Active Directory - Power Sysadmin Blog

How to Rename a Domain Controller in Active Directory?

If you try to rename an Active Directory domain controller the way you rename domain member computers/servers (by using the sysdm.cpl console or the Rename-Computer PowerShell cmdlet)), a warning will appear:

Domain controllers cannot be moved from one domain to another, they must first be demoted. Renaming this domain controller may cause it to become temporarily unavailable to users and computers. For information on renaming domain controllers, including alternate renaming methods, see Renaming a Domain Controller (http://go.microsoft.com/fwlink/?LinkID=177447). To continue renaming this domain controller, click OK.

Continue reading “How to Rename a Domain Controller in Active Directory?”

Domain Controller Crashes on Boot with Stop Code 0xc00002e2

After an emergency shutdown of a physical server with an Active Directory domain controller role, the BSOD with an error stop code 0x00002e2 appears on boot. The error points out that the Active Directory database (NTDS.DIT) is damaged. In this article, we will figure out how to fix the ntds.dit file and start a domain controller (in our case, it is a server running Windows Server 2019).

Continue reading “Domain Controller Crashes on Boot with Stop Code 0xc00002e2”

Configure LDAP (Active Directory) Authentication in Grafana

By default, Grafana allows you to sign in only with local user accounts. But you can use an LDAP database (Active Directory or FreeIPA) to authenticate users in Grafana.

Continue reading “Configure LDAP (Active Directory) Authentication in Grafana”

Disable Local Accounts in Windows via GPO

Best security practices for Windows domain networks recommend disabling local user accounts on computers and servers in the Active Directory domain. Local accounts with administrator permissions on computers can be a weak part of your domain’s security. You can use tools like LAPS (Local Administrator Password Solution) to set unique, complex administrator passwords, or you can completely disable local administrator (and/or user) accounts using AD Group Policies.

Continue reading “Disable Local Accounts in Windows via GPO”

Joining CentOS/RHEL/Rocky Linux to Active Directory (AD) Domain

In this article, we will show you how to join servers or workstations running CentOS 8, RHEL, or Rocky Linux to an Active Directory domain using realmd, and how to authenticate to a Linux host using an Active Directory account. The Realmd (Realm Discovery) service makes discovering and adding Linux hosts to an AD domain much easier. Realmd uses SSSD (via Kerberos and LDAP) or Winbind to verify and authenticate Active Directory accounts.

Continue reading “Joining CentOS/RHEL/Rocky Linux to Active Directory (AD) Domain”

VMware ESXi: Can’t Join Active Directory Domain

Sometimes I run into various problems when jpining VMware ESXi hosts to an Active Directory domain. In this article, I have described typical steps to solve this problem.

Continue reading “VMware ESXi: Can’t Join Active Directory Domain”

Azure AD Connect Password sync: no recent synchronization

In this article, we will look at the issue of syncing passwords from on-premises Active Directory to Azure via Azure AD Connect.

Continue reading “Azure AD Connect Password sync: no recent synchronization”

Change the Default Logon Domain Name in Windows

After you have joined the Windows device to an Active Directory domain, the login screen will automatically display the logon domain name. This logon domain name appears below the username and password fields.
Continue reading “Change the Default Logon Domain Name in Windows”

Protecting Active Directory OUs from Accidental Deletion

Active Directory has a special feature to protect against accidental deletion of directory objects (Organizational Units, users, groups, etc.). By default, the “Protect object from accidental deletion” option is enabled when creating new OUs.

Continue reading “Protecting Active Directory OUs from Accidental Deletion”