Can A Domain Trust Another Domain With The Same ‘Root Domain’ Name?
KB ID 0001288 Problem About a month ago I was with a client to do some investigation/consultancy, they were a large company with their head office in the UK and a number of other offices around the world. They had a number of domains and sub domains and wanted to consolidate them all into a new domain. Well that’s all OK, but the UK company has been purchased by a large American company, who were putting a lot of pressure on...
Windows – A Delegation For This DNS Server Cannot Be Created
KB ID 0001287 Problem When promoting a server to be a domain controller, you might see the following error, “A delegation for this DNS server cannont be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are intergrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from...
Changing the Windows 10 Browser, So It Isn’t Edge
KB ID 0001284 Problem I’ve seen one person use Edge as their browser in a business environment. I’ve got nothing against it, (I use a macOSX anyway). But I had a client that asked me how to make sure his machines are set to NOT use Edge as the default browser. I’m going to use Internet Explorer instead, but you can do the same with Chrome or Firefox depending on your browser of choice. Solution What I’m going...
Windows – Forcing Domain Group Policy
KB ID 0001282 Problem I’ve written hundreds of posts about doing things with group policies. Every time I finish one, I write a couple of paragraphs on how long to wait, or how to force the policy etc. So I’ve finally got round to writing a post I can simply reference! How Long Before Group Policy Changes Are Applied? This is something that hasn’t changed since I was doing Windows 2000 exams 🙂 The default interval...
Windows – Deploy and Configure Photo Screen Saver via GPO
Screen Saver via GPO KB ID 0001281 Problem I was tasked with working out how to do this for a client a couple of weeks ago, so I thought it would make a decent article. I’m going to have a central server share, with some photos in, then I’m going to copy them down to all the clients, and finally set their screen saver to use those photos as a ‘slide show’ screen saver. I’ve done this with Windows 10...
Unable to Find a Default Server With Active Directory Web Services Running
KB ID 0001275 Problem I was trying to get a list of all users on a client’s domain that had either a logon script, profile, or a mapped drive that was being set on their AD user object. But when I ran the command I got this error; Get-ADUser : Unable to find a default server with Active Directory Web Services running. Solution Active Directory Web services was introduced in Server 2008 R2, but I was running the command on a...
Cisco AnyConnect – Allow Domain Password Change via LDAP
KB ID 0001273 Problem If you have remote users who connect via VPN, and a policy that forces them to change their password periodically, this can result in them getting locked out without the ability to change their password (externally). If your Cisco ASA is using LDAP to authenticate your users, then you can use your remote AnyConnect VPN solution to let them reset their passwords remotely. Solution Standard LDAP runs over TCP...
Reset an AD Users Password Expiry Date
KB ID 0001272 Problem I was setting up a Cisco ASA this week and needed to enable the ability for users to reset their domain passwords when they are about to expire. To actually test that, I needed a test user that had their password either about to expire, or actually expired. As I dint want to wait 42 days, or setup a password policy just for one user, I needed to find a ‘quick and dirty’ fix for one user. Solution You...
Managing IE Settings via GPO
KB ID 0001269 Problem There used to be a GPO called “Internet Explorer Maintenance” that you could set your Internet Explorer settings, i.e. Proxy server settings, home pages etc. This has now gone, and has been replaced with a group policy preference. Solution From the Group Policy Management Console > Locate the OU containing the USERS you want to link the policy to and create a new policy, then give it a sensible...
Windows 10 Create a WMI Filter for Group Policy
KB ID 0001267 Problem I was messing around with some GPO’s for client today to replace ‘Edge’ as the default browser, (with IE11). To make the whole process more efficient, I wanted to use a WMI filter toapply the policy only to Windows 10 machines. Before this used to be simple enough, you just set the Windows version in a WMI query. But because it searches for a string e.g. 6.1 (for Windows 8.1), that’s...