Popular Tags:

Taking Your Active Directory (AD) Offline

April 26, 2017 at 8:37 pm

70-742

This content is a slice of my Hands On Lab 70-742 course at CBT Nuggets.

Offline AD Overview

We know that most of our work with Active Directory takes place while it is online. Certain maintenance items, however, require the service to be offline. This is one of the reasons we love to have multiple Domain Controllers in the network. We can bring a system offline, while other online DCs can service client login requests and other necessities of the directory service.

AD DSRM and Restartable AD DS

For a long time, the only way you could take AD offline was to use the Directory Service Restore Mode (DSRM). Now, since Windows Server 2012 and later, you have what is termed restartable Active Directory Directory Services. This is a beautiful act of simplicity. You stop the AD DS service (which stops other services that rely upon it) and you are good to go. This is much better than restarting the entire Domain Controller for the DSRM mode.

Restartable AD DS

In order to perform this, follow these steps:

Step 1: Launch the Service applet.

Step 2: Find Active Directory Domain Services and right-click this service and choose Stop.

Step 3: Agree to stop reliant services. This should include (at least) DNS Server, Kerberos Key Distribution Center, Intersite Messaging, and DFS Replication.

Step 4: Congrats! Your AD is now offline.

One example of a maintenance task you could now safely perform would be a defragmentation of the AD database!

Pearson Education (InformIT)

Windows Server Active Directory Group Scopes

April 17, 2017 at 5:36 pm

Group Scopes

Overview of Group Scopes

It is time for us to review the group scopes available in Windows Server technologies. It is critical that you understand these scopes as well as the conversion possibilities for success in the MCSA 70-742 exam for Windows Server 2016.

Domain Local Group Scope

The domain local groups are ideal for assigning permissions to objects in the active directory. To scale things, we like to place global groups inside them. These global groups contain the actual user accounts that need access.

Can Include As Members:

  • Accounts from any domain
  • Global groups from any domain
  • Universal groups from any domain
  • Domain local groups but only from the same domain as the parent domain local group

Can Be Assigned Permissions In:

  • Only within the same domain as the parent domain local group

Group Scope Can Be Converted To:

  • Universal (as long as no other domain local groups exist as members)

Global Group Scope

As mentioned above, we love to use global groups to gather user accounts that need permissions assigned to domain local groups.

Can Include As Members:

  • Accounts from the same domain as the parent global group
  • Global groups from the same domain as the parent global group

Can Be Assigned Permissions In:

  • Any domain

Group Scope Can Be Converted To:

  • Universal (as long as it is not a member of any other global groups)

Universal Group Scope

Use groups with universal scope to consolidate groups that span domains. To do this, add the accounts to groups with global scope, and then nest these groups within groups that have universal scope. When you use this strategy, any membership changes in the groups that have global scope do not affect the groups with universal scope.

Can Include As Members:

  • Accounts from any domain within the forest in which this Universal Group resides
  • Global groups from any domain within the forest in which this Universal Group resides
  • Universal groups from any domain within the forest in which this Universal Group resides

Can Be Assigned Permissions In:

  • Any domain or forest

Group Scope Can Be Converted To:

  • Domain local
  • Global (as long as no other universal groups exist as members)

Pearson Education (InformIT)

The Identity with Windows Server 2016 (Exam 70-742) Course Goes Live!

April 12, 2017 at 3:40 pm

70-742

Start enjoying this course and getting prepared for your MCSA: Windows Server 2016 certification and 70-742 exam! Below are the Nuggets and Hands On Labs available right now as I post this! I am making more Nuggets and Labs every day – I will keep you posted here at the blog as more batches arrive.

  • 1. Course Introduction
    3 min
  • 2. Active Directory Overview and Install
    HANDS ON LAB
    19 min
  • 3. Read-Only Domain Controllers and Removing DCs
    HANDS ON LAB
    17 min
  • 4. Install from Media and Domain Controller Upgrades
    HANDS ON LAB
    13 min
  • 5. Flexible Single Master Operator Roles
    HANDS ON LAB
    15 min
  • 6. Configure Domain Controller Cloning
    15 min
  • 7. Troubleshooting Active Directory Installations
    HANDS ON LAB
    8 min
  • 8. Create, Copy, Configure, and Delete Users and Computers
    HANDS ON LAB
    14 min
  • 9. Automate the Creation of Active Directory Accounts
    HANDS ON LAB
    13 min
  • 10. More Automation and Account Management
    HANDS ON LAB
    11 min
  • 11. Perform Bulk Active Directory Operations
    HANDS ON LAB
    9 min
  • 12. Configure User Rights
    HANDS ON LAB
    5 min
  • 13. Implement Offline Domain Join
    HANDS ON LAB
    4 min

Pearson Education (InformIT)