Windows Active Directory: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
(12 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=Client Commands= | ==Client Commands== | ||
==List Applied GPO's== | ===List Applied GPO's=== | ||
GUI: | |||
rsop.msc | |||
CLI: | |||
gpresult /r /scope computer | |||
or save it to an html file with /h: | or save it to an html file with <code>/h</code>: | ||
gpresult /h c:\gpresult.html | |||
===Confirm DC is Reachable=== | |||
net view \\<DC name> | |||
==Domain Controller Admin== | |||
= | ===Show DC GUID=== | ||
repadmin /showreps | |||
===Sync Domain Controller with all Replication Partners=== | |||
repadmin /syncall | |||
===Domain Controller Diagnostics=== | |||
====Verify DNS Services for DC==== | |||
dcdiag /test:dns | |||
====Comprehensive, Run all tests, Verbose==== | |||
dcdiag /c /v | |||
===Force registration of all DC-specific DNS records=== | |||
nltest.exe /dsregdns | |||
===Check DC FSMO Roles=== | |||
netdom query FSMO | |||
==Using Linux BIND DNS Servers for Dynamic AD Updates== | |||
===ACL=== | |||
acl "DOMAIN-CONTROLLERS" { | |||
10.144.30.101; // DC1-dave | |||
10.144.35.2; // DC2-dave | |||
10.150.30.5; // DC-jim | |||
}; | |||
===Zone Delcarations=== | |||
====Master Config==== | |||
zone "_msdcs.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_msdcs.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_sites.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_sites.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_tcp.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_tcp.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_udp.lambnet.us" IN { | |||
type master; | |||
file "dynamic/_udp.lambnet.us"; | |||
allow-update { DOMAIN-CONTROLLERS; }; | |||
}; | |||
====Slave Config==== | |||
zone "_msdcs.lambnet.us" IN { | |||
type slave; | |||
masters { 10.144.30.4; }; | |||
file "dynamic/_msdcs.lambnet.us"; | |||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_sites.lambnet.us" IN { | |||
type slave; | |||
masters { 10.144.30.4; }; | |||
file "dynamic/_sites.lambnet.us"; | |||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_tcp.lambnet.us" IN { | |||
type slave; | |||
masters { 10.144.30.4; }; | |||
file "dynamic/_tcp.lambnet.us"; | |||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | |||
}; | |||
zone "_udp.lambnet.us" IN { | |||
type slave; | |||
masters { 10.144.30.4; }; | |||
file "dynamic/_udp.lambnet.us"; | |||
allow-update-forwarding { DOMAIN-CONTROLLERS; }; | |||
}; | |||
===Logging=== | |||
channel update-log { | |||
file "/var/log/named/named.update" versions 5 size 5m; | |||
severity info; | |||
print-category yes; | |||
print-severity yes; | |||
print-time yes; | |||
}; | |||
category update { update-log; }; |
Latest revision as of 23:53, 19 July 2024
Client Commands
List Applied GPO's
GUI:
rsop.msc
CLI:
gpresult /r /scope computer
or save it to an html file with /h
:
gpresult /h c:\gpresult.html
Confirm DC is Reachable
net view \\<DC name>
Domain Controller Admin
Show DC GUID
repadmin /showreps
Sync Domain Controller with all Replication Partners
repadmin /syncall
Domain Controller Diagnostics
Verify DNS Services for DC
dcdiag /test:dns
Comprehensive, Run all tests, Verbose
dcdiag /c /v
Force registration of all DC-specific DNS records
nltest.exe /dsregdns
Check DC FSMO Roles
netdom query FSMO
Using Linux BIND DNS Servers for Dynamic AD Updates
ACL
acl "DOMAIN-CONTROLLERS" { 10.144.30.101; // DC1-dave 10.144.35.2; // DC2-dave 10.150.30.5; // DC-jim };
Zone Delcarations
Master Config
zone "_msdcs.lambnet.us" IN { type master; file "dynamic/_msdcs.lambnet.us"; allow-update { DOMAIN-CONTROLLERS; }; }; zone "_sites.lambnet.us" IN { type master; file "dynamic/_sites.lambnet.us"; allow-update { DOMAIN-CONTROLLERS; }; }; zone "_tcp.lambnet.us" IN { type master; file "dynamic/_tcp.lambnet.us"; allow-update { DOMAIN-CONTROLLERS; }; }; zone "_udp.lambnet.us" IN { type master; file "dynamic/_udp.lambnet.us"; allow-update { DOMAIN-CONTROLLERS; }; };
Slave Config
zone "_msdcs.lambnet.us" IN { type slave; masters { 10.144.30.4; }; file "dynamic/_msdcs.lambnet.us"; allow-update-forwarding { DOMAIN-CONTROLLERS; }; }; zone "_sites.lambnet.us" IN { type slave; masters { 10.144.30.4; }; file "dynamic/_sites.lambnet.us"; allow-update-forwarding { DOMAIN-CONTROLLERS; }; }; zone "_tcp.lambnet.us" IN { type slave; masters { 10.144.30.4; }; file "dynamic/_tcp.lambnet.us"; allow-update-forwarding { DOMAIN-CONTROLLERS; }; }; zone "_udp.lambnet.us" IN { type slave; masters { 10.144.30.4; }; file "dynamic/_udp.lambnet.us"; allow-update-forwarding { DOMAIN-CONTROLLERS; }; };
Logging
channel update-log { file "/var/log/named/named.update" versions 5 size 5m; severity info; print-category yes; print-severity yes; print-time yes; }; category update { update-log; };