To fix this problem: You need to reset “Desktop Sync Service book”

Go to Settings > Options > Advanced Options > Service Book
Select the Desktop [Sync] Service book from the menu, and select “Delete”
From the menu, select “Undelete” to restore the “Desktop [Sync]” service book
Settings > Options > Advanced Options > Enterprise Activation
From the menu, select “Activate” to re-try the wireless synchronization process
After Enterprise Activation process finishes check your settings for synchronization of your address book.

Address Book > Menu > Options
You will see that “Wireless Synchronization” has a “yes” value again (as it had disappeared before)

• Leave a comment... (5)

What is email reconciliation?

Email reconciliation is used to configure email deletion handling option of email accounts that are set in BB device.
For each mail account you can state whether you want the e-mail deleted on the handheld or the mailbox and handheld;
You can set the device the following ways:
Enable or disable wireless reconciliation and configure how conflicts are handled.

In order to set reconciling options on Black Berry Device go to:

Messages –> then select “Options”–> “Email Reconciliation”

Reconciliation options are:

Delete on: “Mailbox & handheld” – Means: When you delete message on Device or outlook message will be deleted.
Delete on: “Handled” – Means: When you delete message on Device, message won’t be deleted from mailbox.
Recommended settings setup:

1. From your home screen, go into your Messages folder.
2. Once in your messages, folder, bring up your menu
3. Scroll down to and choose “Options”.
4. Scroll down to and select “Email Reconciliation”.
5. In the “Email Reconciliation” menu, make sure “Delete On” is set to “Mailbox & Handheld”.
6. Confirm that Wireless Reconcile is set to “On”
7. Confirm that “On Conflicts” your “Mailbox Wins”
8. Save your changes.
9. Exit back out to your messages folder, and once again bring up the menu.
10. Scroll down to “Reconcile Now” to force reconciliation between your handheld and In-Box.
11. Your messages should now synchronize between your BlackBerry and In-Box.
Some general guidelines for Reconciliation

Most people thing that message deleted on outlook should disappear from BB device immediately and start panic. So don’t , be more patient . it takes approximately 20 minutes till messages are deleted from Handheld

1. If you delete an email from Outlook you need to leave it in the recycle bin otherwise the BES will lose track of the email and it won’t be deleted from the device. Don’t use (Shift+Delete)
2.If you Outlook account is set up to transfer new emails to PST . They will never get to your BB device.
3. Remember! The deletes from Exchange to BlackBerry is not immediate. BES reconcile uses the 20/100 rule. That’s every 20 minutes or 100 changes whichever comes first. Alternatively, you can use the Reconsile Now function. Outlook in cached mode only does send and receive every 5 minutes (this also updates read, deleted & moved items), then the device will only do reconciliations every 15 minutes. To speed this process up just hit “Send & Receive” and then “Reconcile Now” on the device.

Testing:
Outlook to  BB takes up to 20 min. I find it useful to do this test:
Delete – BB
Delete – Outlook

Wait for them to deliver to both mailbox and BB.
Now delete – BB on Blackberry and watch outlook, it should take a min or two. And move to deleted in Outlook
If that works… It’s working as it should and you’re dealing with a user workflow issue. I find it helpful to turn off Empty delete folder on exit.

• Leave a comment... (9)

Every time you open Outlook 2007 you are prompted to enter your domain credentials ,even though you know you have saved it?

To solve it try that one:
Open the following path:
In Vista C:\Users\YourUserName\AppData\Roaming\Microsoft
Once open you will see numerous folders including a “protect” folder.
Delete the “protect” folder
When you have deleted the protect folder, restart Outlook.
You will be requested to enter your password again, but it will be the last time.

If problem exist When working RPC over HTTPs

If you are working RPC over https you are using or basic, or NTLM authentication
you need to be sure you are working NTLM.
Now in order to ensure that outlook not uses any cached password we need to do the following.
Go to Control Panel>User Acounts
Press on Advanced Tab button
Click on Manage Passwords button
Review stored passwords , and if you see IP address of your mail server you should delete it.

Now we need to patch te registry

1. Click Start|Run
2. Type regedit and press enter
3. Go to HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
4. Find lmcompatibilitylevel DWORD parameter
5. Double-click on it and change its value to 3

If “Remember my password” doesn’t work and you keep getting prompted:

1. Close your Outlook
2. Go to Start… Run and type control userpasswords2 and press OK c) click on the Advanced tab and press ‘Manage Passwords’
3. Find the entry for your mail server and click ‘Properties’
4. Erase the Server name and type in ‘S1′ or whatever the simple name of your global catalog server is (without the quotes)
5. leave the password blank and click OK
6. Start Outlook, enter your password and check off ‘Remember my password’ one last time. It should not prompt again.

