You can transfer the three domain-wide FSMO roles (PDC Emulator, RID Master, and Infrastructure Master) with the GUI or via the command line. To transfer the roles via the GUI, follow the steps in this article.
Learn how to transfer the Schema Master FSMO role and the Domain Naming master FSMO role.
By default, the Active Directory Schema MMC snap-in is not registered on domain controllers or machines with the Remote Server Administration Tools (RSAT) installed. To use the snap-in for the first time on a new machine, follow the steps in this article to learn how to register the snap-in
Sometimes domain controllers encounter catastrophic failures that take them off the network permanently – perhaps a hardware failure or an extended network outage that exceeds the tombstone lifetime. In these cases, the traditional process of demoting the domain controller won’t work and you’ll be forced to manually clean up Active Directory instead. This manual process is known as metadata cleanup. Metadata cleanup removes all of the references to the domain controller from Active Directory so that things like replication continue to work without error. Depending on what version of Windows you’re working with, this can be as simple as deleting the domain controller’s computer account with AD Users and Computers, or it might require a trip to the command line to put ntdsutil to work.
Windows Server 2008 and Newer (Active Directory Users and Computers)
The Windows Server 2008 version of Active Directory Users and Computers (ADUC) introduced a convenient one click approach to performing metadata cleanup. To t…
Active Directory provides a time synchronization hierarchy that ensures that time dependent protocols such as Kerberos will work correctly. The PDC emulator in the forest root domain must be configured to synchronize with an authoritative external source – either a hardware clock, government time source, or another NTP server. As a matter of best practice, consider configuring a domain controller that has been identified as an alternate PDC emulator role holder to also synchronize with an external source. This way, if you transfer the PDCe FSMO role, you won’t need to reconfigure the time service on the new domain controller. This post teaches you how to properly configure the forest root domain PDC emulator for time synchronization.
The process to convert a member server to a domain controller (DC) – known as promotion – requires a number of inputs to complete the wizard. As Active Directory has evolved, additional steps/inputs have been added to the wizard, but, the process itself has undergone very little change. If you are coming to Windows Server 2012 or newer from a previous version of Active Directory, the most noticeable change is that the dcpromo tool dating to Windows 2000 is gone. In fact, if you try to run dcpromo on a Windows Server 2012 or newer server, you’ll receive an error. This article walks you through the process and inputs necessary to promote a domain controller
If you are deploying Exchange Server 2010 in an environment with load balancers or firewalls which aren’t able to handle dynamic RPC port ranges, you’ll need to define static ports for the RPC Client Access Service and the Address Book Service on each CAS server. If you are using Public Folders, you’ll also need a third static port on the Mailbox servers hosting Public Folders.
This post includes a script that configures the RPC Client Access service and Address Book service to use static ports. Run this script on each CAS server to configure the services. Finally, on each mailbox server, configure the registry value listed at the bottom of the post.
The Exchange Online service in Office 365 as exposes a variant of the Exchange Management Shell (EMS) that you would normally use if you were managing an on-premises Exchange organization. Connecting to the Exchange Online EMS requires a few tedious but well documented steps.
Rather than manually running these steps each time you need to connect, the samples in this post show how you can add a quick shortcut to your Windows PowerShell profile to connect to the Exchange Online EMS.
This is part one of a three part series on configuring the Dell/Quest Free/Busy Connector for Lotus Notes. The Connector is part of Coexistence Manager for Exchange (CMN). In this post, we'll discuss how the connector works and examine the interface with Exchange. Next, we'll configure the Dell/Quest Web Services and the Domino Free Busy Connector Service. Future posts in this series will discuss configuring the remaining components of the connector.
This is part two of a three part series on configuring the Dell/Quest Free/Busy Connector for Lotus Notes. In Part 1 we took at look at the architecture of the Quest Free/Busy (F/B) Connector in Coexistence Manager for Notes (CMN) as well as how Exchange interfaces with it. We also configured the F/B Connector web services and the Domino Free Busy Connector Service. In this post, we’ll configure the Exchange Free Busy Connector Service, the Domino QCALCON task, and the Exchange organization.
This is part three of a three part series on configuring the Dell/Quest Free/Busy Connector for Lotus Notes. In Part 1 we took at look at the architecture of the Quest Free/Busy (F/B) Connector in Coexistence Manager for Notes (CMN) as well as how Exchange interfaces with it. We also configured the F/B Connector web services and the Domino Free Busy Connector Service. In Part 2, we configured the Exchange Free Busy Connector Service, the Domino QCALCON task, and the Exchange organization. In this post, we’ll complete the configuration by configuring Lotus Notes as well as building a test user in Exchange and Lotus Notes to validate the configuration.
The Server Core variant of Windows Server offers a variety of benefits, especially with respect to security. The downside is that familiar GUI management tools are not always accessible. While Windows PowerShell and the command line offer alternatives, the learning curve can be steep. Device Manager is one example of a common GUI management tool that cannot be used on Server Core. Fortunately, Device Manager can be used remotely. This post explains how to enable remote access with Device Manager on Server Core.
This post includes a sample Windows PowerShell script that will generate a CSV file of host IP addresses based on an input list of host names.
Repeatable, consistent, and predictable are three things that add an incredible amount of value in IT, and building servers from a base image is one way to deliver on this. I was just replying to a thread on a discussion alias where the person who started the thread had reviewed a blog post on how to build such an image for VMWare. I and a number of people disputed the recommendations made in the referenced blog post in addition to the various other things the individual who started the thread was planning to install in his image/template.
At a high level, the most important thing from my reply, I think, is that you should not be customizing a server for it to be convenient to your work style. The server is there for a purpose driven task.
This post includes a sample VBScript that will collect key hardware demographics from a list of hosts and output the results to a CSV file. The demographics collected are:
- Host Name
- Serial Number
- BIOS Version
- Operating System
- Memory (MB)
- Disk Drives
How many times have you had to figure out what date was X days, months, or years ago, or perhaps what time was Y minutes, hours, or seconds ago? In this post, you'll learn how easy it is to calculate date and time math with Windows PowerShell.
When silently installing WireShark, WireShark's critical dependency, WinPcap, is not installed automatically. This post shows you how to use a tool called AutoIt to develop a script that can silently automate a point and click process like installing WinPcap.