In a large enterprise an admin would need to keep track of all the domains in a AD forest, the domain names, the domain controllers (DC) , their IPs, and what FSMO roles does a DC hold. Wrote a little script to just do that…
One of my clients had a problem with processing GPO on client computers. Different computers applied different settings from the same GPO but from different domain controllers. All tests related to replication was successful, all GPOs are applied, but replication between domain controllers was a problem, and because of that most clients had a different … Read moreForce synchronization for DFSR-replicated SYSVOL
Came across a unique request to get primary, secondary, and tertiary DNS values for multiple computers/servers across the domain. I started writing the script and got what I wanted. Now this started off as just to query for DNS Server information, but then I thought to add other pieces to get myself a good Network … Read moreGet Primary, Secondary, Tertiary DNS values and more from Multiple Servers
Ran into a situation at a client location where in Active Directory, the security permissions applied to an OU were not getting inherited permissions on to the objects. Basically, security inheritance was broken.This causes a problem when the administrative accounts or groups needing to modify an attribute on the AD object throw errors, or are … Read moreFix Active Directory broken security inheritance problem
If you want to replicate all Domain Controllers, then you have to start replication on each of them separately. This may take a while. To save time there is an easier way to force replication on all Domain Controllers of all Active Directory Sites. Log on to one of your Domain Controllers. Start Windows PowerShell … Read moreForce Replication of all Domain Controllers on all Sites
So had an interesting issue today where a Domain Controller (DC) was demoted yet the IP of the demoted DC was still showing up when running nslookup internaldomain.local Demoted DC:Â MWDC04 / IP: 10.14.111.111 I had done the metadata cleanup and tried many suggestions when googling the subject. To my surprise none of the solutions I … Read moreNSLookup still showing IP of demoted Domain Controller
Using the standard GUI Microsoft Management Consoles to make the change to speed up Active Directory replication is not possible. The best result of using administrator consoles will be to increase domain replication between domain controllers to 15 minutes. These large time values were instituted into Active Directory at version 1 because inter-site connections during that era of computing and networking were much lower in bandwidth with the most common being frame-relay or … Read moreSpeed up Active Directory & DNS replication between Sites
From time to time admins have to run an inventory of what is running in the AD environment. This is a good practice for audits, inventory, removing decommissioned servers, or any other good reason. The details that are required are like when was computer/ server created, when was it last logged into, what is the … Read moreThe Lazy Way To Do Active Directory Inventory
Having a local administrator of your workstations can come in handy. Sometimes you might need to logon locally to troubleshoot or rejoin a computer to your domain. You can create a group policy that creates a local admin users and sets the local password. Admins make a common mistake when they want to add a … Read moreAdding a security group to the Local Administrator Group in AD
Covering one of the basic day to day task if you are a Windows Administrator; connecting to the domain controller. Â I try to minimize logging onto servers as much as possible. Â Your thought should be around connecting to the server remotely and doing the work as needed instead of natively logging on to it. I … Read moreConnecting to a remote domain controller using PowerShell