Thursday, April 21, 2011
Compacting active directory
I found a bug with NTDSUTIL when i compact a freshly new database. Well I call it a bug but i don't know what it is exactly, for sure my database doubles its own size, instead of being compressed. Luckily i always backup the DB before.
LDAP ports
These are the same ports than ADDS:
- port 389
- port 636 for SSL
then if you run ADDS and LDAP instances on the same member server, it will be other ports ranging from 50,000 and higher.
Best practice is to use ports higher than 50,000
PS: the defaults ports are asked at the exam although the production environment will most like never use these ports (389 and 636).
Tuesday, April 19, 2011
Cannot install certificate in Enterprise Mode
I found this issue with:
1 DC
1 member server and I could not install the enterprise certificate although i was a domain admin and the machine was already joined to the domain.
Fix: disjoin the machine to the domain and rejoin it, it should take are of the problem.
1 DC
1 member server and I could not install the enterprise certificate although i was a domain admin and the machine was already joined to the domain.
Fix: disjoin the machine to the domain and rejoin it, it should take are of the problem.
Wednesday, April 13, 2011
When to use csvde over ldifde?
Answer: use ldfide most of the time if you can.
According to Petri's website:
One of the major benefits of LDIFDE over CSVDE is that you can modify existing objects and even delete objects with LDIFDE. However, LDIFDE doesn’t support changing Group Membership, and like CSVDE, it does not work with passwords, so you cannot use it to export passwords from the database.
More here
According to Petri's website:
One of the major benefits of LDIFDE over CSVDE is that you can modify existing objects and even delete objects with LDIFDE. However, LDIFDE doesn’t support changing Group Membership, and like CSVDE, it does not work with passwords, so you cannot use it to export passwords from the database.
More here
ADMX files
Let's say you run windows XP system and your domain controllers is windows 2008 or windows 200R2.
You want to use your clients to edit domain-based GPOs in using ADMX files.
What do you need to do?
Upgrade all client computers to windows 2007
Why? Because ADMX is a new ADM with XML technology and only works on windows vista and windows 7.
You want to use your clients to edit domain-based GPOs in using ADMX files.
What do you need to do?
Upgrade all client computers to windows 2007
Why? Because ADMX is a new ADM with XML technology and only works on windows vista and windows 7.
Monday, April 4, 2011
Bug in windows 2008 SP1
I dounf a bug with the network card, everything i was going to device manager to set the property of the NIC, it would allow me, but the gateway number would disappear.
Fix: inside manager check if you NIC is enabled or not and enabled it. That should fix the problem.
Fix: inside manager check if you NIC is enabled or not and enabled it. That should fix the problem.
Sunday, April 3, 2011
The local Administrator account becomes the domain Administrator account when you create a new domain.
Message error:
"The local Administrator account becomes the domain Administrator account when you create a new domain. The new domain cannot be created because the local Administrator account password does not meet requirements. Currently, a password is not required for the local Administrator account. We recommend that you use the net user command-line tool with the /passwordreq:yes option to require a password for the account before you create the new domain; otherwise, a password will not be required for the domain Administrator account."
For this case, i even tried to change the local admin password, then rebooted and promoted DCPROMO, and it was still not working.
Finally I just ran the command: NET USER Administrator password and it worked.
It only applies to windows 2008 SP1.
"The local Administrator account becomes the domain Administrator account when you create a new domain. The new domain cannot be created because the local Administrator account password does not meet requirements. Currently, a password is not required for the local Administrator account. We recommend that you use the net user command-line tool with the /passwordreq:yes option to require a password for the account before you create the new domain; otherwise, a password will not be required for the domain Administrator account."
For this case, i even tried to change the local admin password, then rebooted and promoted DCPROMO, and it was still not working.
Finally I just ran the command: NET USER Administrator password and it worked.
It only applies to windows 2008 SP1.
Subscribe to:
Comments (Atom)