|
Dan. I seem to remember from a security course
that I did that you had to write an ADM to prevent this happening in certain
circumstances – it was to do with NetBIOS. This is the snippet of my custom ADM and
was meant to be configured on internet facing machines only. POLICY "Release NetBIOS name on
request" EXPLAIN "Internet Facing Machines
Only. Release NetBIOS name on request. Recommended Value is Disabled" VALUENAME
"NoNameReleaseOnDemand" VALUEON NUMERIC 0 VALUEOFF NUMERIC 1 END POLICY This was a Windows 2000 policy setting and
is documented in http://support.microsoft.com/kb/315669/EN-US/ Regards Mark From:
I was hoping somebody might be able to explain how
the following occurred. A member server was built with the same name as
an existing Domain Controller, Domain Controller A. The server was
somehow put in the domain, and rebooted. In addition, I believe the
server was then renamed to Domain Controller B (just a name as it was not
dcpromoed). while still in the domain. The end result was that the
existing Domain controller, Domain Controller A was somehow overwritten by the
member server, and, its display name in ADUC changed to this new name Domain
Controller B. The offending Domain Controller B was then deleted from the
domain controllers OU. The event logged for the change shows
“Target Account Name: Domain Controller B but Target Account ID
Domain Controller A, they are mismatched. I believe the same event was
displayed for the delete. I entered this issue after all the above had
occurred and performed an authoritative restore of the object (original Domain
Controller A) and stopped the KDC, replicated, and got the domain controller
back. I have researched this issue, and tried to recreate the issue many
different ways in a test lab but cannot recreate it. Has anyone ever seen
anything like this? I am absolutely dumbfounded. |
- RE: [ActiveDir] Help to Explain how a Domain Controller could ... Mark Parris
