Tag Archives: Windows Domain

by

Recover DC with Only System State Backup

Have you ever had to restore an Active Directory Domain Controller from scratch with only System State backup?

If so, and you already looked over the Internet, probably no direct results mentioned that procedure, basically due to it’s simplicity.

Indeed simple procedure. Starts by building (format and install Windows OS) the server and install all the updates to match the same version and edition used on the original DC.

Enable all features and roles needed and were on the original DC, but do not configure any of it.

Isolate the server, you may use an isolated port or simply change the IP address to something not in that subnet, to avoid conflicts and service interruption.

Promote to domain controller as new domain in new forest. Better to use the original names of DC and domain.

Reboot to DSRM, and login.

Start the system state restore process.

Once done and rebooted, check the event log for any critical / serious messages. If not exist, then you can connect to the network and resync with other domain controllers.

I’ve successfully applied this on Windows 2012R2 and will soon test it again with 2016 and 2019 servers.

However, I still strongly recommend you have the bare metal backup, and perform restore testing every six months.

HTH,

by

Domain Controller Status Unavailable

When running MMC with any AD management component inside it, and try to switch to another server you may notice sometimes the status shows “Unavailable”.

Most likely this is due to IPv6 not fully disabled, or not fully enabled (if you decide to run it), and you will need to update the registry value as per Microsoft article:

https://support.microsoft.com/en-us/help/929852/how-to-disable-ipv6-or-its-components-in-windows

HTH

by

Sample WMI Filters for GPO in AD

Hereafter listed few filters I keep using on my projects.

Almost every client I’ve worked with had these filters implemented in their Group Policy Console of Windows Active Directory.

So I keep it here for faster access, and easier than searching for it every time on different sites on the the web.

FILTER 1: Select DCs & Member Servers

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″ OR ProductType=”2″

FILTER 2: Select Domain Controllers (DCs) Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”2″

FILTER 3: Select Member Servers Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″

FILTER 4: Select Workstations Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”1″

FILTER 5: Select Win 2008 Member Servers Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″ AND Version like “6.%”

by

Import Using CSVDE with Unicode Switch Error

This is an old method, yeh I know. But not everyone moved on to the PowerShell yet.

Anyway, if you’re trying to import a CSV file to Active Directory, and got the error  message says:
Invalid file format. DN Attribute not defined

Just try to remove the Unicode switch “-u” from your command. If that works, then re-save (save as) the CSV file using Notepad, and make sure to select the unicode option, NOT the UTF-8

HTH some1