Showing posts with label Active Directory. Show all posts
Showing posts with label Active Directory. Show all posts

Thursday, March 3, 2011

How to: Installing a Windows 2008 Read Only Domain Controller (RODC)

In this article I’m going to set up a Read Only Domain Controller in a Windows 2008 environment. There’s already a writable Domain Controller available in the domain GPO.LOCAL. The first step is to Install a new Windows 2008 Server, in my example it’s a Core Edition. After the installation, you can begin configuring your new server.

– Enter the productkey:
slmgr.vbs -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

– Activate Windows:
slmgr.vbs -ato

– Rename the computer:
Netdom renamecomputer “%computername%” /newname:SRV-RODC01 /reboot:15

– Show all network interfaces:
Netsh interface ipv4 show interface

– Set a static IP address:
Netsh interface ipv4 set address name=2 source=static address=172.16.1.11 mask=255.255.0.0 gateway=172.16.1.1
(make sure that you’re choosing the right network interface. In this example it’s 2, so name=2 it means interface 2)

– Set a static DNS server:
Netsh interface ipv4 add dnsserver name=2 address=172.16.1.10 index=1

– Turn Remote Desktop (RDP) on:
Cscript %windir%\system32\SCRegEdit.wsf /ar 0

– Enable Remote Desktop (RDP) in the Windows Firewall:
netsh advfirewall firewall set rule group=”remote desktop” new enable=yes
(Note: type this rule in by your self, copy past will give an error!)

– Enable Remote Management (RemoteCMD) in the Windows Firewall:
netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes
(Note: type this rule in by your self, copy past will give an error!)Making the unattended.txt:
Copy and past the following test into the new textfile and save this file on the C: drive of the Core Server.
==================================================
[DCInstall]
InstallDNS=Yes
ConfirmGc=Yes
CriticalReplicationOnly=No
DisableCancelForDnsInstall=No
Password=********
RebootOnCompletion=No
ReplicaDomainDNSName=GPO.local
ReplicaOrNewDomain=ReadOnlyReplica
ReplicationSourceDC=srv-w2k8dc01.gpo.local
SafeModeAdminPassword=********
SiteName=Default-First-Site-Name
UserDomain=GPO.local
UserName=Administrator
==================================================

Run the DCPROMO
dcpromo /unattend:c:\unattend.txt15)

– Reboot the Domain Controller
shutdown -r -t 0

cs_01 cs_03 cs_04

cs_05 cs_06 cs_07

cs_08 cs_09 cs_10

cs_11 cs_12 cs_13

As you can see, when you make a connection to the RODC, you’re not be able to make any changes to existing users or groups and the option “New” is hidden when you right-click in your environment.

In the next post i’m going to delete a RODC from the environment. (for example if your server is stolen or something like that).

Continue Reading »
Posted by Admin at 1:44 AM 1 comments

How to: Recovering Deleted AD Objects in Windows Server 2008 R2

A new nice feature in Windows Server 2008 R2 is the Active Directory Recycle Bin. Deleted items can be restored without rebooting the Domain Controller(s), restarting the Active Directory Services and even without any backuptapes!! Let’s have a look on that.

The first step is to enable the Recycle Bin feature. Make sure your functional level is Windows Server 2008 R2 and keep in mind that when you enable this feature, you can’t disable this feature anymore!!

1.) Start the  Active Directory Module for Windows PowerShell
Import-Module ActiveDirectory

2.) View the actual settings of the Recycle Bin feature
Get-ADOptionalFeature -Filter { name -like “Recycle*” }

3.) Enable the feature for your Active Directory environment
Enable-ADOptionalFeature “Recycle Bin Feature” -Scope ForestOrConfigurationSet -Target E2K7SP2.LOCAL

4.) View all the deleted Active Directory objects
Get-ADObject -SearchScope subtree -SearchBase “cn=Deleted Objects,dc=E2K7SP2,dc=LOCAL” -includeDeletedObjects -filter { name -notlike “Deleted*” }

5.) Restore the user objects you want
Restore-ADObject -Identity “CN=User01\0ADEL:cc40dfd4-f671-4e90-90cc-3c8a33b18391,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”
Restore-ADObject -Identity “CN=User02\0ADEL:394ec482-5bb2-4131-bdb4-7c92d7193987,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”
Restore-ADObject -Identity “CN=User03\0ADEL:19f1bf8b-0227-486a-bc8d-ca72a342e116,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”
Restore-ADObject -Identity “CN=User04\0ADEL:1b00b1c9-1f1f-4b74-b027-fa88feb4069d,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”
Restore-ADObject -Identity “CN=User05\0ADEL:970b2597-4cf3-4971-87ea-9ada827e376d,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”

6.) With this command you restore all the deleted items (Not Recommended!!)
Get-ADObject -SearchScope subtree -SearchBase “cn=Deleted Objects,dc=E2K7SP2,dc=LOCAL” -IncludeDeletedObjects -filter { name -notlike “Deleted*” } | Restore-ADObject

7.) All deleted Active Directory objects are restored now. Even the group membership of the users are restored!! Cool :D

AD_RCB_01

AD_RCB_02 AD_RCB_03 AD_RCB_04

AD_RCB_05 AD_RCB_06 AD_RCB_07

AD_RCB_08 AD_RCB_09 AD_RCB_10

AD_RCB_11 AD_RCB_12 AD_RCB_13

AD_RCB_14 AD_RCB_15

Continue Reading »
Posted by Admin at 1:44 AM 0 comments
IT Howto © Design by Blogger Templates Gallery - Inspired by Daily Blog Tips