Find Domain Schema Version

Find Domain Schema Version KB ID 0000025 

Problem

You want to upgrade or find out your current Schema version, or check that an” adprep / forestprep” command has worked correctly.

Solution

Find Domain Schema Version: PowerShell

Use the following sytax
[box]

Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectversion

[/box]

Post Server 2016 Find Domain Schema Version

The value is populated with Server 2016 again.

If you check the value above on a domain that has Windows 2012 domain controllers, you will see the value is ‘not set’.

If the entry is blank;

Instead navigate to this registry key;

[box][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters[/box]

Locate the ‘Schema Version’ Note: the figure in brackets is the decimal value!

Find Domain Scheman Version For Windows Servers Before 2012 RTM

1. For Windows Server 2003 you will need to Install the Support Tools on your server. (2008, 2008 R2, and 2012 have the tools built in).

2. Press (Windows Key+R) > adsiedit.msc > {enter}

3. Right Click > CN=Schema,CN=Configuration,DC=domain,DC=com > Properties

<pNote: If you cannot see this you need to select “Connect To” then pick “Schema”.

4. On the Attribute Editor tab > Locate objectVersion.

 

What Are The Windows Server Schema Versions?

20: Windows 2000

30: Windows 2003 RTM, Windows 2003 SP1, and Windows 2003 SP2

31: Windows 2003 R2

44: Windows Server 2008 RTM

47: Windows Server 2008 R2 (and SBS 2011)

56: Windows Server 2012 RTM

69: Windows Server 2012 R2

87: Windows Server 2016 RTM

88: Windows Server 2019 RTM

88: Windows Server 2022

91: Windows Server 2025

Related Articles, References, Credits, or External Links

NA

Event ID 9646

KB ID 0000282 

Problem

Event ID 9646

Mapi session “/o=domain/ou=first administrative group/cn=Recipients/cn=username” exceeded the maximum of 32 objects of type “session”.

Seen on Exchange 2003 (and SBS2003) Post Service pack 2.

Solution

1. On the server in question, Click Start > Run > cmd {enter}.

2. At command line issue the following command,

[box]netsh int ip set chimney disabled[/box]

Related Articles, References, Credits, or External Links

NA

Event ID 7518

KB ID 0000267

Problem

Event ID 7518

Sender Id must be configured with a list of trusted mail servers before it can be enabled

You have enabled Sender ID filtering on your “Virtual SMTP Server.” Like so,

 

Solution

You need to add your internal IP range and the PUBLIC ip address of the Exchange server.

1. Open Exchange System Manager > Global Settings > Message Delivery > Right Click > Properties > General > Add > Add.

2. Add in your local IP scope AND the public IP of the Exchange Server > OK.

 

Related Articles, References, Credits, or External Links

NA

Ubuntu – Joining / Logging into Windows Domains

KB ID 0000384

Problem

You have a Linux client machine, and you want to authenticate to, and log into a Windows domain. I don’t have too much history with Linux, but from what I’ve read this used to be a nightmare. Using Ubuntu (10.10) I did have a couple of hiccups, but I did get there in the end.

Note: The domain controller is a Windows 2008 R2 Server.

Solution

Notes

1. The commands needed to install the “likewise-open5” package, and join the domain, (assuming the FQDN of the domain is domaina.com and the user name you are using to join the domain is administrator).

[box]sudo apt-get install likewise-open5 sudo domainjoin-cli join domaina.com administrator sudo reboot[/box]

2. Then to allow users to logon from the Ubuntu welcome screen,

[box]sudo nano /etc/samba/lwiauthd.conf[/box]

3. Add the following line (the file will probably be empty), to Save press CTRL+X, then Y, then {enter}.

[box]winbind use default domain = yes[/box]

4. Then reboot.

[box]sudo reboot[/box]

5. To allow sudo for the domain user(s),

[box]sudo nano /etc/sudoers[/box]

Locate the line that reads “#Members of the Admin group may gain root privileges and do the following:”. Below that, type the following (assuming the domain name is domaina and the user is a member of the domain admins group, domain^users also works).

[box]%domainadomain^admins ALL=(ALL) ALL[/box]/p>

Problem 1

Error: Lsass Error [code 0x00080047]

9502 (0x251E) DNS_ERROR_BAD_PACKET – A bad packet was received from a DNS server. Potentially the requested address does not exist.

