Information wants to be free!
Sometimes I need a “copy” of an Active Directory domain, partition or LDS instance. Usually this is when I remove decomissioned domains in a multi-domain forest and want to keep a record of what was left when I deleted it. You can do this With LDIFDE.EXE. Here is an example command to make a full …
Continue reading “Poor-man’s Active Directory backups (export really)”
I use Oracle VirtualBox for much of my testing and demos. Yesterday I figured I wanted to connect two machines in a way that enabled the VMs on one talk to the other, while at the same time keeping the traffic isolated. The easiest way I could think of was adding a second NIC in …
I had a hand in rolling out Forefront Endpoint Protection (FEP) for a customer recently. Some of our clients did not get FEP installed even though the SCCM client was installed and working correctly, and they had all prerequisites present and had successfully received the advertisement and downloaded the files from the distribution point (DP). …
Continue reading “Troubleshooting Forefront Endpoint Protection 2010 Installations”
I configred a 2 node NLB cluster to load balance Remote Desktop Session Hosts with Windows Server 2008 R2. These were virtual servers running on VMWare so I selected to use multicast mode for the cluster. The cluster IP (.3) correctly resolved to the cluster multicast address with ARP. The cluster formed and converged successfully. …
I was enabling Folder Redirection for some Windows 7 Professional machines, or rather, for the users of some Windows 7 Professional machines. The users already had a server based home directory with a My Documents folder, which also had data. The purpose of the operation was to, firstly, enable Folder Redirectin, but also to merge …
Continue reading “The Case of The Strange Folder Redirection Error”
Computers have accounts in Active Directory and log on just as user accounts do. The “user name” of a computer is its name with a dollar sign appended, e.g: MYPC1$. The password is set by the machine when it is joined to the domain and changed every 30 days by the machine. Just as with …
Continue reading “Script to find outdated computer objects in Active Directory”
You copy a desktop.ini file into a folder to customize and maybe localize it. You have correctly set the file’s attributes to Hidden, System and Read-Only, but still your customizations do not work. To make it work you need to set the Read-Only or System flags on the folder where the desktop.ini file resides. As …
Continue reading “Desktop.ini customizations do not take effect”
Out of pure frustration with the fact that the Active Directory Migration Tool (ADMT) is unable (unwilling is my guess) to do security translation for users’ Remote Desktop Services (RDS) roaming profiles, I decided to take matters into my own hands and created the script below. It is not very refined just now, but I …
Continue reading “If you won’t translate RDS profiles; I will!”
Universal groups (UG) are stored in the Global Catalog (GC). But what exactly is the Global Catalog, and how does it store objects? Does it store anything at all! And how do Universal Groups work anyway? Active Directory Domain Controllers (DC) have exactly one database. It is stored in %windir%NTDS and is called NTDS.DIT. DIT …
Restart the computer you are logged on to immediately, forcing all applications to close: shutdown.exe /r /t 0 /f The same for a remote computer: shutdown.exe /r /t 0 /f /m \<computer> Add someone to the local Administrators groups: net localgroup Administrators /add <user or group> Enable Remote Desktop on a remote system: reg add …