Using this page to keep track of all the useful powershell "mini-scripts" I've used: Copy users from one security group to another security group Add-ADGroupMember -Identity destination-group-name -Members (Get-ADGroupMember -Identity source-group-name -Recursive) Add enabled users from an OU to a security group Get-ADUser -SearchBase 'OU=Your-OU,DC=corp,DC=company,
Our 2012R2 DC's do DHCP and DNS for our environment, but I found that our client's DNS addresses were frequently incorrect, even though DHCP is supposed to update DNS with the correct entry. Found this blog post that solved our problems: http://blogs.msmvps.com/acefekay/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group/
The Digicert cert utility for Windows make the process so much easier: To generate the CSR: https://www.digicert.com/util/csr-creation-microsoft-active-directory-ldap-2012-digicert-utility.htm To install the Cert: https://www.digicert.com/ssl-certificate-installation-microsoft-active-directory-ldap-2012.htm For LDAPS on a domain controller, I did not have to import the cert file into the
Migrated a DC and wanted to do some basic AD health checks. From the cmd prompt (domain joined pc with sufficient privileges or on the DC): Replication Info: repadmin /replsummary repadmin /showrepl Query FSMO role holders, which should confirm that they are online: netdom query fsmo General Server Diagnosis: dcdiag
From the cmd prompt: For current time: Time /T For configuration: w32tm /query /configuration For status: w32tm /query /status To set your 2008R2 server as an NTP server, edit the following two reg keys: 1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags and change to Value 5 2.