When you start Microsoft Outlook 2000/2002, you may receive following error messages:

Your logon information was incorrect.
Check your username and domain, then type your password again.
The logon credentials supplied were incorrect.
Make sure your username and domain are correct, then type your password again.
CAUSE
This behavior occurs because registry may be missing one or more values in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols
The following values are the core required values for Windows XP or Windows 2000:
Name Type Data
(Default) REG_SZ (value not set)
ncacn_http REG_SZ Rpcrt4.dll
ncacn_ip_tcp REG_SZ Rpcrt4.dll
ncacn_np REG_SZ Rpcrt4.dll
ncacn_nb_tcp REG_SZ Rpcrt4.dll
ncadg_ip_udp REG_SZ Rpcrt4.dll

The following values are the core required values for Windows 98:
Name Type Data
(Default) REG_SZ (value not set)
ncacn_np REG_SZ Rpcltc1.dll
ncalrpc REG_SZ
ncadg_ip_udp REG_SZ Rpcltc3.dll
ncacn_http REG_SZ Rpcltccm.dll

The following values are the core required values for Windows NT 4.0:
Name Type Data
(Default) REG_SZ (value not set)
ncacn_np REG_SZ Rpcltc1.dll
ncalrpc REG_SZ
ncadg_ip_udp REG_SZ RpcLtCcm.dll
ncadg_ip_udp REG_SZ RpcLtCcm.dll
ncacn_nb_tcp REG_SZ RpcLtCcm.dll
ncacn_http REG_SZ RpcLtCcm.dll
Following the system’s protocol binding order, you receive a prompt for credentials on each missing value until a value that matches the next protocol in the binding order is reached.
RESOLUTION
Use one of the following methods to resolve this behavior.
Method 1
Import a valid registry key from a computer that is working correctly. To do this:
1. Start Registry Editor (Regedt32.exe).
2. Locate and then click the following key in the registry:
KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols
3. Click the ClientProtocols key.
4. On the File menu, click Export.
5. Save the file with a .reg or a .txt extension in the event you need to send the file by using Outlook. You must save and rename the attachment to a .reg extension to import the key.
6. Quit Registry Editor.
7. Rename the file that you just exported from a .txt file extension to a .reg extension, and then copy it to a folder on your computer.
8. Start Registry Editor (Regedt32.exe).
9. Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols
10. Select the ClientProtocols folder, click File, and then click Import.
11. Select the .reg file that you saved, and then click Open.
12. Quit Registry Editor.
13. Quit and then restart Outlook 2002.
Method 2
Use Registry Editor to manually create the missing values. To do this:
1. Start Registry Editor (Regedt32.exe).
2. Locate and then click the following key in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols
3. Click Edit, click New, and then click String Value.
4. Edit the new string value with the name and data information that is in the table in the “Cause” section of this article.
5. Repeat steps 3 and 4 for each missing value.
6. Quit Registry Editor.
The information in this article applies to:
• Microsoft Outlook 2002 (Outlook XP)
• Microsoft Outlook 2000
• Microsoft Exchange 2000 Server
• Microsoft Exchange Server 5.5

• Leave a comment... (1)

In order to configure and use server query do the following.
Go to Active Directory Users and Computers:

1. Right click the Saved Queries folder and select New, Query.
2. Enter an appropriate Name and Description.
3. Make sure the query root is set to the domain level you want the query to pertain to.
4. Select the Include subcontainers check box if you want the query to search all subcontainers.
5. Click Define Query.
6. In the Find dialog box, click the Find drop-down arrow and select Custom Search.
7. On the Advanced tab, enter your LDAP query string into the Enter LDAP query box.
8. Click OK twice.
9. Active Directory Saved Queries Templates

Find Groups that contains the word admin
(objectcategory=group)(samaccountname=*admin*)

Find users who have admin in description field
(objectcategory=person)(description=*admin*)

Find all Universal Groups
(groupType:1.2.840.113556.1.4.803:=8)

