Browse by Tags

Related Posts
  • Blog Post: Interacting with Data Collector Sets via Powershell

    Background: In an earlier post I talked about some new features for Windows 2008 and Vista.  One of those new features that is often overlooked are the data collector sets (DCS).  One particular role that leverages data collector sets is active directory.  Active directory has put “hooks...
  • Blog Post: Supported upgrades for domain controllers to Windows 2008 (Melting Pot in CorpNet)

    Currently we are running Win2k3 SP1, R2, SP2, Win2k8 Beta3, RC0, RC1, and RTM Escrow idomain controllers in production...  Since we're running some downlevel servers in the environment and I was interested in what is supported to be upgraded to Windows 2008 when we sign off and the the DVDs start...
  • Blog Post: Domain doesn't know about my computer account? I vouch for my computer, you can trust me...

    Had an issue where a server would not allow logon via termian services each time you attempted to logon it would return this:     Soooooooooo, what to do here?  First, we made sure the account existed in the directory since that's why it appeared to be complaining.  So I opened LDP...
  • Blog Post: NTDS performance counters missing

    Thought I’d doc this for any others who run into this issue.  I had to demote/promote a machine this morning and when it finished promoting I found it was missing all the NTDS\* counters in perfmon.  I ran LODCTR /Q and saw that it looked wrong:   C:\Windows\system32>lodctr /q:NTDS...
  • Blog Post: Booting a DC into DSRM without touching it locally.

    Short answer: /safeboot:DSRepair Long answer: So you will run into it often when being an AD admin that you need to boot a DC into DSRM (Directory Service Restore Mode), so what is the easiest way of doing this without having someone stand at the console and hit F8 on reboot and select DSRM...
  • Blog Post: How to frisk a DC when people are complaining of "Authentication Issues".

    At Microsoft we do quite a bit of dogfooding (imagine that) and in doing so we run into issues in the infrastructure and a lot of the time they crop up as "authentication issues". For example, users can't get to a website, a share, e-mail, etc. The symptoms can be varied and the outcome is the same,...
  • Blog Post: Sync a partition from one DC to another DC when they don't have a direct replication link. And other Repadmin fun...

    REPADMIN /ADD I've shown you the beauty of REPADMIN /REPLSUM * /BYSRC /BYDEST /SORT:ERROR to easily find out the largest replication deltas in your forest. Lets take a look at a couple of other things you can do with repadmin, that I use quite a bit. When I was running the DCs, it was not an uncommon...
  • Blog Post: Booting into DSRM in Windows 2008

    Since the boot.ini file no longer exists in Windows 2008, the way to boot into directory service repair mode has changed. You can setup the OS to boot to DSRM a couple of ways as shown below. I'd also mention that to due offline defrags and other NTDSUTIL commands against the database you can now just...
  • Blog Post: Can you have a mix of 32 and 64 bit domain controllers?

    I see this questions come up quite a bit about the interoperability of x86 and x64 domain controllers. Does replication work? Do the tools cross over well? Any gotchas that we should know about? Etc. Well I'm here to tell you that here at Microsoft we've been running a mix of 32 and 64 bit domain controllers...
  • Blog Post: Changing "Sessions" information on user account in Active Directory with Powershell

    Doing some digging with a teammate today it was incredibly difficult to find information on how to automate the settings change of the Sessions tab on a user object. Different paths indicate we need to edit the userParameters attribute but you've probably found that it's a binary blob and not easily...
  • Blog Post: Windows Server 2008 Beta3: Can and RODC be a GC?

    Answer: Yes. If you're looking to deploy some RODCs during the B3 timeframe then it would be a good idea to read through this first: Step-by-Step Guide for Read-Only Domain Controller in Windows Server 2008 Beta 3 One of the gotchas before an RODC will advertise as a GC in your domain is that domainprep...
  • Blog Post: What do you say you DO here?

    Just noticed the AD jigsaw poster has been updated for 2k8. So next time your boss asks you "What do say you do here?", don't reply with I'm a people person! Do the following: 1) Download one of the jigsaw posters from http://www.microsoft.com/downloads/details.aspx?FamilyID=c2b9e44e-0bbd-47cb-bc09-b3d48be7f867&DisplayLang...
  • Blog Post: Dumping out all the DCs in a domain to a txt file

    Short and sweet way of dumping out the DCs to a txt file, in a script: for /f "skip=1" %%a in ('netdom query dc /domain:YOURDOMAIN') do (if %%a == The (echo.) else echo %%a >> test.txt) So what's the deal with all the syntax, and how would this be useful? Well if you do simple admin...
  • Blog Post: New Dcdiag switches for Windows 2003 SP2

    If you want to see what else is coming your way fro SP2 check out this link . This is nice, because we all know when you scan your enterprise for the DNS tests in can be a bit verbose.... New options have been added to the Dcdiag.exe Domain Name System (DNS) tests. These new options are /x and /xsl:xslfile...
  • Blog Post: Republish printers easily on a print server to Active Directory.

    Printers can get pruned from the directory for many reasons. The way it is supposed to work is if the printer is stale then a DC will remove the print queue object from the directory after trying to contact it 3 times at 8 hour intervals (default). This also means that if a DC can't net view the print...
  • Blog Post: Webcast coming up: Looking cool in front of your AD peers in Win2k8

    Just got back from vacation and will start getting the posts going again. Just wanted to mention a webcast coming up from AD administration in Windows 2008 that is going to play next Thursday the 27th. If you got some time to kill, I'd make this session for sure. TechNet Webcast: Extending Windows Server...
  • Blog Post: Hey who deleted that user from AD???

    Backstory As an Active Directory administrator you might find yourself in a scenario where an object/account/computer/etc gets deleted from the directory and then helpdesk/operations/management/VPs want to know the who, what , when, where, why, and how. Now in a big enterprise like here in MSIT that...