DNS secondary zone
Secondary zones are not authoritative for a zone and are a read only copy. Secondary DNS zones depend on transferring the data for the zone from another DNS server. Powershell cmdlet to …
intensely inquisitive about all things networking
Secondary zones are not authoritative for a zone and are a read only copy. Secondary DNS zones depend on transferring the data for the zone from another DNS server. Powershell cmdlet to …
A Primary DNS zone is required for DNS name resolution and is both the authoritative for the zone and the primary point of contact for the zone. A secondary zone …
A NPS can be configured as a proxy server, forwarding request for radius authentication to other RADIUS servers. To forward request to other RADIUS server, under Connection Request Policy. Open …
NPS performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VPN) connections. When you use NPS as a RADIUS server, you configure …
A diagnose command can be used to view more information about geography based addressing. The command displays country and address information for the countries that have been added to firewall …
The default domain policy has three account lockout policy settings. Account lockout threshold Sets the number of time a password can be entered in wrong before the account will be …
There are five Kerberos policy settings that are part of the Default Domain policy Enfore user logon restrictions Enabled by default, causes the Key Distribution Center (KDC) to validate every …
The ability to reset user passwords can be delegated to other users. To do this: In Active Directory Users and Computer Select the OU from which to delegate control Right …
Local user password policy can be for the local machine by either going to the Local security policy or adding a GPO to the OU that the devise is in. …
Password Settings Objects (PSOs) other wise know as fine-grained password policies can be used to set different restrictions for password and account lockout policies to different sets of users in a domain. …
The Default Domain Policy’s password settings apply to all users in the domain except when a specific Password Settings Object has been applied. The default password policy can be modified …
Active Directory Recycle Bin can be used to recover deleted AD Objects, to be able to do this it first needs to be enabled. Active Directory Recycle Bin requires a Forest …
There are two types of Active Directory restore, an authoritative and non-authoritative. An authoritative restore is where the restored database is marked as authoritative for the domain, by increasing the …
To restore an object in Active Directory ldp.exe or the powershell ADObjects cmdlets can be used. ldp.exe From an elevated command prompt, type ldp.exe Click on Connection > Connect and …
Windows 2012 allow for snapshots of Active Directory to be take, this uses the Volume Shadow Copy (VSS) and is for creating a historical capture of AD at a certain …
Active Directory database can be optimised by defragmenting it. Active Directory normally does an online defragmentation but doing an offline one can recover space in the database. The tool used …
Active Directory can be brought offline in a couple of ways. The traditional was is to boot into Directory Services Restore Mode (DSRM), which is a safe mode boot option …
Windows standard server backup utility and also the backup command line tools can be used to backup Active Directory and SYSVOL. Active Directory database and associated log files are stored …
Service Principal Name is a unique identifier of a service instance and is used by Kerberos Authentication to link a service instance with a service logon account. SPNs have the …
Virtualized Domain Controllers can be cloned though copying of the VHD(x) is not supported. The cloning process must be followed to ensure domain and data integrity are kept. The following …
There are five flexible single master operations in windows domains that reside on only one domain controller. These are: Schema master This is responsible for updates to the Active Directory schema …
Kerberos Delegation allows for a front-end server to a access back-end resources by allowing a Kerberos ticket to be created for another service on the originating user’s behalf. Kerberos Delegation …
Windows 2012 introducted Group Managed Service Accounts (gMSA), it allows for stand-alone MSA accounts to be used across multiple computers. gMSA can be used for schedule task, IIS application pools, …
Managed Service Accounts (MSA) are Active Directory accounts that the password is managed and changed automatically every 30 days. This over comes that issue of service accounts that have passwords …