Domain Controller

Enabling Active Directory Users and Computers in Windows 7

Posted by robd on February 28, 2017
Domain Controller / No Comments

Enabling Active Directory Users and Computers in Windows 7

I had to download the update mentioned: http://www.microsoft.com/downloads/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=en

Then I had to run these command lines as an administrator:

dism /online /enable-feature /featurename:RemoteServerAdministrationTools
dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles
dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD
dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS
dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns

 

Tags: ,

Exchange store failes due to AD topography changes

So today I was working at a site that has a single Exchange 2010 server that forfills all the Exchange roles (I know….) which happened to fall on its ass.

First thing I did was check the Exchnage services which were in a state of “starting” which is never good and then I went to the registry and found:

MSExchange ADAccess, EventID 2141
Process STORE.EXE (PID=2996). Topology discovery failed, error 0x8007077f

MSExchange ADAccess, EventID 2142

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1760). Topology discovery failed, error 0x8007077f

Here’s a few screen shots:

exchange error1exchange error2exchange error3exchange error4

As well as a few more related to AD.

After some investigation I found out that a new DC in a new site had been created for some DFS replication amongst other things.

As the system could start the Microsoft Exchange Active Directory Topology service (until it failed and is restarted by dependent services), Exchange’s other services were also triggered, leading to almost indefinitely restarting services as configured in their corresponding service recovery actions sections.

So next up is to look at Active Directory Sites and Services:

exchange error5

And as you can see from the screen shot the subnets are missing, which is going to cause issues as the new DC is on a different subnet.

When Exchange can’t determine in which site a computer belongs, the function DSGetSiteName, used to retrieve the current site, returns an error 1919 0x77f (ERROR_NO_SITENAME) which in turn kills off Exchange.  You can test this by running nltest /dsgetsite in a command prompt or by having a look at  HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DynamicSiteName.

To solve the issue you can do any of the following:

  1. Making the site association static using a registry key, which isn’t a best practice. If you must, set registry key HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SiteName(REG_SZ) to the desired site name;exchange fix1
  2. Adding proper subnet definitions;exchange fix2
  3. Remove the new site.

 

Finally give Exchange a  bounce and BOOM.

 

Note that the NetLogon service determines site association membership at startup and every 15 minutes. The Microsoft Exchange Discovery Topology service maintains this information by caching the information in the msExchServerSite attribute of the Exchange server object, in order to reduce load on active directory and DNS. Therefore, you might need to wait or restart Microsoft Exchange Discovery Topology if you want to renew site association membership.

 

 

Resynchronise the time on a Domain Controller

Posted by robd on January 15, 2012
Domain Controller / No Comments

All servers on the domain will get their time from a Domain Controller, specifically the domain that holds the PDC Emulator FSMO role. Without the correct time on the PDC Emulator amongst other things authentication could fail as time sync would be out between the Kerberos authentication protocol on client and DC.

If you do find any servers or a DC out of sync then the first thing to do would be to find the main PDC Emulator for the Domain or you could check the following registry key to see if the DC your on is getting its time from another DC or the internet:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32time\Parameters

Then Look at the Type Key

If it’s set as NTP then its going out to the internet to get its time and the website it’s going to will be set above under the key NtpServer.

If it’s set as NT5DS – The time service synchronizes from the domain hierarchy (so the PDC Emulator).

Once you’ve found the correct DC, you’ll need to force it to resync with the Internet:

Log on as an Administrator

Open up Command prompt in Admin mode

Type: w32tm /resync /rediscover

Then check the time.

Then go to the other DC’s and check the time, if its not caught up with the new time then run the following:

w32tm /resync