Microsoft - Active Directory - Installation

How to use unattended mode to install and remove Active Directory Domain Services on Windows Server 2008-based domain controllers (KB947034)
How to verify that SRV DNS records have been created for a domain controller
Active Directory installation stalls at the "Creating the NTDS settings object" stage “This is a code defect in Windows Server 2012.”
Transferring or seizing FSMO roles in Active Directory Domain Services (KB255504)
Move-ADDirectoryServerOperationMasterRole

Flexible single master operation
Server Fault - Error adding child Active Directory domain to existing forest: “Azure virtual networks don't support broadcast; thus, even if NetBIOS is enabled, it just doesn't work. And it looks like Windows Server 2012 R2 really needs it for a DC promotion to work.”

Microsoft Support - Naming conventions in Active Directory for computers, domains, sites, and OUs (KB909264)
Microsoft Support - Exchange Server 2003 and Exchange 2000 Server require NetBIOS name resolution for full functionality Microsoft TechNet - How Domain Rename Works
Microsoft TechNet - Understanding Disjoint Namespace Scenarios

MSitPros Blog - Pictures in Active Directory Users and Computers
Petri IT Knowledgebase Forums > Microsoft Networking Services > Active Directory > Active Directory user photo
Arric - Photos in Active Directory
TechNet Blogs > Ilse Van Criekinge's Weblog > Upload picture in Outlook 2010 using the Exchange Management Shell (Exchange 2010)

Microsoft TechNet - AD DS: All OUs in this domain should be protected from accidental deletion

Import-Module ActiveDirectory 

Get-ADOrganizationalUnit -filter {name -like "*"} -Properties ProtectedFromAccidentalDeletion | format-table Name,ProtectedFromAccidentalDeletion

Source:The things that are better left unspoken - Preventing OUs and Containers from Accidental Deletion

Import-Module ActiveDirectory

Get-ADOrganizationalUnit -filter {name -like "*"} -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

Source:The things that are better left unspoken - Preventing OUs and Containers from Accidental Deletion

Configure 2 NTP servers as time source for the Windows Time service on the Domain Controller holding the PDC Emulator FSMO role:

REM Configure the Windows Time service to sync with two NTP servers
"%SYSTEMROOT%\system32\w32tm.exe" /config /manualpeerlist:"10.0.10.88 10.0.10.89" /syncfromflags:manual /reliable:yes /update

REM Stop and start the Windows Time service.
"%SYSTEMROOT%\system32\sc.exe" stop W32Time 
"%SYSTEMROOT%\system32\sc.exe" start W32Time 

REM Query config
"%SYSTEMROOT%\system32\w32tm.exe" /query /configuration

Sources:

• NEPA PFE - “It’s Simple!” – Time Configuration in Active Directory
• Microsoft TechNet - Configure the Windows Time Service
• Microsoft TechNet - Configure the Time Source for the Forest

1. Open a command prompt.
2. Execute:

   netdom /query fsmo