Windows Server – Enable LDAPS
KB ID 0000962 Problem Note: Starting with Windows Server 2019, LDAPS (LDAP over SSL/TLS) is enabled by default, assuming a Server Authentication certificate is installed on the Domain Controller. Active Directory is built on LDAP, I’ve known this for a long time, but other than it’s a directory protocol that’s about all I did know. Like any directory, if you want information when you query the directory it returns a...
Cannot Join Domain?
Cannot Join Domain KB ID 0000534 Problem The primary cause (99.99% of the time) a client cannot connect to, or join a domain is DNS related. The specified domain either does not exist or could not be contacted Solution : Cannot Join Domain 1. To Troubleshoot you need to know the IP address of your DNS server, In many cases it’s on the first domain controller but that’s not always the case so find out (go to a WORKING...
Windows – Setting Domain Time
Domain Time KB ID 0000112 Problem If you have arrived here, you have either noticed that the time is wrong on your server(s) or client PC(s), or you have looked in the event viewer and seen one of the following events being logged. Event ID’s 12, 22, 29, 36, 38, 47, and 50. Time Problem Events – On the PDC Emulator Event ID 12 (W32 Time Time Provider NtpClient: This machine is configured to use {text omitted}, but it is...
Rename a Domain Controller
Rename a Domain Controller KB ID 0001886 Problem I’ve done a few migrating to {version} domain controller articles, and today I got asked, How can you rename the “Server Name” back to the old one after migration ?e.g. from “Lan-2025” to “Lan-2019” So, as the VMs from the last article were still running on the test bench, I ran though it to demonstrate. Solution: Rename a Domain Controller If you would like to add a new Windows...
Migrate to Server 2025 Domain Controller
Server 2025 Domain Controller KB ID 0001884 Problem If you would like to add a new Windows Server 2025 domain controller to an existing domain here is the procedure. Solution: Server 2025 Domain Controller Server 2025 Pre Requisites 2025 Hardware Requirements Processor: 1.4 GHz 64-bit processor (or faster) with support for security features. RAM: Minimum of 512 MB (2 GB for Server with Desktop Experience installation). Disk...
Find Domain Schema Version
Find Domain Schema Version KB ID 0000025 Problem You want to upgrade or find out your current Schema version, or check that an” adprep / forestprep” command has worked correctly. Solution Find Domain Schema Version: PowerShell Use the following sytax Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectversion Post Server 2016 Find Domain Schema Version The value is populated with Server 2016 again. If you...
Windows Server 2025 Domain Join
Server 2025 Domain Join KB ID 0001883 Problem To perform a Windows Server 2025 Domain Join (Local Domain). The end process is the same as it’s always been, they’ve just made the job of getting to there a little more convoluted, (this is the same with Windows 11). Solution: Windows Server 2025 Domain Join Before attempting to join the domain, let’s make sure we can ‘resolve’ the domain name, (because most...
Disable NTLM
Disable NTLM KB ID 0001880 Problem NTLM (NT LAN Manager) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users in a network. It is an older protocol that has been largely replaced by Kerberos, (since Server 2008 and windows Vista!) In modern Windows environments due to its enhanced security features. NTLM is a challenge-response authentication protocol used to...
Domain Replication Issues – Fix Replication Issues
Fix Replication KB ID 0000301 Problem You have one or more domain controllers in your Windows domain that is not replicating to one or more replication partners. Fix Replication Issues: Solutions Fix Replication Issues Step 1 DNS First! Before you start make sure all the domain controllers are pointing the PDC emulator ONLY for their DNS settings. 1. On the PDC emulator > Start > run > dnsmgmt.msc {enter}. 2. Expand...
Remove Failed DC from Active Directory
Remove Failed DC KB ID 0001860 Problem To remove a ‘dead’ domain controller from Active directory you need to perform a metadata cleanup. In the context of Microsoft’s Active Directory, metadata cleanup refers to the process of removing remnants of a failed or improperly demoted domain controller from the Active Directory database. Active Directory is a directory service that stores information about objects on a...