In a large enterprise an admin would need to keep track of all the domains in a AD forest, the domain names, the domain controllers (DC) , their IPs, and what FSMO roles does a DC hold. Wrote a little script to just do that…
One of my clients had a problem with processing GPO on client computers. Different computers applied different settings from the same GPO but from different domain controllers. All tests related to replication was successful, all GPOs are applied, but replication between domain controllers was a problem, and because of that most clients had a different … Read more
I had a request recently to provide an inactive user report for the past 60 days. Basically, find out which accounts have not logged in for the past 60 days so action can be taken against them. The request was for a multi domain forest which queries every domain controller and gets the latest lastlogon … Read more
When troubleshooting domain controller related issues from a client side there are many things that needs to be checked. Few items that need to checked: Review if DCs are hardcoded in the application residing on the client (if application related) Ports are opened from the client to the DC Check if the DCs in the … Read more
Active Directory uses several ports for communication between domain controllers and clients. These ports are required both by client computers and Domain Controllers. As an example, when a client computer tries to find a domain controller it always sends a DNS Query over Port 53 to find the name of the domain controller in the … Read more
For most users this article only applies if you have Window 2003/ 2003 R2 Domain Controller in your enviornment that you are planning to get rid off. Pretty soon I hope! 😉 SYSVOL is a folder shared by domain controller to hold its logon scripts, group policies and other items related to AD. All the … Read more