Lost a disk on a domain controller with FSMo roles
Hi, A disk on one of our domain controller failed where there are sysvol folder? what we should do to remediate the situation ?
repadmin/showrepl command returen "codonot find the the domain controller"
i have two domain controller one primary named "PDC101" and secondary "additional" one called "SDC101" they were of for long time when i checked the replication between them from both sides i have the following…
Services restarting by itself in a domain controller
Hi, I am stop and disabling the Netlogon and KDC services in one of my domain controller to stop client communications to this DC but after few minutes the services starting automatically by itself. Also after stopping these two services I am getting…
Change Country, Country Code via Powershell for a specific OU
Hello everyone, I have been trying to get a working command via Powershell on AD server which will change C, Country, CountryCode for a specific OU Get-ADUser -SearchBase 'OU=Test OU,OU=Users and Computers,OU=Company HQ,DC=DOMAIN,DC=com' -filter * |…
Change Attributes for users in OU but restrict only to parent OU
I'm using the following command to replace the attributes of all AD users in the specified OU Get-ADUser -SearchBase 'OU=Test OU,OU=Users and Computers,OU=Company HQ,DC=DOMAIN,DC=com' -filter * | Set-ADUser -Replace…
Best method for reporting local admin accounts throughout domain
Hi! We're wanting to track down all the user accounts in our domain that currently have local administrative rights on any of our Windows 10 computers. Searching online I came across many convoluted methods that might work to get a list like this put…
Remove original domain admin from Domain Admins group
We have an odd issue that certain software across our environment has to be managed by the user account that installed it. This was always installed under the original domain\Administrator account (was renamed something else a long time ago but is still…
Delegation doesn't work on some Admin accounts
Hi, I created a unit organisation and set delegation to give to some users the permission to edit all users in this OU. We have a problem with some admin accounts. the delegation doesn't work.
Domain controller avantage
HI all, I was wondering if someone tell me what is pros and cons of having a domain controller in a company? Thnx
DNS requirement for Cross Forest Migration AD,Exchange and Trust Relationship
Hello Folks, Our Scenario: 1 forest and 1 domain and we are dividing it in two companies so we are preparing new forest and new domain. I have a question we are creating forest trust and the prerequisites is conditional DNS forwarder. As we are…
add add universal group to StrongAccountsPasswordPolicy
I want to add a group type "universal" into a group "StrongAccountsPasswordPolicy" Is there a workaround ? I do not want to change the group type to "global"
Why does ADMT v3.2 require administrator credentials in the source domain?
The ADMT v 3.2 migration guide states that a domain administrator credential is required in the SOURCE domain when migrating user accounts. Although it specifies this requirement regardless of whether sidHistory is desired, we have found that…
Windows Server 2019 AD - Problem to add additional Active Directory
Hi I have a problem adding my Windows Server 2019 to the additional AD server, I try to promote my server, got that error message... The operation failed because: Active Directory Domain Services could not create the NTDS Settings object for this…
Active Directory-based activation. How it works with subdomains/child domains?
Hello everyone! I am planning to deploy ADBA in a forest with multiple domains. There is a root domain and a subdomain. The forest is geographically dispersed. Each location has a root domain controller. Schema Version 2012R2. How to properly deploy…
Server Core and GPMC
We're planning on implimenting a network with only Server 2019 Core and Redhat. I've warned the PM that from a support point of view we wont have the ability to edit GPO's since we can't run GPMC. It's still not possible to fully edit GPO's either…
Active Directory Forest Trust Permissions to create
Hello Folks, Our Scenario: 1 forest and 1 domain and we are dividing it in two companies so we are preparing new forest and new domain. I have a question we are creating active directory forest trust between two companies and i would like to know…
SYSVOL file got Encrypted via Ransomeware attack
Dear Experts , We have faced ransomware attack recently , it encrypted files of Domain Controller 2012 SysVol Windows Server 2012 Standard working as Primary Domain Controller while two more additional domain controllers are there with GC enabled,…
Admin account unable to delete/edit disabled user accounts in AD
We have a help desk admin that’s unable to delete/edit any user accounts that have been disabled. It’s all greyed out for them; removing security groups of the user doesn’t work. What setting do we need to enable for them to do so. Our high level…
Compatibility Windows 2000 member and 2019 domain controller
Hello, I did an audit in one client Active directory and find he has some W2000/2003 servers. Actually he uses 2012domain controller and I need to give pro and cons to migrates to 2019 domain controller. I don't find any documentation about…
Urgent Advice --- Active Directory Replication Issues across Sites
We apparently appear to be having some replication issues across several sites in our network. We have 5 total sites with the Site-1 being the main site and where the FSMO holder is housed. Changes appear to be moving across the other sites in AD since I…