 

This plagued me for a while, I tried everything I read online (like making sure that my time was correct – which it wasn’t (see below), making sure firewalls were off (they were), make sure your DNS has a reverse lookup zone (mine has), and finally make sure there are no existing DNS records for the IP address you are connecting with (mine did so I deleted them). None of these fixed the problem, to fix it is annoyingly simple.

FIX

Firstly make sure that the Ubuntu client is looking at your domain DNS server, for it’s DNS, the following command will tell you,

[box]cat /etc/resolv.conf[/box]

Then get the domain syntax right, in my case the domain name.

[box]

[WORKS] sudo domainjoin-cli join domaina.com administrator

[WONT WORK] sudo domainjoin-cli join DOMAINA.COM administrator
[WONT WORK] sudo domainjoin-cli join domaina administrator
[WONT WORK] sudo domainjoin-cli join DOMAINA administrator

[/box]

And then it connected faultlessly.

Problem 2

Error: Lsass Error [code 0x00080047]

5 (0x5) ERROR_ACCESS_DENIED – Access is denied.

This turned out to be a variation on the problem above, If you put in the domain name in UPPER CASE you will see this error.

[box]

[WORKS] sudo domainjoin-cli join domaina.com administrator

[WONT WORK] sudo domainjoin-cli join DOMAINA.COM administrator

[/box]

If you would like to add your domain user(s) to the welcome screen click here.

Update 04/01/12

Attention:  PeteNetLive – Suggestion 

Message: Hi,

Thanks very much for you YouTube and description of joining Ubuntu to a domain.  There was however one step extra that I needed to do to enable to logon screen to show users other than the local use and the guest account.  To do this I had to add the following line to /etc/lightdm/lightdm.conf

greeter-show-manual-login=true

I was joining Ubuntu 12.10 to the domain so maybe it is specific to 12.10 since you didn’t experience it but it would be good to add it to your article along with the other fixes to issues.

Thanks again.

From: Roland Elferink

Related Articles, References, Credits, or External Links

Thanks to Roland Elferink for the update.

Original Article written 27/01/11

Backup Exec – Using RDX Drives

KB ID 0000578

Problem

While I like RDX drives, (they have advantages over magnetic tape), but they do have a drawback, throughput.

As you can see the removable drive/cartridges are just 1TB SATA Drives in a protective jacket, with a “write protection switch” on them.

So they should be perfect as a backup medium, the problem is, the drive carrier itself runs off the USB bus, so they can’t run faster than 48MB a second (I’ve not seen a server that has USB 3 on it yet). HP literature says that its backup rate is 108GB an hour. However for a small business that can be more than acceptable. It’s advantage, if it keeps the client that wants to take his backups home with them on a “Tape” happy (Because that’s what they have always done).

So the other week I found myself with a shiny new RDX Drive and an old SBS 2003 Server running Backup Exec 11d.

Solution

Note: If you are running Backup Exec versions 10 or 11 you CANNOT perform backups with GRT. If you want this functionality then you need to upgrade to a newer version (GRT to RDX drive works fine with Backup Exec 2010 R3).

1. Once you have physically installed the drive and connected it to the servers internal USB interface, you should see the drive listed below disk drives.

2. With an RDX Cartridge loaded it behaves just like a 1TB Drive (because that’s exactly what it is).

3. To use the drive in Backup Exec you need to create a new “Removable Backup-to-Disk Folder”.

4. Give the removable folder a sensible name, and I set the maximum size to 1023GB to make sure it can’t try and outgrow the drive.

5. Once complete it will create “Media” in the removable folder that it names incrementally as it sees new cartridges, in the FLDR000001, FLDR000002, etc, format. Treat these the same as any other backup media, i.e. you can add them to media groups for different backup jobs.

Related Articles, References, Credits, or External Links

NA

How to Join a Windows Domain

KB ID 000085

Problem

For Windows 11 See: How to Join Windows 11 to a Domain

This process was done with Windows 10, but the procedure is the same going all the way back to Windows 2000.

Solution

Note: The main reason this procedure fails, is because the client that you are attempting to perform the join from cannot resolve the domain name of your domain! Make sure it has one of your domain servers listed in the properties of its network connection, (or at least a method of resolving the name).

