Recently, I wanted to know what the tombstone lifetime was in my environment and decided to find this using PowerShell. There are a number of ways I could do this but dong it through PowerShell would be much easier. For those of you that are new to the attribute, a good explanation of it is: […]
If you want to replicate all Domain Controllers, then you have to start replication on each of them separately. This may take a while. To save time there is an easier way to force replication on all Domain Controllers of all Active Directory Sites. Log on to one of your Domain Controllers. Start Windows PowerShell […]
If you want to find out how many domain/ enterprise admins are active/inactive in domain you can use the following PowerShell command to figure out: Get the list of domain admins and check if they are enabled.
|
1 |
Get-ADGroupMember -Identity "Domain Admins" -Recursive | %{Get-ADUser -Identity $_.distinguishedName} | Select Name, Enabled |
Get the list of enterprise admins and check if they are enabled.
|
1 |
Get-ADGroupMember -Identity "Enterprise Admins" -Recursive | %{Get-ADUser -Identity $_.distinguishedName} | Select Name, Enabled |
So had an interesting issue today where a Domain Controller (DC) was demoted yet the IP of the demoted DC was still showing up when running nslookup internaldomain.local Demoted DC: MWDC04 / IP: 10.14.111.111 I had done the metadata cleanup and tried many suggestions when googling the subject. To my surprise none of the solutions I […]
What Is an SPN? An SPN is a reference to a specific service, for example, an instance of SQL or a web application run by IIS. Since SPNs are specific, they reference not only what the service is (such as an SQL server), but also which hostname runs the instance and on which port it’s […]
Using the standard GUI Microsoft Management Consoles to make the change to speed up Active Directory replication is not possible. The best result of using administrator consoles will be to increase domain replication between domain controllers to 15 minutes. These large time values were instituted into Active Directory at version 1 because inter-site connections during that era of computing and networking were much lower in bandwidth with the most common being frame-relay or […]
From time to time admins have to run an inventory of what is running in the AD environment. This is a good practice for audits, inventory, removing decommissioned servers, or any other good reason. The details that are required are like when was computer/ server created, when was it last logged into, what is the […]
Having a local administrator of your workstations can come in handy. Sometimes you might need to logon locally to troubleshoot or rejoin a computer to your domain. You can create a group policy that creates a local admin users and sets the local password. Admins make a common mistake when they want to add a […]
Certificate templates are a feature available on enterprise CA. Certificates templates enable to preconfigure certificate settings for enrollment (or auto enrollment). Enrollment is the process to obtain a certificate signed by the CA. The client that has obtained a certificate by enrollment is called the enrollee. I will show you how to create a certificate […]
Covering one of the basic day to day task if you are a Windows Administrator; connecting to the domain controller. I try to minimize logging onto servers as much as possible. Your thought should be around connecting to the server remotely and doing the work as needed instead of natively logging on to it. First […]
