Best security practices for Windows domain networks recommend disabling local user accounts on computers and servers in an Active Directory domain. Local users who have administrative permissions on a computer can be a weak point in the security of your network. You can use tools such as Windows LAPS (Local Administrator Password Solution) to set unique, complex passwords for local administrators, or you can use AD Group Policies to completely disable local administrator and user accounts.
A number of errors can occur when you try to join a Windows machine to an Active Directory domain. Most of them are fairly typical and can be fixed quite easily, as the cause of the problem is shown right there in the error window.
In this article, we will look at how to solve the problem of syncing passwords from on-premises Active Directory to Azure via Azure AD Connect.
If you try to rename an Active Directory domain controller the way you rename domain member computers/servers (by using the
sysdm.cpl console or the
Rename-Computer PowerShell cmdlet)), a warning will appear:
Domain controllers cannot be moved from one domain to another, they must first be demoted. Renaming this domain controller may cause it to become temporarily unavailable to users and computers. For information on renaming domain controllers, including alternate renaming methods, see Renaming a Domain Controller (http://go.microsoft.com/fwlink/?LinkID=177447). To continue renaming this domain controller, click OK.
After an emergency shutdown of a physical server with an Active Directory domain controller role, the BSOD with an error stop code 0x00002e2 appears on boot. The error points out that the Active Directory database (NTDS.DIT) is damaged. In this article, we will figure out how to fix the ntds.dit file and start a domain controller (in our case, it is a server running Windows Server 2019).
By default, Grafana allows you to sign in only with local user accounts. But you can use an LDAP database (Active Directory or FreeIPA) to authenticate users in Grafana.
In this article, we will show you how to join servers or workstations running CentOS 8, RHEL, or Rocky Linux to an Active Directory domain using realmd, and how to authenticate to a Linux host using an Active Directory account. The Realmd (Realm Discovery) service makes discovering and adding Linux hosts to an AD domain much easier. Realmd uses SSSD (via Kerberos and LDAP) or Winbind to verify and authenticate Active Directory accounts.
Sometimes I run into various problems when jpining VMware ESXi hosts to an Active Directory domain. In this article, I have described typical steps to solve this problem.
After you have joined the Windows device to an Active Directory domain, the login screen will automatically display the logon domain name. This logon domain name appears below the username and password fields.
Continue reading “Change the Default Logon Domain Name in Windows”
Active Directory has a special feature to protect against accidental deletion of directory objects (Organizational Units, users, groups, etc.). By default, the “Protect object from accidental deletion” option is enabled when creating new OUs.