How do you change the DS Restore admin password?

To Reset the DSRM Administrator Password

1. Click, Start, click Run, type ntdsutil, and then click OK.

2. At the Ntdsutil command prompt, type set dsrm password.

3. At the DSRM command prompt, type one of the following lines:

o To reset the password on the server on which you are working, type reset password on server null. The null variable assumes that the DSRM password is being reset on the local computer. Type the new password when you are prompted. Note that no characters appear while you type the password.

-or-

o To reset the password for another server, type reset password on server servername, where servername is the DNS name for the server on which you are resetting the DSRM password. Type the new password when you are prompted. Note that no characters appear while you type the password.

4. At the DSRM command prompt, type q.

5. At the Ntdsutil command prompt, type q to exit.

How do you backup AD?

Backing up Active Directory is essential to maintain the proper health of the Active Directory database. Backing up the Active Directory is done on one or more of your Active Directory domain Controllers (or DCs), and is performed by backing up the System State on those servers. The System State contains the local Registry, COM+ Class Registration Database, the System Boot Files, certificates from Certificate Server (if it’s installed), Cluster database (if it’s installed), NTDS.DIT, and the SYSVOL folder.

Windows Server 2003

You can backup Active Directory by using the NTBACKUP tool that comes built-in with Windows Server 2003, or use any 3rd-party tool that supports this feature.

Method #1: Using NTBACKUP

1. Open NTBACKUP by either going to Run, then NTBACKUP and pressing Enter or by going to Start -> Accessories -> System Tools.

2. If you are prompted by the Backup or Restore Wizard, I suggest you un-check the "Always Start in Wizard Mode" checkbox, and click on the Advanced Mode link.

3. Inside NTBACKUP's main window, click on the Backup tab.

4. Click to select the System State checkbox. Note you cannot manually select components of the System State backup. It's all or nothing.

5. Enter a backup path for the BKF file. If you're using a tape device, make sure NTBACKUP is aware and properly configured to use it.

6. Press Start Backup.

7. The Backup Job Information pops out, allowing you to configure a scheduled backup job and other settings. For the System State backup, do not change any of the other settings except the schedule, if so desired. When done, press Start Backup.

8. After a few moments of configuration tasks, NTBACKUP will begin the backup job.

9. When the backup is complete, review the output and close NTBACKUP.

10. Next, you need to properly label and secure the backup file/tape and if possible, store a copy of it on a remote and secure location.

Method #2: Using the Command Prompt

1. You can use the command line version of NTBACKUP in order to perform backups from the Command Prompt.

2. For example, to create a backup job named "System State Backup Job" that backs up the System State data to the file D:\system_state_backup.bkf, type:

ntbackup backup systemstate /J "System State Backup Job" /F "D:\system_state_backup.bkf"

Windows Server 2008

Before you can backup Server 2008 you need to install the backup features from the Server Manager.

1. To install the backup features click Start → Server Manager.

2. Next click Features → Add Features

3. Scroll to the bottom and select both the Windows Server Backup and the Command Line Tools.

In Server 2008, there isn’t an option to backup the System State data through the normal backup utility . We need to go “command line” to backup Active Directory.

1. Open up your command prompt by clicking Start and type “cmd” and hit enter.

2. In your command prompt type “wbadmin start systemstatebackup -backuptarget:e:” and press enter.

Note: You can use a different backup target of your choosing

3. Type “y” and press enter to start the backup process.

When the backup is finished running you should get a message that the backup completed successfully. If it did not complete properly you will need to troubleshoot.

Windows Server 2008 R2

1. Open Windows Server Backup

2. In action panel click Backup Once

3. Different Options is Selected, click Next

4. Choose Custom, click Next

5. Click Add Items

6. Select System State, click Next

7. Specify Backup Destination, Local drive (Apart from System Volume) or Network Share

8. Click Backup to start System State Backup

9. You may close the wizard and the backup operation will continue to run in background.

How do you configure a "stand-by operation master" for any of the roles?

No utilities or special steps are required to designate a domain controller as a standby operations master. However, the current operations master and the standby operations master should be well connected . “Well connected” means that the network connection between them must support at least a 10-megabit transmission rate and be available at all times. In addition, creating a manual connection object between the standby domain controller and the operations master will ensure direct replication between the two operations masters. By making the operations master and the standby operations master direct replication partners, you reduce the chance of data loss in the event of a role seizure, which reduces the chance of directory corruption.

