By installing Active Directory from restored backup media, you can reduce the replication traffic that is initiated during the installation of an additional domain controller in an Active Directory domain. Reducing the replication traffic reduces the time necessary to install the additional domain controller. The procedures in this task are particularly useful for installing domain controllers in remote sites.
To install Active Directory from restored backup media:
1. Click Start, click Run, type dcpromo /adv, and then press ENTER.
2. In the Active Directory Installation Wizard, select Additional domain controller for existing domain.
3. Select From these restored backup files, and point to the same location where you restored the system state data.
4. If the domain controller whose system state backup you are using is a global catalog server, the Active Directory Installation Wizard asks you whether you want this server to also be a global catalog server.
5. Give appropriate credentials for the operation.
6. Enter the domain of the new domain controller. This domain must be the domain of the domain controller whose system state backup you are using.
7. Complete the remaining pages of the Active Directory Installation Wizard.
Dcpromo.exe will install Active Directory using the data present in the restored files, which eliminates the need to replicate every object from a partner domain controller. However, objects that were modified, added, or deleted since the backup was taken must be replicated. If the backup was recent, the amount of replication required will be considerably less than that required for a regular Active Directory installation.
All about Information Technology infrastructure and system. Helpdesk & support issue, deployment guide, and daily activity in managing an information technology operation.
Search This Blog
Sunday, May 11, 2008
Saturday, May 10, 2008
DsRemoveDsDomainW error 0x2015 when removing metadata from Active Directory
From Microsoft KB887424
Description
When you use the Ntdsutil command-line tool to try to remove metadata for a domain controller that was removed from your network, you may receive the following error message:
DsRemoveDsDomainW error 0x2015 (The directory service can perform the requested operation only on a leaf object).
Resolution
To resolve this issue, follow these steps:
1. Click Start, click Run, type ntdsutil, and then press ENTER.
2. At the Ntdsutil command prompt, type domain management, and then press ENTER.
3. Type connections, and then press ENTER.
4. Type connect to server Domain_Controller_Name, and then press ENTER.
5. After the following message appears, type quit, and then press ENTER:
Connected to Domain_Controller_Name using credentials of locally logged on user
6. At the domain management prompt, type list, and then press ENTER.
7. Note the following entry:
DC=DomainDnsZones,DC=Child_Domain, DC=extensionFor example, if the child domain is Contoso.com, note the following entry:
DC=DomainDnsZones,DC=contoso,DC=com
8. Type the following command, and then press ENTER.
delete nc dc=domaindnszones,dc=Child_Domain,dc=extensionNote In this command, Child_Domain represents the name of the child domain that you want to remove. For example, if the child domain is Contoso.com, type the following command, and then press ENTER:
delete nc dc=domaindnszones,dc=contoso,dc=com
9. Quit Ntdsutil.
Description
When you use the Ntdsutil command-line tool to try to remove metadata for a domain controller that was removed from your network, you may receive the following error message:
DsRemoveDsDomainW error 0x2015 (The directory service can perform the requested operation only on a leaf object).
Resolution
To resolve this issue, follow these steps:
1. Click Start, click Run, type ntdsutil, and then press ENTER.
2. At the Ntdsutil command prompt, type domain management, and then press ENTER.
3. Type connections, and then press ENTER.
4. Type connect to server Domain_Controller_Name, and then press ENTER.
5. After the following message appears, type quit, and then press ENTER:
Connected to Domain_Controller_Name using credentials of locally logged on user
6. At the domain management prompt, type list, and then press ENTER.
7. Note the following entry:
DC=DomainDnsZones,DC=Child_Domain, DC=extensionFor example, if the child domain is Contoso.com, note the following entry:
DC=DomainDnsZones,DC=contoso,DC=com
8. Type the following command, and then press ENTER.
delete nc dc=domaindnszones,dc=Child_Domain,dc=extensionNote In this command, Child_Domain represents the name of the child domain that you want to remove. For example, if the child domain is Contoso.com, type the following command, and then press ENTER:
delete nc dc=domaindnszones,dc=contoso,dc=com
9. Quit Ntdsutil.
How to remove an oprhaned domain from Active Directory
Description:
For some reason you have to force demote one of your child domain.
You have follow Microsoft KB216498 "How to remove data in Active Directory after an unsuccessful domain controller demotion". You have remove the cname record in the _msdcs.rootdomain of forest zones in DNS. Also there're no A record and Name Server record of it on DNS. You also have deleted the server name from AD Sites & Services.
However when people logon, they can still see that child domain at the Log on to field. You want it to be disappear from there.
Resolution:
Removing Orphaned Domains from Active Directory (Microsoft KB230306)
3. Click Start, point to Programs, point to Accessories, and then click Command Prompt.
4. At the command prompt, type: ntdsutil.
5. Type: metadata cleanup, and then press ENTER.
6. Type: connections, and then press ENTER. This menu is used to connect to the specific server on which the changes will occur. If the currently logged-on user is not a member of the Enterprise Admins group, alternate credentials can be supplied by specifying the credentials to use before making the connection. To do so, type: set creds domainname username password , and then press ENTER. For a null password, type: null for the password parameter.
7. Type: connect to server servername (where servername is the name of the domain controller holding the Domain Naming Master FSMO Role), and then press ENTER. You should receive confirmation that the connection is successfully established. If an error occurs, verify that the domain controller being used in the connection is available and that the credentials you supplied have administrative permissions on the server.
8. Type: quit, and then press ENTER. The Metadata Cleanup menu is displayed.
9. Type: select operation target, and then press ENTER.
10. Type: list domains, and then press ENTER. A list of domains in the forest is displayed, each with an associated number.
