Tips, thoughts and notes from the world of IT
I recently suffered an Active Directory meltdown than made me look to the sky and curse the Gods of Redmond!
I had many good resources to refer to, but I’m sure this page full of linky goodness would’ve helped further: http://blogs.technet.com/b/askds/archive/2010/07/27/post-graduate-ad-studies.aspx
Well worth reading if you want a thorough understanding of the underlying components in Active directory.
It’s a pleasant day and all is well with the world. Colleagues are skipping around the office with smiles on faces…until…duh duh daaa! One by one, services start failing:
Basically, your main Domain Controller (DC) has just taken a dump…and so have you!
These are the steps I took to troubleshoot the issues and get everything back online.
You want to configure and control certificates throughout your IT Infrastructure.
Server 2008 R2 has this functionality built-in, so you just need to add the Server Role.
You’ve tried several different VNC applications and have decided UltraVNC meets your humble Remote Support needs. Now you want to centrally deploy and manage UltraVNC in your domain.
The default installer creates unwanted shortcuts on the user’s desktop, so you need to modify this before rolling out to all client PCs. In addition to this, there are separate installers for 32-bit and 64-bit PCs, so this will have to be accounted for.
Here is how to achieve remote desktop nirvana using UltraVNC:
You’ve raised the domain functional level to take advantage of several new features, one of them being DFS Replication for SYSVOL. You now need to enable this feature.
Here’s how to migrate SYSVOL replication from NTFRS to DFSR:
Raising the Domain Functional Level (DFL) is easy to do and can enable many new features.
Read about them here: http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
To raise the DFL, follow these simple steps:
You want to force replication to all Domain Controllers, across sites, but you also want to see the actual server names, and abort if any servers are unavailable.
Run the following command:
repadmin /syncall /d /e /a
Then run this to check everything replicated ok:
repadmin /replsummary
More info can be found here: http://technet.microsoft.com/en-us/library/cc835086(v=ws.10).aspx#BKMK_examples
You used to use startup scripts to update all Local Administrator passwords throughout your domain, but now that you think logon scripts are the Devil’s work, you need another way of doing it.
I mean, look at the code…it’s not heavenly is it:
Set SatanNet = WScript.CreateObject("WScript.Network")
strComputer = "."
Set LuciferUser = GetObject("WinNT://" & strComputer & "/Administrator,user")
LuciferUser.SetPassword "PASSWORD'o'HELL" ' Enter new password between brackets
LuciferUser.SetInfo
Here’s a nicer, flame-resistant solution:
You have downloaded or created your own Group Policy Administrative Templates, and would like them to be stored centrally, opposed to individually on each Domain Controller.
Here’s how to create a Group Policy Central Store:
You need to confirm if Group Policy Preference Client Side Extensions are installed for Windows XP, but nothing shows up in Add/Remove Programs.
You’re sure that you have the right update (http://www.microsoft.com/download/en/details.aspx?id=3628), but Group Policy Preferences are not working.
Here’s how you can confirm Preference CSEs are installed:
