Category: Active Directory

Active Directory : Checklist for Decommissioning a Domain Controller

Domain Controllers are among the most critical components in any Windows-centric IT environment. Their importance grows significantly when your infrastructure relies on AD-integrated services like Exchange, SharePoint, Failover Clustering, DFS, and other enterprise applications. In such scenarios, a Domain Controller becomes a vital backbone of your operations.

Given this level of dependency, it’s crucial to approach the demotion of a Domain Controller with careful planning.

In this article, we share a production-tested checklist that we’ve used to successfully decommission over 50 Domain Controllers across diverse environments—with a 99% success rate and no major outages.

Continue reading “Active Directory : Checklist for Decommissioning a Domain Controller”

Active Directory: Time Synchronization

In an Active Directory domain, it is very important for all clocks to be within 5 minutes of each other (by default) due to the implementation of the Kerberos protocol for authentication.

Also, Active Directory uses multi-master replication model between Domain Controllers. So it is important that changes made at a later actual time on one DC don’t get overwritten by similar changes on another DC, whose time is set wrong thus making it look like the most recent change.

In this article, we would discuss the AD Time Synchronization architecture, how to configure an external time source and various other aspects of the Windows Time Service.

We also recommend checking this TechNet article, which gives a very good insight of the Windows Time Service:

https://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx

Continue reading “Active Directory: Time Synchronization”

Active Directory : Repadmin Tool

Active Directory (AD) was one of the first LDAP-based directories to adopt and implement multi-master replication model. In a multi master replication model, there is no single “Master” or writable Domain Controller in the  domain. Instead, all Domain Controllers are writable except Read Only Domain Controllers (RODCs).

While the multi master replication model is extremely popular and useful, it also increases the complexity because AD objects can be created/deleted/modified on any Domain Controller (excluding RODCs). This becomes Active Directory replication complex and difficult to troubleshoot.

In this article, we will discuss how we can leverage the built-in Repadmin tool to view and troubleshoot replication issues.

Continue reading “Active Directory : Repadmin Tool”