11. Type: select domain number, and then press ENTER, where number is the number associated with the domain to be removed.
12. Type: quit, and then press ENTER. The Metadata Cleanup menu is displayed.
13. Type: remove selected domain, and then press ENTER. You should receive confirmation that the removal was successful. If an error occurs, please refer to the Microsoft Knowledge Base for articles on specific error messages.
14. Type: quit at each menu to quit the NTDSUTIL tool. You should receive confirmation that the connection disconnected successfully.
For some reason you have to force demote one of your child domain.
You have follow Microsoft KB216498 "How to remove data in Active Directory after an unsuccessful domain controller demotion". You have remove the cname record in the _msdcs.rootdomain of forest zones in DNS. Also there're no A record and Name Server record of it on DNS. You also have deleted the server name from AD Sites & Services.
However when people logon, they can still see that child domain at the Log on to field. You want it to be disappear from there.
Resolution:
Removing Orphaned Domains from Active Directory (Microsoft KB230306)
1. Determine the domain controller that holds the Domain Naming Master Flexible Single Master Operations (FSMO) role. To identify the server holding this role:
- Start the Active Directory Domains and Trusts Microsoft Management Console (MMC) snap-in from the Administrative Tools menu.
- Right-click the root node in the left pane titled Active Directory Domains and Trusts, and then click Operations Master.
- The domain controller that currently holds this role is identified in the Current Operations Master frame.NOTE: If this changed recently, not all computer may have received this change yet due to replication.
3. Click Start, point to Programs, point to Accessories, and then click Command Prompt.
4. At the command prompt, type: ntdsutil.
5. Type: metadata cleanup, and then press ENTER.
6. Type: connections, and then press ENTER. This menu is used to connect to the specific server on which the changes will occur. If the currently logged-on user is not a member of the Enterprise Admins group, alternate credentials can be supplied by specifying the credentials to use before making the connection. To do so, type: set creds domainname username password , and then press ENTER. For a null password, type: null for the password parameter.
7. Type: connect to server servername (where servername is the name of the domain controller holding the Domain Naming Master FSMO Role), and then press ENTER. You should receive confirmation that the connection is successfully established. If an error occurs, verify that the domain controller being used in the connection is available and that the credentials you supplied have administrative permissions on the server.
8. Type: quit, and then press ENTER. The Metadata Cleanup menu is displayed.
9. Type: select operation target, and then press ENTER.
10. Type: list domains, and then press ENTER. A list of domains in the forest is displayed, each with an associated number.
11. Type: select domain number, and then press ENTER, where number is the number associated with the domain to be removed.
12. Type: quit, and then press ENTER. The Metadata Cleanup menu is displayed.
13. Type: remove selected domain, and then press ENTER. You should receive confirmation that the removal was successful. If an error occurs, please refer to the Microsoft Knowledge Base for articles on specific error messages.
14. Type: quit at each menu to quit the NTDSUTIL tool. You should receive confirmation that the connection disconnected successfully.
SQL Query Statement
I am not a database administrator, but the other day i need to extract some data from a database. I can logon to the SQL Database, but I am not quite sure where the data is.
After some browsing around i found out that it can be done using a simple SQL query statement.
Here is the example:
SELECT Name, Comment, CollectionID (fieldname)
FROM v_Collection (tablename)
WHERE Name LIKE 'All Windows%'
ORDER BY Name
After some browsing around i found out that it can be done using a simple SQL query statement.
Here is the example:
SELECT Name, Comment, CollectionID (fieldname)
FROM v_Collection (tablename)
WHERE Name LIKE 'All Windows%'
ORDER BY Name
Saturday, April 12, 2008
Outlook RPC over HTTP doesn't work with 3G or fast connection
When you are out of the office and using Outlook with RPC over HTTP to connect to your Corporate email, you may have to enable the “on fast network, connect using HTTP first, then connect using TCP/IP” on the Microsoft Exchange Proxy Settings.
Example:
You are using 3G USB modem that have speed up to 7.5 MB.(This is most likely not the true internet speed you get, but this what windows detected). Outlook will consider it as fast network. If the above option is not selected, outlook will automatically go with TCP/IP for connection. Your outlook would not be able to connect to the mail server.
However if you put the check mark on, Outlook will go for HTTP and it should be able to connect to the mail server.
Of course the consequence is that you will be prompt to enter your Windows account authentication all the time when you open Outlook whether inside or outside Petrosea Office.
Note:
Outlook determines a user's connection speed by checking the network adapter speed on the user's computer, as supplied by the operating system. Reported network adapter speeds of 128 KB or lower are defined as slow connections. There may be circumstances when the network adapter speed does not accurately reflect data throughput for users.
Example:
You are using 3G USB modem that have speed up to 7.5 MB.(This is most likely not the true internet speed you get, but this what windows detected). Outlook will consider it as fast network. If the above option is not selected, outlook will automatically go with TCP/IP for connection. Your outlook would not be able to connect to the mail server.
However if you put the check mark on, Outlook will go for HTTP and it should be able to connect to the mail server.
Of course the consequence is that you will be prompt to enter your Windows account authentication all the time when you open Outlook whether inside or outside Petrosea Office.
Note:
Outlook determines a user's connection speed by checking the network adapter speed on the user's computer, as supplied by the operating system. Reported network adapter speeds of 128 KB or lower are defined as slow connections. There may be circumstances when the network adapter speed does not accurately reflect data throughput for users.
Subscribe to:
Posts (Atom)