This blog focus on Windows client operating systems; Windows XP, Windows Vista and Windows 7. The blog covers hints and guides for using new technologies, solutions to problems which are not common and news related to Windows client operating systems.
Andreas Stenhall, MVP Windows Desktop Experience: Systems Administration
-
Active Directory Administrative Center makes you do things in fewer steps
Posted on October 11th, 2009 No commentsA new tool in Windows Server 2008 R2 that you must not miss is the Active Directory Administrative Center. The tool is far from the speediest to load but once you’ve got it started I promise you that you will find it very convenient to use for account and other Active Directory object management. As with the user interface, new search tools and more in Windows 7 the Active Direcory Administrative Center in Windows Server 2008 R2 makes you do things in fewer steps and eases your daily work!
-
Be aware of a problem when renaming domain controllers
Posted on September 20th, 2009 No commentsIf you have renamed a Windows Server 2008 or Windows Server 2008 R2 domain controller you should be aware of a problem. The problem is that a DFSR object is not renamed to the new name. This does not cause any problems until you remove the domain controller in question and after doing a demote or cleaning it up with metadata cleanup the object will become orphaned. So if you have renamed 2008 or 2008 R2 DCs you should follow the steps in KB2001271 to fix this.
-
Restore permissions on objects in Active Directory
Posted on June 14th, 2009 No commentsSome time ago I had the unfortunate job to do some manual cleaning of an old and since long disconnected (and not decommissioned) Exchange Server in Active Directory using adsiedit.msc and this is not something one want to do I can promise you. Anyway during the testing phase I had to make sure that certain keys and values in adsiedit.msc were safe to be deleted and to accomplish this I removed all permissions on the keys to make sure that no one could read the information. You might think that restoring the permissions on objects in adsiedit.msc is the same as the management with file and folders but that is not the fact.
Instead use the command DSACLS to control the access control lists of Active Directory objects and run for example the following command to let the group Everyone get full permission on the object “First administrative group”.
DSACLS "CN=First Administrative Group,CN=Administrative groups,CN=CONTOSO, CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=CONTOSO,DC=LOCAL" /G Everyone:GA
Beware when working in adsiedit.msc and be very certain about what you are doing before deleting stuff. Sometimes just removing all permissions on objects is the best way because then you can always use the above command to restore permission to the object(s).
