Active Directory Notes
Misc Active Directory Notes
-
"netdom" ("netdom computername") can be used to create aliases for computer names!
-
nltest /dsgetdc:domain_name -- to get name of DC that workstation is using (not tried yet)
-
Log on to LOCAL USER account shortcut (good if the user doesn't know the local computer name): .\username as opposed to IT\username
---
Domain Controller "restore" from VM snapshot, (including Xen) - beware the USN rollback - boot in DS repair and flag that it has been restored (similar to what would happen with classic backup software - from https://dirteam.com/paul/2011/01/14/restoring-a-dc-from-a-snapshot/
-
Do your clone recovery
-
Configure your NICs to be unable to talk to the network
-
Note the value of your Invocation Id
-
From a command prompt run the following command
-
Repadmin /showrepl
-
Reboot your DC, make sure you boot into Directory Services Restore Mode (DSRM)
-
Stop the NTFRS service
-
Start up regEdit
-
Drill down to HKLM\System\CurrentControlSet\Services\NTDS\Parameters
-
Modify the RegKey “Database restored from backup” = 1
-
If this RegKey doesn’t exist create one as a DWORD and set to a 1
-
If the RegKey DSA Previous Restore Count exists in the same path, note its value. Upon reboot it should increment by one. If it didn’t exist it should be created and it should be set to a value of 1.
-
Drill down to HKLM\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process
-
Modify the RegKey BurFlags to D2
-
Reboot the server
-
Log into the DC
-
Verify that the Invocation Id has changed
-
In the Event Log look for the Event Id 1109 (AD restored from backup)
-
If both events have occurred in bullet 8 then, enable the NIC
---
tags: windows, AD, active directory, login,