Archive | Active Directory RSS feed for this section

Recover deleted AD Object

31 Jan

Original Microsoft Tech Net guide

 

OLD WAY!https://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx

 

NEW WAY!

 

How to Restore a Microsoft Server 2012 Active Directory Object from the Active Directory Recycle Bin

  • Last updated on Oct 26, 2016

This article refers to the Barracuda Backup Legacy Release firmware or newer, and Microsoft® Active Directory (AD) on Microsoft Windows Server® 2012. For information on backing up the AD, refer to How to Back Up Microsoft Active Directory.

Before attempting to recover a domain controller, first review the Microsoft TechNet article Domain Controller Recovery[1] for a complete list of recommendations.

Use the following steps to restore an AD Object from the AD Recycle Bin:

  1. Log in to the Windows Server 2012 as the administrator.
  2. Go to Start, and type dsac.exe to open the ADAC, or in Server Manager, click Tools, and then click Active Directory Administrative Center.
  3. In the left pane, click on the target Server name; a Deleted Objects container displays in the center pane:
    ad_server2012.png

    Deleted Objects Container
    If the Deleted Objects container does not display, right-click on the Server name in the left pane to enable the container.

  4. Double-click the Deleted Objects container to view a list of deleted items which can be restored.
  5. Right-click on the user to restore, and click Restore:
    restore_ad.png
  6. Verify the user has been restored.

 

 

 

Advertisements

.local again!

1 Dec

Full credit to Mark Parris for the original write up

Active Directory: .local domain design and Office 365.

Active Directory: .local domain design and Office 365.

Microsoft since the release of Windows 2000 Server have recommended that any Windows Server environment promoted to host an Active Directory forest/domain should be configured with a registered Top Level Domain (TLD), such as .com, .net, .org etc.

Many companies have ignored this advice and taken the approach of, my internet presence is for example markparris.net so I will therefore call my Active Directory forest markparris.local.

This approach to the .local namespace in Active Directory has caused no real issue, with exception of Apple Mac Integration into the environment (see below).

With the onset of the cloud, premises and off premises computing the .localnamespace now causes a potential issue. The .local namespace issue may be resolved with a simple fix or it could involve a fair amount of remediation work.

In order to use Microsoft Office 365 Cloud Services with an on premise Active Directory synchronised via DirSync to the “Microsoft Cloud” the forests namespace or to be more precise the users UPN (User Principal Name) must be an internet registered TLD.   In most companies this can be easily achieved by setting all cloud users UPN’s to their email address (or another registered namespace) and then this is what the user presents to Microsoft, to be authenticated/validated.

In some companies, the .local UPN namespace may already be in use for something else and a UPN remediation project may need to be completed prior to any Microsoft cloud integration. This could again be a simple resolution or a huge global project.

So to summarise, the recommendation is still not to use the .local namespace in any new Active Directory implementation, if you have utilised the .localnamespace and you have a requirement to implement Office 365, then identify and configure a registered UPN for the affected accounts.

To be fair to Microsoft, they did tell you.

DNS name registration with an Internet registrar

We recommend that you register DNS names for the top-most internal and external DNS namespaces with an Internet registrar. This includes the forest root domain of any Active Directory forests unless such names are sub-domains of DNS names that are registered by your organization name (For example, the forest root domain “corp.example.com” is a sub-domain of an internal “example.com.” namespace.) Article ID: 300684 – Last Review: February 16, 2011 – Revision: 25.1.  http://support.microsoft.com/kb/300684

As I put my thoughts down, it has also become apparent to me that anyone with an Active Directory namespace that uses a TLD namespace that is not registered to them will also have this same issue and will also need to configure new UPN’s.

Apple Issues

Mac OS X: About Multicast DNS

http://support.apple.com/kb/TA20999?viewlocale=en_US

You receive an “unexpected error occurred” error message when you try to access resources on a Windows-based network from your Macintosh computer

http://support.microsoft.com/kb/836413

Domain Rename

27 Jul

Today I did this live in a production environment for only  the second time in my career.

By large I followed the instructions here

I will add the additional steps I took shortly

 

UPN still points to old domain in ADUC

 

You can simply use for that MS DS Tools. On a DC in command-line type

to prepare users list

dsquery user -samid * -limit 0 | dsget user -samid | find /v "dsget" | find /v "samid" >>c:\users.txt

Select allOpen in new window

and now, you can simply update users

for /f %i in (c:\users.txt) do dsquery user -samid %i | dsmod user -upn %i@NewDNSDomainName -c

 

Azure AD sync – UPN

11 May

http://www.lewisroberts.com/2015/01/22/addendum-getting-started-with-azure-active-directory-sync-upn-suffix/

Winmail.dat – No attachments

3 May

How to Avoid Sending Winmail.dat Attachments

Setting Global Properties

Set the Global Properties to have Outlook by default send your email in Hypertext Markup Language (HTML):

  • Outlook 2007: Select Tools > Options > Email Format > Internet Options. Select Convert to HTML format.
  • Outlook 2010 and 2013: Select File > Options > Mail and then scroll to the bottom of the dialog. Select Convert to HTML format.

Meeting requests or voting buttons may not work with this setting, but you can override the format on select messages.

Binding Macs to AD – Troubleshooting

21 Apr

https://community.spiceworks.com/topic/618936-bind-mac-os-x-10-9-5-to-ad-server

 

 

Home Directories showing as Documents

21 Apr

Another workaround for the lovely “documents” issue is……

  1. Navigate to share eg \\Server\Users
  2. Right click on column SIZE
  3. Click on More at the bottom
  4. tick Filename