Disable Local User Accounts in Windows with GPO and PowerShell

Best security practices for Windows domain networks recommend disabling local user accounts on computers and servers in an Active Directory domain. Local users who have administrative permissions on a computer can be a weak point in the security of your network. You can use tools such as Windows LAPS (Local Administrator Password Solution) to set unique, complex passwords for local administrators, or you can use AD Group Policies to completely disable local administrator and user accounts.

Continue reading “Disable Local User Accounts in Windows with GPO and PowerShell”

Fix: Unable to Join Computer to Active Directory Domain

A number of errors can occur when you try to join a Windows machine to an Active Directory domain. Most of them are fairly typical and can be fixed quite easily, as the cause of the problem is shown right there in the error window.

Continue reading “Fix: Unable to Join Computer to Active Directory Domain”

How to Rename a Domain Controller in Active Directory?

If you try to rename an Active Directory domain controller the way you rename domain member computers/servers (by using the sysdm.cpl console or the Rename-Computer PowerShell cmdlet)), a warning will appear:

Domain controllers cannot be moved from one domain to another, they must first be demoted. Renaming this domain controller may cause it to become temporarily unavailable to users and computers. For information on renaming domain controllers, including alternate renaming methods, see Renaming a Domain Controller (http://go.microsoft.com/fwlink/?LinkID=177447). To continue renaming this domain controller, click OK.

Continue reading “How to Rename a Domain Controller in Active Directory?”

Domain Controller Crashes on Boot with Stop Code 0xc00002e2

After an emergency shutdown of a physical server with an Active Directory domain controller role, the BSOD with an error stop code 0x00002e2 appears on boot. The error points out that the Active Directory database (NTDS.DIT) is damaged. In this article, we will figure out how to fix the ntds.dit file and start a domain controller (in our case, it is a server running Windows Server 2019).

Continue reading “Domain Controller Crashes on Boot with Stop Code 0xc00002e2”

Joining CentOS/RHEL/Rocky Linux to Active Directory (AD) Domain

In this article, we will show you how to join servers or workstations running CentOS 8, RHEL, or Rocky Linux to an Active Directory domain using realmd, and how to authenticate to a Linux host using an Active Directory account. The Realmd (Realm Discovery) service makes discovering and adding Linux hosts to an AD domain much easier. Realmd uses SSSD (via Kerberos and LDAP) or Winbind to verify and authenticate Active Directory accounts.

Continue reading “Joining CentOS/RHEL/Rocky Linux to Active Directory (AD) Domain”

Protecting Active Directory OUs from Accidental Deletion

Active Directory has a special feature to protect against accidental deletion of directory objects (Organizational Units, users, groups, etc.). By default, the “Protect object from accidental deletion” option is enabled when creating new OUs.

Continue reading “Protecting Active Directory OUs from Accidental Deletion”