Monthly Archives: May 2013

Running other things on Domain Controllers

I often see my customers running things other than Active Directory Domain Services (ADDS) on Domain Controllers.  These can range from the relatively innocuous (KMS) to the downright ludicrous (Exchange).  Until now, I haven’t been able to point to anything official from Microsoft to state that this is not a good idea.  Anyway, fellow Directory Services MVP… Read More »

Still using NTDSUTIL to perform metadata cleanup?

Something I’ve noticed in the on-line forums is that people are still advising others to use NTDSUTIL to perform a metadata cleanup to remove references to Domain Controllers that have been removed from AD without using DCPROMO (e.g. following a DC failure where demotion was not possible).  Since Windows Server 2008 it has been possible… Read More »

The Net Accounts Command

You probably know this, but for some reason I only found out about it when someone showed it to me the other day.  Anyway, in the interests of sharing…. A really quick way to find the domain password and account lockout policy is to run the following from a CMD prompt: net accounts The output… Read More »