The ADUC Structure After the First DC Deployment
You promote your first domain controller, log in, open Active Directory Users and Computers for the first time, and stare at a small tree of folders. Some are familiar —…
Systems Admin
Windows Server, Active Directory, and on-prem infrastructure
FSMO Roles in Active Directory: The 5 Roles and What Happens If One Dies
Active Directory replicates almost everything in a multi-master model — create a user on DC2 and a few seconds later that object exists on DC1, DC3, and every other DC…
Prestaging Computer Accounts in Active Directory
Most admins reach for Active Directory Users and Computers the moment someone joins the team — new user, new account, no question. Bringing a new computer into the domain feels…
Understanding Local Groups in Computer Management
Open compmgmt.msc on any Windows server or workstation, expand Local Users and Groups, click Groups, and you see roughly 20 built-in local groups staring back at you. Each one bundles…
Understanding NTFS Advanced Permissions
Click the Advanced button on any folder’s Security tab and you land in a different world. The everyday permissions — Full Control, Modify, Read & Execute, Write — vanish, replaced…
Windows File Permissions: Share vs NTFS Stacking
Every Windows admin runs into the same question on a file server: “I gave the user Full Control on the Security tab — why can’t they delete the file?” The…
The Five Golden Rules of Permissions Design
Every NTFS share, Active Directory OU, and file server eventually inherits the same mess: hundreds of access control entries that nobody can untangle, granted to people who left two years…
Perform an Authoritative Restore of Active Directory Objects
This is the hands-on authoritative restore walkthrough — the procedure Part 5 set up conceptually. We simulate a real disaster: an OU with users is deleted from DC01, the deletion…
Non-Authoritative vs Authoritative Restore in Active Directory
Restoring a Domain Controller has two flavours. They use the same backup, the same DSRM boot path, the same wbadmin command — but a single decision afterward changes the entire…
Bare Metal Restore: The Full Procedure
The disaster: someone deleted the entire VM. Or the OS volume corrupted. Or a ransomware event encrypted the host. The procedure now is to bare-metal restore from the backup we…
Bare Metal Backup Test on a VM (Prove the Backup Actually Restores)
An untested backup is not a backup. This post is the test. We’ll create a bare-metal backup of a disposable lab VM — not just system state, but the full…
Schedule Automatic Backup in Windows Server 2022
Manual backups are practice. Scheduled backups are what actually saves you when a DC dies at 3 AM. Part 1 covered the one-shot system state backup; this post automates the…