PowerShell: Creating Domains and Domain Controllers
KB ID 0001400 Problem I needed to spin up some Windows 2016 Servers, and a domain to do some testing. I have promoted hundreds maybe thousands of domain controllers, so I wondered if this time I could do it with PowerShell. It’s actually easier than using the GUI! Solution If you were doing this in Server Manager, you would have to add the role first, and PowerShell is no different; Install-WindowsFeature AD-Domain-Services...
Windows ‘Always On’ VPN Part 1 (Domain and PKI)
KB ID 0001399 Problem Always On VPN was a bit of a misnomer when it was released, as it was only really ‘on’ when a user logged on. So when comparing it with ‘Direct Access’ it didn’t have the capacity to ‘Manage Out’. With the release of Windows 10 (1709) this has been rectified with ‘Device Tunnels’, (more on that later). The solution uses RAS, NAP (NPS), and PKI (Certificate...
Stop Edge Hijacking PDF Files
KB ID 0001395 Problem This question appeared in my inbox today, ‘Edge’ has a nasty habit of assigning itself the default PDF reader, particularly after a round of updates! Solution First I went and had a look at my old Experts Exchange Buddy Ramesh’s site (www.winhelponline.com) who had done the heavy lifting and worked out the registry keys; Note: I’m only concerned with .pdf files, if you want to block .htm...
Windows Server 2016: Active Directory Recycle Bin
KB ID 0001389 Problem To be honest we have had the capability to recover deleted active directory objects for ages. It’s just in Windows 2016 things look a bit neater. Enable Active Directory Recycle Bin From Server Manager > Tools > Active Directory Administrative Center ,> {Domain-Name} > Enable Recycle Bin. OK Note: You may need to restart ADAC before you will be able to see the option greyed out. Enable Active...
Remote Registry: No Location Found
KB ID 0001379 Problem When attempting to connect to a remote machines registry; Error The program cannot open the required dialog box because no locations can be found. Close this message and try again. Solution The ultimate cause of this problem is, that the machine you are on cannot see Active Directory, either because there are no domain controllers are online, or its DNS settings are incorrect. Related Articles, References,...
ADMT Password Export Server Error: Invalid Password!
KB ID 0001355 Problem Seen when trying to install the ‘ADMT Password Export Server Service’, whilst doing a domain migration; Invalid Password! The supplied password does not match this encryption key’s password. ADMT’s Password Migration Filter DLL will not install without a valid encryption key. Solution At first I assumed I was suffering from ‘fat fingers’ and just entering the wrong password,...
Exchange Bulk Export / Import Mail Contacts
KB ID 0001349 Problem I had to do this today and realised, it’s been so long since I did it last, I’d forgotten how to do it. Before we go forward, please be clear, I’m talking about MAIL CONTACTS, these are Active Directory Objects that have an Email address, but DO NOT have a mailbox in your Exchange Organisation, and DO NOT have an Active Directory User. I point this out because you can have MAIL USERS that have...
An Invalid Directory Pathname Was Passed
KB ID 0001338 Problem While attempting to delegate administration of an OU, I got this error; Delegation of Control Wizard The wizard cannot retrieve security information from the Active Directory. An invalid directory pathname was passed. Solution Took a while to figure out! The OU in question has a ‘slash’ in the name of it; Once I changed this to a hyphen, the error ceased. Related Articles, References, Credits, or...
Using LDP to Find an Objects ‘Distinguished Name’ in Active Directory
KB ID 0001337 Problem There are a few occasions when you need to know an objects ‘Distinguished Name’ (DN). For me it’s usually when I’ve got a device that needs to do LDAP/LDAPS lookups, (RSA Appliance, Netscaler, Cisco FirePOWER, etc). Today someone needed to ‘bind’ a Checkpoint firewall to Active Directory, and asked me to create user, and give them the DN and password. I’ve mentioned...
Windows – Unable to Move an OU
KB ID 0001336 Problem I was doing some AD redesign work for a client this week, and I needed to move an Organisational Unit (OU). However the domain had other ideas; Active Directory Domain Services Windows cannot move object {OU-Name} because: Access is denied. It wasn’t a rights issue, (I was an Enterprise Administrator). Solution As it turns out, it was the same problem I’d had back when Server 2008 first came out...