======Microsoft - Active Directory - Installation======

=====Microsoft Support=====
[[http://support.microsoft.com/kb/947034/en-us|How to use unattended mode to install and remove Active Directory Domain Services on Windows Server 2008-based domain controllers (KB947034)]] \\
[[https://support.microsoft.com/en-us/kb/816587|How to verify that SRV DNS records have been created for a domain controller]] \\
[[https://support.microsoft.com/en-us/kb/2737935|Active Directory installation stalls at the "Creating the NTDS settings object" stage]] "This is a code defect in Windows Server 2012." \\
[[https://support.microsoft.com/en-us/help/255504|Transferring or seizing FSMO roles in Active Directory Domain Services (KB255504)]] \\
[[https://docs.microsoft.com/nl-nl/powershell/module/addsadministration/move-addirectoryserveroperationmasterrole|Move-ADDirectoryServerOperationMasterRole]] \\


=====Blogposts/Articles=====

[[wp>Flexible_single_master_operation|Flexible single master operation]] \\
[[http://serverfault.com/questions/676867/error-adding-child-active-directory-domain-to-existing-forest|Server Fault - Error adding child Active Directory domain to existing forest]]: "Azure virtual networks don't support broadcast; thus, even if NetBIOS is enabled, it just doesn't work. And it looks like Windows Server 2012 R2 really needs it for a DC promotion to work." \\

=====Domain (Re)name=====
[[http://support.microsoft.com/kb/909264/en-us|Microsoft Support - Naming conventions in Active Directory for computers, domains, sites, and OUs (KB909264)]] \\
[[http://support.microsoft.com/kb/837391/en-us|Microsoft Support - Exchange Server 2003 and Exchange 2000 Server require NetBIOS name resolution for full functionality]]
[[http://technet.microsoft.com/en-us/library/cc738208(WS.10).aspx|Microsoft TechNet - How Domain Rename Works]] \\
[[http://technet.microsoft.com/en-us/library/bb676377.aspx|Microsoft TechNet - Understanding Disjoint Namespace Scenarios]] \\

=====Pictures in AD=====
[[http://msitpros.com/?p=970|MSitPros Blog - Pictures in Active Directory Users and Computers]] \\
[[http://www.petri.co.il/forums/showthread.php?t=32496|Petri IT Knowledgebase Forums > Microsoft Networking Services > Active Directory > Active Directory user photo]] \\
[[http://www.arricc.net/active-directory-photos-sharepoint.php|Arric - Photos in Active Directory]] \\
[[http://blogs.technet.com/b/ilvancri/archive/2009/11/17/upload-picture-in-outlook-2010-using-the-exchange-management-shell-exchange-2010.aspx|TechNet Blogs > Ilse Van Criekinge's Weblog > Upload picture in Outlook 2010 using the Exchange Management Shell (Exchange 2010)]] \\

=====Delete Protection=====
[[http://technet.microsoft.com/en-us/library/dd723677(v=ws.10).aspx|Microsoft TechNet - AD DS: All OUs in this domain should be protected from accidental deletion]] \\

====Show Delete Protection settings for all OU's====
<code>
Import-Module ActiveDirectory 

Get-ADOrganizationalUnit -filter {name -like "*"} -Properties ProtectedFromAccidentalDeletion | format-table Name,ProtectedFromAccidentalDeletion
</code>
Source:[[http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2011/07/13/preventing-ous-and-containers-from-accidental-deletion.aspx|The things that are better left unspoken - Preventing OUs and Containers from Accidental Deletion]] \\

====Set Delete Protection for all OU's====
<code>
Import-Module ActiveDirectory

Get-ADOrganizationalUnit -filter {name -like "*"} -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true
</code>
Source:[[http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2011/07/13/preventing-ous-and-containers-from-accidental-deletion.aspx|The things that are better left unspoken - Preventing OUs and Containers from Accidental Deletion]] \\

=====Configure NTP on PDC Emulator=====
Configure 2 NTP servers as time source for the Windows Time service on the Domain Controller holding the PDC Emulator FSMO role:

<code>
REM Configure the Windows Time service to sync with two NTP servers
"%SYSTEMROOT%\system32\w32tm.exe" /config /manualpeerlist:"10.0.10.88 10.0.10.89" /syncfromflags:manual /reliable:yes /update

REM Stop and start the Windows Time service.
"%SYSTEMROOT%\system32\sc.exe" stop W32Time 
"%SYSTEMROOT%\system32\sc.exe" start W32Time 

REM Query config
"%SYSTEMROOT%\system32\w32tm.exe" /query /configuration
</code>

Sources:
  * [[https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/|NEPA PFE - “It’s Simple!” – Time Configuration in Active Directory]]
  * [[https://technet.microsoft.com/en-us/library/cc731191(v=ws.10).aspx|Microsoft TechNet - Configure the Windows Time Service]]
  * [[https://technet.microsoft.com/en-us/library/cc794937(v=ws.10).aspx|Microsoft TechNet - Configure the Time Source for the Forest]]


=====Show FSMO role holders=====

  - Open a command prompt.
  - Execute:<code>netdom /query fsmo</code>