Russell Smith specializes in the management and security of Microsoft-based IT systems. In addition to blogging about Windows and Active Directory for the Petri IT Knowledgebase, Russell is a Contributing Editor at CDW’s Biztech Magazine. Russell has more than 15 years of experience in IT, has written a book on Windows security, co-authored one for Microsoft’s Official Academic Course (MOAC) series and has delivered several courses for Pluralsight.
Forum Role: Participant
Topics Started: 4
Replies Created: 27
Forum Replies Created
October 22, 2019 at 11:31 am in reply to: How to synchronize password between to 2 AD Forest #624269
I would make sure that ADF1->domainX is resilient and doesn’t go down rather than trying to synchronize identities and passwords between the two domains. If you plan and manage AD correctly, it should always be available. And make sure you have a tried and tested recovery plan for worst case scenarios. Even if you did synchronize identities and passwords to the other domain, users still wouldn’t be able to log in to ADF2->domainY without you changing the domain membership of each device in ADF1->domainX.
Here is a fairly good technical overview of how Reset this PC works:
Plus additional info on the new cloud download feature:
I have a write up on Petri coming soon that simplifies this information and brings it together in one place.September 17, 2019 at 9:34 am in reply to: System Interrupts Is Causing High CPU usage. How Can I get it fixed? #623679
Usually caused by a hardware or driver issue. Try disconnecting hardware if possible and updating drivers.
It’ll be interesting to see if the option to download Windows from the cloud will make the Reset PC feature any more reliable than it is now. At present, it generates an image from the current Windows files. What if those files are corrupt? Does it simply refuse to perform a reset? There are lots of unanswered questions about how it works.July 31, 2019 at 2:06 pm in reply to: Install software from share drive without adming right #620304
An endpoint privilege management solution, like BeyondTrust, should be able to solve your problem: https://www.beyondtrust.com/endpoint-privilege-management
Try following the steps in this guide to completely disabling Hyper-V in Windows 10: https://www.petri.com/how-to-disable-hyper-v-completely-in-windows-10
Take a look at this guide if you are comfortable using PowerShell. The steps should be the same/similar for migrating from Windows Server 2008 R2 AD. http://www.rebeladmin.com/2019/01/step-step-guide-migrate-active-directory-2012-r2-active-directory-2019-powershell-guide/
No. There’s no simple solution. Here is a simple guide to restoring single objects using an authoritative restore:
And more from Microsoft if you need to restore group memberships:
Instead of creating a new AD domain/forest, you could consider just adding a new UPN suffix to your existing domain. That way users log in with [email protected] instead of [email protected]. You could also look at renaming your existing domain: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc738208(v=ws.10) and then upgrade servers to 2016. This may or may not be possible depending on what else you have in your infrastructure.
In answer to your other questions:
As long as DNS and DHCP are working properly, there shouldn’t be any issues running multiple domains/forests on the same physical subnet.
Assuming you will have two separate dedicated DNS infrastructures, I don’t think there’s anything special you need to think about.
If you want users to connect seamlessly to member servers in the old domain, then you will need a trust relationship.
If you must have a new AD, I would create a new forest.
Every scenario is slightly different and you need to test your plan, regardless of how you decide to move forward. Try to recreate the basics of your production environment in a virtual lab and check your plan works, and that you can roll back in the event of an issue.May 31, 2019 at 2:13 pm in reply to: Server 2016 this past weekend. 12 weeks total from start to finish. #617671
Well done Nigan! As I wrote here: https://www.petri.com/forums/topic/are-it-certifications-worth-it, I do believe that certifications are valuable. Even the Microsoft ones, which are relatively easy to pass compared to most others. If you know your stuff, you can pass without cheating. Cheating is only doing yourself and future employer a disservice.
You could try converting your disk to a VHD using Disk2VHD (https://docs.microsoft.com/en-us/sysinternals/downloads/disk2vhd) and then following this procedure: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image
If you can get the image to work in a Hyper-V VM, then you should be able to get in running in Azure. But I’ve never tried any of this.May 1, 2019 at 4:25 am in reply to: Advice request – migrate Server 2008 R2 domain controller to Server 2016 #616705
You could use ADMT to migrate objects to a new domain. But I would use the method Blood describes unless there’s something very wrong with your current directory.April 30, 2019 at 4:47 am in reply to: RSAT Tols on Windows 7 to Administer Domain Controller Server 2016 #616673
RSAT for Windows 7 officially supports Windows Server 2008 R2 with SP1 and Windows Server 2008 R2. That’s not to say the tools won’t work against Windows Server 2016 but it may be that some features are missing or that you may run into issues using some of the tools. It’s best practice to use RSAT for Windows 10 to manage Windows Server 2016. Remote Desktop to DCs for daily administrative tasks is never a good idea.
