Tag Archive for 'active directory'

DCPROMO demote error on Domain Controller

Published by Bret Fisher on Sep 28, 2009 in Microsoft, Solution Writeups and Tech. 2 Comments Tags: , , , , , , .

On trying to remove a old server from the directory (2003 server in a 2003 forest) I received this error

Failed to configure the service NETLOGON as requested “the wait operation timed out.”

DC demote error

The root problem was that this domain controller had a DNS entry to another domain controller that no longer existed.  It was trying to contact it but couldn’t.  Removing that entry and running dcpromo.exe again solved it.

Getting closer to the Active Directory Recycle Bin for free

Published by Bret Fisher on Nov 16, 2008 in Microsoft, Solution Writeups and Tech. 2 Comments Tags: , , , , , , , .

Active Directory

I just posted that in R2 Microsoft plans to provide a true Recycle Bin for AD objects that were deleted, but until then the best we’ve got is Windows Server 2008 Active Directory.

After hours of researching “how do AD snapshots in 2008 help me recover a deleted object(s), it’s attributes, and referring objects (i.e. groups pointing back to the deleted user)?” I was disappointed.

From what I can tell, the answer is: built in tools allow for no additional automation over 2003 AD, other than using cut and paste to restore attributes from the snapshot to live AD (after you’ve reanimated the object in live AD). 

You may be able to mount AD snapshots, and even view them with Users and Computers and other AD tools, but you really can’t DO ANYTHING with that data  So I went searching for how others were solving this. 

Here’s one of a few tools that tries to automate the process of finding the tombstoned object in your live AD, find it’s old info in a snapshot, and dumping that data back in to the reanimated object in AD:

Jorge from dirteam.com talks about it, basically describing my realization in greater detail

Active Directory in Windows 2008 R2: all the features we wanted last time

Published by Bret Fisher on Nov 15, 2008 in Microsoft and Tech. 1 Comment Tags: , , , , , , , .

We’re starting our plan for upgrading our Domain Controllers to Win2008.  A few cool features are snapshots of AD (may replace our lag sites if we can figure out how to use snapshots for item recovery) and local admins of the DC’s don’t have to be domain admins.  Our GPO replication also leaves legacy FRS technology for DFSR.  Lots of other little things are improved, but that’s the big stuff.

Honestly 2008 wasn’t that exciting for us AD fans.  No recycle bin, no PowerShell support, same old MMC w/o quick search, no native “web services” for AD… But it looks like they plan to take care of ALL that and more in Win2008 R2 (RTM 2010):

  • Whole new PowerShell-based GUI console
  • 85 PowerShell command-lets (CMDlets) for AD/LDS
  • PowerShell will use AD Web Services and WCF
  • Some of this stuff won’t work in Server Core (I’ve written off Core as a 1.0 product that should be avoided in 98% of cases.  Eventually I think Core will just be Server w/o any added features.)
  • Optional recycle bin (likely the most highly requested feature of AD in it’s 10 year life)
  • New object type for service accounts (no password policy, no interactive logon)
  • Offline domain join
  • Built-in Best Practice Analyzer (love the Exchange, ISA, and SQL BPA’s)

Here’s a breakdown from TechEd EMEA

Who Am I?

Read a little about me.
Subscribe

Twitter Updates