DNS secondary zone

Secondary zones are not authoritative for a zone and are a read only copy. Secondary DNS zones depend on transferring the data for the zone from another DNS server. Powershell cmdlet to …

DNS primary zones

A Primary DNS zone is required for DNS name resolution and is both the authoritative for the zone and the primary point of contact for the zone. A secondary zone …

NPS RADIUS Proxy

A NPS can be configured as a proxy server, forwarding request for radius authentication to other RADIUS servers. To forward request to other RADIUS server, under Connection Request Policy. Open …

NPS Configure a RADIUS server

NPS performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VPN) connections. When you use NPS as a RADIUS server, you configure …

FortiGate Geo-Location

A diagnose command can be used to view more information about geography based addressing. The command displays country and address information for the countries that have been added to firewall …

AD account lockout policy settings

The default domain policy has three account lockout policy settings. Account lockout threshold Sets the number of time a password can be entered in wrong before the account will be …

AD Kerberos policy settings

There are five Kerberos policy settings that are part of the Default Domain policy Enfore user logon restrictions Enabled by default, causes the Key Distribution Center (KDC) to validate every  …

AD local user password policy

Local user password policy can be for the local machine by either going to the Local security policy  or adding a GPO to the OU that the devise is in. …

AD Password Settings Objects (PSOs)

Password Settings Objects (PSOs) other wise know as  fine-grained password policies can be used to set different restrictions for password and account lockout policies to different sets of users in a domain. …

AD password policy settings

The Default Domain Policy’s password settings apply to all users in the domain except when a specific Password Settings Object has been applied. The default password policy can be modified …

AD Recycle Bin

Active Directory Recycle Bin can be used to recover deleted AD Objects, to be able to do this it first needs to be enabled.  Active Directory Recycle Bin requires a Forest …

AD perform Active Directory restore

There are two types of Active Directory restore, an authoritative and non-authoritative.  An authoritative restore is where the restored database is marked as authoritative for the domain, by  increasing the …

AD optimise an Active Directory database

Active Directory database can be optimised by defragmenting it. Active Directory normally does an online defragmentation but doing an offline one can recover space in the database.  The tool used …

AD Taking Active Directory offline

Active Directory can be brought offline in a couple of ways. The traditional was is to boot into Directory Services Restore Mode (DSRM), which is a safe mode boot option …

AD Backing up AD and SYSVOL

Windows standard server backup utility and also the backup command line tools can be used to backup Active Directory and SYSVOL. Active Directory database and associated log files are stored …

AD Service Principal Names

Service Principal Name is a unique identifier of a service instance and is used by Kerberos Authentication to link a service instance with a service logon account. SPNs have the …

AD domain controller cloning

Virtualized Domain Controllers can be cloned though copying of the VHD(x) is not supported. The cloning process must be followed to ensure domain and data integrity are kept. The following …

AD Kerberos Delegation

Kerberos Delegation allows for a front-end server to a access back-end resources by allowing a Kerberos ticket to be created for another service on the originating user’s behalf. Kerberos Delegation …

AD Group Managed Service Accounts

Windows 2012 introducted Group Managed Service Accounts (gMSA), it allows for stand-alone MSA accounts to be used across multiple computers. gMSA can be used for schedule task, IIS application pools, …

AD Managed Service Accounts

Managed Service Accounts (MSA) are Active Directory accounts that the password is managed and changed automatically every 30 days. This over comes that issue of service accounts that have passwords …