AD

AD retention period

Check AD retention tombstone value: Import-Module ActiveDirectory $ADForestconfigurationNamingContext = (Get-ADRootDSE).configurationNamingContext $DirectoryServicesConfigPartition = Get-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ADForestconfigurationNamingContext” -Partition $ADForestconfigurationNamingContext -Properties * $TombstoneLifetime = $DirectoryServicesConfigPartition.tombstoneLifetime Write-Output

Auth, and netonly authentication

In order to run an ODBC check remote from outside a domain we can run a netonly auth against AD first: runas /user:user@domain.no /netonly C:WINDOWSSysWOW64odbcad32.exe

DFSR error 4012 on stand-alone DC

In short: The steps: net stop dfsr adsiedit ; msDFSR-Enabled=FALSE net start dfsr adsiedit ; msDFSR-Enabled=TRUE repadmin /syncall /AdP DFSRDIAG POLLAD Look for Event ID

Why not enable AD recycle bin?

Not really any good reason, unless you have a really large org or some policy preventing this. There have been some issues with ntds.dit growing

Upgrade SYSVOL replication to DFSR

When adding newer domain Controllers to a MS network, we might be using the old FRS and we have to upgrade to DFRS https://www.rebeladmin.com/2015/04/step-by-step-guide-for-upgrading-sysvol-replication-to-dfsr-distributed-file-system-replication/ https://techcommunity.microsoft.com/t5/storage-at-microsoft/streamlined-migration-of-frs-to-dfsr-sysvol/ba-p/425405