This command, run from one domain controller, replicates to all of the others set up for this:
repadmin /syncall /AdeP
Category: Active Directory
Replicate AD to other domain controllers
article #1335, updated 27 days ago
The Active Directory Replication Status Tool
article #1296, updated 168 days ago
This is excellent, GUI:
https://www.microsoft.com/en-us/download/details.aspx?id=30005
Set and clear logon script path for all users in Windows domain
article #1250, updated 365 days ago
Here’s how to set it for all users in xyz.local:
Get-ADUser -Filter * -SearchBase "OU=Main,DC=xyz,DC=local" | Set-ADUser –scriptPath
and how to clear it for all users in xyz.local:
Get-ADUser -Filter * -SearchBase "OU=Main,DC=xyz,DC=local" | Set-ADUser -Clear scriptPath
Enable Active Directory Recycle Bin
article #1069, updated 832 days ago
Always nice for recoverability in case of.
GUI on Server 2012:
Other:
https://technet.microsoft.com/en-us/library/dd379481(v=ws.10).aspx
Set all users' AD login script by PowerShell
article #1054, updated 882 days ago
This works well:
import-module activedirectory get-aduser -filter * | set-aduser -scriptpath filename_in_netlogon.vbs
Set all OUs to protected from accidental deletion
article #1018, updated 1021 days ago
Run the following within Active Directory Module for Windows PowerShell:
Get-ADobject -LDAPFilter "objectClass=organizationalUnit" -SearchBase "DC=domainname,DC=local" | Set-adobject -ProtectedFromAccidentalDeletion $true
ADSync errors, event IDs 6127, 6126
article #974, updated 1208 days ago
Here’s a great set of steps for these:
http://blog.jocha.se/tech/azure-ad-sync-event-error-6126-and-6127
The short of it is:
- Bring up the Syncronization Service Manager (“Synchronization Service” in Windows search),
- Click on Connectors,
- Click on “Active Directory Domain Services”,
- Click Run in the right pane, choose Full Synchronization, click OK, and wait for completion to be reported (it’s fairly obvious),
- Click Run in the right pane, choose Full Import, click OK, and wait for completion to be reported,
- Click Windows Azure Active Directory,
- and do the same two Runs as for the other line item.
FRS is deprecated in Server 2008R2
article #970, updated 1218 days ago
Some articles:
https://msdn.microsoft.com/en-us/library/windows/desktop/ff384840(v=vs.85).aspx).aspx
https://blogs.technet.microsoft.com/filecab/2014/06/25/the-end-is-nigh-for-frs/
Secondary email addresses with LAN-synched EOL
article #941, updated 1307 days ago
If one has one’s LAN Active Directory synchronized with EOL/Azure, one cannot add secondary email addresses in the EOL console. In this situation:
- Open ADSIedit from the domain controller
- Open up the OU containing the user
- Open the Properties of the user
- Open the Properties for the item “proxyAddresses”.
- The primary (the “reply”) email address for the user needs to be specified thus, with caps in the prefix:
SMTP:user@domain.xyz - Secondary email addresses for the user need to be specified thus, with lowercase prefix:
smtp:alias@domain.xyz - Then run the sync or wait for the automatic run, and it’s done!
Also, as a bonus, after the above is done once, user objects in Active Directory Users and Computers get a new tab, “Attributes”, from which the above can be done for other users.
Export all Active Directory groups to CSV
article #762, updated 1798 days ago
From the amazing Farhan Kazi:
http://fkazi.blogspot.com/2013/07/export-active-directory-groups-with.html
@ECHO OFF
SETLOCAL EnableDelayedExpansion
SET FileName=Report.csv
SET AG=0
SET EG=0
SET CT=0
SET NE=0
SET GN=
FOR /F %%T IN ('DSQuery * -Filter "(&(objectClass=Group))" -Limit 0') DO SET /a AG+=1 >NUL
FOR /F %%T IN ('DSQuery * -Filter "(&(objectClass=Group)(^!member=*))" -Limit 0') DO SET /a EG+=1 >NUL
SET /a NE=!AG!-!EG!
ECHO Total Groups in Active Directory %AG% out of them %EG% are empty.&&ECHO.
ECHO Group,Members>"!FileName!"
TITLE Exporting !NE! Non-Empty AD Groups.
FOR /F "delims=" %%G IN ('DSQuery * -Filter "(&(objectClass=Group)(member=*))" -Limit 0') DO (
FOR /F "delims=" %%v IN ('DSQuery * %%G -l -q -Attr Name -Limit 0') DO SET GN=%%v
SET /a CT+=1 >NUL
ECHO !CT!. Exporting: !GN!
FOR /F "delims=" %%M IN ('DSGET Group %%G -Members') DO (
FOR /F "delims=" %%U IN ('DSQuery * %%M -l -q -Attr displayName') DO (
ECHO !GN!,%%U>>"!FileName!")))
TITLE Export complete.
ECHO.&&ECHO Export complete, please check '!FileName!' file.
EXIT /B 0
Here’s a mod, which creates one file per group:
REM
REM Export all Active Directory groups to CSV files
REM One CSV file per group
REM
REM Original written by Farhan Kazi
REM http://fkazi.blogspot.com/2013/07/export-active-directory-groups-with.html
REM
REM Modded for one file per group by Jonathan Brickman
REM http://n.ponderworthy.com
REM
@ECHO OFF
SETLOCAL EnableDelayedExpansion
SET AG=0
SET EG=0
SET CT=0
SET NE=0
SET GN=
FOR /F %%T IN ('DSQuery * -Filter "(&(objectClass=Group))" -Limit 0') DO SET /a AG+=1 >NUL
FOR /F %%T IN ('DSQuery * -Filter "(&(objectClass=Group)(^!member=*))" -Limit 0') DO SET /a EG+=1 >NUL
SET /a NE=!AG!-!EG!
ECHO Total Groups in Active Directory %AG% out of them %EG% are empty.&&ECHO.
TITLE Exporting !NE! Non-Empty AD Groups.
FOR /F "delims=" %%G IN ('DSQuery * -Filter "(&(objectClass=Group)(member=*))" -Limit 0') DO (
FOR /F "delims=" %%v IN ('DSQuery * %%G -l -q -Attr Name -Limit 0') DO SET GN=%%v
SET /a CT+=1 >NUL
ECHO !CT!. Exporting: !GN!
FOR /F "delims=" %%M IN ('DSGET Group %%G -Members') DO (
FOR /F "delims=" %%U IN ('DSQuery * %%M -l -q -Attr displayName') DO (
ECHO %%U>>"!GN!".CSV)))
TITLE Export complete.
ECHO.&&ECHO Export complete.
EXIT /B 0