Active Directory
Transitioning from 2003 Active Directory to 2008 R2
0Finally, you got the green light for upgrading your Active Directory environment from 2003 to 2008 R2. As you might know the upgrade process is simple, if those domain controllers are 64 bit, because you can do an in-place upgrade. I talked about in-place upgrade of a domain controller here. Unfortunately the process is very different if your domain controllers are 32 bit. First because you need extra hardware; second, that hardware needs to support Windows 2008 R2; and third, you need play with some Active Directory advanced settings. (more…)
Removing a Domain Controller from a Domain
0There are times when you need to decommission one or more domain controllers from your domain, and don’t think you just power off that specific domain controller and put it in a closet. No…you need to issue specific commands and follow some wizard steps which safely removes the domain controller, and sets the right permissions on the server. If you don’t do this the rest of the domain controllers will try to reach the one that is disconnected, resulting in increase of traffic and error logs, as a start. (more…)
Creating an additional domain controller in an existing domain
0Your environment is growing so you need to think about availability for your domain controller. You might think, what the heck, I’ll just restore it from backup if my domain controller fails; and you are right, but until you restore it, your users won’t be happy at all. To prevent this kind of situations additional domain controllers are needed, so if one fails others takes the charge. Another reason why you need to have multiple domain controllers is for load balancing the traffic for the domain, and improve the reliability of network services. (more…)
Configure Internal Windows CA to issue SAN certificates
0A lot of companies these days are using SAN (Subject Alternative Name) certificates because they can protect multiple domain names using a single certificate. For example you can protect both www.mydomain.com and www.mydomain.org. If you are in a small environment and can’t afford a SAN certificate, you can use your internal Windows CA to issue this kind of certificates. (more…)
In-Place Upgrade from 2003 R2 DC to 2008 R2
0You heard about the new features and improvements on Windows Server 2008 R2 right ? If not click here to read more. You told management about the new features, and they decided is time to upgrade all domain controllers. From now on is your job to do the upgrade, and mine to show you the steps. In this guide I will show you how to do an in place upgrade from a Windows Server 2003 R2 x64 DC to a Windows Server 2008 R2 SP1. (more…)
Install Certification Authority in Windows Server 2008 R2
0Yes, you can have your own Certification Authority (CA), and issue certificates for clients. The bad news is that certificates issued by your internal CA are trusted only by you internal clients, or by clients that have your root certificate imported. For internal applications, sites etc this is gold, because you don’t have to by a commercial certificate, but if you have a public HTTPS site you will need a commercial certificate. Certification authorities can have multiple ramifications or levels, like Root CA, then a Subordinate CA, and the last one is the Issuing CA. (more…)
Configure WSUS to deploy updates using Group Policy
0I created this step-by-step guide for those people that don’t understand or want to know how to configure WSUS to deploy updates using Group Policy. The process is very simple, but very efficient for a large and even a small network. To understand what I’m talking about, think of a network of 300 PCs, maybe that network is already in your company; you deployed a WSUS server but clients still go to Microsoft for updates, and you want to point them to your WSUS Server. (more…)
Add Domain Users to local Remote Desktop Users group using Group Policy
0Many times I had to configure a couple of users or admins to be able to do remote desktop on a bunch of machines, but I didn’t want to do this manually, so I turned to Group Policy. All I had to do, is create, configure and assign a Group Policy Object or GPO, and all those setting will replicate to the workstations affected by that GPO. Many admins believe that by adding those users to the Remote Desktop Users group in Active Directory Users and Computers their job is done, but when they try to connect is not working. (more…)
Recent Comments