Tuesday, April 26, 2011

Server 2008: Backup Active Directory

  1. Open NTBACKUP by either going to Run, then NTBACKUP and pressing Enter or by going to  Start / Accessories / System Tools. Or my personal method, Click Start/ Run/ Type NTBACKUP.
  2. If you are prompted by the Backup or Restore Wizard, I suggest you un-check the "Always Start in Wizard Mode" checkbox, and click on the Advanced Mode link.
  3. Inside NTBACKUP's main window, click on the Backup tab.
  4. Click to select the System State checkbox. Note you cannot manually select components of the System State backup. It's all or nothing.
  5. Enter a backup path for the BKF file. If you're using a tape device, make sure NTBACKUP is aware and properly configured to use it.
  6. Press Start Backup.
  7. The Backup Job Information pops out, allowing you to configure a scheduled backup job and other settings. For the System State backup, do not change any of the other settings except the schedule, if so desired. When done, press Start Backup.
  8. After a few moments of configuration tasks, NTBACKUP will begin the backup job.
  9. When the backup is complete, review the output and close NTBACKUP.
Posted by at No comments:

Monday, April 11, 2011

Active Directory: Creating a Cross Forest Transitive Trust

To create a forest trust

  1. Open Active Directory Domains and Trusts.
  2. In the console tree, right-click the domain node for the forest root domain, and then click Properties.
  3. On the Trust tab, click New Trust, and then click Next.
  4. On the Trust Name page, type the DNS name (or NetBIOS name) of another forest, and then click Next.
  5. On the Trust Type page, click Forest trust, and then click Next.
  6. On the Direction of Trust page, do one of the following:
    • To create a two-way, forest trust, click Two-way.
      Users in this forest and users in the specified forest can access resources in either forest.
    • To create a one-way, incoming forest trust, click One-way:incoming.
      Users in the specified forest will not be able to access any resources in this forest.
    • To create a one-way, outgoing forest trust, click One-way:outgoing.
      Users in this forest will not be able to access any resources in the specified forest.
  7. Continue to follow the wizard.

 

* Reference: http://technet.microsoft.com/en-us/library/cc780479(WS.10).aspx

Useful Troubleshooting Commands

When cross-forest trusts fail, the secure channel should be verified to determine that a foreign DC can be identified and contacted. This post provides information on troubleshooting techniques in this scenario, and is really only the first step in troubleshooting - establishing that there are no DC locator issues determining what should be a valid DC across the trust.
The following commands are useful for troubleshooting secure channel issues, specifically name resolution, DC locator and connectivity:

· nltest /domain_trusts /v

· nltest /sc_query:%trusted_domain%

· nltest /sc_reset:%trusted_domain%[\%DCname%]

· nslookup -debug -type=srv _ldap._tcp.dc._msdcs.%domainFQDN%

Posted by at No comments:

Sunday, April 10, 2011

End Users using Windows 7 Professional, Keeps losing their Network Drives

 

*Note: Before proceeding, make sure you have updated drivers for your adapter.

  1. Open a command-line, Start\Run, and type cmd. Press enter
  2. In the console enter the following commands to change the MTU:

    Type into command window "netsh interface ipv4 show interfaces" without the quotes. Take note of the id number of the wireless interface.

    Then to change to mtu 1500 use the following command.

    "netsh interface ipv4 set subinterface id mtu=1500 store=persistent"

Posted by at No comments:

Wednesday, March 30, 2011

Rename Domain Controller–Server 2008

  1. In Server Manager, click Change System Properties.

  2. On the Computer Name tab, click Change.

  3. Click OK to acknowledge that renaming the domain controller may cause it to become temporarily unavailable to users and computers.

  4. Under Computer Name, type the new name, and then click OK.

  5. Click OK to close the System Properties dialog box.

  6. If you are prompted, provide the user name and password for an account with Domain Admin or Enterprise Admin credentials.

Posted by at No comments:

Rename Domain–Windows Server 2008 R2

First, the major prerequisites for a domain rename in a simple single domain forest:

  • Enterprise Administrator credentials are required.
  • The domain should be well formed and healthy.
  • The forest functional level must be Windows Server 2003 or 2008, and all DC's running at least Server 2003.
  • A DNS zone for the new domain must be in place.
  • The Rendom and Gpfixup tools must be copied to a domain member workstation to perform the rename operations. The operations should not be initiated from a domain controller.
  • See the TechNet link below for details on requirements if you're using DFS redirection, roaming profiles, running a CA, or Exchange Server.

The domain rename is performed using the Rendom tool, which is installed with Active Directory when running dcpromo. Once this process is started, you must ensure that no changes are made to the forest configuration until complete. The steps are as follows.
1. Run "rendom /list" to generate a state file named Domainlist.xml. This file contains the current forest configuration.
2. Edit the state file, changing the <DNSname> and <NetBiosName> fields to the desired values for the new domain name.
3. Run "rendom /showforest" to show the potential changes; this step does not actually make any changes.
4. Run "rendom /upload" to upload the rename instructions to the configuration directory partition on the domain controller holding the domain naming operations master role. The instructions are then replicated to all other DC's in the forest. Once replicated to all DC's, the rename instructions are ready to be carried out. You can force replication by running the "repadmin /syncall" command.
5. Run "rendom /prepare" to verify the readiness of each domain controller in the forest to carry out the rename instructions. This should contact all DC's successfully and return no errors before proceeding.
6. Run "rendom /execute", this verifies readiness of all DC's, then preforms the rename action on each one. There will be a service interruption during this period. Upon completion domain controllers will be rebooted. If an error occurs on a DC during this phase, the entire transaction is rolled back. Any DC's that don't complete successfully after this phase must be demoted and removed from service.
7. Run "gpfixup" to refresh all intradomain references and links to group policy objects.
8. Reboot client computers and member servers twice to obtain new domain name. Because the GUID's of the domain remain the same during the rename process, domain membership is not affected. The DNS suffix of the client machines will also be updated assuming the default option of "Change primary DNS suffix when domain membership changes" is enabled.
9. Run "rendom /clean" to remove references of the old domain name from Active Directory.
10. Run "rendom /end" to unfreeze the forest configuration and allow further changes. This was frozen during the rendom /upload step.
Should you have any problems with clients recognizing the new domain name, you can remove them by running "netdom remove <machine-name> /Domain:<old-domain> /Force", rebooting, then rejoining the new domain. Once the rename is complete, there is one final change required on domain controllers. The DNS suffix of a DC is not changed as part of this process. This must be changed manually or the DC's will have a DNS suffix that differs from the AD domain name.
Posted by at No comments:
Subscribe to: Posts (Atom)