windows

10 Posts

Active Directory Powershell

August 04, 2017 0 Comments powershell, active-directory, windows

Using this page to keep track of all the useful powershell "mini-scripts" I've used:

Copy users from one security group to another security group

Add-ADGroupMember -Identity destination-group-name -Members (Get-ADGroupMember -Identity source-group-name -Recursive)

Add enabled users from an OU to a security group

Get-ADUser -SearchBase 'OU=Your-OU,DC=corp,DC=company,DC=com' -Filter {Enabled -eq $true} | ForEach-Object {Add-ADGroupMember

Windows DHCP not Updating DNS

February 06, 2017 0 Comments windows

Our 2012R2 DC's do DHCP and DNS for our environment, but I found that our client's DNS addresses were frequently incorrect, even though DHCP is supposed to update DNS with the correct entry.  Found this blog post that solved our problems:

http://blogs.msmvps.com/acefekay/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group/

Note: If you are unsure about running the dnscmd shown

Windows SSL Certificate Installation

December 01, 2015 0 Comments windows, active-directory

The Digicert cert utility for Windows make the process so much easier:

To generate the CSR:
https://www.digicert.com/util/csr-creation-microsoft-active-directory-ldap-2012-digicert-utility.htm

To install the Cert:
https://www.digicert.com/ssl-certificate-installation-microsoft-active-directory-ldap-2012.htm

For LDAPS on a domain controller, I did not have to import the cert file into the AD DS personal store.

Active Directory Health Check

July 22, 2015 0 Comments active-directory, windows

Migrated a DC and wanted to do some basic AD health checks.

From the cmd prompt (domain joined pc with sufficient privileges or on the DC):

Replication Info:

repadmin /replsummary
repadmin /showrepl

Query FSMO role holders, which should confirm that they are online:

netdom query fsmo

General Server Diagnosis:

dcdiag /a /s:<DC server name>

If you want

802.1X Wireless Authentication in a Windows Environment

February 10, 2014 0 Comments windows

Recently came across an issue where users in an 802.1x wireless environment were logging into their laptops, and the AD logon script would run before they had wireless network connectivity.  This was a problem since their network drives would not map.

While the users blamed the wireless network, the problem is actually resolved in AD Group Policy by specifying

Verify Windows Server 2008R2 Time/NTP Settings

July 31, 2013 0 Comments windows

From the cmd prompt:

For current time:

Time /T

For configuration:

w32tm /query /configuration

For status:

w32tm /query /status

To set your 2008R2 server as an NTP server, edit the following two reg keys:

1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags and change to Value 5

2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer\Enabled