To ensure that the current operations master role holder and the standby operations master are replication partners, you can manually create connection objects between the two domain controllers. Even if a connection object is generated automatically, we recommend that you manually create a connection object on both the operations master and the standby operations master. The replication system can alter automatically created connection objects anytime. Manually created connections remain the same until an administrator changes them.

You can use this procedure to create the following:

• A manual connection object that designates the standby server as the From Server on the NTDS Settings object of the operations master
• A manual connection object that designates the operations master server as the From Server on the NTDS Settings object of the standby server

Administrative credentials

Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.

1. Click Start, point to Administrative Tools, and then click Active Directory Sites and Services.
2. Expand the site name in which the current operations master role holder is located to display the Servers folder.
3. Expand the Servers folder to see a list of the servers in that site.
4. To create a connection object from the standby server on the current operations master, expand the name of the operations master server on which you want to create the connection object to display its NTDS Settings object.
5. Right-click NTDS Settings, click New, and then click Connection.
6. In the Find Active Directory Domain Controllers dialog box, select the name of the standby server from which you want to create the connection object, and then click OK.
7. In the New Object-Connection dialog box, enter an appropriate name for the connection object or accept the default name, and then click OK.
8. To create a connection object from the current operations master to the standby server, repeat steps 4 through 7, but in step 4, expand the name of the standby server. In step 6, select the name of the current operations master.

What is the difference between transferring a FSMO role and seizing one? Which one should you NOT seize? Why?

Seizing an FSMO can be a destructive process and should only be attempted if the existing server with the FSMO is no longer available.

If the domain controller that is the Schema Master FSMO role holder is temporarily unavailable, DO NOT seizes the Schema Master role.

If you are going to seize the Schema Master, you must permanently disconnect the current Schema Master from the network.

If you seize the Schema Master role, the boot drive on the original Schema Master must be completely reformatted and the operating system must be cleanly installed, if you intend to return this computer to the network.

I want to look at the RID allocation table for a DC. What do I do?

In Command prompt type

C:\>dcdiag /test:ridmanager /s:<dcname> /v

Here dcname is the name of our DC

What is the difference between LDIFDE and CSVDE? Usage considerations?

Ldifde

Ldifde creates, modifies, and deletes directory objects on computers running Windows Server 2003 operating systems or Windows XP Professional. You can also use Ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory with data from other directory services.

What are the DS* commands?

Microsoft included a set of command line tools with their server operating systems to allow better and more productive management of the directory service. The DS Commands are these tools. Simple commands with but a few parameters that can increase the productivity of Systems Administrators and keep their Active Directory Domains running and in tip top shape.

How would you find all users that have not logged on since last month?

You can use DSQuery user command for this purpose. DS commands are used to retrieve information from Active Directory through command line. To use DSQuery, you must run the DSQuery command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

C:\>dsquery user -inactive 4

"CN=Service User,OU=IT,DC=nishantsoft,DC=com"

"CN=IT JOURNAL,OU=Management,OU=Gurgaon,DC= nishantsoft,DC= com "

"CN=Dipak Khanna,OU=RC,OU=Gurgaon,DC= nishantsoft,DC= com "

"CN=Amit Mishra,OU=RC,OU=Gurgaon,DC= nishantsoft,DC= com "

"CN=Test Account,OU=Development,OU=Gurgaon,DC= nishantsoft,DC= com "

"CN=Jeevan Singh,OU=Development,OU=Gurgaon,DC= nishantsoft,DC= com "

What do you do to install a new Windows 2003 R2 DC in a Windows 2003 AD?

If you're installing Windows 2003 R2 on an existing Windows 2003 server with SP1 installed, you require only the second R2 CD-ROM. Insert the second CD and the r2auto.exe will display the Windows 2003 R2 Continue Setup screen.

If you're installing R2 on a domain controller (DC), you must first upgrade the schema to the R2 version (this is a minor change and mostly related to the new Dfs replication engine). To update the schema, run the Adprep utility, which you'll find in the Cmpnents\r2\adprep folder on the second CD-ROM. Before running this command, ensure all DCs are running Windows 2003 or Windows 2000 with SP2 (or later).

What do you do to install a new Windows 2003 DC in a Windows 2000 AD?

Check that Windows 2000 Service Pack 4 installed on all the domain controllers and Exchange Servers. If it is not already installed install it now, after that run the Adprep.exe utility on the windows 2000 domain controllers currently holding the schema master and infrastructure master roles. The adprep /forestprep command must first be issued on the windows 2000 server holding schema master role in the forest root domain to prepare the existing schema to support windows 2003 active directory.