Just sitting playing around with ntdsutil and the possibility to change the directory service restore mode password. This is a feature that most companies forget, or are not aware of. If you dont know the password for the domain controllers you cant restore the Active Directory database, remember that domain controllers don't have local user database?. So the password you typed in during domain controller setup "dcpromo" are important, but easy to forget. Lots of times it's not documented and different on all dc's
You had to use a tool called "Ntdsutil", an important tool for Directory Services administration, to change password after the first setup of "Dcpromo". Luckily you could run the command from just one of the domain controllers and change it on each any every domain controller by using a line of parameters
Scripting have been the way of doing it automaticly, you had the choices of making an advanced script to collect dc server names or just use a script with manually typed name, but then it was important to update the script to reflex the changes in your active directory envimoment.
In Windows Server 2008 you could download a fix KB961320 that gave a new feature in ntdsutil to sync the password with an ordinary domain users account. This feature are buildt into the Windows Server 2008 R2. To read more about it check out the Technet page here
Still it's giving us a challenge, the new feature cannot change it on any other server then the one executing it, so is it worse then the old?
The answer are "no", because combining it with "Group Policy Preferences" you can create a scheduled task and run it regulary
And how to do it are in this great article from the people at the Microsoft Directory Service team
Da er det bare en uke til MVP dagen hvor 10 fantastiske Norske MVP'er og meg skal ha en dag fult av praktiskte foredrag på norsk med...
Creating a new OS deployment task in MDT you will be asked to specify product key That’s easy enough, but what if you type in the wrong...
Every now and then I get this error message when fuelling a computer with MDT: "The task sequence has been suspended. LiteTouch ...
First thing first, Windows Server 8 beta will change name to Windows Server 2012. This was officially announced at MMS2012 and the release d...