Active Directory Domain Naming Considerations
Best article on technet wiki for domain naming considerations.
You can start reading from this link.
Download the RRAS-vbs script and save the file.
Once script execution completes it will output a file called rras_vpn_users.txt in same folder as script.
Using Dsquery :
Run command prompt on a Domain Controller and then run the below command.
dsquery * -Filter “(&(objectCatgegory=person)(objectClass=user)(msNPAllowDialin=TRUE))”
PowerShell Get-ADUser (with AD modules):
Get-ADUser -LDAPFilter “(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))”
In Windows Server 2012, dcpromo has been deprecated.
In order to make the windows server 2012 domain controller we will install ADDS (Active Directory Domain Services) role from the server manager on Windows Server 2012.
First we will change the server name let say server2012dc and the IP address 192.168.1.11 as shown below.
“Before You Begin” screen provides you basic information such as configuring strong passwords, IP addresses and Windows updates.
On Installation Type page, select the first option “Role-based or Feature-based Installation“.
Scenario-based Installation option applied only to Remote Desktop services.
On the “Server Selection” Page, select a server from the server pool and click next.
To install AD DS, select Active Directory Domain Services in turn it will pop-up to add other AD DS related tools. Click on Add Features.
After clicking “Add Features” above, you will be able to click “Next >” as shown in the screen below.
On the “Select Features” Page, Group Policy Management feature automatically installed during the promotion. Click next.
On the “Active Directory Domain Services” page, it gives basic information about AD DS. Click Next.
On the “Confirmation” Page, You need to confirm this to continue with this configuration. It will provide you an option to export the configuration settings and also if you want the server to be restarted automatically as required.
After clicking “Install” the selected role binaries will be installed on the server.
After “Active Directory Domain Services” role binaries have been installed and now it is time to promote the server to a Domain Controller.
To create a new AD forest called “ArabITPro.local”, select add a new forest.
Type the name ArabITPro.local
Specify the FFL, DFL, whether or not it should be a DNS Server and also the DSRM administrator password. As you can see, it has selected the GC option by default and you cannot deselect it. The reason for this is that is the very first DC of the AD forest and at least one needs to be a GC.
DNS delegation warning.
Checks the NetBIOS name already assigned.
Specify the location of the AD related folders and then click next.
Summary Of All Installation Options/Selections.
Click View script for single command line powershell script for dcpromo.
Before the actual install of AD, all prerequisites are checked. If All prerequisite checks are passed successfully then click Install.
When you click Install, DNS and the GPMC are installed automatically.
After the promotion of the server to a DC finished server restart automatically.
Once the server is booted and you logon to it, click on Server Manager | Tools , will notice that following have been installed :
•Active Directory Administrative Center
•Active Directory Domains and Trusts
•Active Directory Module for Windows PowerShell
•Active Directory Sites and Services
•Active Directory Users and Computers
•Group Policy Management
When I do a nslookup, I get the response listed below:
Default Server: UnKnown
As far as I can verify, EDNS0 is disabled, PTR records exist for the server in the zone. Also, on the server, if I uncheck the IPv6 protocol in the TCP/IP properties of the NIC, this issue goes away.
Check the IPv6 settings to obtain DNS server address automatically
Change the preferred DNS server from ::1 to obtain DNS server address automatically.
ALTools.exe is the free tool from Microsoft to help administrators to troubleshoot account related problems in the Active Directory.
The Account Lockout and Management Tools can be downloaded from Microsoft Download Link. We can install these tools on a workstation, domain controller or on any member server.
ALTools includes below 7 add-ons having their own role. Let’s see how these add-ons can help administrators in troubleshooting.
1. Create a security group
2. Make users who will be having rights to join machine to domain members of this group.
3. Using Domain Group policy add group created in Step 1 to following settings..
Computer configuration > Windows settings > Security Settings > Local Policies > User Rights Assignment > Deny Logon locally
Computer configuration > Windows settings > Security Settings > Local Policies > User Rights Assignment > Deny logon through remote desktop services