Understanding Lingering Objects in Active Directory and How To's?

There are some specific concepts in active directory which may put your environment in trouble if you do not attend to fix them as soon as you notice. One of them is Lingering objects. Defining the meaning of Lingering Objects (LO) is not difficult. Basically if an object in your active directory partitions exist in one or more domain controllers and not exist in the rest of the domain controllers in the same partition. So you may ask yourself how that is possible to have an object in a DC and not having the same object in another DC? So what is the responsibility of replication? Wasn’t it designed in order to have a synchronized AD database in your environment? We are going to cover your questions as well. 


Customize DST start and end time accross the forest

Daylight Time Saving! These three words are strong enough to disarrange your PDC and time hierarchy in Active Directory environment, especially when it comes to countries like Iran, where there is no update related to DST time zone since 2009. If you still not concerned about what the real problem is I will clarify it in a moment. 


Best practices for FSMO roles placement

Yes they are ALL important! Whether you have a huge enterprise with enormous amount of users and computers or a small network which consist around 50 clients, you have to keep them up and running. Provided that information optimizing the placement of FSMO roles is crucial for their availability. However some of the following FSMO roles are more important than the others but keep it mind that you have to balance them in your environment. 



Winning the Active Directory interview

In any environment you are working and in any position, you are suppose to enhance your knowledge everyday and there is no doubt about it. Sometimes increasing this knowledge is not only for your postion, but it is also for your joy and finding a better position in IT world. Questions below are one of the best lists which you can find in order to prepare yourself for a better position or getting a rais or promotion. Make sure to know every single question by details in case you want employers do not miss you.


Tracking Account Lockouts

In any size of network which is based on Active Directory you have experienced the account lock out problem. You simply ask yourself why it is locked? I am more than a hundred percent sure that I am entering my password in a correct form but why it becomes locked again and again? The answer might be a bit general: “It depends on many reasons”. Although entering the password in the wrong form turns out to be the first reason of account locked out problems, there are plenty of reasons behind this incidence. I am going to cover how you can find out the source of problem with a simple GPO and then your enterprise will be problem free. 


About Mahdi

Post Archive

Limit Active Directory user login to 1 session

Written By Mahdi Tehrani on Wednesday, 02 August 2017 10:21

The auditor of auditors: 'LepideAuditor Suite'

Written By Mahdi Tehrani on Tuesday, 23 May 2017 10:56

Protect your domain against WannaCry malware

Written By Mahdi Tehrani on Sunday, 14 May 2017 09:42

‘List Object Mode’ in Active Directory, a myth or future settings?

Written By Mahdi Tehrani on Thursday, 13 April 2017 08:47

Fix Group Policy error 1058

Written By Mahdi Tehrani on Saturday, 30 April 2016 09:32