Try this:
netdom query fsmo
Category: Active Directory
Find which servers hold FSMO roles
article #1411, updated 13 days ago
Enable Active Directory Recycle Bin
article #1069, updated 181 days ago
Always nice for recoverability in case of.
GUI on Server 2012:
Powershell:
Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target domain.local
Sync AD to DCs and Azure
article #1346, updated 358 days ago
In one swell foop, sync your AD to other domain controllers and Azure. Paste this into administrative Powershell, on the domain controller which does your Azure sync:
repadmin /syncall /AdeP Import-Module ADSync Start-ADSyncSyncCycle -PolicyType Initial
And here is the same command set, suitable for a batch file to be run as administrator:
repadmin /syncall /AdeP @"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command ^ "Import-Module ADSync; Start-ADSyncSyncCycle -PolicyType Initial"
Replicate/Sync AD to other domain controllers
article #1335, updated 475 days ago
This command, run from one domain controller, replicates to all of the others set up for this:
repadmin /syncall /AdeP
The Active Directory Replication Status Tool
article #1296, updated 645 days ago
This is excellent, GUI:
https://www.microsoft.com/en-us/download/details.aspx?id=30005
Set and clear logon script path for all users in Windows domain
article #1250, updated 842 days ago
Here’s how to set it for all users in xyz.local:
Get-ADUser -Filter * -SearchBase "OU=Main,DC=xyz,DC=local" | Set-ADUser –scriptPath
and how to clear it for all users in xyz.local:
Get-ADUser -Filter * -SearchBase "OU=Main,DC=xyz,DC=local" | Set-ADUser -Clear scriptPath
Set all users' AD login script by PowerShell
article #1054, updated 1359 days ago
This works well:
import-module activedirectory get-aduser -filter * | set-aduser -scriptpath filename_in_netlogon.vbs
Set all OUs to protected from accidental deletion
article #1018, updated 1498 days ago
Run the following within Active Directory Module for Windows PowerShell:
Get-ADobject -LDAPFilter "objectClass=organizationalUnit" -SearchBase "DC=domainname,DC=local" | Set-adobject -ProtectedFromAccidentalDeletion $true
ADSync errors, event IDs 6127, 6126
article #974, updated 1685 days ago
Here’s a great set of steps for these:
http://blog.jocha.se/tech/azure-ad-sync-event-error-6126-and-6127
The short of it is:
- Bring up the Syncronization Service Manager (“Synchronization Service” in Windows search),
- Click on Connectors,
- Click on “Active Directory Domain Services”,
- Click Run in the right pane, choose Full Synchronization, click OK, and wait for completion to be reported (it’s fairly obvious),
- Click Run in the right pane, choose Full Import, click OK, and wait for completion to be reported,
- Click Windows Azure Active Directory,
- and do the same two Runs as for the other line item.