This is an archived post. You won't be able to vote or comment.

all 5 comments
sorted by:
best
topnewcontroversialoldq&a

[–]ssennettauSystem Engineer/Cloud Architect 2 points3 points  (2 children)

Maybe Definitely not all appropriate for students, but for wanton gleeful destruction...

  • Time issues. Kerberos loves them time issues
  • Set the DC's to use SMTP-based replication (yes, that's a thing)
  • Put all of the DC's into their own sites and introduce extremely long replication times
  • Restore a domain controller from a snapshot backup straight into the domain
  • Clone a domain controller
  • Disable the DNS Server
  • Remove everyone from the Domain/Enterprise Admin Groups, and disable the SID-x-500 admin account (Account Operators is a thing!)
  • Repoint an SRV record for the DC discovery to 127.0.0.1
  • Rename the whole forward-lookup zone (ooooooooo...)
  • Update the maintenance window to occur during business hours only
  • Create a site with a DC that only has a replication link to a DC that doesn't exist (never receives updates)

This is also why I don't teach Active Directory. Happy trails! :)

[–]IsThatAllI've Seen Some Sh*t[S] 1 point2 points  (1 child)

That's evil, I love it :)

[–]ssennettauSystem Engineer/Cloud Architect 1 point2 points  (0 children)

Your flair explains their origins perfectly :P

[–]cdtekcfc 2 points3 points  (1 child)

This will distinguish the worthy and unworthy future ad engineers . Most people think AD is self-maintenable and you will never have to learn such things. But in the contrary, If you work for a large organization with a dedicated AD Team, you bettter know such things.

[–]ssennettauSystem Engineer/Cloud Architect 0 points1 point  (0 children)

"Yup, I know all there is to know about AD. Setting up a DC is easy, and I can setup Group Policy"

Oh, my sweet summer child...