This is a great article:
Category: Active Directory
Migrate a Windows Domain from NtFrs to DFSR
article #1437, updated 2 days ago
Find which servers hold FSMO roles
article #1411, updated 155 days ago
Try this:
netdom query fsmo
Enable Active Directory Recycle Bin
article #1069, updated 324 days ago
Always nice for recoverability in case of.
GUI on Server 2012:
Powershell:
Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target domain.local
Sync AD to DCs and Azure
article #1346, updated 500 days ago
In one swell foop, sync your AD to other domain controllers and Azure. Paste this into administrative Powershell, on the domain controller which does your Azure sync:
repadmin /syncall /AdeP Import-Module ADSync Start-ADSyncSyncCycle -PolicyType Initial
And here is the same command set, suitable for a batch file to be run as administrator:
repadmin /syncall /AdeP @"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command ^ "Import-Module ADSync; Start-ADSyncSyncCycle -PolicyType Initial"
Replicate/Sync AD to other domain controllers
article #1335, updated 617 days ago
This command, run from one domain controller, replicates to all of the others set up for this:
repadmin /syncall /AdeP
The Active Directory Replication Status Tool
article #1296, updated 787 days ago
This is excellent, GUI:
https://www.microsoft.com/en-us/download/details.aspx?id=30005
Set and clear logon script path for all users in Windows domain
article #1250, updated 984 days ago
Here’s how to set it for all users in xyz.local:
Get-ADUser -Filter * -SearchBase "OU=Main,DC=xyz,DC=local" | Set-ADUser –scriptPath
and how to clear it for all users in xyz.local:
Get-ADUser -Filter * -SearchBase "OU=Main,DC=xyz,DC=local" | Set-ADUser -Clear scriptPath
Set all users' AD login script by PowerShell
article #1054, updated 1501 days ago
This works well:
import-module activedirectory get-aduser -filter * | set-aduser -scriptpath filename_in_netlogon.vbs
Set all OUs to protected from accidental deletion
article #1018, updated 1640 days ago
Run the following within Active Directory Module for Windows PowerShell:
Get-ADobject -LDAPFilter "objectClass=organizationalUnit" -SearchBase "DC=domainname,DC=local" | Set-adobject -ProtectedFromAccidentalDeletion $true
ADSync errors, event IDs 6127, 6126
article #974, updated 1827 days ago
Here’s a great set of steps for these:
http://blog.jocha.se/tech/azure-ad-sync-event-error-6126-and-6127
The short of it is:
- Bring up the Syncronization Service Manager (“Synchronization Service” in Windows search),
- Click on Connectors,
- Click on “Active Directory Domain Services”,
- Click Run in the right pane, choose Full Synchronization, click OK, and wait for completion to be reported (it’s fairly obvious),
- Click Run in the right pane, choose Full Import, click OK, and wait for completion to be reported,
- Click Windows Azure Active Directory,
- and do the same two Runs as for the other line item.