How to Rename a Domain Controller in Active Directory?

If you try to rename an Active Directory domain controller the way you rename domain member computers/servers (by using the sysdm.cpl console or the Rename-Computer PowerShell cmdlet)), a warning will appear:

Domain controllers cannot be moved from one domain to another, they must first be demoted. Renaming this domain controller may cause it to become temporarily unavailable to users and computers. For information on renaming domain controllers, including alternate renaming methods, see Renaming a Domain Controller (http://go.microsoft.com/fwlink/?LinkID=177447). To continue renaming this domain controller, click OK.

Continue reading “How to Rename a Domain Controller in Active Directory?”

Domain Controller Crashes on Boot with Stop Code 0xc00002e2

After an emergency shutdown of a physical server with an Active Directory domain controller role, the BSOD with an error stop code 0x00002e2 appears on boot. The error points out that the Active Directory database (NTDS.DIT) is damaged. In this article, we will figure out how to fix the ntds.dit file and start a domain controller (in our case, it is a server running Windows Server 2019).

Continue reading “Domain Controller Crashes on Boot with Stop Code 0xc00002e2”

Disable Local Accounts in Windows via GPO

Best security practices for Windows domain networks recommend disabling local user accounts on computers and servers in the Active Directory domain. Local accounts with administrator permissions on computers can be a weak part of your domain’s security. You can use tools like LAPS (Local Administrator Password Solution) to set unique, complex administrator passwords, or you can completely disable local administrator (and/or user) accounts using AD Group Policies.

Continue reading “Disable Local Accounts in Windows via GPO”

Joining CentOS/RHEL/Rocky Linux to Active Directory (AD) Domain

In this article, we will show you how to join servers or workstations running CentOS 8, RHEL, or Rocky Linux to an Active Directory domain using realmd, and how to authenticate to a Linux host using an Active Directory account. The Realmd (Realm Discovery) service makes discovering and adding Linux hosts to an AD domain much easier. Realmd uses SSSD (via Kerberos and LDAP) or Winbind to verify and authenticate Active Directory accounts.

Continue reading “Joining CentOS/RHEL/Rocky Linux to Active Directory (AD) Domain”

Protecting Active Directory OUs from Accidental Deletion

Active Directory has a special feature to protect against accidental deletion of directory objects (Organizational Units, users, groups, etc.). By default, the “Protect object from accidental deletion” option is enabled when creating new OUs.

Continue reading “Protecting Active Directory OUs from Accidental Deletion”