Ultimate Active Directory resource page

I recently suffered an Active Directory meltdown than made me look to the sky and curse the Gods of Redmond!

I had many good resources to refer to, but I’m sure this page full of linky goodness would’ve helped further: http://blogs.technet.com/b/askds/archive/2010/07/27/post-graduate-ad-studies.aspx

Well worth reading if you want a thorough understanding of the underlying components in Active directory.

When good Domain Controllers go bad!


It’s a pleasant day and all is well with the world. Colleagues are skipping around the office with smiles on faces…until…duh duh daaa! One by one, services start failing:

  • Printers go offline:
    • First, for Win7 users
    • Then for all clients
    • Can still print from server though
  • File shares go offline
  • Active Directory replication fails
  • DNS console will not open

Basically, your main Domain Controller (DC) has just taken a dump…and so have you!

These are the steps I took to troubleshoot the issues and get everything back online.

[Read more…]

Installing Active Directory Certificate Services


You want to configure and control certificates throughout your IT Infrastructure.

Server 2008 R2 has this functionality built-in, so you just need to add the Server Role.

[Read more…]

Deploying UltraVNC within an Active Directory environment using Group Policy


You’ve tried several different VNC applications and have decided UltraVNC meets your humble Remote Support needs. Now you want to centrally deploy and manage UltraVNC in your domain.

The default installer creates unwanted shortcuts on the user’s desktop, so you need to modify this before rolling out to all client PCs. In addition to this, there are separate installers for 32-bit and 64-bit PCs, so this will have to be accounted for.

Here is how to achieve remote desktop nirvana using UltraVNC:

[Read more…]

Migrating SYSVOL replication from NTFRS to DFSR using Windows Server 2008 R2


You’ve raised the domain functional level to take advantage of several new features, one of them being DFS Replication for SYSVOL. You now need to enable this feature.

Here’s how to migrate SYSVOL replication from NTFRS to DFSR:

[Read more…]

Raising the Domain Functional Level using Windows Server 2008 R2

Raising the Domain Functional Level (DFL) is easy to do and can enable many new features.

Read about them here: http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx

To raise the DFL, follow these simple steps:

  1. From Active Directory Users and Computers, right-click your domain and select Raise domain functional level:
  2. Select the required DFL, then click Raise:
  3. Read the warning and click OK:
  4. This confirmation message should then be displayed:
  5. Job done!

Force replication on a Domain Controller via command prompt


You want to force replication to all Domain Controllers, across sites, but you also want to see the actual server names, and abort if any servers are unavailable.


Run the following command:

repadmin /syncall /d /e /a

Then run this to check everything replicated ok:

repadmin /replsummary

More info can be found here: http://technet.microsoft.com/en-us/library/cc835086(v=ws.10).aspx#BKMK_examples

Updating all Local Administrator passwords across the domain


You used to use startup scripts to update all Local Administrator passwords throughout your domain, but now that you think logon scripts are the Devil’s work, you need another way of doing it.

I mean, look at the code…it’s not heavenly is it:

Set SatanNet = WScript.CreateObject("WScript.Network")
strComputer = "."
Set LuciferUser = GetObject("WinNT://" & strComputer & "/Administrator,user")
LuciferUser.SetPassword "PASSWORD'o'HELL" ' Enter new password between brackets

Here’s a nicer, flame-resistant solution:

[Read more…]

How to create a Group Policy Central Store


You have downloaded or created your own Group Policy Administrative Templates, and would like them to be stored centrally, opposed to individually on each Domain Controller.

Here’s how to create a Group Policy Central Store:

[Read more…]

How to confirm if Group Policy Preference Client Side Extensions are installed in WinXP


You need to confirm if Group Policy Preference Client Side Extensions are installed for Windows XP, but nothing shows up in Add/Remove Programs.

You’re sure that you have the right update (http://www.microsoft.com/download/en/details.aspx?id=3628), but Group Policy Preferences are not working.

Here’s how you can confirm Preference CSEs are installed:

[Read more…]