Active Directory Fundamentals

Introduction A read only domain controller (RODC) is a type of domain controller that has read-only partitions of Active Directory Domain Services (AD DS) database. RODC is available in Windows server 2008 OS and in its succeeding versions. Enterprises tend to deploy RODC…

In an Active Directory environment, there could be instances where Active Directory objects such as users, computers, groups, or organizational units are deleted accidentally. Revocation of such errors can be a cumbersome task for system administrators. Thus to enable easy…

What are Tombstones in Active Directory? When you delete an object from the Active Directory (AD) database, it’s marked as a tombstone object instead of being fully removed. By default, each tombstone object remains in the database for 180 days. Once this…

Disabled accounts If an organization has a provisioning process in place for governing (automatically) the enabling and disabling of account status and (or) there is a good frequency of guest / vendor engagement, this process is very effective. Owing to the uncertainty…

Organizational units (OUs) When you deploy Active Directory (AD) in your company, you may decide to create multiple organizational units (OUs) within your domain. An OU is a container within your domain that holds users, groups, computers, and other objects. You use an OU…

Active Directory (AD) schema is a blueprint that describes the rules about the type of objects that can be stored in the AD as well as the attributes related to these objects. The schema thus defines the content, and the structure of the object classes, and theobject…