Create your WindowsTechno Community account. It’s free and only takes a minute.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We want to connect the people who have knowledge to the people who need it, to bring together people with different perspectives so they can understand each other better, and to empower everyone to share their knowledge.
Issue with last logon/Timestamp information
Please go through this article, YOu will get the idea of timestamp. https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/8220-the-lastlogontimestamp-attribute-8221-8211-8220-what-it-was/ba-p/396204
Please go through this article, YOu will get the idea of timestamp.
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/8220-the-lastlogontimestamp-attribute-8221-8211-8220-what-it-was/ba-p/396204
See lessHow to find differences between two types computer accounts in Active Directory?
Are you saying that pre-staging the computer in AD, then joining the workstation to the domain using the pre-stage name, results in an authentication failure with Cisco software/hardware....? But NOT pre-staging has no problems? Are ALL the computer accounts still sitting in the default Computers OURead more
Are you saying that pre-staging the computer in AD, then joining the workstation to the domain using the pre-stage name, results in an authentication failure with Cisco software/hardware….?
But NOT pre-staging has no problems? Are ALL the computer accounts still sitting in the default Computers OU?
TBH Have never heard of that being an issue. You can manually compare object attributes from ADUC for two computer objects, but have no idea what you’d be looking for.
See lessKRBTGT password reset trouble
Did you use the Microsoft one or Jorges one(the best one)? I’ve used Jorges a bunch and never had an issue but I can always ask him if he has see such issues. https://windowstechno.com/is-there-a-script-to-help-reset-krbtgt/
Did you use the Microsoft one or Jorges one(the best one)?
I’ve used Jorges a bunch and never had an issue but I can always ask him if he has see such issues.
https://windowstechno.com/is-there-a-script-to-help-reset-krbtgt/
See lessHow do sites connect to LDAP?
Most apps need a hard-coded server name, so you can use a proxy to provide HA instead of specifying a specific domain controller. It's very app-specific, but most will use a URI of LDAP(s)://servername.fqdn.tld:389 (or 636) if your DCs have SSL certs. If you're talking about how Windows clients do iRead more
Most apps need a hard-coded server name, so you can use a proxy to provide HA instead of specifying a specific domain controller.
It’s very app-specific, but most will use a URI of LDAP(s)://servername.fqdn.tld:389 (or 636) if your DCs have SSL certs.
If you’re talking about how Windows clients do it, they use “[DCLocator process](https://servergurunow.wordpress.com/2017/10/14/dc-locator-process-2/)” to find a “close” DC, which are all LDAP servers.
Also check this website
See lesshttps://windowstechno.com/
How to remove msDS-KeyCredentialLink value
`set-ADObject -Identity '' -clear "msds-keycredentiallink"` I had a computer account in my lab where that attribute was populated (no AZAD sync, solely on-prem) and the above works for me.
`set-ADObject -Identity ” -clear “msds-keycredentiallink”`
I had a computer account in my lab where that attribute was populated (no AZAD sync, solely on-prem) and the above works for me.
See lessCan I join a 2022 server domain controller to a Windows 2012 R2 active directory without upgrading the domain level?
What your doing doesnt make sense. 1. Build new server 2022 2. Join to domain 3. Ensure FRS to DFSR migration has been completed. 4. DCPromo server 2022 to domain controller. No idea what youre doing with this "Set-ADForestMode –Identity “acme.com” –ForestMode Windows2012R2Forest" You set the forestRead more
What your doing doesnt make sense.
1. Build new server 2022
2. Join to domain
3. Ensure FRS to DFSR migration has been completed.
4. DCPromo server 2022 to domain controller.
No idea what youre doing with this
“Set-ADForestMode –Identity “acme.com” –ForestMode Windows2012R2Forest”
You set the forest level one time, unless youre upgrading it.
See lessDNS Zones with same name
Is xyz.com the same as your companies external dns (like for the website)? If so use ad.xyz.com it’ll make it so much easier. If you HAVE to use xyz.com you’ll need a new naming convention for anything registered in DNS (I.e all devices/servers/computers etc). How are you going to move the users oveRead more
Is xyz.com the same as your companies external dns (like for the website)?
If so use ad.xyz.com it’ll make it so much easier.
If you HAVE to use xyz.com you’ll need a new naming convention for anything registered in DNS (I.e all devices/servers/computers etc).
How are you going to move the users over? Creating them two accounts? Cause you won’t be able to use trust relationships temporarily if your ad domains are called the same thing.
See lessRaise domain Functional Level from 2012 R2 to 2016
You should be fine. Just make sure that you don't have any other applications that specifically require a specific FFL. This should be exceptionally, exceedingly rare if you are already at 2012r2 with no Exchange. The only reason I bring it up is I just so happen to be working in an environment righRead more
You should be fine. Just make sure that you don’t have any other applications that specifically require a specific FFL. This should be exceptionally, exceedingly rare if you are already at 2012r2 with no Exchange.
The only reason I bring it up is I just so happen to be working in an environment right now that has some geriatric app that at least according to the dev team prevents us from raising our FFL until they retire that app next month. Again, it is highly unlikely that you have something like this going on (you’d probably have heard and groaned about it by now), but it never hurts to be certain.
See lessAzure AD Connect
Setup AADConnect health in the portal to alert you for any issues. Set up a staging server for AAD connect . Keep an eye on the AAD agent updates. You can use the Standby Server to test updates The support window for AADConnect is 12 months after a new version is released. Treat AADConnect as a TierRead more
Setup AADConnect health in the portal to alert you for any issues.
Set up a staging server for AAD connect .
Keep an eye on the AAD agent updates.
You can use the Standby Server to test updates
The support window for AADConnect is 12 months after a new version is released.
Treat AADConnect as a Tier 0 service ie the same as a dc
See lessUpgrading Domain Controller From 2008r2 to 2019 at least
To my knowledge, and in real life practice, I have encountered no issues with doing so, as long as no other changes such as modifications to authentication methods are occurring as well. Authentication meaning things such as NTLM or Kerberos changes. I would find it unlikely that you would be doingRead more
To my knowledge, and in real life practice, I have encountered no issues with doing so, as long as no other changes such as modifications to authentication methods are occurring as well. Authentication meaning things such as NTLM or Kerberos changes. I would find it unlikely that you would be doing any those things.
See less