IT to the point
I found out there is an alternative way to fix the “Trust Relationship Between Workstation and Domain Fails” issue without rejoining the domain.
You can read all about it here.
In brief:
netdom.exe resetpwd /s:<server> /ud:<user> /pd:*
<server> = a domain controller in the joined domain
<user> = DOMAIN\User format with rights to change the computer password
For all details, check the link above.
Figure this situation: lots of Active Directory and DNS related errors, DCDiag immediately returned error 81.
Solution: rebooting the server did the trick. You don’t have to be a rocket scientist to solve seemingly complex issues 😉
Of course this will not always solve errors 81, but it will probably not hurt to try a reboot first …
You can create a GPO to avoid that the application, security and system log become too large.
This is a Computer policy: Computer Configuration, Windows Settings, Security Settings, Event Log
– Retention method for application log, Overwrite events as needed.
– Retention method for security log, Overwrite events as needed.
– Retention method for system log, Overwrite events as needed.
It is not possible to modify settings from “Terminal Services Profile”; everything is grayed out, and “CDOEXM Modifications disabled” is displayed.
Solution: run ADModify from Windows Server 2003.
No this is not a new tool. I just needed to do some bulk modifications on AD, and wanted to find back some variables. You can find information on all this in this Microsoft Technet article: http://technet.microsoft.com/en-us/library/aa996216(EXCHG.65).aspx.
If you need to inventorize, troubleshoot, etc. your Group Policies, you often need something more than Microsoft GPMC.
SysPro offers an excellent tool, PolMan (current version is 4.1.5) which show you all your GPO settings in an interface which makes it very easy to find overlapping settings (set in more than 1 policy). Instead of simply listing all policies, with settings per policy, and having to find out which policy is used for which setting, you can see all settings, and than at a glance see which policies are used to change these settings. You can also export all settings to an Excel file, and much more.
A trial version can be downloaded; for prices and more info, see www.sysprosoft.com.
More GPO tools can be found here:Â http://www.microsoft.com/windowsserver2003/technologies/management/grouppolicy/gptools.mspx.
We ran into the following error when attempting to add a PC to the domain in one of our sites:
Continue reading “A domain controller for the domain … could not be contacted”
If you need to remove a failed DC, here is the link to the Microsoft KB article How to remove data in Active Directory after an unsuccessful domain controller demotion
Just a brief procedure to add an extra Domain Controller (more specific the first DC in a new site)
Install Windows Server 2003 with same version and service pack level as other DC’s
Install all Windows Update patches
Set static IP
Put server in domain
Continue reading “Adding an additional Windows Server 2003 Domain Controller in the domain”
Add a Group Policy in:
Computer Configuration, Windows Settings, Scripts (Startup/Shutdown) -> Startup and apply to the appropriate OU’s.
Add a batch file here with the following content (example):
NET LOCALGROUP Administrators /ADD “DOMAINNAME\Domain Admins”
NET LOCALGROUP Administrators /ADD “DOMAINNAME\Group_IT”
Now you can simply add the necessary users in “DOMAINNAME\Group_IT”, and they will have local administrator rights on the PC’s in the selected OU’s.
It2tp 