My Next Book! Mastering the CCIE Evolving Technologies Section

April 28, 2017 at 8:20 pm

CCIE Evolving Technologies

You asked for it! You got it! Terry Vinson and I are putting together an e-book (and print) for you to master this section in most of the CCIE Written Exams. I have received more questions about this section of the written exams than any other topic (pretty much ever!)

Since Cisco Systems announced these new additions to the already brutally difficult written exams, students have been in a bit of a panic about finding the scarce training materials to address these topics.

Our text follows the current blueprint letter for letter. There are plenty of practice questions to build your confidence, and no topic is left unexplored.

Thanks to Amazon.com, we are able to bring this product to you for a price that makes sense – the e-book version will be just $9.99!

Note this text arrives quickly – our current publication date is May 31, 2017!

Check Out My Other Books! 

Taking Your Active Directory (AD) Offline

April 26, 2017 at 8:37 pm

70-742

This content is a slice of my Hands On Lab 70-742 course at CBT Nuggets.

Offline AD Overview

We know that most of our work with Active Directory takes place while it is online. Certain maintenance items, however, require the service to be offline. This is one of the reasons we love to have multiple Domain Controllers in the network. We can bring a system offline, while other online DCs can service client login requests and other necessities of the directory service.

AD DSRM and Restartable AD DS

For a long time, the only way you could take AD offline was to use the Directory Service Restore Mode (DSRM). Now, since Windows Server 2012 and later, you have what is termed restartable Active Directory Directory Services. This is a beautiful act of simplicity. You stop the AD DS service (which stops other services that rely upon it) and you are good to go. This is much better than restarting the entire Domain Controller for the DSRM mode.

Restartable AD DS

In order to perform this, follow these steps:

Step 1: Launch the Service applet.

Step 2: Find Active Directory Domain Services and right-click this service and choose Stop.

Step 3: Agree to stop reliant services. This should include (at least) DNS Server, Kerberos Key Distribution Center, Intersite Messaging, and DFS Replication.

Step 4: Congrats! Your AD is now offline.

One example of a maintenance task you could now safely perform would be a defragmentation of the AD database!

Pearson Education (InformIT)

Transferring and Seizing Operations Master Roles

March 16, 2017 at 9:37 pm

 MCSA

Overview

Here is a section from my dear friend Ben Finkel’s upcoming text – MCSA 70-742 Cert Guide: Identity with Windows Server 2016

Remember, if you need a refresher on the FSMO roles, see my post here.

Transferring and Seizing Operations Master Roles

The Flexible Single Master Operations (FSMO) roles described earlier in this blog are important pieces for a functioning AD DS deployment. Occasionally you may need to transfer the role from one DC to another. For example, if a controller is being retired or shutdown you will want to transfer the role to another DC prior to that. If the need arises to move these roles from their current DC, there are different management tools required for each role. The following summarizes the tools:

  • RID: Active Directory Users and Computers
  • PDC: Active Directory Users and Computers
  • Infrastructure Master: Active Directory Users and Computers
  • Domain Naming Master: Active Directory Domains and Trusts
  • Schema Master: Active Directory Schema Snap-In

To change the RID, PDC, or Infrastructure Master role you need to “seize” it from the current master:

  1. Log onto the domain controller that you wish to host the role.
  2. Start Server Manager from either the Start Menu or the Taskbar.
  3. From the navigation menu on the left choose AD DS.
  4. Right-click your server in the contents pane and click Active Directory Users and Computers. NOTE: This ensures you are launching Active Directory Users and Computers on the domain controller you want to transfer the role to.
  5. Right-click the domain in the left-hand pane and select Operations Masters…
  6. On the Operations Masters dialog, choose the tab for the role you wish to seize (RID, PDC, and Infrastructure are available).
  7. Note the current master is listed, and the current machine name is in the second text box. To seize the role click Change…
  8. Click Yes to confirm.
  9. Once the transfer is complete click OK.

To change the Domain Naming Master you need to “seize” it from the current master:

  1. Log onto the domain controller that you wish to host the role.
  2. Start Server Manager from either the Start Menu or the Taskbar.
  3. From the navigation menu choose AD DS.
  4.  Right-click the server and click Active Directory Domains and Trusts.
  5.  Right-click the Active Directory Domains and Trusts in the left-hand pane and select Operations Masters… (Note:  Right-click on the top-level node that reads Active Directory Domains and Trusts, not on the domain itself).
  6. Note the current master is listed, and the current machine name is in the second text box. To seize the role click Change…
  7. Click Yes to confirm.
  8.  Once the transfer is complete click OK.

To change the Schema Master you will first need to activate the Schema snap-in:

  1. Log onto the domain controller that you wish to host the role.
  2. Open a command prompt.
  3. Type regsvr32 schmmgmt.dll and press Enter.
  4. Click OK on the success dialog.
  5.  At the command prompt type mmc.exe and press Enter.
  6.  The MMC window will launch. Click File then select Add/Remove Snap-in…
  7.  Select the Active Directory Schema snap-in from the list of Available snap-ins on the left then click Add >
  8. Click OK.
  9. On the MMC window click to select the Active Directory Schema snap-in. Two folders, classes and attributes, should show up on the right.
  10. Right-click the Active Directory Schema and select Operations Master… (Note: You might need to right click and choose
  11. first to ensure you are configuring the correct DC)
  12.  Note the current master is listed, and the current machine name is in the second text box. To seize the role click Change…
  13. Click Yes to confirm.
  14. Once the transfer is complete click OK.

InformIT (Pearson Education)