Empty Groups with No Members
(objectCategory=group)(!member=*)
Finds all groups defined as a Global Group, a Domain Local Group, or a Universal Group
(groupType:1.2.840.113556.1.4.804:=14)

Find all User with the name Bob
(objectcategory=person)(samaccountname=*Bob*)

Find user accounts with passwords set to never expire
(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)

Find all users that never log in to domain
(&(&(objectCategory=person)(objectClass=user))(|(lastLogon=0)(!(lastLogon=*))))

Find user accounts with no log on script
(objectcategory=person)(!scriptPath=*)

Find user accounts with no profile path
(objectcategory=person)(!profilepath=*)

Finds non disabled accounts that must change their password at next logon
(objectCategory=person)(objectClass=user)(pwdLastSet=0)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

Finds all disabled accounts in active directory
(objectCategory=person)(objectClass=user)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)

Finds all locked out accounts
(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=16)

Finds Domain Local Groups
(groupType:1.2.840.113556.1.4.803:=4)

Finds all Users with Email Address set
(objectcategory=person)(mail=*)

Finds all Users with no Email Address
(objectcategory=person)(!mail=*)

Find all Users, Groups or Contacts where Company or Description is Contractors
(|(objectcategory=user)(objectcategory=group)(objectcategory=contact))(|(description=North*)(company=Contractors*))

Find all Users with Mobile numbers 712 or 155
(objectcategory=user)(|(mobile=712*)(mobile=155*))

Find all Users with Dial-In permissions
(objectCategory=user)(msNPAllowDialin=TRUE)

Find All printers with Color printing capability
Note: server name must be changed
(&(&(&(uncName=*Servername*)(objectCategory=printQueue)(printColor=TRUE))))

Find Users Mailboxes Overriding Exchange Size Limit Policies
(&(&(&objectCategory=user)(mDBUseDefaults=FALSE)))

Find all Users that need to change password on next login.
(&(objectCategory=user)(pwdLastSet=0))

Find all Users that are almost Locked-Out
Notice the “>=” that means “Greater than or equal to”.
(objectCategory=user)(badPwdCount>=2)

Find all Computers that do not have a Description
(objectCategory=computer)(!description=*)

Find all users with Hidden Mailboxes
(&(objectCategory=person)(objectClass=user)(msExchHideFromAddressLists=TRUE))

Find all Windows 2000 SP4 computers
(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))

Find all Windows XP SP2 computers
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))))))))

Find all Windows XP SP3 computers
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))

Find all Vista SP1 computers
(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))

Find All Workstations
(sAMAccountType=805306369)

Find all 2003 Servers Non-DCs
(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))

Find all 2003 Servers – DCs
(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))

Find all Server 2008
(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))

Related Blogs

• Related Blogs on Active Directory
• History of Active Directory
• Whitepaper: VMware and VSS: Application Backup and Recovery

• Leave a comment... (6)

