Troubleshooting Active Directory Replication

In Windows 2003 there was a useful gui tool replmon but they didn’t continue developing and shipping it.

But you can also do it comfortable with the command repadmin. Here the most important commands:
repadmin /showrepl
repadmin /showrepl * /errorsonly
repadmin /showrepl * /csv
repadmin /queue
repadmin /queue DCServerName
repadmin /replsummary

repadmin /syncall DCServerName /APed
* All Partitions Push enterprise distinguished Name
** Pushes all DCs to start the replication

No Comments »

admin on March 3rd 2015 in IT, Windows Server

How to create Group Managent Service Account

Useful for Network Load Balancing and Clusters

Same steps as in How-to-create-a-Managed-Service-Account

You need to create a security group and add computers to it.

New-ADServiceAccount –Name GroupMSA –DNSHostName ServerName –PrincipalsAllowedToRetrieveManagedPassword MSAComputers –passthru

No Comments »

admin on July 15th 2013 in IT, Windows Server

How to create a Managed Service Account

New since Win2k8 R2

Instead of using User Accounts for services you can create Managed Service Accounts now. The advantage is that it also changes the password every 30 days automatically like in the computer accounts. You can find the managed user accounts here:
Active Directory User and Computers\Managed Service Accounts

1. Run Active Directory Module for PowerShell
2. Add-KDSRootKey
    
     For LAB Environment to not wait the 10 hours to repliacte type instead:
     Add-KDSRootKey –EffectiveTime ((Get-Date).AddHours(-10))
2. New-ADServiceAccount –Name WebTest –DNSHostname servername –Passthru

    Without –Passtrhu you don’t have any feedback

3. Add-ComputerServiceAccount –identity web01 –ServiceAccount WebTest –Passthru

You can check the settings in more details if you run adsiedit.msc.

Now you can use this service for example for services.

1. Run services.msc

2. Right Click on a Service\Properties\Log On\
    This Account:

     domain\yourcreatedaccount$

3. You don’t need to put a password

No Comments »

admin on July 15th 2013 in Windows Server

How to access/edit Active Directory Schema

regsvr32 schmmgmt.dll
mmc
Add Snapin Schema

No Comments »

admin on March 5th 2013 in IT, Windows Server

Find old Computers/users in Active Directory

Easiest way is to use following query on your Domain Controller to find all computers which were inactive for 4 weeks:
dsquery computer –inactive 4

The same you could for users:
dsquery users – inactive 4

No Comments »

admin on March 22nd 2012 in Windows, Windows Server

Active Directory Commands

dsadd Creates and object in the directory
dsget Gets the attributes of an object
dsmod Changes the attributes of an object
dsmove Moves and object
dsrm Removes and object or container with all objects
dsquery Runs a query
csvde Import/Export Objects from/into a csv file
ldifde Import/Export (Lightweight Directory Access Data Interchange Format)
dsa.msc Active Directory Console

Examples:
dsadd user “cn=Todd Test,ou=Users,dc=mist,dc=com” –samid ttest –upn ttest@mist.com
dsadd group “CN=Marketing,OU-Groups,DC=mist,DC=com” –samid Marketing –secgrp yes –scope g
dsget group “CN=Marketing,OU-Groups,DC=mist,DC=com” –members -expand
dsget user “cn=Todd Test,ou=Users,dc=mist,dc=com”
dsrm “cn=Todd Test,ou=Users,dc=mist,dc=com”
csvde –i –f NewUsers.txt
ldifde -i -f NewUsers.ldf

No Comments »

admin on June 4th 2009 in Windows Server




Check out new movies online website. Download and buy movies now.
1