Active Directory

Changing Local Admin Passwords on the network

Every so often, it’s good practice to change passwords.  I think that everyone it IT is aware of that. One of the most overlooked passwords is the local Administrator’s password on every machine on the network. Sure, your user’s are required to change theirs every 90 days, and you change your domain Administrator’s password at times as well. The local Administrator on your member servers and all your PCs is usually overlooked, or avoided, because you don’t have time to touch all those machines… Well, before Windows 2008, we would[…]

Tags: , , ,

Posted in Active Directory | 5 Comments »

What is AdminSDHolder?

AdminSDHolder is a container inside active directory that maintains a master list of permissions for objects that are members of privileged groups in active directory.  Below are some of the groups: Administrators Domain Admins Enterprise Admins Schema Admins Domain Controllers Server Operators etc. Basically, every hour, windows will compare the security permissions of an account (that is a member of a privileged group) to the permissions listed on the AdminSDHolder object, and if they are different, reset them.  The AdminSDHolder object is in Active Directory under “System” (you will have[…]

Tags: , , ,

Posted in Active Directory | No Comments »

Read Only Domain Controller

With Windows Server 2008, there is the option to promote a member server to a RDOC, or Read Only Domain Controller.  Just as the name suggests, it is a domain controller that is non-writable; read-only copy.  The purpose of a RODC is actually simple: Security. Instead of putting a regular DC at a small remote branch office, where the server sits in a closet with the cleaning supplies, consider making that DC read-only.  In a perfect world, ever server would be behind locked doors, with restricted access – but that[…]

Tags: , , , ,

Posted in Active Directory | 1 Comment »

2013 | 2014 | 2015 | 2016 | 2017