• Tell me a bit about the capabilities of Exchange Server.
• What are the different Exchange 2003 versions?
• What’s the main differences between Exchange 5.5 and Exchange 2000/2003?
• What are the major network infrastructure for installing Exchange 2003?
• What is the latest Exchange 2003 Service Pack? Name a few changes in functionality in that SP.
• What are the disk considerations when installing Exchange (RAID types, locations and so on).
• You got a new HP DL380 (2U) server, dual Xeon, 4GB of RAM, 7 SAS disks, 64-bit. What do you do next to install Exchange 2003? (you have AD in place)
• Why not install Exchange on the same machine as a DC?
• Are there any other installation considerations?
• How would you prepare the AD Schema in advance before installing Exchange?
• What type or permissions do you need in order to install the first Exchange server in a forest? In a domain?
• How would you verify that the schema was in fact updated?
• What type of memory optimization changes could you do for Exchange 2003?
• How would you check your Exchange configuration settings to see if they’re right?
• What are the Exchange management tools? How and where can you install them?
• What types of permissions are configurable for Exchange?
• How can you grant access for an administrator to access all mailboxes on a specific server?
• What is the Send As permission?
• What other management tools are used to manage and control Exchange 2003? Name the tools you’d use.
• What are Exchange Recipient types? Name 5.
• You created a mailbox for a user, yet the mailbox does not appear in ESM. Why?
• You wanted to change mailbox access permissions for a mailbox, yet you see the SELF permission alone on the permissions list. Why?
• What are Query Based Distribution groups?
• What type of groups would you use when configuring distribution groups in a multiple domain forest?
• Name a few configuration options for Exchange recipients.
• What’s the difference between Exchange 2003 Std. and Ent. editions when related to storage options and size?
• Name a few configuration options related to mailbox stores.
• What are System Public Folders? Where would you find them?
• How would you plan and configure Public Folder redundancy?
• How can you immediately stop PF replication?
• How can you prevent PF referral across slow WAN links?
• What types of PF management tools might you use?
• What are the differences between administrative permissions and client permissions in PF?
• How can you configure PF replication from the command prompt in Exchange 2003?
• What are the message hygiene options you can use natively in Exchange 2003?
• What are the configuration options in IMF?
• What are virtual servers? When would you use more than one?
• Name some of the SMTP Virtual Server configuration options.
• What is a Mail Relay? Name a few known mail relay software or hardware options.
• What is a Smart Host? Where would you configure it?
• What are Routing Groups? When would you use them?
• What are the types of Connectors you can use in Exchange?
• What is the cost option in Exchange connectors?
• What is the Link State Table? How would you view it?
• How would you configure mail transfer security between 2 routing groups?
• What is the Routing Group Master? Who holds that role?
• Explain the configuration steps required to allow Exchange 2003 to send and receive email from the Internet (consider a one-site multiple server scenario).
• What is DS2MB?
• What is Forms Based Authentication?
• How would you configure OWA’s settings on an Exchange server?
• What is DSACCESS?
• What are Recipient Policies?
• How would you work with multiple recipient policies?
• What is the “issue” with trying to remove email addresses added by recipient policies? How would you fix that?
• What is the RUS?
• When would you need to manually create additional RUS?
• What are Address Lists?
• How would you modify the filter properties of one of the default address lists?
• How can you create multiple GALs and allow the users to only see the one related to them?
• What is a Front End server? In what scenarios would you use one?
• What type of authentication is used on the front end servers?
• When would you use NLB?
• How would you achieve incoming mail redundancy?
• What are the 4 types of Exchange backups?
• What is the Dial-Tone server scenario?
• When would you use offline backup?
• How do you re-install Exchange on a server that has crashed but with AD intact?
• What is the dumpster?
• What are the e00xxxxx.log files?
• What is the e00.chk file?
• What is circular logging? When would you use it?
• What’s the difference between online and offline defrag?
• How would you know if it is time to perform an offline defrag of your Exchange stores?
• How would you plan for, and perform the offline defrag?
• What is the eseutil command?
• What is the isinteg command?
• How would you monitor Exchange’s services and performance? Name 2 or 3 options.
• Name all the client connection options in Exchange 2003.
• What is Direct Push? What are the requirements to run it?
• How would you remote wipe a PPC?
• What are the issues with connecting Outlook from a remote computer to your mailbox?
• How would you solve those issues? Name 2 or 3 methods
• What is RPC over HTTP? What are the requirements to run it?
• What is Cached Mode in OL2003/2007?
• What are the benefits and “issues” when using cached mode? How would you tackle those issues?
• What is S/MIME? What are the usage scenarios for S/MIME?
• What are the IPSec usage scenarios for Exchange 2003?
• How do you enable SSL on OWA?
• What are the considerations for obtaining a digital certificate for SSL on Exchange?
• Name a few 3rd-party CAs.
• What do you need to consider when using a client-type AV software on an Exchange server?
• What are the different clustering options in Exchange 2003? Which one would you choose and why.

source: petri.co.il

Related Blogs

• Related Blogs on Interview Questions

• Leave a comment... (11)

• What is the difference between a workgroup and a domain?
• What are the major advantages of working in a domain model?
• What types of operating system installation methods do you know?
• What is an answer file?
• How would you create an answer file for Windows XP? How would you create one for Windows Vista?
• How do you perform an unattended installation on Windows XP?
• What is Sysprep?
• How do you use Sysprep?
• What is the major difference between Newsid and Sysprep?
• What is the function of the pagefile.sys file?
• What is the function of the hiberfil.sys file?
• What is the Registry?
• How can you edit the Registry? Name at least 3 ways of doing that.
• What should you do if you receive a message stating: “The following file is missing or corrupt: WINDOWSSYSTEM32CONFIGSYSTEM”?
• How would you repair an unsuccessful driver update?
• When should you use each of the fallowing tools: System Restore, LKGC and Recovery Console?
• How do you set different print priority for different users?
• How can you reset user’s passwords if you don’t know his current password?
• What’s the difference between changing a user’s password and resetting it?
• You want to grant a user the right to perform backups – should you add him to the administrators group?
• What is MMC?
• What is gpedit.msc?
• How would you use the MMC to manage other servers on your network?
• You set a local policy for your Stand-alone XP Professional – would the local policy effects the administrators group?
• What new in the Windows Vista Local Policy?
• What is the difference between User Privileges and User Permissions?
• What is Safe Mode?
• Which logs can be found in Event Viewer?
• What is msconfig? On which OS can it be found?
• Can you upgrade XP Home Edition to Server 2003?
• Which permission will you grant a user for a folder he need to be able to create and delete files in, if you do not want him to be able to change permissions for the folder?
• What is the difference between clearing the “allow” permission and checking the “deny”?

