Windows Active Directory: Difference between revisions

From Dave-Wiki
Jump to navigation Jump to search
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
=Client Commands=
==Client Commands==


==List Applied GPO's==
===List Applied GPO's===


<code>rsop.msc</code> (GUI version)
GUI:
  rsop.msc


<code>gpresult /r /scope computer</code> (CLI version)
CLI:
  gpresult /r /scope computer


or save it to an html file with /h:
or save it to an html file with <code>/h</code>:
  gpresult /h c:\gpresult.html


<code>gpresult /h c:\gpresult.html</code>
===Confirm DC is Reachable===


==Confirm DC is Reachable==
  net view \\<DC name>


<code>net view \\<source DC name></code>
==Domain Controller Admin==


=Domain Controller Admin=
===Show DC GUID===


==Show DC GUID==
  repadmin /showreps
 
===Sync Domain Controller with all Replication Partners===


   repadmin /showreps
   repadmin /syncall


==Domain Controller Diagnostics==
===Domain Controller Diagnostics===


===Verify DNS Services for DC===
====Verify DNS Services for DC====


   dcdiag /test:dns
   dcdiag /test:dns


===Comprehensive, Run all tests, Verbose===
====Comprehensive, Run all tests, Verbose====


   dcdiag /c /v
   dcdiag /c /v


==Force registration of all DC-specific DNS records==
===Force registration of all DC-specific DNS records===


   nltest.exe /dsregdns
   nltest.exe /dsregdns
===Check DC FSMO Roles===
  netdom query FSMO
==Using Linux BIND DNS Servers for Dynamic AD Updates==
===ACL===
  acl "DOMAIN-CONTROLLERS" {
      10.144.30.101;  // DC1-dave
      10.144.35.2;    // DC2-dave
      10.150.30.5;    // DC-jim
  };
===Zone Delcarations===
====Master Config====
  zone "_msdcs.lambnet.us" IN {
      type master;
      file "dynamic/_msdcs.lambnet.us";
      allow-update { DOMAIN-CONTROLLERS; };
  };
 
  zone "_sites.lambnet.us" IN {
      type master;
      file "dynamic/_sites.lambnet.us";
      allow-update { DOMAIN-CONTROLLERS; };
  };
 
  zone "_tcp.lambnet.us" IN {
      type master;
      file "dynamic/_tcp.lambnet.us";
      allow-update { DOMAIN-CONTROLLERS; };
  };
 
  zone "_udp.lambnet.us" IN {
      type master;
      file "dynamic/_udp.lambnet.us";
      allow-update { DOMAIN-CONTROLLERS; };
  };
====Slave Config====
  zone "_msdcs.lambnet.us" IN {
      type slave;
      masters { 10.144.30.4; };
      file "dynamic/_msdcs.lambnet.us";
      allow-update-forwarding { DOMAIN-CONTROLLERS; };
  };
 
  zone "_sites.lambnet.us" IN {
      type slave;
      masters { 10.144.30.4; };
      file "dynamic/_sites.lambnet.us";
      allow-update-forwarding { DOMAIN-CONTROLLERS; };
  };
 
  zone "_tcp.lambnet.us" IN {
      type slave;
      masters { 10.144.30.4; };
      file "dynamic/_tcp.lambnet.us";
      allow-update-forwarding { DOMAIN-CONTROLLERS; };
  };
 
  zone "_udp.lambnet.us" IN {
      type slave;
      masters { 10.144.30.4; };
      file "dynamic/_udp.lambnet.us";
      allow-update-forwarding { DOMAIN-CONTROLLERS; };
  };
===Logging===
  channel update-log {
      file "/var/log/named/named.update" versions 5 size 5m;
      severity info;
      print-category yes;
      print-severity yes;
      print-time yes;
  };
 
  category update      { update-log; };

Latest revision as of 23:53, 19 July 2024

Client Commands

List Applied GPO's

GUI: 

 rsop.msc

CLI: 

 gpresult /r /scope computer

or save it to an html file with /h: 

 gpresult /h c:\gpresult.html

Confirm DC is Reachable

 net view \\<DC name>

Domain Controller Admin

Show DC GUID

 repadmin /showreps

Sync Domain Controller with all Replication Partners

 repadmin /syncall

Domain Controller Diagnostics

Verify DNS Services for DC

 dcdiag /test:dns

Comprehensive, Run all tests, Verbose

 dcdiag /c /v

Force registration of all DC-specific DNS records

 nltest.exe /dsregdns

Check DC FSMO Roles

 netdom query FSMO

Using Linux BIND DNS Servers for Dynamic AD Updates

ACL

 acl "DOMAIN-CONTROLLERS" {
     10.144.30.101;  // DC1-dave
     10.144.35.2;    // DC2-dave
     10.150.30.5;    // DC-jim
 };

Zone Delcarations

Master Config

 zone "_msdcs.lambnet.us" IN {
     type master;
     file "dynamic/_msdcs.lambnet.us";
     allow-update { DOMAIN-CONTROLLERS; };
 };
 
 zone "_sites.lambnet.us" IN {
     type master;
     file "dynamic/_sites.lambnet.us";
     allow-update { DOMAIN-CONTROLLERS; };
 };
 
 zone "_tcp.lambnet.us" IN {
     type master;
     file "dynamic/_tcp.lambnet.us";
     allow-update { DOMAIN-CONTROLLERS; };
 };
 
 zone "_udp.lambnet.us" IN {
     type master;
     file "dynamic/_udp.lambnet.us";
     allow-update { DOMAIN-CONTROLLERS; };
 };

Slave Config

 zone "_msdcs.lambnet.us" IN {
     type slave;
     masters { 10.144.30.4; };
     file "dynamic/_msdcs.lambnet.us";
     allow-update-forwarding { DOMAIN-CONTROLLERS; };
 };
 
 zone "_sites.lambnet.us" IN {
     type slave;
     masters { 10.144.30.4; };
     file "dynamic/_sites.lambnet.us";
     allow-update-forwarding { DOMAIN-CONTROLLERS; };
 };
 
 zone "_tcp.lambnet.us" IN {
     type slave;
     masters { 10.144.30.4; };
     file "dynamic/_tcp.lambnet.us";
     allow-update-forwarding { DOMAIN-CONTROLLERS; };
 };
 
 zone "_udp.lambnet.us" IN {
     type slave;
     masters { 10.144.30.4; };
     file "dynamic/_udp.lambnet.us";
     allow-update-forwarding { DOMAIN-CONTROLLERS; };
 };

Logging

 channel update-log {
     file "/var/log/named/named.update" versions 5 size 5m;
     severity info;
     print-category yes;
     print-severity yes;
     print-time yes;
 };
 
 category update       { update-log; };
Retrieved from "https://davehome.net/wiki/index.php?title=Windows_Active_Directory&oldid=274"