Even if you don’t plan to upgrade all devices to Windows 10 right now, you should at least consider upgrading devices that are used for server administration so you have the right tools and the most secure platform available. RSAT is now a built-in Feature-On-Demand in Windows 10 so you don’t need to download the tools.March 29, 2019 at 5:46 am in reply to: Microsoft is about to start nagging you to get off Windows 7 #615856
As far as I understand, the nag update won’t be applied to Professional and Enterprise SKUs so it should only affect Windows 7 Home users.March 29, 2019 at 5:43 am in reply to: How do migrate in PST format from Outlook Express data #615855
I’m not sure what exactly you are trying to achieve but Microsoft has an official guide here: https://support.office.com/en-ie/article/import-your-messages-or-account-from-outlook-express-to-outlook-ca8ecaab-3330-46a1-b925-deac3f3c4359March 29, 2019 at 5:38 am in reply to: Many articles in Powershell have 404 Error: page not found #615854
I’ll bring this up with the editorial team and see if it can be fixed. Thanks for the heads up.
I was able to pass a Vista MCP exam ago some years ago without any preparation. But then I have years of experience and I would expect that most MCP exams in my area I could pass without any study. What I find is that often people who have experience without any formal training have gaps in their knowledge and end up expending a lot of administrative effort to do things that should be relatively simple. Or avoid tools, like Group Policy and PowerShell, because they can be difficult to understand if you haven’t studied them in detail. I agree that certs are not a necessity once you’ve got the core concepts down and have experience to go with it. But I think they can be valuable at the start of your career and make life easier on the job.
Thanks JeremyW. I agree with you entirely.
Wullieb1, I also got MSCE 2000 but never bothered to update it. Partly because I never needed it to get a job once I’d got experience. But nevertheless, I do think certs are of value to people starting out.February 19, 2019 at 4:08 am in reply to: I’m 25. I’m trying to learn Windows Server 16 with no IT background and I need help. #614359
<span style=”display: inline !important; float: none; background-color: #ffffff; color: #333333; font-family: Georgia,’Times New Roman’,’Bitstream Charter’,Times,serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;”>Take baby steps and try to understand the concepts as you go along. </span><b></b><i></i><u></u><span style=”text-decoration: line-through;”></span>
Try networking two devices without any help from a domain using static (fixed) IP addresses. If you can, use two physical devices instead of VMs. Get name resolution working, i.e. can you connect to one from the other by name and not only IP address. Then try creating a file share on one device and see if you can map a network drive from the other. You will need to read up a little on IP addressing, DNS, and permissions. Once you’ve done that, try to install a Windows Server domain controller and join a device to the domain. You’ll see how much easier it is to network devices that are joined to a domain once everything is in place. This should help you understand Active Directory concepts and DHCP. Taking a course for a specific exam will also take you step-by-step through all the required concepts.
Assuming you don’t want to do clustering with no intentions of upgrading the 2012 R2 server, there should be no problem using Windows Server 2012 R2 on one server and 2016 on the other. Better to install 2016 on the new one unless there is a specific reason not to do so. It will be easier in the long run.
- This reply was modified 8 months ago by Russell Smith.
Is Windows Search configured on the server to index file contents for the file types you want to search? It sounds like it is. By default, some file types only have their file properties indexed.
- Open Indexing Options from the Start menu.
- Click Advanced.
- Switch to the ‘File Types’ tab.
- Click the file type you want to index.
- Check ‘Index Properties and File Contents’.
- Click OK.
The index will be rebuilt, which can obviously take time depending on the number of files. If you still can’t get it to work, test it in a lab environment and try to establish what is different in production.
I guess it depends on what you use the Ubuntu VMs for. WSL can’t run persistent services, daemons, jobs, as background tasks. But a VM can. For my personal use case, if I had a dedicated server with enough resources, I’d probably stick to VMs.