Search This Blog

Wednesday, August 17, 2011

Useful command in managing Active Directory

Here's some of the list that common to use on day to day administration and troubleshooting of Active Directory:

> To summarizes the replication state and health of a forest:
Repadmin /Replsum /BySrc /ByDst

> To show the state of the last inbound replication for specified domain controller:
Repadmin /Showreps
Repadmin /Showrepl

> To show the state of the last inbound and outbound replication (change notification) for specified domain controller:
Repadmin /Showrepl /repsto

> To display the replication queue list:
Repadmin /queue
> To display all the Domain Controller in the forest:
Repadmin /Viewlist *
> To display the Intersite Topology Generator (ISTG) server for specified site:
Repadmin /ISTG
> To display the Bridgeheads servers for specified site:
Repadmin / Bridgeheads

> To synchronize a sepecified domain controller with all of the replication partners
Repadmin /syncall (DC_name) /A /e

> To list the name of Domain Contollers in a domain:
Nltest /dclist:(domainname)

> To verify if we can locate a domain controller:
Nltest /dsgetdc:(domainname)

> To display the servers that hold FSMO role:
Netdom query FSMO

> To chek the health of DNS settings:
DCdiag /test:DNS

> To query the tombstonelifetime setting in a forest:
dsquery * "cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=contoso,dc=com" -scope base -attr tombstonelifetime


Diposting oleh di No comments:
Label: , ,

Monday, August 8, 2011

Site Costed Referrals

Windows Server 2003 and above supports the ability to provide finer control over how DFS referrals are returned for the SYSVOL and NETLOGON shares.

By default, in Windows Server 2003 the DFS referral list will contain all local domain controllers of the client’s domain in the local site, randomly ordered, and then all other domain controllers in the domain randomly ordered.
Defining the SiteCostedReferrals Registry value on the domain controllers will alter the DFS referrals so that all local domain controllers are listed first, randomly ordered, then the “next best” site’s domain controllers, and then all others. The “next best” logic is based on site link costs where the lower cost is preferred.
Windows Server 2008 uses the SiteCostedReferrals behavior by default and does not require the Registry value to be set. Windows 2000 Server does not support this feature.
The SiteCostedReferrals Registry value should be defined across all domain controllers in a domain to ensure consistent behavior. The DFS service must be restarted or the domain controllers rebooted for the change to take effect.
This behavior is controlled via the following Registry value:
HKLM\System\CurrentControlSet\Services\Dfs\Parameters
Value: SiteCostedReferrals
Type: REG_DWORD
Data:
  • Windows 2003
= Disabled
0 = Disabled
1 = Enabled
  • Windows 2008
= Enabled
0 = Disabled
1 = Enabled
Diposting oleh di No comments:
Label: , ,

Automatic Site Coverage

For various reasons, it is possible that no domain controller exists for a particular domain at the local site.
To ensure that clients can locate a domain controller in the nearest available site, domain controllers attempt to register their DNS service location (SRV) resource records. These resource records pertain to sites that contain no domain controller for the domain of which they are a member. This functionality is commonly known as "automatic site coverage."

Automatic site coverage factors in the cost associated with the site links of a site without a domain controller. This cost helps determine which domain controller registers its SRV resource records for that site. The SRV resource records are registered by domain controllers from the site that has the lowest cost between its site link and the site that has no domain controller. This makes it possible for clients in the site without a domain controller to use the least expensive network connection to contact a domain controller in another site.

Source:
http://technet.microsoft.com/en-us/library/cc732322(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc978016.aspx
Diposting oleh di No comments:
Label:

Sunday, August 7, 2011

How to Clean Up Lingering Object in Active Directory

Quote from: http://blogs.technet.com//b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx

Consider the following illustration that explains how the above methodology is the most efficient and thorough approach possible with repadmin /removelingeringobjects.
DC1,2,3 all host a writable copy of domain A. DC5,6,7 host a read only copy of domain A.

DC1 will be chosen as an initial target for this illustration. DC1 may be clean or dirty with respect to lingering objects.
1) Clean a target DC.
    • Repadmin /removelingeringobjects
    • Repadmin /removelingeringobjects
DC1 is now clean as compared to DC2,3.
DC1 now becomes the source to be used to clean DC2,3.

2) Clean remaining DCs using the target in 1) above as the source DC.
    • Repadmin /removelingeringobjects
    • Repadmin /removelingeringobjects   
DC2,3 are now clean with respect to DC1. This approach makes DC1,2,3 consistent with each other.
At this point any writable DC for domain A can be used as a source to clean the DCs hosting a read only copy of domain A. DC1 will be chosen as the source DC for cleaning the DCs hosting read only copies of domain A.

3) Clean all DCs hosting a read only copy of domain A.
    • Repadmin /removelingeringobjects
    • Repadmin /removelingeringobjects
    • Repadmin /removelingeringobjects
At this point all DCs hosting a read only copy of domain A are consistent with each other and are consistent* with the writable DCs for domain A.
Diposting oleh di 1 comment:
Label:

Cannot Publish Post to Blogger using Internet Explorer 9

Description:
You can edit/create your post in blogger.com, however you cannot click the publish post button. You are using Internet Explorer 9.

Resolution:
There are two options:
  • First, you can enable Compatibility View as a workaround. At Internet Explorer 9, please go to Tools > Compatibility View Settings. Add blogger.com to the list. Click Close and restart your IE 9. Open your post again and you should be able to publish it now. However you may still encounter issue with font sizes, etc.
  • Second is to change the setting at the blogger site. Please go to Settings > Select Post Editor > choose Updated Editor > click save settings. Open your post again and you should be able to create/edit/post to your blog again. You will also gain new editing feature such us improved image handling and new preview window.
Diposting oleh di 1 comment:
Label: ,
Subscribe to: Posts (Atom)

Search Google