Directory Partition Has Not Been Backed Up
Directory Partition Has Not Been Backed Up KB ID 0001933 Problem Seen recently when running dcdiag. A warning event occurred. EventID: 0x80000829 Time Generated: xx/xx/xxxx xx:xx:xx Event String: This directory partition has not been backed up since at least the following number of days. You are seeing this error because dcdiag interrogated the event log and found an Event ID 2089 Log Name: Directory Service Source:...
Best Practice: Demoting a Domain Controller
Demoting a Domain Controller KB ID 0001932 Problem I was having a conversation with some colleagues this week, the conversation was about the placing of an RDS license server, and somebody had recommended putting it on the domain controller, I pointed out that this wasn’t a perfect idea, because in four or five year’s time somebody’s going to demote and take that to my controller off-line and forget all about the fact that...
Exchange Update Failed
Exchange Update Failed KB ID 0001923 Problem While attempting to install an Exchange CU update, (CU15 for Exchange 2019), I got this error. Error: The following error was generated when “$error.Clear(); # # O15# 2844081 – Create PartnerApplication “Exchange Online” in DC and On-Premise # $exch = [Microsoft.Exchange.Data.Directory.SystemConfiguration.WellknownPartnerApplicationIdentifiers]::Exchange; $exchApp =...
Bulk Creating Users For Your Test Network
Bulk Creating Users KB ID 0000784 Problem Update Jul 2025: Feel free to use this Bulk-Create-AD-Users-Script (Just remeber to change the domain details in the “Global Variables’ Sections to give you 10o0 users, with sensible names addreeses etc. Having a test network, is great for both learning, and testing. I’ve got some major migrations coming up in the next few months, so I’m in the process of running up some new...
Audit GPO Changes
Audit GPO Changes KB ID 0001920 Problem If you are reading this your either replanning ahead (bravo!) or there’s been an incident that you are concerned about. If that is the case its important to remember that “you cannot audit retrospectively”* *Note: you can find out when GPOs were altered, but not by whom, with some simple PowerShell i.e. Get-GPO -All | Select-Object DisplayName, ModificationTime Group Policies are...
Windows Certificate Services – Setup a CRL
Setup a CRL KB ID 0000957 Problem One of the often-overlooked tasks in a Public Key Infrastructure (PKI) deployment is configuring your Certificate Services Certificate Revocation List (CRL). For smaller deployments with only one server, you don’t need to worry about complex design considerations (though a CRL doesn’t have to be hosted on a Certificate Services server). In my test environment, I have only one PKI server,...
Cisco ASA Domain Authentication and Trust (Allowing)
ASA Domain Authentication KB ID 0000973 Problem I cringed this morning when I was asked about this, last time I had to get a client to authenticate to a domain through a firewall, it was ‘entertaining’. The problem is Windows loves to use RPC, which likes to use random ports, so to make it work you either had to open TCP ports 49152 and 65535 (Yes I’m Serious). Or you had to registry hack all your domain controllers...
Windows Server 2025 Trust Relationship Failures Post-Upgrade
2025 Trust Relationship KB ID 0001917 Problem Following a full upgrade of all domain controllers (DCs) to Windows Server 2025, organisations may experience trust relationship failures between domain-joined workstations and the domain. This issue predominantly affects clients running Windows 10/11 versions up to 23H2. Notably, environments retaining at least one older DC do not encounter this problem. Symptoms Users unable to log in to...
Windows Displaying a Logon Notice (legal notices)
Logon Notice KB ID 0000328 Problem It’s been a while but when I was asked my notes were seriously out of date .Should you with to enable this feature then do the following. Solution : Logon Notice Logon Notice Option 1 – via Domain Policy 1. On a domain controller, Start > administrative tools > Group Policy Editor > Either edit an existing policy or create a new one (Remember its a computer policy you need to...
Updating Domain Computer Objects with Last Logon and Machine Information
Last Logon KB ID 0001340 Problem I can’t really take the credit for this, I was at a client’s site a few weeks ago, and they were doing this. I thought ‘That’s cool, I’ll have a play with that when I get the chance”. Essentially, you update the description of the Computer object(s) in AD so that they list; The last user who logged on. What time they logged on. What AD ‘Site’ the machine...