Posts tagged: ntds.dit

Feb 12 2013

Domain controller hardening: NTDS grab.

Once hackers gain domain administrator privileges and are able to logon to domain controllers they usually try to dump the NTDS database (see chapter Dumping All The Hashes–ntdsgrab.rb). This way they will try to crack every single domain user’s password, this happened recently when the New York Times was targeted by a cyber-attack. We will see in this post how to make this task more difficult to a hacker who has gained domain admin privileges by modifying some security settings on the Domain controllers.
Read more »

Jun 28 2012

Powershell: Compact the Active Directory database

We will see in this post how to automate the AD database (NTDS.dit) offline defragmentaion with Powershell under Windows 2008 server. With Windows 2008 server, you no longer need to restart the DC in DSRM mode, you just need to stop the Active Directory service.
Read more »

Jan 31 2011

Adprep 2008 troubleshooting

In this post we will describe some issues we had when extending the schema for Active 2008 or 2008R2. The steps to prepare the schema for AD 2008 are described in this askDS post.
Read more »

Jan 10 2011

AD schema extension: Exchange 2010

In this post we will troubleshoot a problem you can encounter when you are extending the Active Directory schema for Exchange 2010. You can read this technet article for the steps to prepare the AD schema for Exchange 2010.

We encountered some problems when launching the command line:”setup.com /PrepareAD /OrganizationName:<Organization Name>”. First an error occurred and the setup process exited, after fixing this we had a warning when running the command.
Read more »

Jul 26 2010

GPMC hangs connected to one domain controller

I will describe in this post an incident we had in our production environment and the different troubleshooting steps to resolve this issue. When we launched a GPMC, the console froze when we clicked on an OU in order to display the Policy Objects linked to it. The problem occurred only when the GPMC was connected to a particular Domain Controller (PDC emulator in our case), if we switched to another DC the GPMC was OK.

There was no problem with GPOs in our domain: Replication was ok and GPOs were applied correctly on our computers/users objects. But we could not edit anymore GPOs connected to this DC. While the GPMC was hanging there was a lsass.exe CPU overload on the DC until the console was killed. Therefore we had to edit GPOs connected to any other DC, so the production environment was working near normal during the resolution of the incident.

Read more »

Mar 18 2010

Reduce the size of ntds.dit

On this post we will describe how to do a spring clean on your active directory database file ntds.dit.
The first step will be to search for stale objects in your domain, if after collecting those objects you don’t find many of them, do not hope to gain some space on your database. For example the size of a user object is at the minimum 4Ko, the size may vary depending on the number of attributes the account has. Check this article for more information on objects size.
Read more »

WordPress Themes

Blossom Icon Set

Software Top Blogs