Powershell: Collect information about locked AD Accounts in SQL Database

Small background: Working with ~ 20 domain controllers and thousands of users makes DC Security Log really short in time. I mean – there are thousands of security logs, but all I can browse is only last ~ 50 minutes, older logs are archived / removed. Sometimes, it makes simple things impossible. For example, I […]

Finding & Transferring FSMO roles using powershell

I think it’s a part of IT nature to spend 15 minutes on scripting things that you actually could achieve in 1 minute using GUI, but you can’t change the nature, right? 🙂 One of the things I have to do from time to time is change of FSMO roleholders by simply transferring them (keep […]

Checking which DC is being used during user logon process

In environments with multiple sites / subnets and domain controllers you may be looking for such information really often. There are at least three options to determine which DC was used for authentication of client. First two possibilities are almost the the same (they are based on the same environment variable). You can either type […]

Clean up server metadata using ntdsutil

Metadata cleanup has to be performed when your DC was forcibly removed (server was stolen, broken, burned (?), removed) and you cannot access it anymore. You have to perform metadata cleanup on a domain controller in the same domain as the domain controller that you forcibly removed. Metadata cleanup removes data from AD DS that identifies a domain […]

AD – Delegate permissions to add / delete / move / modify computer objects

Our goal here is to delegate permissions for creating, deleting, moving, modifying computer objects in specified OU by specified group without being given full control over the object or OU. Go to OU Properties -> Security -> Advanced -> Add, then select principal (group or user you want to delegate permissions to), type – Allow. Permissions Tab […]

Fixing orphaned Inter Site Topology Generators (ISTG) entries

Inter Site Topology Generators – in shortcut ISTG, is used as repadmin command to generate report of all topology generators in a AD forest. Unfortunatelly it happens that instead of your DC name, you will see long ID number instead (starting with 0ADEL: …). It can happen when DC was removed improperly (metadata cleanup was not […]

Enlist a DNS server in DNS application directory partition

Windows Server DNS event id 4513 described as: The DNS server detected that it is not enlisted in the replication scope of the directory partition ForestDnsZones.contoso.com. This prevents the zones that should be replicated to all DNS servers in the ms.contoso.com forest from replicating to this DNS server.   To create or repair the forest-wide […]