Domain Controller Archives - Page 2 of 2

Systems Admin

Change the IP Address of a Domain Controller

Three GUI clicks to set a new IP, four CLI commands (ipconfig /flushdns, /registerdns, nltest /dsregdns, dcdiag /fix) to re-register with DNS, and one downstream-consumer audit afterwards. Walks the pre-flight (second DC, console access not RDP, replication health, downstream-consumers list), the GUI procedure with screenshots, the PowerShell-only equivalent (Remove-NetIPAddress / New-NetIPAddress / Set-DnsClientServerAddress), DNS-pointer trap (don't point at the DC's old IP), the SRV-records-need-nltest /dsregdns trap, and 7 common pitfalls (RDP'd into it, peer DCs caching old IP, stale scavenger window, FSMO concerns).

Systems Admin

Remove (Demote) a Domain Controller

Two paths to remove a Domain Controller from Active Directory - graceful demotion via Server Manager (Remove Roles and Features wizard) for an online DC, and manual / forced removal via ADUC delete-from-Domain-Controllers-OU for an offline one. Walks both paths end to end with the actual screenshots. Includes the FSMO transfer pre-flight, the Test-ADDSDomainControllerUninstallation cmdlet, the post-demote AD Sites and Services cleanup, and a one-shot DNS scrub script that removes A/NS/SRV/CNAME records for the demoted DC across every Primary forward zone in one pass.

Systems Admin

Universal Group Membership Caching

How to enable Universal Group Membership Caching (UGMC) on a remote AD site so user logons no longer have to traverse a slow WAN to a Global Catalog. Walks the GUI three-click path (Sites and Services > site > NTDS Site Settings > Properties > Enable UGMC) with the actual screenshots, the Set-ADObject PowerShell equivalent (one bit on the NTDS Site Settings options attribute, 0x20), the design choice between UGMC and a local Global Catalog, the 8-hour cache refresh behaviour, and the common pitfalls (right-clicking the wrong node, first-logon needs the GC, stale cache after Universal Group changes).

Systems Admin

Configure a Domain Controller as a Global Catalog Server

How to add the Global Catalog flag to an existing Domain Controller in Active Directory Sites and Services, and the PowerShell equivalent (one bit on the NTDS Settings options attribute via Set-ADObject). Walks the GUI three-click path, the Set-ADObject cmdlet, post-change verification with Get-ADDomainController IsGlobalCatalog / dsquery server -isgc / repadmin /options / Test-NetConnection on port 3268, the partial-attribute-set replication timing caveat, and the common pitfalls (right-clicking the wrong tree node, leaving only one GC, demoting accidentally).

Systems Admin

Active Directory Health Check with PowerShell

One PowerShell script that wraps dcdiag, Test-Connection, Resolve-DnsName, w32tm, Get-Service, and CIM into a single colored HTML report — one row per Domain Controller, 35 columns of pass/warn/fail per cell. Includes the full Get-ADHealth.ps1 source, what each dcdiag test actually catches (Connectivity, SysVolCheck, KccEvent, FSMOCheck, NCSecDesc, etc.), how to schedule a daily SMTP-emailed run, the MotW / Unblock-File / ExecutionPolicy gotchas, and the green-DNS-red-everything-else fingerprint that means a DC is offline.

Systems Admin

Check Active Directory Forest and Domain Functional Level

How to read the current Active Directory forest functional level (FFL) and domain functional level (DFL), what each level unlocks, the pre-flight checklist before raising, and how to actually raise it with Set-ADForestMode / Set-ADDomainMode. Includes the schema-version-to-OS table, a decision flow for whether to raise, and the common pitfalls (forgotten DCs, Server 2019/2022 reporting Windows2016Forest, irreversibility).

Systems Admin

How to Check FSMO Roles in Active Directory

Three reliable ways to check FSMO role holders in Active Directory: the netdom query FSMO command, the Get-ADForest/Get-ADDomain PowerShell cmdlets (and the Get-ADInfo.ps1 script), and the GUI walkthrough across Active Directory Schema, Active Directory Domains and Trusts, and Active Directory Users and Computers.

Systems Admin

Enable the Active Directory Recycle Bin

Step-by-step guide to enabling the Active Directory Recycle Bin forest-wide using Active Directory Administrative Center. Covers prerequisites, the irreversible nature of the change, GUI and PowerShell verification, restoring deleted objects with Restore-ADObject, and follow-up hardening like Protect from accidental deletion.

Systems Admin

Install Active Directory Domain Services on Windows Server

Step-by-step guide to installing the Active Directory Domain Services (AD DS) role on Windows Server and promoting the machine to the first Domain Controller in a new forest. Covers the Add Roles and Features wizard, the Configuration Wizard, DSRM password, DNS delegation warning, paths, the auto-generated PowerShell script, and post-promotion verification.

Tag: Domain Controller