Issue a certificate with the manually set serial number (Certificate...
We are looking for a way to issue a certificate with the definite serial number. To cut it short, subCA should create a precertificate with poison extension. I suppose just a certificate (a special...
View ArticleMerging Child Domains to parent domain with exchange server present
Hi, Good Day!!We are planning to do an Active Directory Migration. The scenario is: parent.local,child1.parent.local,child2.parent.localParent.local is having all domain controllers with Windows Server...
View ArticleForwarders vs DNS Caching
Folks, Our company uses ISP provided forwarders for Internet Domain Name resolution. However these have been flapping lately and the ISP says that they don't provide any SLA for these and don't have a...
View ArticlePerimiter access to AD for authentication
Hi, I am trying to get authentication for external resources to my domain, I first tried ldaps (636) and locked by ip but this seems challenging since the root CA I am using is internal and not trusted...
View ArticleIssue upgrading Domain Controller from Server 2012 to Server 2012 R2
I am attempting to upgrade Server 2012 to Server 2012 R2. This machine is a domain controller alongside a Server 2003 R2 machine, which is the main domain controller.When running adprep /forestprep, I...
View ArticleList of AD users having local admin rights on their systems/PCs
Hi,I want to get list of AD users having local admin rights on their system or mean to say added to local admin group.RegardsSajid
View ArticleWindows Domain Controllers, 2003 R2, Windows 2008, Windows 2008R2 and Windows...
Hi -I wanted to know if it is possible to collect all or just Active Directory related logs from Windows Domain Controllers or any Windows Server(s) to a central repository? Such as some sort of Syslog...
View ArticlePermission issues
I ran the command gpresult /scope computer /r on one of the servers and got the below information COMPUTER SETTINGS ------------------ CN=EX-02,CN=Computers,DC=alah,DC=com,DC=sa Last...
View ArticleOU best practices, preventing OU sprawl
We are a decent sized shop, to the point where we have a central IT that "owns" Active Directory, but we have some departmental IT, some of them are OU admins, many are coming from there own domains....
View Articlemigrate from ADFS 2.0 to ADFS 3.0 ...WID to SQL.
hello. thanks for the time. i want to move from an adfs 2.0 on WID to ADFS 3.0 on SQL environment.my plan: 1) bring up a windows 2012R2 server.2) copy the SSL cert for ADFS from the 2.0 server to the...
View ArticleAre all DCs have the same AD information as the server with FSMO roles?
Are all DCs have the same AD information as the server with FSMO roles?I ask that question because I'm just wondering if a server with all 5 FSMO roles is down and can't be repaired then is other DC...
View ArticleScript to find users created within 90 days
Hi Experts, I ma trying to write a script to find all the users created within 90 days. In my environment powershell is disabled. Hence I have to go for ldap based queries. I have tried the following...
View ArticleClik here to view.
Managing Trusted Sites via Policy
Hi -I followed this article http://blogs.technet.com/b/kfalde/archive/2014/09/29/managing-trusted-sites-via-policy-for-emet-asr.aspxto add trusted sites via GPO. I was able to add the trusted sites via...
View ArticleSet-up AD on windows server 2012r2
hi,So I am on a mission to install AD on windows server 2012r2 Standard. Current set-up is that we have 3 AD's with Windows 2008r2 between 3 sites running on HP ProLiant 360.New Server is HP Proliant...
View ArticleADFS2.0 : Receiving an error from 1 adfs proxy server out of 2 which is beng...
I've deployed 2 ADFS Proxy servers in DMZ for load balance purposes with one adfs path from the internet, adfs-ext.company.com. I am getting the following error form one of the Proxy servers.Log Name:...
View ArticleOutsourcing desktop enviroment (vdi)
We have a W2k8r2 forest. One root, domain 2 child domains.About 400 Windows 7 clients. We are outsourcing our desktop enviroment. Other thing is that we going to use Skype for business hosted by also...
View ArticleMove computers in AD to specific OUs beased on their IP addresses
Hi all,I have the below subnets defined in AD Sites and Services which are distributed between 8 AD sites, I am looking for a tool\script that will move each computer in AD to its specific OU based on...
View ArticleDNS not updating on RODC Server 2008 R2
We have a branch server setup as a RODC running Server 2008 R2 with DNS and DHCP. It was the first RODC and done a few years ago. However, it appears that the zones and replication zones were setup...
View ArticleDAC Device Claims not being generated/passed
I have setup DAC and implemented the needed GPOs. User claims are working and I can control access based on those. However device claims are not. I can use the command:$claims = $(new-object...
View ArticleAdvantages of deleting obsolete computer accounts
Hi,how to find the obsolete computer accounts in a 2008R2 domain and how to remove those objects on monthly basis.Is there any benefit we have if we remove the obsolete computer accounts ?
View Article