The following is a screen shot from Windows Server 2003 x64 Enterprise Edition. Your challenge is to duplicate this screen shot. No, Photoshop tricks are not allowed. This is an actual screen shot in Active Directory Users and Computers that can be duplicated.
Active Directory Group Policies refresh every 90 minutes on a client (with a plus/minus 30 minute offset). If you want to force a refresh remotely on computers, you can use a utility called psExec from Sysinternals. psExec allows you to execute programs on a remote system interactively.
Download psExec and at the command prompt execute the following command:
psexec \\computer cmd
where computer is the IP address or name of the remote computer
Assuming you have the proper access to the remote computer, you will be able to execute the commands you want remotely. For example, to force a Group Policy refresh type gpupdate /force. The command will be executed on the remote computer instead of the local machine.
Another option is to use RGPrefresh.exe from GPOguy.com. This is a free command-line tool which requires .NET Framework 1.1. Click here for more info.
And yet another option is to use a free add-on to Active Directory from the Special Operations Software called Gpupdate. This tool will let you remotely and graphically refresh Group Policies as a right-click option in the user interface.
If you would like to add another layer of protection to your current security model, a server and domain Isolation solution based on Internet Protocol security (IPSec) and Active Directory can allow your network administrators to control the network environment and enhance security by isolating logical networks based on policy. This is beneficial in the sense that it creates an additional layer of policy-driven protection. to protect your network against certain network attacks.
Microsoft TechNet has tons of information on this topic online, including case studies. Click here for more information.
By default, Active Directory performs online defragmentation every 12 hours as part of the Garbage Collection process. Online defragmentation doesn’t compact the database, it only optimizes the data storage. To compact the AD database (ntds.dit), you can perform an offline defragmentation by following the procedure described below.
1. Restart the domain controller.
2. Press F8 and then select Directory Services Restore Mode.
3. Logon as Administrator.
4. Go to the command prompt and type ntdsutil.exe.
5. Type files.
6. Type info and make a note of the path.
7. Type compact to path, where path is the location for the compacted database, e.g. c:\temp, or “c:\compacted database”. You’ll need quotes around the path if there are spaces in the path.
8. A new compacted database called ntds.dit is created in the path you specified in the above step.
9. Type quit a couple of times until you exit ntdsutil utility.
10. Copy the new compacted ntds.dit over the old ntds.dit located in the path listed in step 6.
11. Reboot the domain controller normally.
You can now use Group Policy to centrally manage a greater number of features and component behaviors. The number of Group Policy settings has increased from approximately 1,700 in Windows Server 2003 with SP1 to approximately 2,500 in Windows Vista and Windows Server “Longhorn”.
Microsoft has posted a table that summarizes new or expanded categories of Group Policy settings. Click here to access the table.
Contact E-mail | Terms of Use | Privacy Policy
Copyright ©2009 Zubair Alexander. All rights reserved.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Dec | ||||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
26 queries. 1.110 seconds