The protection and management of built-in administrative groups in Active Directory helps to provide us confidence and security in the stability and ownership of our domain and resources. These groups tend to become overrun with unintended or forgotten membership; requiring our diligent attention and constant effort to maintain. This is really what Restricted Groups are intended for but it rarely seems to be used in this manner. More often we see Restricted Groups being used to protect the loca... [More]

In visiting my customers I noticed that there is generally a lack of understanding of Standby Continuous Replication (SCR). After looking around the Internet I found that there is a lack of information available on this subject. What I wanted to do is put together an article that helps setup a lab to walk through the options for SCR. Lab Setup: HC1 – Hub & CAS roles installed Node1 – First node of the cluster Node2 – Second node of the cluster CCRCluster – Name ... [More]

Some time ago I had a request to create local user accounts on laptops and to provide those user accounts with administrative access and they wanted this done in an automated manner.  Of course Restricted Groups immediately came to mind until they told me that they wanted local usernames to match their domain names.  They only wanted the users to have this configuration when the laptops would be taken into the field for an extended period of time where they would not be on the corporat... [More]

Netlogon DNS SRV Resource Record Registration [More]

The Role of the PDC FSMO [More]

A request came up in a newsgroup for a script which would automate the creation of a primary zone on one DNS server, enable zone transfers, and then configure a secondary zone on another DNS server.  A first generation release of a script was posted today.  If there is interest for a more flexible script which has more options for things like where the zone is stored, what the zone security is, etc, then I will gladly revise the script. For now, it’s fully functional and a link ... [More]

Numbers are legal characters for a DNS name and best I can tell from my understanding of the RFCs, there is nothing against names with all numbers.  In fact, I have customers that use number strings for their workstation names and I haven’t heard any screams.  I realize that saying that “nothing bad has happened” doesn’t necessarily mean that it is “good” but we go by the info we have.  What I do know is that all-numeric names in Active Director... [More]