the schema version can be found quickly using dsquery at the command line, in the following example the forest root domain testlab.net is queried.
The number returned can be looked up in the following table to confirm the schema level of the forest. Read more
Support in Active Directory for centrally enforcing client DNS settings via Group Policy Objects is at best patchy. Many of the settings work only with specific (and often legacy) versions of Windows; the “DNS Server” is one such setting. It is supported only on Windows XP Professional meaning no support is available for Windows Server 2000, 2003, 2008, Windows Vista or Windows 7. In most environments workstations receive their DNS Server configuration settings automatically via DHCP. These settings can be changed by configuring either the DHCP server global or scope settings, (note: TCP/IP settings configured locally on a computer override the settings provided by DHCP). While commonly servers have their TCP/IP settings statically configured.
One possibility as to why Microsoft has not pursued widening the DNS Server GPO setting support for newer releases of Windows is that network configurations particularly on servers are often more complex, for example multiple network interface cards (NICs) or multiple VLANs trunked into a single NIC. In such scenarios it would be difficult to apply settings in a GPO to a specific targeted NIC on a server. Read more
Before jumping into this post the following, Implementing Windows Server Core 2008 R2 Domain Controllers and Manage Active Directory Replication provide information for monitoring replication across a domain which is necessary when renaming a Domain Controller. Renaming a Domain Controller is not as straight forward as renaming a member server and it is important to monitor the progress of each step before proceeding to the next. This can be monitored using several tools, Repadmin.exe, DNS record registrations (either the MMC or Dnscmd.exe) and Server Principle Name (SPN) registration and domain replication of the SPN (Adsiedit.msc or ldp.exe).
Note: Domain Controllers configured as a Certificate Authority (CA) cannot be renamed.
A Domain Controller rename is performed using the netdom command, netdom is shipped with Windows Server 2008 as a part of the base OS install, for earlier versions of Windows Server it is available as a download from Microsoft.
The rename consists of 3 steps. Read more
Ensuring replication is running smoothly across an Active Directory forest is a primary Administration task. Best practice recommends the ongoing monitoring of Active Directory replication using SCOM or another enterprise management tool, monitoring can also be performed using repadmin (repadmin /showrepl * /csv) together with a little scripting to interpret the output. Typical symptoms of replication issues are objects not being available in one or more site(s), for example a recently created user account, a printer or a directory share is not visible for a subset of users.
A good starting point to confirm there are issues is in the Directory Services Event Logs on the Domain Controllers Deciding what actions to take are dependent upon the specific events that are being logged, however to troubleshoot, it is important to have a thorough understanding of Active Directory replication.
Most people reading this are already aware Active Directory Forests use sites to manage replication traffic between Domain Controllers. Sites are interconnected by site links which determine the routing cost for replication of directory data (forest partitions, domain partitions and SYSVOL) between different sites. The replication routing algorithm is calculated for the forest by the KCC. Read more
Implementing a Windows Server 2008 R2 Core Domain Controller into an existing Active Directory Forest is not a daunting task in itself but requires changes in the way many Administrators approach the installation and configuration of the base Windows installation.
Here will go through common configuration steps for integrating Windows Server 2008 R2 Core into an existing corporate Active Directory.
Domain Controllers are prime candidates for Server Core, they provide a smaller OS surface area that in theory at least should ensure there are less vulnerabilities exposed to possible malicious attacks. This means fewer critical hotfixes released by Microsoft are required to be installed on Server Core and can reduce the frequency of maintenance cycles and accompanying reboots, Microsoft estimate if there had been a Server Core edition of Windows Server 2003 it would have required 40% fewer patches than the Gui edition. Read more
Over the last 15 years I have been an advocate of certification programmes and recently having attended the VMware vSphere 4 What’s New course, one my next tasks was to update my VCP certification to VCP 4. Right now disillusioned with IT certification programmes I am keeping this on hold.
Professional certifications are intended to reward technology professionals who have proven their ability in a particular technology area. Gained through training and on the job experience a certification is something tangible the IT professional can use to market themselves, maximise future job opportunities and maximise their earning potential by providing prospective employers with official recognition for the knowledge they possess. Unfortunately today, the certification model offered by many software and hardware vendors carry little credibility as the opportunities open to candidates to cheat the system are readily available leaving most IT certification programmes lacking integrity.
Recently discussing the many available IT certification programmes with a fellow IT professional he mentioned he had already attained VCP 4 certification. He confided for his revision he had used a Read more
After a couple of days tweaking WordPress, testing plugins and waiting for DNS proliferation the website is ready for it’s first post.
Hopefully over the coming months content posted here will from time to time be of interest to System Administrators supporting their Enterprises. Posting frequency will vary depending upon the time I can afford but you can also follow me on twitter @stuartconey for new post notifications. Check out the About link for a small bio.
I have taken a wide remit covering technologies I use on a day to day basis and hopefully will over time provide a broad reference point for tips as well as administrator related discussion and opinion.
From time to time I will ask colleagues, (old and new) and friends in the industry to contribute guest posts.
For a flavour of what to expect, techology areas I am aiming to cover are
Active Directory with Windows 2008 Server Core R2
Centrify Linux and Unix User and Computer objects into Active Directory
VMware vSphere 4, View and Ochestrator
PowerShell 2.0, Active Directory extensions and VMWare PowerCli
Blade Logic Server Provisioning
MS SCOM
Audit Compliance, PCI/SOX
as well as touching on other technology areas such as Storage, Networking, Linux and SQL.
Scripting automation has always been of particular interest, having used Perl and vbScript extensively my focus now is transitioning to PowerShell and it’s extensions, which I see as the prime tool going forwards for managing both large Microsoft Windows Infrastructures, (AD, Sharepoint, Exchange and SQL) as well as other platforms such as VMware.
All feedback is welcome, ideas, corrections (I am sure there will be many!) and hope the articles posted are of use to the administrator community as a whole.
And finally, wishing everybody a Happy New Year and much success in 2010!
The System Engineers are hard at work!
Blog kicks off Jan 4th, 2010, please check back then, in the meantime follow on twitter @stuartconey and get new post alerts – thanks!
FOLLOW ME
LINKEDIN
RSS FEED