When you are using Active Directory Powershell cmdlets such as Get-ADDomainController, Get-ADUser, Get-ADComputer, Get-ADObject, you may receive the following error message: Such an exception is linked to the difficulty those commands have to work in a multi-domain environment, whether that multi-domain be a single forest with multiple child domains, various […]
In an old post, I was writing about the commands you could use to retrieve the list of your RDS Licensing servers in a domain. Generalizing this LDAP Filter example, you can retrieve a list of Service Principal Names enabled accounts. The examples are as follows: In the powershell syntax […]
Designing Group Policy Objects is sometimes tricky. Let’s review some useful WMI filters in Group Policy Objects for sites and domain controllers inclusion or exclusion. When linking Group Policy Objects, you are always bound to the LSDOU rule, which means that GPOs are processed in the following order: L for […]
While joining machine to a domain, multiple errors can occur. In particular Domain Join Error 0x6ba is often present but with different causes. Let’s recap the needed things to properly join the domain: The machine must be able to solve the domain name The machine must be able to retrieve […]
When W32Time starts to output warning in your system logs you may often get the following message for NtpClient Error 0x800706E1: “NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt […]
As explained in corresponding KB, and as supposedly known by WIndows Active Directory administrators, here’s a quick guide, a FSMO role reference. Multi-Master Model vs. Single-Master Model ACtive DIrectory is a multi-master model, which means changes are supposed to occur at any DC in the enterprise. However, it is not […]
Working in big AD forests and domains can be sometimes challenging, as powershell cmdlets require you perfect identity matches. In an AD of a global corporation, where you have tons of John, Sam, Doe, Smith, Martin, Schmidt , finding that information may be time consuming: is the name given a first […]
Although it has been described here, adding a custom attribute in an Active Directory can be intimidating, because it is an irreversible operation and documentation shows a full example which is not detailed step-by-step. Scenario In our very simple scenario, imagine you want to add a text string “CostCenter” to […]
Losing one domain controller isn’t a thing you appreciate, but rebuilding one DC in an running forest is easy. Losing an entire forest because of corruption or compromised assets isn’t exactly that. In this series, Let’s see how to prepare an AD Forest Disaster Recovery plan. Hint: you’d better practice […]
Since the initial times of Windows 2003, things have changed. Restoring AD objects, including DNS Zones become simpler with each release of Windows Server. Therefore let’s see how you can restore users, computers, organizational units and DNS zones nowadays. Restoring AD objects for standard classes Since Windows 2008 R2, Get-ADObject […]
