Posts

How to check AD LDS or AD DS replication ?

The AD replication PowerShell cmdlets that we’ll look at are available on Windows Server 2012, Windows Server 2012 R2, Windows 8.0 and Windows 8.1. You must install Remote Server Administration Tools (RSAT) for AD DS on non-domain controllers to use these PowerShell cmdlets. 1. Get-ADReplicationFailure The Get-ADReplicationFailure PowerShell cmdlet can be used to check AD replication status for all or specific Active Directory domain controllers. The Get-ADReplicationFailure cmdlet helps you get the information about replication failure for a specified server, site, domain, or Active Directory forest. For example, to get the replication status for a specific domain controller, failure counts, last error, and the replication partner it failed to replicate with, execute the command below: Get-ADReplicationFailure DC1.mydomain.local You can also set the scope to see the replication status for all domain controllers in a specific site. As an example, the below command r...

Export and Import DHCP Scope

I was researching how to change the Subnet Mask of a DHCP scope on a Windows 2008 server. It turns out you can’t change the subnet without deleting the scope and recreating it. If there are a lot of customizations to the scope, though, like reservations and scope options, it’s no easy task to delete and recreate the scope. Luckily   I found one page   that explains how to export the scope to a text file, make changes, and then reimport it. The whole process takes only a couple of minutes, and you end up with a deleted and rebuilt scope that has all your customizations intact. Use the below command to export the scope configuration Syntax: C:\>netsh dhcp server \\”Server name” scope “scope subnet” dump>c:\dhcp.txt Example: C:\>netsh dhcp server \\Test01 scope 192.168.1.0 dump>c:\dhcp.txt That creates a text file you can edit to change the Subnet, and whatever else you want changed. Then you have to delete the s...

Promoting a Windows Server 2008 R2 Domain Controller to an existing domain in an existing forest

Image
Promoting the first Domain Controller that runs Windows Server 2008 R2 is not a new thing. However, there are some pre-requisites that you need to look after before promoting your new Domain Controller. In this test scenario, we already have our  itserveronline.local  domain and forest which consists of only one Windows Server 2003 R2 Domain Controller with the DNS server role in a Windows 2000 Mixed domain. This article entails the different steps needed to successfully add the first and full operational Domain Controller and DNS server that runs Windows Server 2008 R2 in our forest. Prerequisites to the new server. The first step is to  prepare  the Windows Server 2008 R2 server. To start,  we need to ensure proper  Computer Name  of the new server (as per your naming convention). The next thing to check is the  IP address  of the new server. It is to be noted that the server needs to be assigned a  static  IP address. S...

The ACL permission of DFS folders is reset after DFS Namespace service restart in Windows Server 2008 R2

Scenario: we have a lot of DFS namespaces shared across on our domain, reachable via \\example.com\namespace1  and  \\example.com\namespace2 .  DFS namespaces has ABE enabled. After a reboot of a domain controller all namespaces are available through that server except for the content of the ABE enabled namespaces. After I import the NTFS rights again with ICACLS or FileACL  the content is available again . If we do another reboot or rest the permission the process starts over again. Cause: This issue occurs because of a logic error in the DFS Namespace service. This issue occurs when the service sets an Access Control List (ACL) to the DFS folders in a DFS version 1 namespace during the service start-up process.   Resolution: Installation of hotfix KB2464365 was carried out and the issue was no longer experienced. Hotfix Download: https://support.microsoft.com/kb/2464365

Configuring Windows Search (File Content Search) For Citrix and Windows 2008 R2 \ Excluding Indexing from Windows Search

Image
In Windows 2008 R2, Windows search has Indexing in built or as a part of it with some default file\folders inclusions. Other Indexing role is for Legacy OSs. In Windows Server 2008R2 Search in file content is not enabled by default and can be enabled by installing the File Server >  Windows Search Service role. Once the Windows Search Service is installed file searches on shares hosted on Windows 2008 R2 file servers can be off-loaded to the file server thereby conserving XenApp server resources. Users App data folder, Start Menu and Internet Explorer history will be also indexed….. and this is where the trouble can start: The Search database file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb may grow very large – a “normal” size seems to be around 40 MB and a large DB can be 4 GB. The SearchIndexer.exe process has high disk I/O We decided to only allow file searches as it seemed the main cause was inde...

Loopback processing of Group Policy.

Image
As we know group policy has two main configurations, user and computer. Accordingly, the computer policy is applied to the computer despite of the logged user and the user configuration is applied to the user despite of the computer he is logged on. For example we have a Domain, this Domain has two different organizational units (OU)  Green  and  Red ,  Green OU  contains a Computer account and  Red OU  contains User account. The Green policy, which has settings  “Computer Configuration 2”  and “User Configuration 2”  is applied to the OU with the computer account. The Red policy, which has settings  “Computer Configuration 1”  and  “User Configuration 1” , is applied to the OU with the User account. If you have a look at the picture below it will become clearer. If Loopback processing of Group Policy is not enabled and our User logs on to our Computer, the following is true: As we can see from the picture, the User gets...