View Global Catalog Contents

You can use ADSIEdit to view the contents of a global catalog. This may be useful in troubleshooting scenarios or if you are just curious like me 🙂

Continue reading

Advertisements
Posted in Active Directory | Leave a comment

Initial Synchronizations of Domain Controllers

I have been trying to understand a domain controller’s initial synchronization requirements, which lead me to write up this post. See, I was reading the Microsoft Forest Recovery white paper, and they specifically state that when restoring a Windows 2008 DC that holds a FSMO role, initial synchronization should be disabled or else AD DS will be unavailable on that domain controller.

This got me wondering exactly what the requirements for initial synchronization are and would a DC really not advertise itself if initial synchronization was not completed at startup. I found in my experimentation, that this was not the case. Read on for further explanation.

Continue reading

Posted in Active Directory | Leave a comment

A Closer Look at the RID Master FSMO

  • I. Overview
  • II. RID Manager$ Object
  • III. Viewing the RID Pools Assigned to Domain Controllers
  • IV. Effects of Restoring a DC
  • V. Other Behavior Observed when Restoring a DC
  • VI. What Happens When RID Pool is Exhausted and RID Master is Offline?
  • VII. Additional Reading

I. Overview

The RID Master is one of the five FSMO roles a DC can hold. The RID Master is responsible for assigning pools of RIDs to domain controllers in the domain.

When you create a security principal on a domain controller, that object is given a unique SID that is used to identify the object in the domain. That SID is then what is recorded in ACLs of resources such as shared files and folders to define the permissions granted to a specific user account for example.

Continue reading

Posted in Active Directory | Leave a comment