Domain Replication Issues – Fix Replication Issues
Fix Replication KB ID 0000301 Problem You have one or more domain controllers in your Windows domain that is not replicating to one or more replication partners. Fix Replication Issues: Solutions Fix Replication Issues Step 1 DNS First! Before you start make sure all the domain controllers are pointing the PDC emulator ONLY for their DNS settings. 1. On the PDC emulator > Start > run > dnsmgmt.msc {enter}. 2. Expand...
Remove Failed DC from Active Directory
Remove Failed DC KB ID 0001860 Problem To remove a ‘dead’ domain controller from Active directory you need to perform a metadata cleanup. In the context of Microsoft’s Active Directory, metadata cleanup refers to the process of removing remnants of a failed or improperly demoted domain controller from the Active Directory database. Active Directory is a directory service that stores information about objects on a...
Migrate to Microsoft Entra Connect
Migrate to Microsoft Entra Connect KB ID 0001857 Problem You want to migrate from Microsoft Azure AD Connect to Microsoft Entra ID connect. Let me let you into a secret, (at time of writing) Entra ID connect and Azure AD connect ARE THE SAME THING, if you go to download Entra ID connect, the file you will download is called AzureADConnect.msi. So what you want to do is, upgrade Azure AD Connect. If your existing Azure AD connect is...
Exclude One Computer from GPO
Exclude One Computer from GPO KB ID 0001852 Problem You have a requirement that you want one computer (or a group of computers) NOT to have a specific GPO applied. If that is the case, then this is how to simply achieve that goal Note: The same procedure can be used to Exclude a GPO from one user (or a group of users). Solution : Exclude One Computer from GPO Let’s find the computer in question, in my case it’s called PNL-ZERTO-2022,...
Considerations Before Upgrading Functional Levels
Upgrading Functional Levels KB ID 0001851 Problem For over twenty years, I’ve been involved with domain migrations, and I’ve had to upgrade both domain and forest functional levels thousands of times. I’ve also had to deal with many clients who were somewhat nervous when they knew that I was updating, their forest and the domain functional levels. I’m not sure if it’s just embedded in IT folklore that something horrible might happen,...
Find Specific GPO Settings
Find Specific GPO Settings KB ID 0001850 Problem To find Specific GPO Settings are being applied, and which GPO is affecting which setting, you can generate an html report, there are two ways of doing this. You can either run the report on the affected machine, or if you do not have access, you can generate the same report on a domain controller (or any machine that has the group Policy Management console installed). Solution: Find...
Insufficient access rights Error Code 8344
Error Code 8344 KB ID 0001636 Problem With Azure AD Replication, you may notice that you have the following error when you take a look at your connector status; Error: permission-issue Connected data source error code: 8344 Connected data source error: Insufficient access rights to perform this operation. Solution: Error Code 8344 Firstly ensure that the user you are running AAD sync under, has the following permissions on the...
PowerShell Inventory Operating Systems in Active Directory
PowerShell Inventory KB ID 0001838 Problem I needed to get a list of operating systems ‘in-use’ in my active directory this week. bear in mind this will pull information from all enables computer accounts in AD, so if you are ‘not good’ at tidying out old machines and servers you might get a lot of garbage in your output! Solution: PowerShell Inventory Use the following PowerShell. Get-ADComputer -Filter...
There Is No Editor Registered To Handle This Attribute Type
KB ID 0001837 Problem If you attempt to edit the authOrig attribute of a mail enabled group using ADSIedit you will get the following error. There is no editor registered to handle this attribute type. Why would you be doing this? This is done when you want to restrict who can email a group. Solution If you are running either on-premises Microsoft Exchange (or are running in Hybrid Exchange mode, and have retained an Exchange server...
Delegate LAPS Administration
LAPS Administration KB ID 0001834 Problem I saw this asked on a forum this morning and, went to test the answer (and create an article if successful), to find out the posted answer and most of the info I found online was for Microsoft LAPS and not the newer Windows LAPS. Windows LAPS Laps Administration Let’s say we have an OU called Computers (with my computers in) and I want to grant read permissions to LAPS password to a security...