Author: Subhro

Creating a Forest Trust ? Consider these points

An Active Directory (AD) Forest is the security and administrative boundary for objects and entities. Due to some business need, if we want to establish a bridge between two AD Forests, we need to configure Forest Trust between those forests.

However, you have to be very careful while configuring the Forest Trust, as it will open the security boundary before another AD Forest, which might belong to a different organisation or entity.

**You should always consult key stakeholders, security team and take their written approval before you configure a Forest Trust. **

This article will focus on some of the important aspects and considerations while configuring a Forest Trust. This will also provide you checklist, which might be useful during the planning stage.

Continue reading “Creating a Forest Trust ? Consider these points”

Active Directory : Checklist for Decommissioning a Domain Controller

Domain Controllers are among the most critical components in any Windows-centric IT environment. Their importance grows significantly when your infrastructure relies on AD-integrated services like Exchange, SharePoint, Failover Clustering, DFS, and other enterprise applications. In such scenarios, a Domain Controller becomes a vital backbone of your operations.

Given this level of dependency, it’s crucial to approach the demotion of a Domain Controller with careful planning.

In this article, we share a production-tested checklist that we’ve used to successfully decommission over 50 Domain Controllers across diverse environments—with a 99% success rate and no major outages.

Continue reading “Active Directory : Checklist for Decommissioning a Domain Controller”

Active Directory: Time Synchronization

In an Active Directory domain, it is very important for all clocks to be within 5 minutes of each other (by default) due to the implementation of the Kerberos protocol for authentication.

Also, Active Directory uses multi-master replication model between Domain Controllers. So it is important that changes made at a later actual time on one DC don’t get overwritten by similar changes on another DC, whose time is set wrong thus making it look like the most recent change.

In this article, we would discuss the AD Time Synchronization architecture, how to configure an external time source and various other aspects of the Windows Time Service.

We also recommend checking this TechNet article, which gives a very good insight of the Windows Time Service:

https://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx

Continue reading “Active Directory: Time Synchronization”