windows - The Network Stack

The Network Stack

windows

A collection of 10 posts

Active Directory Powershell

Using this page to keep track of all the useful powershell "mini-scripts" I've used: Copy users from one security group to another security group Add-ADGroupMember -Identity destination-group-name -Members (Get-ADGroupMember -Identity source-group-name -Recursive) Add enabled users from an OU to a security group Get-ADUser -SearchBase 'OU=Your-OU,DC=corp,DC=company,

ADFS Sign-In Page Customization

If you use ADFS as your primary IdP, you may have noticed that before your users sign in, they have the option to pick the Relying Party they want to sign into under the "Sign in to one of the following sites" radio button. If ADFS is accessible from the

Windows DHCP not Updating DNS

Our 2012R2 DC's do DHCP and DNS for our environment, but I found that our client's DNS addresses were frequently incorrect, even though DHCP is supposed to update DNS with the correct entry. Found this blog post that solved our problems: http://blogs.msmvps.com/acefekay/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group/

Windows SSL Certificate Installation

The Digicert cert utility for Windows make the process so much easier: To generate the CSR: https://www.digicert.com/util/csr-creation-microsoft-active-directory-ldap-2012-digicert-utility.htm To install the Cert: https://www.digicert.com/ssl-certificate-installation-microsoft-active-directory-ldap-2012.htm For LDAPS on a domain controller, I did not have to import the cert file into the

active-directory

Active Directory Health Check

Migrated a DC and wanted to do some basic AD health checks. From the cmd prompt (domain joined pc with sufficient privileges or on the DC): Replication Info: repadmin /replsummary repadmin /showrepl Query FSMO role holders, which should confirm that they are online: netdom query fsmo General Server Diagnosis: dcdiag

Export User List of AD Security Group

If you need to get a list of all members in an AD Security Group, open up powershell and try the following commands from a DC: 1. This command will list all the members and the OU structure they below to: dsquery group -name "GroupName" | dsget group -members 2. Add

Windows Server 2008R2/2012 Time Sync

I published a blog post last year regarding verifying NTP settings on a Windows Server. Now, I recently needed to go a step farther and force a server to time sync with a DC. Here are the relevant commands: To find out what server is the time server on your

802.1X Wireless Authentication in a Windows Environment

Recently came across an issue where users in an 802.1x wireless environment were logging into their laptops, and the AD logon script would run before they had wireless network connectivity. This was a problem since their network drives would not map. While the users blamed the wireless network, the

Verify Windows Server 2008R2 Time/NTP Settings

From the cmd prompt: For current time: Time /T For configuration: w32tm /query /configuration For status: w32tm /query /status To set your 2008R2 server as an NTP server, edit the following two reg keys: 1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags and change to Value 5 2.

Windows Update Failed on Server 2008R2

If you are having issues with Windows Update failing, try running the Microsoft System Update Readiness Tool here: http://support.microsoft.com/kb/947821 This tool has fixed Windows Update issues for me on Server 2008R2 installs.