Always nice for recoverability in case of.
GUI on Server 2012:
Powershell:
Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target domain.local
Category: Active Directory
Enable Active Directory Recycle Bin
article #1069, updated 57 days ago
Sync AD to DCs and Azure
article #1346, updated 234 days ago
In one swell foop, sync your AD to other domain controllers and Azure. Paste this into administrative Powershell, on the domain controller which does your Azure sync:
repadmin /syncall /AdeP Import-Module ADSync Start-ADSyncSyncCycle -PolicyType Initial
And here is the same command set, suitable for a batch file to be run as administrator:
repadmin /syncall /AdeP @"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command ^ "Import-Module ADSync; Start-ADSyncSyncCycle -PolicyType Initial"
Replicate/Sync AD to other domain controllers
article #1335, updated 351 days ago
This command, run from one domain controller, replicates to all of the others set up for this:
repadmin /syncall /AdeP
The Active Directory Replication Status Tool
article #1296, updated 521 days ago
This is excellent, GUI:
https://www.microsoft.com/en-us/download/details.aspx?id=30005
Set and clear logon script path for all users in Windows domain
article #1250, updated 717 days ago
Here’s how to set it for all users in xyz.local:
Get-ADUser -Filter * -SearchBase "OU=Main,DC=xyz,DC=local" | Set-ADUser –scriptPath
and how to clear it for all users in xyz.local:
Get-ADUser -Filter * -SearchBase "OU=Main,DC=xyz,DC=local" | Set-ADUser -Clear scriptPath
Set all users' AD login script by PowerShell
article #1054, updated 1235 days ago
This works well:
import-module activedirectory get-aduser -filter * | set-aduser -scriptpath filename_in_netlogon.vbs
Set all OUs to protected from accidental deletion
article #1018, updated 1373 days ago
Run the following within Active Directory Module for Windows PowerShell:
Get-ADobject -LDAPFilter "objectClass=organizationalUnit" -SearchBase "DC=domainname,DC=local" | Set-adobject -ProtectedFromAccidentalDeletion $true
ADSync errors, event IDs 6127, 6126
article #974, updated 1561 days ago
Here’s a great set of steps for these:
http://blog.jocha.se/tech/azure-ad-sync-event-error-6126-and-6127
The short of it is:
- Bring up the Syncronization Service Manager (“Synchronization Service” in Windows search),
- Click on Connectors,
- Click on “Active Directory Domain Services”,
- Click Run in the right pane, choose Full Synchronization, click OK, and wait for completion to be reported (it’s fairly obvious),
- Click Run in the right pane, choose Full Import, click OK, and wait for completion to be reported,
- Click Windows Azure Active Directory,
- and do the same two Runs as for the other line item.
FRS is deprecated in Server 2008R2
article #970, updated 1571 days ago
Some articles:
https://msdn.microsoft.com/en-us/library/windows/desktop/ff384840(v=vs.85).aspx).aspx
https://blogs.technet.microsoft.com/filecab/2014/06/25/the-end-is-nigh-for-frs/
Secondary email addresses with LAN-synched EOL
article #941, updated 1660 days ago
If one has one’s LAN Active Directory synchronized with EOL/Azure, one cannot add secondary email addresses in the EOL console. In this situation:
- Open ADSIedit from the domain controller
- Open up the OU containing the user
- Open the Properties of the user
- Open the Properties for the item “proxyAddresses”.
- The primary (the “reply”) email address for the user needs to be specified thus, with caps in the prefix:
SMTP:user@domain.xyz - Secondary email addresses for the user need to be specified thus, with lowercase prefix:
smtp:alias@domain.xyz - Then run the sync or wait for the automatic run, and it’s done!
Also, as a bonus, after the above is done once, user objects in Active Directory Users and Computers get a new tab, “Attributes”, from which the above can be done for other users.