Windows Active Directory: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (9 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
===List Applied GPO's=== | ===List Applied GPO's=== | ||
GUI: | |||
rsop.msc | |||
CLI: | |||
gpresult /r /scope computer | |||
or save it to an html file with /h | or save it to an html file with <code>/h</code>: | ||
gpresult /h c:\gpresult.html | |||
<code>gpresult /h c:\gpresult.html | |||
===Confirm DC is Reachable=== | ===Confirm DC is Reachable=== | ||
net view \\<DC name> | |||
==Domain Controller Admin== | ==Domain Controller Admin== | ||
| Line 20: | Line 21: | ||
repadmin /showreps | repadmin /showreps | ||
===Sync Domain Controller with all Replication Partners=== | |||
repadmin /syncall | |||
===Domain Controller Diagnostics=== | ===Domain Controller Diagnostics=== | ||
| Line 35: | Line 40: | ||
nltest.exe /dsregdns | nltest.exe /dsregdns | ||
==Linux BIND DNS Servers | ===Check DC FSMO Roles=== | ||
netdom query FSMO | |||
==Using Linux BIND DNS Servers for Dynamic AD Updates== | |||
===ACL=== | |||
acl "DOMAIN-CONTROLLERS" { | |||
10.144.30.101; // DC1-dave | |||
10.144.35.2; // DC2-dave | |||
10.150.30.5; // DC-jim | |||
}; | |||
=== | ===Zone Delcarations=== | ||
==== | ====Master Config==== | ||
zone "_msdcs.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_msdcs.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_sites.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_sites.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_tcp.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_tcp.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_udp.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_udp.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
====Slave Config==== | |||
zone "_msdcs.lambnet.us" IN { | zone "_msdcs.lambnet.us" IN { | ||
| Line 68: | Line 111: | ||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | allow-update-forwarding { DOMAIN-CONTROLLERS; }; | ||
}; | }; | ||
===Logging=== | |||
channel update-log { | |||
file "/var/log/named/named.update" versions 5 size 5m; | |||
severity info; | |||
print-category yes; | |||
print-severity yes; | |||
print-time yes; | |||
}; | |||
category update { update-log; }; | |||
Latest revision as of 23:53, 19 July 2024
Client Commands
List Applied GPO's
GUI:
rsop.msc
CLI:
gpresult /r /scope computer
or save it to an html file with /h:
gpresult /h c:\gpresult.html
Confirm DC is Reachable
net view \\<DC name>
Domain Controller Admin
Show DC GUID
repadmin /showreps
Sync Domain Controller with all Replication Partners
repadmin /syncall
Domain Controller Diagnostics
Verify DNS Services for DC
dcdiag /test:dns
Comprehensive, Run all tests, Verbose
dcdiag /c /v
Force registration of all DC-specific DNS records
nltest.exe /dsregdns
Check DC FSMO Roles
netdom query FSMO
Using Linux BIND DNS Servers for Dynamic AD Updates
ACL
acl "DOMAIN-CONTROLLERS" {
10.144.30.101; // DC1-dave
10.144.35.2; // DC2-dave
10.150.30.5; // DC-jim
};
Zone Delcarations
Master Config
zone "_msdcs.lambnet.us" IN {
type master;
file "dynamic/_msdcs.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
zone "_sites.lambnet.us" IN {
type master;
file "dynamic/_sites.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
zone "_tcp.lambnet.us" IN {
type master;
file "dynamic/_tcp.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
zone "_udp.lambnet.us" IN {
type master;
file "dynamic/_udp.lambnet.us";
allow-update { DOMAIN-CONTROLLERS; };
};
Slave Config
zone "_msdcs.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_msdcs.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
zone "_sites.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_sites.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
zone "_tcp.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_tcp.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
zone "_udp.lambnet.us" IN {
type slave;
masters { 10.144.30.4; };
file "dynamic/_udp.lambnet.us";
allow-update-forwarding { DOMAIN-CONTROLLERS; };
};
Logging
channel update-log {
file "/var/log/named/named.update" versions 5 size 5m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update-log; };