Posts

Showing posts with the label AD replication

Correct Way to Rename an Active Directory Domain Controller

If you rename your DC by renaming a Domain Controller in the normal way you would rename a computer (using the System > Rename this PC gui), you didn’t do it right and your metadata is likely irreversibly damaged. However, I have seen success in this situation when multiple DC’s exist by demoting a re-promoting the DC. If only a single DC exists I would say its maybe a good idea to follow the below guide as it may get your out of the proverbial but probably not recommended and you may have to rely on backups.  Use the below method carefully to rename your DC in a right way and for a smooth migration Step 1: Getting ready. Open a command prompt. (Windows key+r (run) + cmd) Step 2: Adding an alternate computer name. SYNTAX : netdom computername <currentDC FQDN> / add:<newDCName FQDN> In the command prompt, type (minus quotes) “netdom computername wrongname.domain.local /add:server.domain.local“   This should return with “Added (NAME) as an alternate nam

How to Export Active Directory Objects to CSV

Image
  Open the Powershell ISE → Create new script with the following code and run it. Get-ADObject -Filter 'Name -like "*"' | Where-Object {$_.ObjectClass -eq "user" -or $_.ObjectClass -eq "computer" -or $_.ObjectClass -eq "group" -or $_.ObjectClass -eq "organizationalUnit"} | Sort-Object ObjectClass | Export-CSV C:\Temp\ExportAD.csv -notypeinformation Open the file produced by the script in MS Excel.

Find AD Users who never logged on using Powershell

We can use the Active Directory powershell cmdlet   Get-ADUser   to query users from AD. We can find and get a list of AD users who never logged in at least one time by checking the AD attribute value   lastlogontimestamp .   The below command lists all users who never logged on. Get-ADUser -Filter {(lastlogontimestamp -notlike "*")} | Select Name,DistinguishedName If you want to list only enabled ad users, you can add one more check in the above filter.   Get-ADUser -Filter {(lastlogontimestamp -notlike "*") -and (enabled -eq $true)} | Select Name,DistinguishedName If you are familiar with LDAP filter you can also find never logged in users by using ldap filter.   Get-ADUser -ldapfilter '(&(!lastlogontimestamp=*)(!useraccountcontrol:1.2.840.113556.1.4.803:=2))' | Select Name,DistinguishedName In most cases, we may want to find AD users who created in last certain days or months and not logged in their system. To achieve this, we need to fil

How to check AD LDS or AD DS replication ?

The AD replication PowerShell cmdlets that we’ll look at are available on Windows Server 2012, Windows Server 2012 R2, Windows 8.0 and Windows 8.1. You must install Remote Server Administration Tools (RSAT) for AD DS on non-domain controllers to use these PowerShell cmdlets. 1. Get-ADReplicationFailure The Get-ADReplicationFailure PowerShell cmdlet can be used to check AD replication status for all or specific Active Directory domain controllers. The Get-ADReplicationFailure cmdlet helps you get the information about replication failure for a specified server, site, domain, or Active Directory forest. For example, to get the replication status for a specific domain controller, failure counts, last error, and the replication partner it failed to replicate with, execute the command below: Get-ADReplicationFailure DC1.mydomain.local You can also set the scope to see the replication status for all domain controllers in a specific site. As an example, the below command r