Active Directory

Veeam SureBackup – Failed to create process with net logon

Recently, I was setting up a Veeam SureBackup job for a client and received an error when running the application group for the domain controllers, which will be the cornerstone of all the other SureBackup jobs. The job would run properly, spinning up the VM in a sandbox environment.  SureBackup would verify vmtools were running, that the VM was pingable, and then would start the application tests.  Since this was a domain controller, the tests are set to: DNS Server Domain Controller Global Catalog However, all three tests failed with[…]

Tags: , ,

Posted in Backups | No Comments »

VCAP-DCV Deploy – Objective 1.2 Configure Identity Sources for Single Sign-On

Now that a Platform Services Controller installed, and vCenter Server installed; it’s time to configure single sign-on sources for our SSO domain. SSO, or Single Sign On, was introduced in vSphere 5.1 and provides a more secure way of authenticating into the vSphere environment. SSO is now connected to multiple authentication domains, like active directory, and will exchange authentication for tokens which are used to access multiple vSphere services. In our lab, we will configure SSO to use Active Directory as a source. First, log into the vSphere Web Client,[…]

Tags: , ,

Posted in VCAP-DCV - Deploy | No Comments »

Veeam rescues 1400 computer objects in AD

  *disclaimer* Veeam is a sponsor of this blog – but has not requested, or had any part in this entry. Working for a consulting firm, I work with many different backup solutions.  In this particular case, the client uses Veeam Backup & Recovery. The problem: Late in the afternoon, I was alerted by our client that there was an accidental deletion of an entire OU in Active Directory.  AD is not yet at the 2008 level, so we don’t have the recycle bin.  Unfortunately, replication to the other DCs[…]

Tags: , , ,

Posted in Backups | No Comments »

vSphere 101 – NTP Settings

I come across a lot of virtual environments (and physical) that don’t have NTP (Time Servers) setup properly.  If you’ve ever worked in Active Directory, you know how important synchronized time can be – let alone with so many other applications for synced log time, etc… By default, all domain joined machines will contact the PDC emulator (Domain controller holding the PDC role) to synchronize time, and all VMs will use VMware tools. In this scenario, I’m going to assume all servers are VM’s running on vSphere 5.x, and the[…]

Tags: , , ,

Posted in vSphere 101 | No Comments »

Changing Local Admin Passwords on the network

Every so often, it’s good practice to change passwords.  I think that everyone it IT is aware of that. One of the most overlooked passwords is the local Administrator’s password on every machine on the network. Sure, your user’s are required to change theirs every 90 days, and you change your domain Administrator’s password at times as well. The local Administrator on your member servers and all your PCs is usually overlooked, or avoided, because you don’t have time to touch all those machines… Well, before Windows 2008, we would[…]

Tags: , , ,

Posted in Active Directory | 5 Comments »

What is AdminSDHolder?

AdminSDHolder is a container inside active directory that maintains a master list of permissions for objects that are members of privileged groups in active directory.  Below are some of the groups: Administrators Domain Admins Enterprise Admins Schema Admins Domain Controllers Server Operators etc. Basically, every hour, windows will compare the security permissions of an account (that is a member of a privileged group) to the permissions listed on the AdminSDHolder object, and if they are different, reset them.  The AdminSDHolder object is in Active Directory under “System” (you will have[…]

Tags: , , ,

Posted in Active Directory | No Comments »

Read Only Domain Controller

With Windows Server 2008, there is the option to promote a member server to a RDOC, or Read Only Domain Controller.  Just as the name suggests, it is a domain controller that is non-writable; read-only copy.  The purpose of a RODC is actually simple: Security. Instead of putting a regular DC at a small remote branch office, where the server sits in a closet with the cleaning supplies, consider making that DC read-only.  In a perfect world, ever server would be behind locked doors, with restricted access – but that[…]

Tags: , , , ,

Posted in Active Directory | 1 Comment »

2013 | 2014 | 2015 | 2016 | 2017