I find myself quite often trying to keep straight all the different replication activities that can occur within an Active Directory (AD) domain.
There is:
Intrasite Replication
Urgent Replication
Intersite Replication
Intersite Change Notification Replication
Reciprocal Replication
Immediate Replication
Manual Replication
With the advent of Windows Server 2012 R2, Microsoft has worked diligently to provide support for virtualization and allow corporations to reduce costs by virtualizing as much hardware as possible. New features in 2012 R2 help prevent USN rollback and/or Lingering objects via the new VM-Generation ID. If a guest o/s is restored from a snapshot the VM-Generation Id that is stored in the DIT (msDS-GenerationID attribute on the DC’s computer object) is compared to the value on the Host. If they don’t match then the Invocation-Id is updated with a new value and any RID’s from the machine are replaced with a new set from the RID Master.
So the question is, “Do I need a physical DC in my Domain?” Continue reading “Can I Virtualize ALL My DC’s In the Domain?”
Ace here again. I thought to touch base on DNS zones, and more so, focus on what AD integrated zones are and how they work. This blog almost mimics my class lecture on this topic. Check back for updates periodically, which I will notate with a timestamp above with whatever I’ve added or modified.
This topic was also briefly discussed in the following Microsoft Technet forum thread:
Technet thread: “Secondary Zones?”
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/c1b0f3ac-c8af-4f4e-a5bc-23d034c85400
Continue reading “Understanding Lingering Objects in Active Directory and How To’s?”
Group Policy can be difficult to design, implement, and troubleshoot unless you are fully aware of the foundational concepts that drive Group Policy with Active Directory. There are many moving parts with Group Policy, not to mention the reliance that Group Policy has on Active Directory functioning properly. When making changes within a Group Policy Object (GPO) in hopes for a desired outcome, only to have Group Policy not working correctly can be very frustrating.
many article is founded in internet about its problems. one of the best articles about reason for failing apply GPO is writen by derek melber. please check these links
http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Top-10-Reasons-Why-Group-Policy-Fails-to-Apply-Part1.html
http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Top-10-Reasons-Why-Group-Policy-Fails-to-Apply-Part2.html
http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Top-10-Reasons-Why-Group-Policy-Fails-to-Apply-Part3.html
thanks by www.windowsnetworking.com
last week , i try to work with Windows 2008 R2 server but my system restart frequently . after research i find Reboot problem. If these servers are using File Share or SMB v.2, srv2.sys may cause this problem.
Srv2.sys driver is root cause of this problem.
This is SMB 2.0 server driver. You can download hotfix KB2552033 for Windows Server 2008 R2 SP1 with your own risk until Microsoft officially release it.
I am sure you must have experienced VPN reconnect – a new IKEv2 based VPN tunnel that is added in Windows 7 that allows automatic and seamless switchover of an active VPN connection when the underlying Internet interface (connection) changes thus maintaining application persistence.
Isn’t that COOL – like VPN user moving from Wifi to WWAN and back – giving a true mobile connectivity to corpnet ! Yes it is…
This means, Windows7 in-built VPN client and Windows 2008 R2 in-built VPN server (aka RRAS) supports following VPN tunnels:
About each folder under the SYSVOL share in Domain Controller
SYSVOL folder used to store a copy of the domain’s public files like system policies, Group Policy settings and logon/logoff scripts, which are replicated to all other domain controllers in the Active Directory domain through File Replication Services (FRS), You can find many folders inside the SYSVOL share, I would like to explore and explain each folder by how it’s used in the process of SYSVOL replication.
trusting domain and the trusted domain
For the diagram above, we have the following summary:
When you create a trust from the Account Domain (trusted), the type of trust will be “incoming trust”.
When you create a trust from the Resource Domain (Trusting), the type of trust will be “outgoing trust”.
Remember that Direction of Trust is the opposite to Direction of Access.
Here is the list of all articles about Direct Access Technologies. i need to configure Direct access for students , so they must reading articles.
this article is useful for helping
http://www.227volts.com/?p=1216
http://techontip.wordpress.com/direct-access-series/
http://www.labo-microsoft.org/articles/Direct_Access/1/
When you are facing slow logons into domain and you also get events 1030 and 1006 you need to look into your network. By default Kerberos uses UDP packets to communicate. You need to force Kerberos to use TCP instead of UDP by changing registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters
If it doesn’t exists just create it 
Create DWORD key called MaxPacketSize and set it to value 1.
For more infor there is official KB http://support.microsoft.com/kb/244474/en-us
Just a quick image about differences between “old” Software Restricion Policy and “new” AppLocker:
Now it’s easy to describe and remember.
