Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [domain-controller]

A domain controller is a server in a Microsoft Active Directory or NT4 domain that is responsible for central authentication.

In Microsoft Active Directory and NT4 domains, a domain controller is the central repository for all of the user account authorization information. It allows a person to sign on once and be allowed access to many different resources.

1589 questions
15
votes
1 answer

Are all domain controllers on a small network considered equivalent/equal?

Windows Server 2012 R2 w/ GUI, Hyper-V host, VM DC I am installing my first second Domain Controller(DC) (sounds weird but that really is what I'm doing). I have what I think is a good process to follow from this link. I wondered if one of the DC's…
Alan
  • 1,003
  • 2
  • 20
  • 36
15
votes
3 answers

How to convert a domain account to a local account

I have a Windows 7 laptop that was connected to a Windows domain controller. The domain controller is no longer in operation and has been shut off. The laptop, now stand alone, works fine, but I want to know the impact of keeping the account that I…
HumanBacon
  • 311
  • 1
  • 3
  • 5
14
votes
1 answer

Domain Administrators account policy (After PCI audit)

One of our clients is a Tier 1 PCI company, and their auditors have made a suggestion with regards to us as System Administrators and our access rights. We administer their entirely Windows based infrastructure of roughly 700 Desktops/80 servers/10…
Patrick
  • 1,280
  • 1
  • 15
  • 36
14
votes
1 answer

Group Policy Result summary says DC is member of "BUILTIN\Administrators"

Whenever I run the Group Policy Result wizard and select a Domain Controller as the target computer, the summary shows BUILTIN\Administrators in the list of "Security Group Membership when Group Policy was applied" under Computer Configuration, as…
Mathias R. Jessen
  • 25,161
  • 4
  • 63
  • 95
14
votes
4 answers

Hyper-V Time Sync for VM Domain Controller

We have 2 physical hyper-V servers running 8 VMs between them, each physical server has a Domain controller on it running in a VM and all servers are 2008R2 The VM PDC is set to NTP and to sync with time.microsoft.com and the rest including the…
Karl
  • 191
  • 1
  • 2
  • 8
13
votes
1 answer

What does a domain controller (DC) use a certificate for?

Everyone talks about domain controllers and that they should have a certificate installed, but at the end of the day it is optional. Once installed, what actually makes use of that certificate? My understanding is that it is at least needed…
Ben Short
  • 688
  • 3
  • 7
  • 20
13
votes
1 answer

What does "DEL:" mean in the DistinguishedName of an AD Object?

Sorry -- I'm not really a Windows System Admin, just trying to slam through some LDAP interactions in Java. I'm finding a ton of objects with "DEL:" in the distinguishedName. Are these orphaned items that are awaiting garbage collection? How do I…
Richie Foreman
  • 233
  • 1
  • 4
13
votes
3 answers

Seizing FSMO roles from dead Windows Domain Controller

I've seen other questions and documents about doing this, but there are some things that still confuse me. Here are the documents and questions I've seen: Retire a Dead Windows 2003 Domain Controller Seizing FSMO Roles from Petri Using NTDSUtil.exe…
Mei
  • 4,590
  • 8
  • 45
  • 53
13
votes
5 answers

Can an LDAP query on AD provide the netbios domain name for a single account when using the Global Catalog?

I am using ADSI Edit to look at LDAP properties of a single user account in AD. I see properties such as userPrincipalName, but I do not see one for the fully qualified domain name (FQDN) or the netbios domain name. We will be setting up the Global…
Kirk Liemohn
  • 593
  • 3
  • 8
  • 18
12
votes
2 answers

Why should you not restore a DC that was backed up 6 months ago?

Why should you not restore a DC that was backed up 6 months ago? As I am learning Active Directory Domain Services I came across this question in one of the blogs but I was unable to find a detailed answer. So please can anybody explain this concept…
user416535
  • 129
  • 1
  • 3
12
votes
1 answer

Domain Controller returns LDAP Referral for it's own domain

I have 2 domains, each with 2 Domain Controllers: company.local ad.company.com.au Both domains are in the same forest and have a bi-direction trust setup. We're migrating to the ad.company.com.au at present, however having some issues with systems…
fukawi2
  • 5,396
  • 3
  • 32
  • 51
11
votes
5 answers

Two Different Domains & Domain Controllers on Single Network

I'm attempting to determine whether it is possible to have two Active Directory domain controllers running on the same network, within the same subnet, with two separate domains. I do not want these two domain controllers to be linked in anyway…
BSchlinker
  • 340
  • 2
  • 3
  • 12
11
votes
3 answers

Advice on Active Directory design for multihomed servers

I've been tasked by a customer to come up with a working Active Directory design for a scenario with the following requirements (simplified, they are actually a lot worse): There is a subnet for client systems. There is a subnet for server…
Massimo
  • 70,200
  • 57
  • 200
  • 323
11
votes
1 answer

Why are there no local users and groups on Windows 2K3/2K8 domain controllers?

MS have taken great pains to remove 'Local Users and Groups' from the GUI tools, and even if you tickle up lusrmgr.msc directly it complains that the snap-in won't run on a domain controller. The question is "why not?" Why doesn't it make sense for…
David Bullock
  • 821
  • 3
  • 15
  • 21
11
votes
5 answers

Replacing a W2K3 Domain Controller - what do I need to know?

I have a network of around 70 machines, currently with two DCs both running Windows Server 2003 (DC0 & DC1). DC0 is a five year old Poweredge 1850 and has recently become increasingly flakey, and in the past fortnight has fallen over twice. I want…
Marko Carter
  • 4,092
  • 1
  • 30
  • 38
1
2
3
99 100