I have a domain with an 03 server and 2012 (r2 I think) server.  The 2012 box is GC and has all the roles, but the 2k3 server is still a member of the domain etc - the domain function level is obv 2003.  Glad the 03 box wasn't decommissioned yet as the 2012 box got hit with ransomware.  Unfortunately their usb backup drive was also encrypted and they had no offsite setup.  I need to reload the OS as I can't get SQL running again - cant uninstall it, cant install it, cant repair...its all kind of jacked.  Whats the best process to get it reloaded and back as the GC of the domain? Do I need to assign the roles to the 03 box first, then dcpromo, then reinstall OS and probably with a different name then before for good measure?
Thanks

I need some ideas on finding Group Policy -- and where things might be coming from.

We recently implemented a new Password Policy.  The issue is, it is not being applied to the users!

- We implemented complex passwords, can't reuse 3 passwords and only have to change every 365 days.
- I placed the policy in the OU in which the users live (because we want to have different policies per OU in the future)
- It is still forcing people to change them every 60 or 90 days (whatever they were previously made to do).
- I have removed that setting or changed in every policy I can find it.
- Other polices I have applied work.
- I have also tried doing it in the Win2012R2 console as Microsoft suggests for more granular password policies via groups -- no good.

Environment: Windows 2012R2 Active Directory Domain in Native Mode, 2 Domain Controllers

I am going to attach a screenshot of one of the OUs for reference.


What is the best way to find where this policy is being applied in a way that is not allowing me to even apply it when I put the policy at the top in the OU?  Help would be appreciated!  Thank you in advance!
Screen-Shot-2018-10-16-at-11.03.04-A.png

I am trying to run the set-dnsserverresourceset cmdlet on a list of servers in a text file.  The command below works for reading and listing all records in the file.

$l = Get-content C:\Records.txt | Get-DnsServerResourceRecord -name $_ -ZoneName company.biz -RRType A 
$i = foreach ( $r in $l) { Get-DnsServerResourceRecord -name $r -ZoneName company.biz -RRType
A}

Select all Open in new window

The problem is when I try to run

[code]
Set-DnsServerResourceRecord -NewInputObject $R -OldInputObject $R -ZoneName company.biz -whatif
/code]

newinput and oldinput do not seem to like reading data in from list. Any suggestions on how I can address this. Also how can I set the update PTR record  to auto update as well using this command?

is there any method to get a list of AD users who are using weak passwords for windows 2012R2 domain.

Hello all,

I'm curious if anyone has had a situation similar to this and if so what you did to resolve it.

So we have a domain that is air-gaped from the internet for security reasons. That works fine. However, we also have a "field network" that they take out to another site and run various tests. This network must have domain authentication and function successfully standing on it's own. How we have historically done this is we created a "Field DC" that we keep connected to the network so it's updated and synced with the Home DCs then when they leave the office for a few weeks do their thing and come back then we reconnect the server to the network to sync back and forth. For the most part this has worked pretty successfully.

Recently though they had to have the Field DC out of the office for a couple of months (which seems to be happening more often) and when it returned it was unfortunately tombstoned. I'm working on recovering that and that's not what I'm asking help with. I understand that this, and other sync issues can arise from this setup that we currently have.

What I'm wondering is: Has anyone here been in a similar situation where an air-gaped network has an additional portion of the network that will leave the office periodically and if so how did you solve this? Is there a better way to accomplish AD/DNS services with this field network that can then sync with our home domain when it returns?

Any expertise you can offer would be appreciated, …

Hi Expert,

I am currently self-learning windows server 2012 using Hyper V in Windows 10.

I have installed AD in windows server(Hyper V) and created the domain, but I would like to know what else do I need to do to allow my windows 10(Hyper V) to join to a domain? I wanted to build like in a company environment because I want to learn skill like pushing down GPO, share resources and etc in the server. I did some google but not much information.

Appreciate if any expert here has a guide, link or experience that can share with me?

Thanks!

We are running Windows 2012 Server Domain Controller and users are running windows 10 pro on their computers.
I have one user who I had to rename which I did through AD but later to find out her logon account name did not change.
I went to AD again,  right clicked the user and changed their logon name but not their pre windows 2000 name( just added an extra "e" to their name).
I changed it and waited for replication over night but I still cannot log their Windows 10 machine with the new logon name. but can continue to use the old logon name.
Any ideas?
Thanks

I would like to remove one of our 2012r2 servers that is a DFS server. The DFS shares are setup so all the namespaces are the same. I other words, the namespaces are the same on all namespace servers. I would like to remove one of them. It is a Windows 2012r2 server. It's been a long time since I've worked with DFS so I wanted to verify the steps.

Do I simply go into DFS Management and under namespaces, select the Namespace Servers tab and delete it.. or should I disable it first? Then remove the File and iScsI Services roles.

Regards,
ABBEadmin

Dear EE,

Remote Desktop has been disabled after i perform following settings on Microsoft Windows 2012 R2.

DISABLED TLS 1.0
ENABLED TLS 1.1
ENABLED TLS 1.2


Please see attached error

Thanks

I will be working in an environment that has a lot of Server 2016 Core installations (that doesn't have a GUI interface).

What are some good guides on using & navigating Server 2016 Core installations so I will be able to perform all necessary administration just like if I had a GUI interface?

Hello. I was wondering if anyone might have any ideas on restoring modified and created dates to a set of files. We had a share go down and worked off of a backup for about a week. That backup wasn't restored with the correct dates and when the server came back online we used the backup set to continue working and left the original set alone.

Long story short, the files that we're working with now all have the modified and created dates of the date the backup was restored. The original share still exists. How do I get the dates from the original set of files to the restored set of files that we're working with.

Thank you.

I have an issue with an remote desktop services server. The issue i'm having is with the screen timeout.

We want the user's local computer to have a timeout of 5 minutes for the screen lock. But we want the server they are remoting into to not have a screen lock.  Currenty, the remote desktop session locks after 5 minutes of inactivity. So when the user goes pee they have login to their local PC as well as re-type their password in remote desktop.

Is this because I'm putting the server (computer object)  in an OU and the screen lock settings are user policies so the policy is being passed to the remote desktop session from the local PC because the user account is already logged in on the local PC?

There is a GPO at the domain level that set the screen lock for 5 minutes for all users.
These settings are in "User config > Policies > Admin templates > Control Panel/Personalization"
Enable Screen saver = Enabled
Password protect screen saver = Enabled
Screen saver timeout = Enableed & 300 seconds

I've setup an OU that has a GPO screenlock policy with disabled screen lock and placed the server in it and have disable GPO inheritance on that OU.
Here are the settings for this GPO
 "User config > Policies > Admin templates > Control Panel/Personalization"
Enable Screen saver = Disabled
Password protect screen saver = Disabled
Screen saver timeout = Disabled

What is the process to set the order in which Server 2016 domain controllers authenticate Active Directory accounts?