In this article you can see how to enable audit logging for Windows Firewall with Advanced Security.
Windows Firewall with Advanced Security can log firewall activity such as dropped packets or successful connections. By default the firewall log is: %windir%\system32\logfiles\firewall\pfirewall.log
You can configure firewall logging by using Group Policy if desired. But what if you want to collect more detailed logging of firewall activity such as kernel mode connections/drops and other filtering activity? You can do this by enabling Windows Filtering Platform (WFP) audit logging as follows:
Auditpol /set /category:”System” /SubCategory:”Filtering Platform Packet Drop” /success:enable /failure:enable
Auditpol /set /category:”System” /SubCategory:”Filtering Platform Connection” /success:enable /failure:enable
Note that this form of logging may be very verbose, so be careful when enabling this on a computer in your production environment.
Unfortunately there is a problem when you try to add .Net Framework 3.51 to Windows Server 2012 using Server Manager!
In order to fix that issue and get .Net Framework 3.51 installed issue following command from Command Prompt:
dism /online /enable-feature /all /featurename:NetFX3 /source:x:\sources\sxs
In order to assign static IPv4 address to Windows Server 2012 Core using power shell use:
New-NetIPAddress -IPAddress 192.168.1.10 -InterfaceAlias “Ethernet” -DefaultGateway 192.168.1.1 -AddressFamily IPv4 -PrefixLength
We want a user to be able to change your password. However, there is operation is possible with delegation. but in the following article we will look at The process of transferring power to the network users for change password
This is a two part operation, firstly you need to give the user(s) the rights to change passwords, then give them the tools to do so.
I was surfing the web. I found a nice poste about virtualization and its infrastructure. I think it is interesting to see the poster.
The issue of networking in System Center Virtual Machine Manager 2012 SP1 is more complex and offers several features so it is classified first. Microsoft has now released a poster that summarizes the most important information.
This poster for Virtual Machine Manager Networking helps …
… When configuring networks in VMM by taking the necessary steps for Fabric Administrator and / or tenant administrator are described;
VMM_Networking_Poster.pdf (1.2 MB)
There are some days that I’m going to study.Principles of Network and raw materials is very important And that’s exactly what other fail
in a new search i found a new site about TCP/IP refrence.
I suggest you read this site:
—FOR USERS—
User Well known SID
Creator Owner S-1-3-0
Administrator S-1-5-21domain-500
Guest S-1-5-21domain-501
KRBTGT S-1-5-21domain-502
Interactive S-1-5-4
Anonymous S-1-5-7
1. Download and install WAIK
2.Mount the Image
Create folders “Images” and “mount” on c:\
BOOT.WIM=>
dism /mount-wim /WimFile:c:\Images\boot.wim /index:2 /MountDir:c:\mount
INSTALL.WIM=>
dism /mount-wim /WimFile:c:\Images\Install.wim /index:1 /MountDir:c:\mount
Continue reading “Integrate drivers into a WIM file with DISM”
A Read-Only Domain Controller (RODC) is a new type of domain controller in Windows Server 2008. Its main purpose is to improve security in office branches. In this post, I summarize the functionality of RODC.
In office branches, it is often not easy to provide sufficient physical security for servers. It is not a big deal to manipulate a Windows system if you can get physical access to it. Since Domain controllers store security sensitive data, they are particularly endangered. RODCs can help with this problem in four ways:
RODC essentials Continue reading “Read-Only Domain Controller (RODC)”
Domain trusts can be complicated to administer, and it’s important to implement changes correctly the first time. Here are some key points to keep in mind to help ensure that your trusts are configured effectively with a minimum of headaches.
Before deploying a domain trust, you should ensure that the type(s) used are correct for the tasks at hand. Consider the following dimensions of a trust: Continue reading “10 things about AD domain trusts”
I need to design a plan for Active directory . in this way visio and Edarw are two software that help me .today i find a new software that automatically generate a diagram like as Visio !
The Microsoft Active Directory Topology Diagrammer reads an Active Directory configuration using LDAP, and then automatically generates a Visio diagram of your Active Directory and /or your Exchange Server topology.
The diagramms may include domains, sites, servers, organizational units, DFS-R, administrative groups, routing groups and connectors and can be changed manually in Visio if needed.
PowerShell is a powerful scripting tool that can greatly expedite your admin tasks. If you haven’t had a chance to learn how to use it, you might want to make time for it now. Here are some reasons why the effort will pay off. Continue reading “10 reasons why you should learn to use PowerShell”
In advance of one of the most significant waves of product launches in Microsoft’s history, today we are unveiling a new logo for the company.
