Domain Controllers

The WolfTech Active Directory domain has five domain controllers, operating out of multiple campus data centers.  All are global catalog servers.  The domain is operating at the Windows 2012 domain functional level.  The forest is operating at the Windows 2012 forest functional level.  All domain controllers are running the Windows Server 2012 R2 operating system.

Services requiring LDAP querying and authentication against WolfTech AD should use the virtual (vIP) host “ldaps.wolftech.ad.ncsu.edu”. This host listens on the secured (encrypted) LDAP ports of 636 (ldapS) and 3269 (global catalog; gc-ldapS), and forwards requests to supported domain controllers in it’s server pool. Encryption is required using the TLS protocol; SSL protocols are no longer supported. To avoid certificate trust issues when connecting to “ldaps.wolftech.ad.ncsu.edu”, please install the NCSU root and WolfTech subordinate public CA certs into your trusted CA certificate store, as it uses PKI certificates generated from the WolfTech AD PKI.

The virtual host “ldaps.wolftech.ad.ncsu.edu” typically has all domain controllers except the PDC role holder in it’s server pool. Domain controllers are moved in and out of the pool for maintenance and upgrades, but we keep multiple valid domain controllers in this pool at all times for redundancy.

To do a non-authoritative restore of Sysvol:
1. change “ms-dfsr-enabled” attribute to “False” on CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=DOMAIN CONTROLLER,OU=Domain Controllers,DC=wolftech,DC=ad,DC=ncsu,DC=edu object
2. Run “Dfsrdiag pollad” 2-3 times
3. Reenable
4. Wait for a 4614