The ADUC Structure After the First DC Deployment
You promote your first domain controller, log in, open Active Directory Users and Computers for the first time, and stare at a small tree of folders. Some are familiar —…
Tag: Active Directory
FSMO Roles in Active Directory: The 5 Roles and What Happens If One Dies
Active Directory replicates almost everything in a multi-master model — create a user on DC2 and a few seconds later that object exists on DC1, DC3, and every other DC…
Prestaging Computer Accounts in Active Directory
Most admins reach for Active Directory Users and Computers the moment someone joins the team — new user, new account, no question. Bringing a new computer into the domain feels…
The Five Golden Rules of Permissions Design
Every NTFS share, Active Directory OU, and file server eventually inherits the same mess: hundreds of access control entries that nobody can untangle, granted to people who left two years…
Perform an Authoritative Restore of Active Directory Objects
This is the hands-on authoritative restore walkthrough — the procedure Part 5 set up conceptually. We simulate a real disaster: an OU with users is deleted from DC01, the deletion…
Non-Authoritative vs Authoritative Restore in Active Directory
Restoring a Domain Controller has two flavours. They use the same backup, the same DSRM boot path, the same wbadmin command — but a single decision afterward changes the entire…
Bare Metal Restore: The Full Procedure
The disaster: someone deleted the entire VM. Or the OS volume corrupted. Or a ransomware event encrypted the host. The procedure now is to bare-metal restore from the backup we…
Bare Metal Backup Test on a VM (Prove the Backup Actually Restores)
An untested backup is not a backup. This post is the test. We’ll create a bare-metal backup of a disposable lab VM — not just system state, but the full…
Schedule Automatic Backup in Windows Server 2022
Manual backups are practice. Scheduled backups are what actually saves you when a DC dies at 3 AM. Part 1 covered the one-shot system state backup; this post automates the…
Backup the Active Directory Database (System State + wbadmin)
If you only ever do one Active Directory backup, it’s the system state backup. System state pulls everything AD needs to come back from scratch — the NTDS.DIT database, SYSVOL,…
repadmin /replsummary: Decode Your Active Directory Replication Health
repadmin /replsummary is the single most useful command for telling you whether AD replication is healthy. One terminal, one keystroke, two columns of numbers that immediately surface every DC that’s…
The Concept of Lingering Objects in Active Directory (Causes, Detection, Cleanup)
A lingering object is a deleted AD object that didn’t get the “you’re deleted” memo before the memo itself expired. It sits on a long-disconnected DC, pretending to still be…