Archive for the ‘Active Directory’ Category

Logon Script Path In AD

Friday, March 19th, 2010

2008-07-01 Initial Post

In Windows 2000/2003 (maybe 2008 also--I didn't have a chance to check) %systemroot%\SYSVOL\sysvol\domainname\scripts is shared as \\DC-Name\NETLOGON and \\AD-Domain-Name\NETLOGON.

This is for backwards compatibility but can still be used in a 100% AD environment.

Global Catalog –> Why You Should Reboot When Promoting a New GC

Friday, March 19th, 2010

2008-08-13 Initial Post

From http://technet.microsoft.com. . . on 2008-08-13:

Two significant problems can occur in Exchange 2000 when promoting a domain controller to a GC:

• The Name Service Provider Interface (NSPI) is not automatically enabled.
• The GC can start advertising itself before replication has completed.

Regarding the first point, promoting a domain controller to a GC does not prompt you to reboot, however, the Named Service Provider Interface (NSPI, the API used for Microsoft Outlook Address Book lookups) is not dynamically enabled after domain controller promotion; a reboot is required.

DCPromo –> Local Administrator / Domain Administrator Name and Password

Friday, March 19th, 2010

2009-12-05 Initial Post

Windows Server 2003

Note: this article only pertains to the setup of the first Active Directory domain controller in a domain. When setting up the first DC, DCPromo will use the local admin’s username for the domain admin username. So if you had changed the local admin username to "ABCAdmin" and then run DCPromo on that server, your domain admin would be named "ABCAdmin." You can rename the account afterwards, but this is something to be aware of. DCPromo also uses the local admin password the domain admin's password.

Search AD for E-mail Address

Monday, March 8th, 2010

2011-02-12 Updated

2010-03-08 Initial Post

As simple as it seems, I'm not aware of a quick and easy way using the built-in AD (2003) or Exchange (2003) GUIs to search for which object has a particular e-mail address. If I wanted to find out which object (it could be a group, mailbox, or public folder) has the e-mail address techsupport@my-corp.com, I could find it by entering the address in Outlook and letting Outlook resolve it through the Global Address List. But if the object is hidden, it won't be in the GAL, so that wouldn't work. (more…)

Brute-Force and Dictionary Password Attacks

Saturday, February 6th, 2010

2008-01-26 Initial Post

From what I’ve been able to determine, these types of attacks are very difficult against an account database such as Active Directory. Here are my thoughts on this: (more…)