Restoring Active Directory without headhaches

If you work in a small business, you know that you can’t have all the hardware you need in order to keep IT up and running everytime. I’ve experienced the pain of lacking an UPS for my servers and as a result, my entire Active Directory domain was… corrupted after some power shortage. I tried everything, every Microsoft advices, no luck.

Fortunately, I had a good and full image of the main server, made with the excellent DriveImage XML (Free and hotghosting is possible!)

But… I didn’t know that the workstations change automatically their passwords every 30 days for security purposes. So, my restored server just can’t establish the security channel between it and the workstations. Here are some steps to prevent the changes:

  1. Start Registry Editor. To do so, click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  3. In the right pane, click the DisablePasswordChange entry.
  4. On the Edit menu, click Modify.
  5. In the Value data box, type a value of 1, and then click OK.
  1. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  2. On the Edit menu, point to New, and then click DWORD Value.
  3. Type RefusePasswordChange as the registry entry name, and then press ENTER.
  4. On the Edit menu, click Modify.
  5. In the Value data box, type a value of 1, and then click OK.

0 comments:

Post a Comment