Source: petri.co.il

Related Blogs

• Related Blogs on Interview Questions

• Leave a comment... (0)

• What is a NIC?
• What is a MAC Address?
• When would you use a crosslink cable?
• What are the main advantages and disadvantages of Fiber-Optic-based networks?
• What is the difference between a Hub and a Switch?
• On which OSI layer can a router be found?
• What is CSMA/CD?
• What is multicast?
• What is Broadcast?
• What is the difference between TCP and UDP?
• Describe some of the settings that are added by TCP and by UDP to the packet’s header.
• What are TCP Ports? Name a few.
• What is a TCP Session?
• What three elements make up a socket?
• What will happen if you leave the default gateway information empty while manually configuring TCP/IP?
• What will happen if you execute the following command: “arp -d *”?
• What is ICMP?
• When would you use the ping command with the “-t” switch?
• What command-line tool would help you discover for which port numbers your computer is listening?
• What is APIPA? How would you recognize it?
• What is a Cyclic Redundancy Check?
• What would you type in at a command prompt to view the IP settings for the computer that you are sitting at?
• What command would you type in at a command prompt to view the IP address of the remote computer?
• What is the W Value for class B?
• What is the Net ID of an IP Address of 18.9.25.3 with Subnet Mask of 255.0.0.0?
• What is CIDR?
• What is 255.255.255.255 used for?
• What is the maximum number of hosts for a Class B Network?
• What is the (default) class type of 195.152.12.1?
• What is the subnet mask for 10.0.10.1/17?
• What is the result when changing from a subnet mask of 255.255.224.0 to a subnet mask of 255.255.240.0?
• How can you access a shared folder from a remote computer? Name at least 3

Related Blogs

• Related Blogs on Interview Questions

• Leave a comment... (0)

• What is Active Directory?
• What is LDAP?
• Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.
• Where is the AD database held? What other folders are related to AD?
• What is the SYSVOL folder?
• Name the AD NCs and replication issues for each NC
• What are application partitions? When do I use them
• How do you create a new application partition
• How do you view replication properties for AD partitions and DCs?
• What is the Global Catalog?
• How do you view all the GCs in the forest?
• Why not make all DCs in a large forest as GCs?
• Trying to look at the Schema, how can I do that?
• What are the Support Tools? Why do I need them?
• What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN?
• What are sites? What are they used for?
• What’s the difference between a site link’s schedule and interval?
• What is the KCC?
• What is the ISTG? Who has that role by default?
• What are the requirements for installing AD on a new server?
• What can you do to promote a server to DC if you’re in a remote location with slow WAN link?
• How can you forcibly remove AD from a server, and what do you do later? • Can I get user passwords from the AD database?
• What tool would I use to try to grab security related packets from the wire?
• Name some OU design considerations.
• What is tombstone lifetime attribute?
• What do you do to install a new Windows 2003 DC in a Windows 2000 AD?
• What do you do to install a new Windows 2003 R2 DC in a Windows 2003 AD?
• How would you find all users that have not logged on since last month?
• What are the DS* commands?
• What’s the difference between LDIFDE and CSVDE? Usage considerations?
• What are the FSMO roles? Who has them by default? What happens when each one fails?
• What FSMO placement considerations do you know of?
• I want to look at the RID allocation table for a DC. What do I do?
• What’s the difference between transferring a FSMO role and seizing one? Which one should you NOT seize? Why?
• How do you configure a “stand-by operation master” for any of the roles?
• How do you backup AD?
• How do you restore AD?
• How do you change the DS Restore admin password?
• Why can’t you restore a DC that was backed up 4 months ago?
• What are GPOs?
• What is the order in which GPOs are applied?
• Name a few benefits of using GPMC.
• What are the GPC and the GPT? Where can I find them?
• What are GPO links? What special things can I do to them?
• What can I do to prevent inheritance from above?
• How can I override blocking of inheritance?
• How can you determine what GPO was and was not applied for a user? Name a few ways to do that.
• A user claims he did not receive a GPO, yet his user and computer accounts are in the right OU, and everyone else there gets the GPO. What will you look for?
• Name a few differences in Vista GPOs
• Name some GPO settings in the computer and user parts.
• What are administrative templates?
• What’s the difference between software publishing and assigning?
• Can I deploy non-MSI software with GPO?
• You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that?

