Lots of times when creating a brand new domain or promoting a computer that does not have DNS installed or correctly configured, Active directory does not properly configure the DNS name space for your new domain.
This can be checked by going into the DNS MMC console and expanding the Forward lookup zone. it should have several sub "folders" such as DC, GC, etc.
Errors like:
server GUID DNS name could not be resolved to an IP address. Check items such as the DNS server, DHCP and server name. Although the GUID DNS name (._msdcs.domain-name.local) couldn't be resolved, the server name () resolved to the IP address () and was pingable. Check that the IP address is registered correctly with the DNS server.
This type of error will cause you to not be able to add computers to your domain, or even add new domain controllers.
Step1: Log into the Domain controller either in console or via RDP
Step2: Download DcDiag.exe from microsoft if you do not have the Windows 2000 support tools installed. You can find it at http://www.microsoft.com/downloads/details.aspx?familyid=23870A87-8422-408C-9375-2D9AAF939FA3&displaylang=en
You can download it and extract it to anywhere you like.
Step3: Open a command window (Start menu -> Run -> Type "cmd" with out quotes and hit enter/click ok), now change directory to where the executable is located.
Step4: Type "ipconfig /flushdns", then "ipconfig /registerdns" (with out the quotes) to flush out the DNS resolver cache and register the DNS source records, respectively.
Some people like to clear the ARP cache as well, you can do this by typing "arp -d *" at the command prompt with out quotes. This part is optional.
Step5: At the prompt type in dcdiag /fix
Read through the output. You will most likely have the following text somewhere in your output:
Server GUID DNS name could not be resovled to an ipaddress.
Althought GUID could not be resolved, the server name resolved to the ip address x.x.x.x and was pingable
Step6: Still at the command prompt, type "dcdiag /fix", then "net stop netlogon" and "net start netlogon" (again with out the quotes) to finalize the changes.
Run dcdiag one more time to make sure the domain controller's DNS is working. You should no longer get the error mentioned in step 5. Some other NIC related errors may show up, but you can dismiss those for the most part it wont affect your installation (you couldnt get this far if there were serious NIC problems)
Step7: You should now be able to add member computers to your new domain and add domain controllers.
Source:eHow
Tuesday, April 14, 2009
Wednesday, April 8, 2009
OUrganizeIT - Active Directory Object Management tool
OUrganizeIT by Synergix, Inc., is an Active Directory Object Management tool. It helps organize and secure computer objects and user objects in Microsoft Windows Active Directory environment, facilitating organizations meet their SOX, SEC and HIPAA compliance requirements.
Users with elevated privileges may remove their computers from the domain, for non-business, experimental purposes or for business reasons, such as product demonstration purposes at client sites or tradeshows or conferences. OUrganizeITTM helps maintain domain membership.
If the computer object in the Active Directory domain becomes defunct or the user removes the computer object from the domain and puts it in a workgroup or another domain ( at home, internet cafe, etc.), the computer rejoins the domain next time it is put back on the corporate network. All this is achieved without granting the user elevated privileges on his / her workstation or in Active Directory environment.
Version 8 includes VPN User Password Change option.
Source: zdnetasia.com
Friday, April 3, 2009
Windows Server 2008 Active Directory Database Mounting Tool
Windows Server 2008 aims to improve recovery processes for Active Directory Domain Service (AD DS) and Active Directory Lightweight Directory Services (AD LDS). In Windows Server 2008, you can now take point-in-time snapshots of the data that is stored in AD DS or AD LDS. Furthermore, Windows Server 2008 includes a new Active Directory database mounting tool, which allows you to mount the snapshot. This new functionality provides administrators with the ability to view AD DS and AD LDS data, as it existed at different times, thus effectively arming you with better means to deal with the recovery of AD DS and AD LDS data.
Snapshots
The Windows Server 2008 version of the Ntdsutil.exe command-line tool includes a new operation, called snapshot, which provides the ability to create snapshots of AD DS and AD LDS data. The Ntdsutil.exe snapshot operation can be used to create point-in-time snapshots of AD DS and AD LDS data. You can also schedule a recurring task (e.g., using Task Scheduler) that uses Ntdsutil.exe to create snapshots.
You are not restricted to the use of snapshots that were created by using the Ntdsutil.exe snapshot operation. You can use any backup of an AD DS or AD LDS database that uses the Volume Shadow Copy Service (VSS), including Windows Server Backup as well as third-party backup solutions.
