Category: Active Directory

Migrate a Windows Domain from NtFrs to DFSR
article #1437, updated 92 days ago

This is a great article:

https://www.rebeladmin.com/2015/04/step-by-step-guide-for-upgrading-sysvol-replication-to-dfsr-distributed-file-system-replication/

Categories:      

==============

Find which servers hold FSMO roles
article #1411, updated 245 days ago

Try this:

netdom query fsmo

Categories:      

==============

Enable Active Directory Recycle Bin
article #1069, updated 414 days ago

Always nice for recoverability in case of.

GUI on Server 2012:

https://blogs.technet.microsoft.com/canitpro/2014/04/30/step-by-step-enabling-active-directory-recycle-bin-in-windows-server-2012-r2/

Powershell:

Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target domain.local

Categories:      

==============

Sync AD to DCs and Azure
article #1346, updated 590 days ago

In one swell foop, sync your AD to other domain controllers and Azure. Paste this into administrative Powershell, on the domain controller which does your Azure sync:

repadmin /syncall /AdeP
Import-Module ADSync
Start-ADSyncSyncCycle -PolicyType Initial

And here is the same command set, suitable for a batch file to be run as administrator:

repadmin /syncall /AdeP
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command ^
"Import-Module ADSync; Start-ADSyncSyncCycle -PolicyType Initial"

Categories:      

==============

Replicate/Sync AD to other domain controllers
article #1335, updated 707 days ago

This command, run from one domain controller, replicates to all of the others set up for this:

repadmin /syncall /AdeP

Categories:      

==============

The Active Directory Replication Status Tool
article #1296, updated 877 days ago

This is excellent, GUI:

https://www.microsoft.com/en-us/download/details.aspx?id=30005

Categories:      

==============

Set and clear logon script path for all users in Windows domain
article #1250, updated 1074 days ago

Here’s how to set it for all users in xyz.local:

Get-ADUser -Filter * -SearchBase "OU=Main,DC=xyz,DC=local" | Set-ADUser –scriptPath

and how to clear it for all users in xyz.local:

Get-ADUser -Filter * -SearchBase "OU=Main,DC=xyz,DC=local" | Set-ADUser -Clear scriptPath

Categories:      

==============

Set all users' AD login script by PowerShell
article #1054, updated 1591 days ago

This works well:

import-module activedirectory
get-aduser -filter * | set-aduser -scriptpath filename_in_netlogon.vbs

Categories:      

==============

Set all OUs to protected from accidental deletion
article #1018, updated 1730 days ago

Run the following within Active Directory Module for Windows PowerShell:

Get-ADobject -LDAPFilter "objectClass=organizationalUnit" -SearchBase "DC=domainname,DC=local" | Set-adobject -ProtectedFromAccidentalDeletion $true

Categories:      

==============

ADSync errors, event IDs 6127, 6126
article #974, updated 1917 days ago

Here’s a great set of steps for these:

http://blog.jocha.se/tech/azure-ad-sync-event-error-6126-and-6127

The short of it is:

  1. Bring up the Syncronization Service Manager (“Synchronization Service” in Windows search),
  2. Click on Connectors,
  3. Click on “Active Directory Domain Services”,
  4. Click Run in the right pane, choose Full Synchronization, click OK, and wait for completion to be reported (it’s fairly obvious),
  5. Click Run in the right pane, choose Full Import, click OK, and wait for completion to be reported,
  6. Click Windows Azure Active Directory,
  7. and do the same two Runs as for the other line item.

Categories: