Downgrading Active Directory Domain and Forest Functional Levels (Part 3)

Introduction In part 2 of the series we've successfully lowered the Forest Functional Level (FFL) and Domain Functional Level (DFL) to Windows Server 2008. The demonstration was completed in a forest where the Active Directory Recycle Bin was not enabled. In this final part of the series, I will first raise the functional levels back … Continue reading Downgrading Active Directory Domain and Forest Functional Levels (Part 3)

Field Notes: The case of the disappearing Name Server (NS) records

Introduction I recently assisted a customer with Name Server (NS) records in DNS, disappearing from their DNS zones. All of the Domain Controllers are configured as DNS servers, yet when viewing the NS records for the Active Directory-integrated DNS zones, only a few of these servers had NS records. The administrators manually re-added the NS … Continue reading Field Notes: The case of the disappearing Name Server (NS) records

Downgrading Active Directory Domain and Forest Functional Levels (Part 2)

Introduction In part 1 of this series, we established in theory that we can lower the Active Directory functional levels from the latest functional level to Windows Server 2008 R2, or even Windows Server 2008 if the Active Directory Recycle Bin is not enabled. I will now demonstrate how to lower the functional levels from … Continue reading Downgrading Active Directory Domain and Forest Functional Levels (Part 2)

Downgrading Active Directory Domain and Forest Functional Levels (Part 1)

Background With Windows Server 2008/2008 R2 approaching end of support, more organisations are upgrading their Operating Systems to the latest supported versions. Upgrading of Active Directory Domain Services (AD DS) requires a schema update, and ultimately raising the domain and forest functional levels. Customers are concerned that applications may stop functioning after raising the functional … Continue reading Downgrading Active Directory Domain and Forest Functional Levels (Part 1)

Field Notes: Azure Active Directory Connect – Domain, OU and Group Filtering

This is a continuation of a series on Azure AD Connect. The recently published blog post covers a quick introduction to the troubleshooting task available in Azure AD Connect. This post goes through options that are available in Azure AD Connect to apply filtering on objects that should be synchronized. I provide links to all … Continue reading Field Notes: Azure Active Directory Connect – Domain, OU and Group Filtering

AD: Nitty Gritty of Fine-Grained Password Policies

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. Fine-Grained Password Policies (FGPP) have been around for a while, but in my experience with various customers, they aren't used often, if at all. This post is an attempt to simplify them, provide some details and list some … Continue reading AD: Nitty Gritty of Fine-Grained Password Policies

AD: Domain controllers – discover what you’ve got

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. During an engagement with a customer a couple of years ago, I needed to identify some info regarding their domain controllers. They were in the process of deploying System Center Operations Manager (SCOM) at the time, but it … Continue reading AD: Domain controllers – discover what you’ve got