Archive for the ‘Technology’ Category

操作主机是ActiveDirectory中的特殊对象,具备操作主机角色的域控制器担任着活动目录核心功能,如果操作主机不可用,整个活动目录都会出现异常,甚至崩溃。 操作主机角色的唯一性决定了不是任意一台域控制器都能管理整个域,当一台承担着操作主机角色的域控制器需要停机维护,就需要将主机角色转移到另一台正常运行的域控制器上;但是当承担操作主机角色的域控制器突然崩溃,无法正常运行,就需要使用强制手段占用操作主机,它被称为强制转移。

Friday, June 3rd, 2022 at 15:04 | 0 comments
Tags:

Step 1: Backup Windows Server 2008 R2 certificate authority database and its configuration Log in to Windows 2008 R2 Server as member of local administrator group Go to Start > Administrative Tools > Certificate Authority Right Click on Server Node > All Tasks > Backup CA Certification Authority Backup CA Click Next on the Certification Authority […]

Friday, June 3rd, 2022 at 14:49 | 0 comments
Tags:

Step 1: Backup Windows Server 2008 R2 certificate authority database and its configuration Log in to Windows 2008 R2 Server as member of local administrator group Go to Start > Administrative Tools > Certificate Authority Right Click on Server Node > All Tasks > Backup CA Certification Authority Backup CA Click Next on the Certification Authority […]

Friday, June 3rd, 2022 at 14:05 | 0 comments
Tags:

Here we can see my CA server is using SHA1 Note: If your server says the provider is Microsoft Strong Cryptographic Provider and not Microsoft Software Key Storage Provider then skip down a bit. You may have multiple Certificates (that is not unusual). Open a PowerShell Window (run as administrator), issue the following command; certutil -setreg ca\csp\CNGHashAlgorithm SHA256   […]

Friday, June 3rd, 2022 at 11:22 | 0 comments
Categories: Technology
Tags:

本次实验要演示的是强制卸载域控制器并且在其他域控制器上删除不需要的服务器对象,这种情况在现实的生产使用环境中经常使用,每个企业每年都会有增减域控制器的时候,而且在减少了域控制器之后,原本的域还会继续使用,这样就需要在其他域控制器删除不需要的服务器对象。 首先实验的大环境是在XXX.com这个域中,有两台域控制器Server01和Server02,我们要删除域控制器Server01,并清除Server02上面不需要的服务器对象,事先的准备工作已经做好了。 接下来我们删除Server01上的域控制器,打开服务器管理器—管理—删除角色和功能。

Sunday, May 22nd, 2022 at 23:48 | 0 comments
Categories: Technology
Tags:

Step #1: This is the simplest method to add a computer to a domain. In this example you will be prompted for credentials followed by the required reboot. Add-Computer -DomainName “your.domain.here” Restart-Computer Step #2: If you require an automated script without prompting the user for credentials you can provide the user account with rights to […]

Thursday, May 12th, 2022 at 09:34 | 0 comments

To disable SSL v2 and SSL v3 its best to create a Computer based Group Policy settings that applies at the top level of your domain. In GPMC navigate to Computers Configuration > Policies > Administrative Templates > Windows Components > Internet Explore > Internet Control Panel > Advanced Page and then open the policy […]

Wednesday, April 27th, 2022 at 17:22 | 0 comments
Tags:

Move disabled user accounts with a PowerShell

Monday, March 7th, 2022 at 16:15 | 0 comments
Tags:

Best practice #1: remove disabled accounts A crucial part of Active Directory cleanup is monitoring for disabled user and computer accounts, and removing them when appropriate. When employees go on extended leave or leave an organization completely, it’s common practice for organizations to disable their account through Active Directory. Depending on their length of leave, […]

Monday, March 7th, 2022 at 15:52 | 0 comments
Tags:

Understanding Default Receive Connectors in Exchange 2016 Exchange 2016 consists of two server roles, Mailbox server role and Edge Transport server role. Mailbox server role has three main transport services (or sub role). These transport services are also called transport pipeline. Emails flow through these pipelines. Three transport services are: – Front End Transport service: This service provides stateless service for all incoming and […]

Monday, February 28th, 2022 at 21:16 | 0 comments
Categories: IT operations
Tags: