Monday, October 10, 2016

No Sysvol and netlogon folders on new domain controller

Fix no Sysvol and netlogon folders on new domain controller:

open regedit--
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

 change SyvolReady value from 0 to 1

 After reboot you can see empty sysvol folder. Recovery polices from backup or fix dfsr replication.

 again change change SyvolReady value from 1 to 0

 reboot and after reboot again change SyvolReady value from 0 to 1.

 after reboot you can see Sysvol an Netlogon folders.

Posted by at No comments:
Labels:

Thursday, October 6, 2016

RODC AD in DMZ ports

Ports to be open on the firewall between the RODC in the perimeter network and the writable Domain Controller in the LAN:
PortType of traffic
TCP 57344                                            DRSUAPI, LsaRpc, NetLgonR
TCP Static 53248                                            FrsRpc
TCP 135                                            EPM
TCP 389                                            LDAP
TCP 3268                                            GC, LDAP
TCP 445                                            DFS, LsaRpc, NbtSS, NetLogonR, SamR, SMB, SrvSvc
TCP 53                                            DNS
TCP 88                                            Kerberos
UDP 123                                            NTP
UDP 389                                            C-LDAP
UDP 53                                            DNS
TCP and
UDP464		                                           Kerberos Change/Set Password





Ports to be open on any host or network firewall between a member server in the perimeter network and the RODC in the perimeter network:
PortType of traffic
TCP 135EPM
TCP 389LDAP
TCP 445DFS, LsaRpc, NbtSS, NetLogonR, SamR, SMB, SrvSvc
TCP 88Kerberos
TCP DynamicDNS, DRSUAPI, NetLogonR, SamR
UDP 389C-LDAP
UDP 53DNS


Source
Posted by at No comments:
Labels:

RODC AD in DMZ ports

Ports to be open on the firewall between the RODC in the perimeter network and the writable Domain Controller in the LAN:
PortType of traffic
TCP 57344                                            DRSUAPI, LsaRpc, NetLgonR
TCP Static 53248                                            FrsRpc
TCP 135                                            EPM
TCP 389                                            LDAP
TCP 3268                                            GC, LDAP
TCP 445                                            DFS, LsaRpc, NbtSS, NetLogonR, SamR, SMB, SrvSvc
TCP 53                                            DNS
TCP 88                                            Kerberos
UDP 123                                            NTP
UDP 389                                            C-LDAP
UDP 53                                            DNS
TCP and
UDP464		                                           Kerberos Change/Set Password
Ports to be open on any host or network firewall between a member server in the perimeter network and the RODC in the perimeter network:
PortType of traffic
TCP 135EPM
TCP 389LDAP
TCP 445DFS, LsaRpc, NbtSS, NetLogonR, SamR, SMB, SrvSvc
TCP 88Kerberos
TCP DynamicDNS, DRSUAPI, NetLogonR, SamR
UDP 389C-LDAP
UDP 53DNS


Source
Posted by at No comments:
Labels:

Windows DNS Command Line

Query DNS forest-wide partition replica 
dsquery * "DC=ForestDNSZones,dc=forestRootDomain

Add a CNAME record to DNS 
dnscmd %server% /recordadd %zone% %AliasName% CNAME %HostnameAliasing%

Query zone resource records on a Microsoft DNS server
wmic /namespace:\\root\microsoftdns /node:%server% path MicrosoftDNS_ResourceRecord WHERE ContainerName='%zone_name%'

nslookup with debug information 
nslookup -debug %IP%

DSQuery authorised DHCP Servers
Dsquery * "cn=NetServices,cn=Services,cn=Configuration, DC=forestRootDomain" -attr dhcpServers

Enumerate all records from a DNS zone
dnscmd /enumrecords @ /additional /continue > DNS_all.txt

Lookup SRV records from DNS
nslookup -type=srv _ldap._tcp.dc._msdcs.{domainRoot}

DNS Information
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do dnscmd %i /info

DNS Zone Detailed information
dnscmd /zoneinfo %userdnsdomain%

DNS Zones in AD
for /f %i in ('dsquery server -o rdn') do Dsquery * -s %i domainroot -filter (objectCategory=dnsZone)

