Category Archives: AD

How to troubleshoot workstation Trust relationship issues on Domain

How Trust relationships affect the Computers? Domain joined workstations and member servers are had a Trust relationship with Domain in order to authenticate, and reset the computer account password every 30 days by default, you will get the below error if any mismatch between computer password on workstation and on Domain controller Also Read: Active Directory Replication… Read More »

Office 365 DirSync Error: Unable to update this object because of missing attributes

One of our reader has an issue with the Office 365 syncing with their on-premises active directory, getting below error while running DirSync, error is as follows Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services IdFix… Read More »

Active directory user attributes auditing using object Meta

On active directory auditing we want to know who, when and where the Active Directory Attributes are changed, like who removed the group from an Active directory user account, who changed the account description or any other Active directory object attribute changes All Active directory object changes are stored in object Meta and can be… Read More »

Force DFS Replication/Force DFSR Members to Replicate on windows server 2008 and 2012

Force sysvol replication on windows server 2008/2012, FRS has been replaced by DFSR Replication engine for replicating the SYSVOL folders from Windows Server 2008 & wundows server 2012 and file replication performance has been improved with many new features, Microsoft manage to fix most of the bottlenecks, improved command line support, Content Freshness, handling unexpected… Read More »

Command to find Duplicate SPN

Find Duplicate SPN: A Service Principal Name (SPN) is a concept from Kerberos. To find a particular service offered by a particular host within the domain. General Syntax of SPNs is service class/fqdn@REALM , There are also User Principal Names which identify users, in form of user@Domain Kerberos requires that the SPN be unique and there should be a single SPN configured… Read More »

How secure channel determine the Domain controller in cross-forest

How client computer/member server find the logon Domain Controller from Cress Fores in an Active Directory envirnment or How secure channel determine the Domain controller in cross-forest If you are worked on troubleshooting the authentication issues between forests, you might be used NLTEST tool to check the secure channel Domain controller, did you ever try… Read More »

Can I restore a schema partition?

Straightforward answer is NO, Any change done in the schema can’t be revert back by deletion or restore, however we can deactivate the change (like attribute), there is no supported way of restoring schema from the backup and you can’t do authoritative restore of schema partition, the only option is to do the forest recovery… Read More »