) Authentication in Grafana”
In this article, we will show you how to join servers or workstations running CentOS 8, RHEL, or Rocky Linux to an Active Directory domain using realmd, and how to authenticate to a Linux host using an Active Directory account. The Realmd (Realm Discovery) service makes discovering and adding Linux hosts to an AD domain much easier. Realmd uses SSSD (via Kerberos and LDAP) or Winbind to verify and authenticate Active Directory accounts.
Continue reading “Joining CentOS/RHEL/Rocky Linux to Active Directory (AD) Domain”
