I’ve recently replaced my servers with some nice HPE ProLiants with iLO 4 Advanced. One of the first steps I wanted to get sorted was replacing the self-signed SSL certificates so I don’t have to sit through the warning messages every time I open the web interface. I’ve already got an Active Directory Certification Authority set up so thought I’d use that, given that the root CA certificate is already installed and trusted on all devices.
A while ago we accidentally deleted a leaving staff member’s account instead of disabling it – and pure bad luck means this particular member of staff came back a week later to cover a staff illness. Not wanting to have to re-create the account I discovered that the Active Directory Recycle Bin had not been enabled in the forest – oh no! Luckily we can still get the account back. Objects deleted in AD are tombstoned for 180 days (by default). Continue reading “Active Directory: Recovering Deleted Items”
The standard method to configure hybrid domain join is to open up Azure AD Connector and follow the wizard. However this isn’t suitable for every environment – for a start it needs to write forest-level configuration data, create a Service Connection Point (SCP), and if you want to link multiple tenancies to a single AD forest you’re in for a hard time.
Luckily we can hybrid join with some registry settings on the client devices, and don’t need to set up an SCP. Here’s how I’ve managed it on my network.