Database Mounting
The Ntdsutil.exe snapshot operation also provides the ability to list, mount, and unmount snapshots of AD DS and AD LDS data. If you incorporate this new functionality into your disaster recovery plan for AD DS or AD LDS, you will likely have multiple snapshots of AD DS or AD LDS data. The Ntdsutil.exe snapshot operation provides the ability to list all snapshots so you can determine which snapshot you need to work with. Once you have identified the appropriate snapshot, you must mount the snapshot before you can continue. Mounting and unmounting snapshots is also performed using the Ntdsutil.exe snapshot operation.
Exposing a Snapshot as an LDAP Server
After you have created one or more a snapshots, and you know which snapshot you plan to work with, you must expose that snapshot as an LDAP server before you can view the data stored in the snapshot. Windows Server 2008 includes a command-line tool, called Dsamain.exe, which provides the ability to expose snapshots as an LDAP server. Dsamain.exe can be used to expose AD DS and AD LDS snapshots as an LDAP server. When running the Dsamain.exe command-line tool, you must specify the path to the AD DS or AD LDS database (ntds.dit) file. You can optionally specify where to store the log files and temporary database by using the log path parameter. In most cases, you will view multiple snapshots at the same time. As a result, you must specify which port to use for LDAP communication when exposing the snapshot using Dsamain.exe.
In addition to LDAP communication, LDAP over SSL, global catalog, and global catalog over SSL communication can be used to query a snapshot exposed as an LDAP server. By default, Dsamain.exe will increment the port number by 1 for each of these additional protocols. For example, if you specify port 5000 for LDAP, Dsamain.exe will use 5001 for LDAP over SSL, 5002 for global catalog, and 5003 for global catalog over SSL. You can, however, specify the port numbers to be used for the additional protocols.
Source: http://www.enterpriseitplanet.com/networking/features/article.php/3812086
Snapshots
The Windows Server 2008 version of the Ntdsutil.exe command-line tool includes a new operation, called snapshot, which provides the ability to create snapshots of AD DS and AD LDS data. The Ntdsutil.exe snapshot operation can be used to create point-in-time snapshots of AD DS and AD LDS data. You can also schedule a recurring task (e.g., using Task Scheduler) that uses Ntdsutil.exe to create snapshots.
You are not restricted to the use of snapshots that were created by using the Ntdsutil.exe snapshot operation. You can use any backup of an AD DS or AD LDS database that uses the Volume Shadow Copy Service (VSS), including Windows Server Backup as well as third-party backup solutions.
Database Mounting
The Ntdsutil.exe snapshot operation also provides the ability to list, mount, and unmount snapshots of AD DS and AD LDS data. If you incorporate this new functionality into your disaster recovery plan for AD DS or AD LDS, you will likely have multiple snapshots of AD DS or AD LDS data. The Ntdsutil.exe snapshot operation provides the ability to list all snapshots so you can determine which snapshot you need to work with. Once you have identified the appropriate snapshot, you must mount the snapshot before you can continue. Mounting and unmounting snapshots is also performed using the Ntdsutil.exe snapshot operation.
Exposing a Snapshot as an LDAP Server
After you have created one or more a snapshots, and you know which snapshot you plan to work with, you must expose that snapshot as an LDAP server before you can view the data stored in the snapshot. Windows Server 2008 includes a command-line tool, called Dsamain.exe, which provides the ability to expose snapshots as an LDAP server. Dsamain.exe can be used to expose AD DS and AD LDS snapshots as an LDAP server. When running the Dsamain.exe command-line tool, you must specify the path to the AD DS or AD LDS database (ntds.dit) file. You can optionally specify where to store the log files and temporary database by using the log path parameter. In most cases, you will view multiple snapshots at the same time. As a result, you must specify which port to use for LDAP communication when exposing the snapshot using Dsamain.exe.
In addition to LDAP communication, LDAP over SSL, global catalog, and global catalog over SSL communication can be used to query a snapshot exposed as an LDAP server. By default, Dsamain.exe will increment the port number by 1 for each of these additional protocols. For example, if you specify port 5000 for LDAP, Dsamain.exe will use 5001 for LDAP over SSL, 5002 for global catalog, and 5003 for global catalog over SSL. You can, however, specify the port numbers to be used for the additional protocols.
Source: http://www.enterpriseitplanet.com/networking/features/article.php/3812086
Subscribe to:
Posts (Atom)