Source: petri.co.il

• Leave a comment... (1)

Part 1

Administrative Accounts
Administrative accounts include that includes (Domain Admins, Enterprise Admins, and Administrators)
Must have recognizable username for auditing purposes.
Active Directory build in Administrator account must be renamed and password is known only to company IT director or other executive personal.
On annual base Administrative accounts should be reviewed by IT director.

Generic Accounts
Generic accounts are general user accounts in active directory.
And are aplyed by Default Domain Policy GPO ( See password Policy )

Service Accounts
Service accounts are accounts used to run application services that requires domain credentials in order to function for example Backup applications .
It is recommended that Service accounts will named by service name and their password set to “Never Expire”
On annual base those Service Account passwords should be changed by IT team.
Happens that service accounts are members of “Domain Admin group ” And they should be approved by IT director.
Every service account should have detailed description, of their purpose.

Contractors
It is recommended to put Contractors user and computer accounts in dedicate OU and apply more comprehensive security policies
Every Contractor account should have detailed description, of their purpose (Department and Project)

Guests
Recommendation is to not use guest accounts at all

Active Directory Password Policy for example
“Password policy” is a set of password protection rules that apply to all company users

• Password must be at least 8 characters long
• Password must contain:
• At least 1 upper case letter
• At least 1 special character or digit. Example (*&^%$#@?.|\~`,012345678+-*/)
• The password can’t contain part of username.
• Maximum password age should be 90 days. (Or less )
• Password will automatically expire after 90 days since last change.
• Reminder is emailed to user 15, 7 and 1 day before password expiration.
• Minimum password age is 7 days.
• User cannot change password in less than 7 days after previous password change occurred.
• The system remembers 24 previous passwords. User may not use these passwords.
• User account is locked for 30 min after 5 sequential bad logon attempts.
• Service Accounts password are changed on yearly basis each 15/Jan notification is sent to IT group

Delegation of Control
Delegation of user management tasks to users with specific set of permissions.
This responsibility should be assigned to a small number of Administration staff.

User Opening Policy
you should have policy that documents each new user

User Maintenance Policy
you should have policy that documents each change at user account security

User Termination Policy
you should have policy that documents each retired user

Backup
You must have Active directory backup policy

• Leave a comment... (0)

Due to the risk involved, The procedure must be done very carefully. It is good first to do some training on non operational domain .

To restore Active Directory DB from backup:

• Determine exactly the object name that needs to be restored (OU name).
• Reboot domain controller into authoritative restore mode.
• Restore the system state from last backup.
• Open a command window
• Run “ntdsutil”
• Type “authoritative restore”, press Enter
• To restore a subtree, type “restore subtree” and the entire object name of the subtree to be restored. For example, to restore the sub-OU “Test ou2″ located in the upper-level OU “Marketing”, use the following syntax, being careful to capitalize as necessary: Example “restore subtree OU= Test ou2,OU= Marketing,DC= your sub domain name ,DC=your domain name ,DC=com”

• Type “quit” to exit from authoritative restore mode
• Type “quit” to exit from ntdsutil
• Reboot into normal operating mode

Replicating Restored data to other Domain Controllers

So basically what we did , we loaded the appropriate subtree into the replication system.
and no we need to Replicate the AD as follows:

1. Open the AD Sites & Services MMC
2. Open a DC that is not the one that was just used to restore Active Directory Data
3. Open NTDS Settings
4. Right-click each of the other servers and click “Replicate Now”

Good luck

And remember if you have any way to avoid this procedure , please use the other way

Related Blogs

• Related Blogs on Active Directory
• History of Active Directory
• Whitepaper: VMware and VSS: Application Backup and Recovery

• Leave a comment... (1)