Setting up a reliable time source is must in any environment. In the MS Windows Active Directory world this actually can not be found in the GUI or via a wizard. We gotta go to the dreaded command line. 🙂 It’s actually fairly straight forward. Please note that it must be run to the BDC
Sometimes it is the simplest things that get you. I was asked to troubleshoot a system that would not register into DNS after a domain migration. The system could ping its new gateway and the new DNS servers–telnet showed access to the new DNS boxes on port 53 and name resolution was functioning correctly other
I was asked to troubleshoot a recently built DNS server that was having some difficulties. One of the errors had me scratching my head for a few minutes. When doing an nslookup the following would be displayed C:\nslookup Default Server: UnKnown Address: 192.168.1.4 As it turns out it’s not really an error –what it is describing is
So you want to replicate changes in-‘almost’-real-time to your AD sites? While this is not recomended in production enviornments you may have a need to increase replication interval in a lab or development enviornment. You will need some large and reliable connection pipes between your sites to handle the traffic. In order to do this
Mark Russinovich makes a strong case for duplicate SID myths that most of us Windows admins have subscribed to–however it never hurts to know how many duplicates you may have. Here is how you check it on your domain. Open a command prompt and type ntdsutil and press ENTER. Now type security account management and
This is a really simple procedure: Open Group Policy Management. In the console tree, double-click Group Policy Objects in the forest and domain containing the Group Policy object (GPO) into which you want to import settings. Right-click the GPO, and then click Import Settings. Follow the instructions in the Import Settings Wizard, and then click
Trying to re-install Exchange even after following all MS best practice guidelines fails with the error: To install the first Exchange server in a domain, or to run setup in “/ForestPrep” mode, you must be an Exchange Full Administrator at the organization level. You must use an account that has been granted the Full Exchange
Ping returns the following Pinging DC1.domain.com [::1] from ::1 with 32 bytes of data: Reply from ::1: time=1ms Reply from ::1: time=2ms Reply from ::1: time=1ms Reply from ::1: time=3ms Disable IPv6 and your problems go away. It’s usually not enough to uncheck it in the NIC properties. For best results use the registry to
RPC by default can grab any dynamic port above 1024. Security sometimes may ask you to limit that to a much narrower range. A the minimum you should have about 100-200 ports available for RPC communication. Here is the registry setting: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc Ports: REG_MULTI_SZ: 5000-5100 PortsInternetAvailable: REG_SZ: Y UseInternetPorts: REG_SZ: Y Full MS KB
Assume a trust is setup between Domain Y and Domain X From the Domain Y DC issue the following command ldifde -f output.ldf -s {FQDN of DCx} -b {user account} {domain} {password} Connecting to “FQDN of DCx” Logging in as “user account” in domain “domain” using SSPI Exporting directory to file output.ldf Searching for entries…