In small instances of Active Directory the regular online defrag that runs every 12 hours is likely enough. Many administrators can get away with installing one or more Domain Controllers and never really touching them again, except for patching.
For larger organizations that might have large numbers of people who come and go the occasional offline defrag may be required. In order to do this you will have to take each Domain Controller offline while you perform the defrag, either by booting into DSRM mode (Server 2003 and earlier) or stopping the AD DS service (Server 2008 and later). Continue reading “Offline Defrag of the Active Directory Database”
We worked for some time on getting Mac OSX hosts to bind to Active Directory in such a way that we could require LDAP digital signing. As it turns out, 10.7 and 10.8 seem to work just fine. The issue was more with getting the certificates just right on the Domain Controllers. It sounds as though the 10.6 hosts will have to be upgraded or replaced though. Continue reading “Mac OSX Bind Script”
I’ve been trying to add a WS 2008 R2 DC to our WS 2008 test Active Directory for a little while now. A Microsoft PFE suggested checking the fSMORoleOwner attribute in the ForestDNSDomains and DomainDNSDomains partitions to make sure that they match the actual Infrastructure Master. Continue reading “Can’t Add a WS 2008 R2 Domain Controller to a WS 2008 Domain”
Sometimes the event logs just don’t give you enough information for what you’re troubleshooting. You can get a little more information by turning on diagnostic logging for a particular service. Continue reading “Enable Diagnostic Logging in Active Directory”