background preloader

Active Directory

Facebook Twitter

Updated List of OS Version Queries for WMI Filters – More likely than not, if you’re using Group Policy to push out software installation or registry entries to client machines or servers on the domain, the policy may be different depending on the OS version or architecture.

Updated List of OS Version Queries for WMI Filters –

Examples, Group Policy Objects may need to be filtered by: Desktop / Server Domain Controller / Non-Domain Controller 32-bit / 64-bit If you haven’t used WMI filters before, they show up in Group Policy Management at the bottom, between Group Policy Objects and Starter GPOs. The WMI filters use a query to scope down the application of the Group Policy Object applicability. Here’s what a typical WMI OS filter looks like: WMI Win32_OperatingSystem ProductType Tips: Active Directory Replication Over Firewalls - TechNet Articles - United States (English) - TechNet Wiki. This article is based on an article in the Microsoft TechNet Library and is presented here to enable those outside of Microsoft who are interested and knowledgeable on this topic to improve it.

Active Directory Replication Over Firewalls - TechNet Articles - United States (English) - TechNet Wiki

How DNS Scavenging and the DHCP Lease Duration Relate – Ask Premier Field Engineering. Hello everyone, Sean Ivey here from the US PFE – Carolinas team.

How DNS Scavenging and the DHCP Lease Duration Relate – Ask Premier Field Engineering

I’m what we refer to as a platforms-AD PFE. Basically I focus on Active Directory and related networking technologies. Recently, and on three separate occasions, I worked with SCCM administrators having issues deploying the SCCM client. Specifically, they were seeing the error “Failed to get token for current process (5)” in ccm.log. We discovered the problem was related to DNS and DHCP rather than SCCM. The Scenario Consider the following simplified scenario. A DHCP scope has its lease duration set to the default 8 days.The DHCP scope is low on available IP addresses.Client-A has NOT renewed its IP address lease in 8 days, so it has expired.Client-B is requesting a new IP address.The DHCP server assigns Client-B the address that was leased to Client-A. Don’t be afraid of DNS Scavenging. Just be patient. DNS Scavenging is a great answer to a problem that has been nagging everyone since RFC 2136 came out way back in 1997.

Don’t be afraid of DNS Scavenging. Just be patient.

Despite many clever methods of ensuring that clients and DHCP servers that perform dynamic updates clean up after themselves sometimes DNS can get messy. Remember that old test server that you built two years ago that caught fire before it could be used? Probably not. DNS still remembers it though. Considering updating your Domain functional level from Windows 2003? Read this! - Exchange Team Blog. Now that Windows Server 2003 end of life (July 14th, 2015) is on the horizon, many customers are updating their Active Directory (AD) Domain Controllers (DC) from 2003.

Considering updating your Domain functional level from Windows 2003? Read this! - Exchange Team Blog

The first item to consider is which Windows Server Operating System (OS) you will be moving to for your DC’s. There are several options to consider today: 2008, 2008R2, 2012, or 2012R2 operating systems. However, no matter which newer OS you move your DC’s to, coming from 2003, the krbtgt account will reset its’ password when you update the Domain Functional Level (DFL), which is the concern that could break Exchange. Default groups: Active Directory. Default groups Many default groups are automatically assigned a set of user rights that authorize members of the group to perform specific actions in a domain, such as logging on to a local system or backing up files and folders.

Default groups: Active Directory

For example, a member of the Backup Operators group has the right to perform backup operations for all domain controllers in the domain. You can manage groups by using the Active Directory Users and Computers snap-in in Microsoft Management Console (MMC). Default groups are located in the Builtin container and the Users container. Trust types: Active Directory. Updated: January 21, 2005 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 Trust types Communication between domains occurs through trusts.

Trust types: Active Directory

When to create an external trust: Active Directory. Well-known security identifiers in Windows operating systems. A security identifier (SID) is a unique value of variable length that is used to identify a security principal or security group in Windows operating systems.

Well-known security identifiers in Windows operating systems

Well-known SIDs are a group of SIDs that identify generic users or generic groups. Their values remain constant across all operating systems. This information is useful for troubleshooting issues that involve security. It is also useful for potential display problems that may be seen in the ACL editor. An SID may be displayed in the ACL editor instead of in the user or group name. What Are Security Principals? Updated: March 28, 2003.

What Are Security Principals?

Print Management Step-by-Step Guide. The document is archived and information here might be outdated Updated: March 26, 2014 Applies To: Windows Server 2008, Windows Server 2008 R2 There are two primary tools that you can use to administer a Windows print server in Windows Server® 2008: Server Manager and Print Management.

Print Management Step-by-Step Guide

You can use Server Manager to install the Print Services server role, optional role services, and features. Server Manager also displays print-related events from Event Viewer and includes an instance of the Print Management snap-in, which can administer the local server only. Print Management provides a single interface that administrators can use to efficiently administer multiple printers and print servers and is the primary focus of this document. The Active Directory integrated DNS zone _msdcs.domainname was not found.

Thank you Tim. This has been a real hassle for quite some time and has been holding back my domain migration to 2008R2. As Tim stated, manually create the _msdcs.ForestFQDN. I right-clicked the Forward Lookup Zones/New Zone... /Next/Select "Primary zone" radio button and the "Store the zone in Active Directory" check box (these are defaults)/Next/for replication scope I selected "To all DNS servers running on domain controllers in this domain" (I have a simple single forest, single domain config)/Next/Zone Name: _msdcs.ForectFQDN Wait for replication and population of the zone. I re-ran the Best Practices Analyzer and my server came up clean, no recommendations.