GPO to prevent event log to become too large 26 June 2009
Posted by it2tp in Active Directory, Windows Server.1 comment so far
You can create a GPO to avoid that the application, security and system log become too large.
This is a Computer policy: Computer Configuration, Windows Settings, Security Settings, Event Log
- Retention method for application log, Overwrite events as needed.
- Retention method for security log, Overwrite events as needed.
- Retention method for system log, Overwrite events as needed.
ADModify .net: CDOEXM Modifications disabled 19 June 2009
Posted by it2tp in Active Directory, Windows Server.add a comment
It is not possible to modify settings from “Terminal Services Profile”; everything is grayed out, and “CDOEXM Modifications disabled” is displayed.
Solution: run ADModify from Windows Server 2003.
Bulk modification in Active Directory and more: ADModify .net 19 June 2009
Posted by it2tp in Active Directory, Windows Server.add a comment
No this is not a new tool. I just needed to do some bulk modifications on AD, and wanted to find back some variables. You can find information on all this in this Microsoft Technet article: http://technet.microsoft.com/en-us/library/aa996216(EXCHG.65).aspx.
PolMan: GPO tool (reporting, comparing, …) 17 March 2009
Posted by it2tp in Active Directory.add a comment
If you need to inventorize, troubleshoot, etc. your Group Policies, you often need something more than Microsoft GPMC.
SysPro offers an excellent tool, PolMan (current version is 4.1.5) which show you all your GPO settings in an interface which makes it very easy to find overlapping settings (set in more than 1 policy). Instead of simply listing all policies, with settings per policy, and having to find out which policy is used for which setting, you can see all settings, and than at a glance see which policies are used to change these settings. You can also export all settings to an Excel file, and much more.
A trial version can be downloaded; for prices and more info, see www.sysprosoft.com.
More GPO tools can be found here: http://www.microsoft.com/windowsserver2003/technologies/management/grouppolicy/gptools.mspx.
A domain controller for the domain … could not be contacted 16 July 2008
Posted by it2tp in Active Directory, Windows.Tags: AD
add a comment
We ran into the following error when attempting to add a PC to the domain in one of our sites:
Removing a Domain Controller from Active Directory (if DC or demotion failed) 10 May 2008
Posted by it2tp in Active Directory.add a comment
If you need to remove a failed DC, here is the link to the Microsoft KB article How to remove data in Active Directory after an unsuccessful domain controller demotion
Adding an additional Windows Server 2003 Domain Controller in the domain 29 April 2008
Posted by it2tp in Active Directory.Tags: Active Directory, Domain Controller
add a comment
Just a brief procedure to add an extra Domain Controller (more specific the first DC in a new site)
Install Windows Server 2003 with same version and service pack level as other DC’s
Install all Windows Update patches
Set static IP
Put server in domain
Add local group using Group Policies 16 April 2008
Posted by it2tp in Active Directory.Tags: Active Directory, Group Policies
add a comment
Add a Group Policy in:
Computer Configuration, Windows Settings, Scripts (Startup/Shutdown) -> Startup and apply to the appropriate OU’s.
Add a batch file here with the following content (example):
NET LOCALGROUP Administrators /ADD “DOMAINNAME\Domain Admins”
NET LOCALGROUP Administrators /ADD “DOMAINNAME\Group_IT”
Now you can simply add the necessary users in “DOMAINNAME\Group_IT”, and they will have local administrator rights on the PC’s in the selected OU’s.
Extra information in Active Directory 15 April 2008
Posted by it2tp in Active Directory.Tags: Active Directory
add a comment
After clicking Active Directory Users and Computer -> View, Advanced Features extra tabs are available. For computers this is: Security and Object: handy if you want to find a computer, because this shows the Canonical name of the computer object.
Even more information will be available if you install Acctinfo.dll from the Windows 2003 Resource Kit. See here for more information.
