Promoting DC to Global Catalog Server

Prashant's Scribble!

When we are working with Active Directory sometimes we are told to promote  Domain Controller to Global Catalog (GC) server.

We all know how to promote DC to GC. Detailed procedure is given here.

If the Active directory database size is large then it will take many hours to replicate all the partitions to the newly designated Global Catalog server. For a database of around 13 GB it will take around 8-9 hrs to mark the server as Global Catalog Server. But big question is how do you know that replication is in progress and everything is running fine as per your plan? Short answer – Keep checking the size of NTDS.DIT file every 15 minutes or so which should keep increasing and finally completing the replication process.

Also you can keep checking Directory Service event log in event viewer. It will display couple of events with event ids…

View original post 683 more words

Advertisements

Quick Hits: Writing to a Read-Only Property

Try to link this to List CanReceiveEmail Enable/Disable.

Learn Powershell | Achieve More

This post is less on doing something useful and more on just proving that I can do something even though PowerShell is trying to tell me that I cannot do it. That little thing is updating a property on an object that is set as Read-Only.

My example to show you how you can do something like this is by looking at $PSVersionTable which as we all know gives us some great information about what version of PowerShell that we are using.

image

I am also using this as this was an example used in our previous user group meeting in which we were shown that the properties here could not be updated.

From this object, I am going to look more at the PSVersion property which of course is an object within this object.

image

Looking at the properties of this object, we can see that each of the properties are…

View original post 195 more words

RDP error Local Security Authority cannot be contacted

Comment from similar post: With previous versions of the RDP protocol, a user was allowed to change their password graphically after signing on. However, NLA has no such provision, at least the way it’s implemented in RDC. So, if you have to change your password you are SOL unless you can get to a console.

The Regime

The error:

Remote Desktop Connection: An authentication error has occurred.
The Local Security Authority cannot be contacted
Remote Computer: hostname or ip

The issue:

Seems to happen more on 2012 server but if you have Network Level Authentication enabled it will not prompt you for a GUI change password option if you have change password at next logon selected. This error could happen for other reasons as well

One of the possible fixes:

  1. uncheck change password at next logon if its selected
  2. use a different tool to change your password at first logon

Additional info can be found at https://blog.mnewton.com/articles/Solution-RDP-The-Local-Security-Authority-cannot-be-contacted/

View original post

What is the _msdcs Subdomain?

standalonelabs

Some of the materials I have read on Active Directory and DNS I feel have not done a clear job explaining exactly what the _msdcs subdomain is and how it is used in an Active Directory forest.

The following is my explanation which I hope makes some sense out of the issue.

View original post 824 more words

Simple Step : Install & Configure ADFS in Windows Server 2012 R2

Another AD FS installation and configuration screenshot series.

Just a random "Microsoft Server / Client Tech" info..

Active Directory Federation Services (AD S) in the Windows Server 2012 R2 OS provides flexibility for organizations that want to enable their users to log on to applications that are located on a local network, at a partner company, or in an online service.

With ADFS, your company can manage its own user accounts, and users only have to remember one set of credentials.

However, those credentials can provide access to a variety of applications, which typically are located in different locations.

ADFS is compliant with common Web services standards, thus enabling interoperability with identity federation solutions that other vendors provide.

AD FS addresses a variety of business scenarios where the typical authentication mechanisms used in an organization do not work.

More info & reading : http://technet.microsoft.com/en-us/windowsserver/dd448613.aspx

For this basic ADFS demo, i’m using my previous VM which is my domain controller (DC1), member server (SVR1) and 1 windows 8.1 client PC…

1st – Create a DNS record for AD…

View original post 1,273 more words

Install a VMWare ESXi 6.0 Hypervisor in a Hyper-V VM

PowerShell, Programming and DevOps

Recently I’ve been playing around with the new Hyper-V Nested Virtualization feature within Windows 10 (build 10565 and greater) and Windows Server 2016. It is pretty cool to be able to create virtualized lab environments running that contain Hyper-V clusters. But what if we want a lab that contains VMWare ESXi Hypervisors running on Hyper-V host. I couldn’t find the process documented anywhere and I couldn’t even confirm if it should be possible. But after lots of asking a lot of annoying questions – thanks Adam Burns – Googling and hair pulling I managed to get it going:

ss_vmwareinhv_proof

So this seems like a good topic for a blog post.

What You’ll Need

You are going to need a few things to get this working:

  • A Hyper-Vhost running on Windows 10 (built 10565 or greater) or Windows Server 2016 TP4.
  • Enable-NestedVM.ps1 – A PowerShell script for enabling Nested Virtualization in…

View original post 910 more words

Network Engineer’s Home Lab

A long one, read later, #GNS3, #Linux

Network Otaku

A home lab can be one of the most important tools for a network engineer. It can be used to study for certifications, test designs or ideas, and learn new technologies. In years past most network engineer’s home labs would consist of physical routers, switches, and firewalls. With the exponential growth of virtualization, a network engineer’s home lab can be converted into a single physical server that costs far less than having the physical equipment. This blog post will detail the home lab setup that I have created for my own personal use. Most of my blog posts will be using this setup, so if you are interested in recreating what I have done, this blog post will run through all the steps to set up your own home server, or at least show you the tools that I am working with. This is just the basic setup, and any…

View original post 7,555 more words