Guidelines for raising domain and forest functional levels

Guidelines for raising domain and forest functional levels The following guidelines apply to raising the domain or forest functional levels: You must be a member of the Domain Admins group to raise the domain functional level. You must be a member of the Enterprise Admins group to raise the forest functional level. You can raise… Read More »

Functional Levels In Active Directory

Understanding Active Directory Domain Services Functional Levels Functional levels determine the available Active Directory Domain Services (AD DS) domain or forest capabilities. They also determine which Windows Server operating systems you can run on domain controllers in the domain or forest. However, functional levels do not affect which operating systems you can run on workstations and member servers… Read More »

Understanding Group Policy for Beginners

Overview of Group Policy Group Policy is simply the easiest way to reach out and configure computer and user settings on networks based on Active Directory Domain Services (AD DS). If your business is not using Group Policy, you are missing a huge opportunity to reduce costs, control configurations, keep users productive and happy, and… Read More »

Symptoms when secure channel is broken

Symptoms when secure channel is broken The secure channel is used to validate the member servers or workstations membership in the domain, based upon its hashed password. This discrete communication channel helps provide a more secure communication path between the domain controller and the member servers or workstations.  It can also be used to change… Read More »

Secure Channel in Active Directory

Secure Channel in Active Directory Channel is a way of communicating with people or getting something done. Considering that communication can be a public process, a question will pop up that how can I secure my communication? That’s where the word secure comes into play. A combination of these two words will result in a… Read More »

Phantoms tombstones and the infrastructure master

Phantoms Tombstones and the Infrastructure Master Phantom objects are low-level database objects that Active Directory uses for internal management operations. Two common instances of phantom objects are as follows: An object that has been deleted. The tombstone lifetime has passed, but references to the object are still present in the directory database. A domain local… Read More »

Infrastructure Master and Global Catalog

Why global catalog server will not be on the same infrastructure master role dc? As a general rule, the infrastructure master should be located on a nonglobal catalog server that has a direct connection object to some global catalog in the forest, preferably in the same Active Directory site. Because the global catalog server holds… Read More »

AD Replication failed with The destination server is currently rejecting replication requests

AD Replication failed with The destination server is currently rejecting replication requests Also receive error “The source server is currently rejecting replication requests. This operation will not continue” in windows server 2008/2003 and Active Directory replication stopped working, possibly the inbound and outbound replication been disabled on the domain controller. Use the below repadmin command… Read More »

AD Replication failed with Error Target principal name is incorrect

Active Directory Replication Getting Failed with Error Target principal name is incorrect If you have issue with the computer account of the domain controller, then you may receive target principal name is incorrect or access denied error while the time of replication. To check the computer account run the below command from affected domain controller… Read More »

Global Catalog Really Needed for User Logon

Global Catalog Really Needed for User Logon I’ve read a lot of materials that when explaining global catalogs, emphasize that a global catalog must be available for a user to logon to the domain. I’ve seen a lot of these materials also state that even if another domain controller is available, as long as a… Read More »