Enumerate DNS Server Zones
for /f %i in ('dsquery server -o rdn') do dnscmd %i /enumzones

Print DNS Zones 
dnscmd DNSServer /zoneprint DNSZone

Add a host record in DNS
dnscmd %dnsserver% /recordadd %zone% %relative_name% A %ip%

Find aging records from an enumerated zone
find /i "aging:" DNS_all.txt > DNS_aging.txt

DNS Scavenging check, based on the output of aging records from dnscmd.exe
cscript DNSScavengeTest.wsf /f:DNS_aging.txt

Query DNS objects from the directory
dsquery * DC=,CN=MicrosoftDNS,cn=System,dc=

Start DNS scavenging 
dnsmd /startscavenging

Delete a host record from DNS
dnscmd %server% /recorddelete %zone% @ A %IP%

Determine the DNS suffix search list set through policy for a computer
reg query "\\%Computer%\HKEY_LOCAL_MACHINE\software\policies\microsoft\Windows NT\DNSClient" /v SearchList

Query for the zones hosted on a Microsoft DNS server 
wmic /namespace:\\root\microsoftdns /node:%server% path MicrosoftDNS_Zone

Find DNS Forwarder information from dnscmd output
for %b in (DNS*.txt) do @for /f "skip=2 delims=[]" %i in ('"find /i /N "Forwarders:" %b"') do @for /f "skip=2 delims=[]" %m in ('"find /i /N "Command completed successfully." %b"') do @for /f %p in ('set /a %m-%i') do echo tail -%p %b

List primary reverse lookup zones from a DNS server
dnscmd %server% /EnumZones /secondary /reverse

List allowed secondary servers for the specified zone
dnscmd %server /zoneinfo %ip%.in-addr.arpa SecondaryServers

 Source
Posted by at No comments:
Labels: ,

Wednesday, September 28, 2016

Lync DNS Records

Internal
lyncdiscoverinternal.contoso.com  (A record for the Autodiscover service for internal connections directed to internal Web services)

_sipinternaltls._tcp.contoso.com (SRV record for internal TLS connections)

 _sipinternal._tcp.contoso.com (SRV record for internal TCP connections)

 sipinternal.contoso.com (A record for the Front End pool)

Extarnal

 lyncdiscover.contoso.com (A record for the Autodiscover service for external Web services)

 _sip._tls.contoso.com (SRV record for external TCP connections)

 sip.contoso.com (A record for the Front End pool when the client is on the internal network; A record for the Access Edge Server when the client is external with no VPN access)

 sipexternal.contoso.com (A record for the Access Edge Server when the client is external with no VPN access)
Posted by at No comments:
Labels:

Tuesday, September 27, 2016

Exchange 2010 EMC cannot access AD configuration data after you demote a DC

   Go to the folder and delete the Exchange Management Console file.
   C:\users\<specific user>\AppData\Roaming\Microsoft\MMC\Exchange Management Console
   Close EMC and reopen it.
Posted by at No comments:
Labels:

Thursday, September 22, 2016

DFS Replication problem -FIX

1. Connect to PDC domain controller:

Open services.msc --- and stop DFS Replication service

2. Open ADSI Edit (adsiedit.msc)
 connect to PDC
 go to ---
CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<PDC Server >,OU=Domain Controllers,DC=<your domain>

 change attributes :
msDFSR-Enabled=FALSE
msDFSR-options=1

 on all other domain controllers change 
4. msDFSR-Enabled to  False

 on PDC run :

 5.repadmin /syncall pdc_name /APed

6. start  DFS Replication service

7. Go to ADSIEdit and change back msDFSR-Enabled to True
8. run DFSRDIAG POLLAD (on PDC)
9.  on all other Domain controllers run 

 repadmin /syncall pdc_name /APed

10.  on all other DC (not PDC) change in ADSIEDIT msDFSR-Enabled to True
11. run on all DC (not PDC) DFSRDIAG POLLAD

 Source
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)