Windows LAPS
Windows LAPS KB ID 0001822 Problem We used to have Microsoft LAPS, now we have Windows LAPS! LAPS is a solution that lets’ you store admin passwords ‘elsewhere’ be that in your local Active Directory or Azure Active Directory*. Unlike previously, where you had to deploy/install client software, it’s now built into Windows from the following versions. Windows 11 22H2 – April 11 2023 Update Windows 11 21H2...
NameSpace ‘Microsoft.Policies.WindowsStore’ Error
Microsoft.Policies.WindowsStore KB ID 0001817 Problem While working in the Group Policy Management tool, upon expanding administrative templates I got this error. Namespace ‘Microsoft.Policies.WindowsStore’ is already defined as the target namespace for another file in the store. Solution: Microsoft.Policies.WindowsStore Error This is because in your policy definitions there are two (four actually) files that are pointing...
Restore AD Objects
Restore AD Objects KB ID 0000096 Problem Ever since we had Server 2008 R2 we have had the AD recycle bin (which is not enabled by default). Even if you have not enabled the AD Recycle bin, when objects are deleted from AD they are not completely ‘deleted’ they are simply tombstoned, and they can be restored (for 180 days). Note: Those object’s when restored WILL lose some of their attributes though! CAN I RESTORE AD...
Upgrade Azure AD Connect
Upgrade Azure AD Connect KB ID 0001813 Problem On 15th March 2023 support for the following Azure AD Connect sync versions will be removed; 2.0.91.0 2.0.89. 2.0.88.0 2.0.28.0 2.0.25.1 2.0.10.0 2.0.9.0 2.0.8.0 2.0.3.0 So plan in some maintenence and upgrade yours, at time of writing the current version is 2.1.20.0, so you can still upgrade if you running an older version. Upgrade Azure AD Connect: Solution Before you start it’s...
Bulk Creating Users For Your Test Network
KB ID 0000784 Problem Update Jan 2023: Feel free to use this Bulk-Create-AD-Users-Script (Just remeber to change the domain details in the “Global Variables’ Sections to give you 10o0 users, with sensible names addreeses etc. Having a test network, is great for both learning, and testing. I’ve got some major migrations coming up in the next few months, so I’m in the process of running up some new test servers. I...
DC Promotion fails ‘FRS is Depreciated’
FRS is Depreciated KB ID 0001579 Problem Error seen when attempting to add a new domain controller to an existing domain; Verification of replica failed. The specified domain {Domain-Name} is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is depreciated. The server being promoted does not support FRS and cannot be promoted as a replica into the specified domain. You MUST migrate the specified domain...
Migrate From Server 2012 to Server 2022 Domain Controllers
Server 2012 DC to Server 2022 DC KB ID 0001790 Problem I get asked about this quite a lot. In the past most of the queries were about moving from Server 2008 to Server 2022, if that’s what you are after then simply go here. This article is purely for the introduction of, and migration to Windows Server 2022 Domain Controllers. And it assumes your current domain controllers are Windows server 2012 (or 2012 R2). Adding a Server...
Windows – Certificate Enrollment Fails
KB ID 0000921 Problem I first saw this problem a few years ago trying to get some Windows clients to auto enrol with server 2008, then this week my colleagues could not get new 2019 Domain Controller to enrol for a Kerberos certificate, and the this was caused by the same problem. Symtoms (RPC Error) 1. Test to make sure the client can see the CA, and is able to communicate with it, issue the following command; certutil -pulse As...
Windows Server – Install and Configure NDES
KB ID 0000947 Problem NDES, is the name for what we used to call MSCEP, which was an ‘add-on’ for the Server 2003 family of servers. In Server 2008 it was renamed to NDES. It is a role service that runs on a Certificate Services Server, and is used to create a registration authority (RA) that can issue certificates from your PKI infrastructure to network devices, i.e. Routers, Firewalls and Switches. Solution Installing...
Find The Azure AD Join Type
KB ID 0001597 Problem I recently did a post about Joining Azure AD. while working on that I found out there were three different Azure AD ‘States’ (see below). But how do you pingd out your Azure AD Join Type? Azure AD Joined: Aimed at Corporate owned machines joined to Azure AD, (or CYOD devices). Azure AD Registered (Was called Workplace Joined, and still is if you work in PowerShell). Aimed at BYOD devices. Azure Hybrid...