Problems Joining a Domain

1. Press Windows Key +E > Right Click ‘This PC’ > Preoperties.

 

2. Change Settings.

 

3. Computer Name Tab > Change.

4. Enter the domain name > OK..

5. Enter domain credentials, Note: A domain user has the right to join machines to a domain.

6. You should be welcomed to the new domain > OK.

7. You will need to reboot the machine to complete the process. > OK > OK.

8. OK > Restart Now.

Join a Windows Domain with PowerShell

From an administrative PowerShell Window, use the following commands;

[box]

Add-Computer -DomainName Your-Domain-Name
Restart-Computer

[/box]

Related Articles, References, Credits, or External Links

Windows: Join Azure AD (AAD)

Terminal Server / Remote Desktop Services Server – Printer Not Working (Adding Print Drivers)

KB ID 0000850 

Problem

Windows Server 2008 R2 and 2012 are a lot better with printing support over remote desktop, that their predecessors were. But to be able to print to your remote users ‘local’ machines. The TS/RDP server still likes to have the correct drivers installed.

What about Easy Print?

Easy Print (Introduced with Server 2008 R2) is a ‘proxy’ service that simply sends all print processes to the remote machine rather than the server itself, thus negating the need for a driver. That’s great! Unless your remote home users still have Windows XP or Vista (Pre SP1).

Solution

1. Before troubleshooting, make sure the printer actually works on the client machine, you don’t want to spend an hour trying to get it working when it’s actually out of paper or not turned on, (sorry but users are ‘challenging’).

2. Download the Drivers to the Remote Desktop Server. MAKE SURE if your clients are a mix of x86 and x64 bit versions of Windows you need to download BOTH versions of the driver.

Note: Download x86 and x64 bit versions of the SAME driver, i.e. Try and install an x86 PCL6 driver and an x64 bit PCL5 Driver and you may get an error.

Note 2: With some older printers, you can save a lot of time by simply plugging them into the server and letting Windows Update do the hard work for you. You might think that this is ‘time/cost prohibitive’. But I once spent an afternoon trying to get an HP multifunction printer to work that was worth about £60. The remote client was 45 minutes away, by the time I was finished the cost was greater than replacing this printer with 6 or 7 new ones that would have worked out of the box!

3. You can simply install the printer on the Server if you wish, then delete the printer and the drivers will remain, though the correct way is to add the drivers via the servers ‘Print Server Properties’.

Server 2000 / 2003

Start > Run > control printers {Enter}.

Server 2012/2008 R2

Windows Key+R > control printers {Enter}.

Note: Print server properties is not visible until you select a printer.

4. Repeat the process to add additional driers for the CPU architecture of your remote clients (x86, x64, etc).

Related Articles, References, Credits, or External Links

NA

Window Server Where is Sysprep

KB ID 0000419 

Problem

You have a 2008 R2 Server to sysprep, but your not sure where sysprep is.

Solution

1. Thankfully in Server 2008 R2, there’s no messing about, its in c:windowssystem32sysprep. (Note: to regenerate a SID don’t forget to tick “Generalize”).

Server 2008 – It’s in the same place.

Server 2003 – As with Windows XP, you need to get it from the Windows install CD, its in the supporttoolsdeploy.cab.

Once the files are extracted you can run sysprep (Note: setupmgr.exe is used to create the unattended / answer files for sysprep.)

 

Related Articles, References, Credits, or External Links

Server 2012 – Sysprep

Adding a 2003 Domain Controller to a 2000 Domain

KB ID 0000256 

Problem

If you have an existing Windows Server 2000 domain, and you would like to add a Windows Server 2003 Domain controller, there’s a few extra hoops to jump through.

Solution

Before you start, make sure all your domain controllers are at AT LEAST Service pack 2, though there’s no reason not to be at Service Pack 4.

If you are running Exchange 2000 READ THIS first!

1. If you do not already know which server is your Schema Master (If you only have one its a safe bet) then locate your Schema Master.

Note: On a 2000 server you can only run netdom if you have installed the support tools, from the Windows 2000 Server CD, its in the support folder.

Locate your Schema Master Servers, Start > Programs > Windows 2000 Support Tools > Tools > Command Prompt.

netdom query /domain:YOURDOMAINNAME fsmo

Note: this is a test network, so all my roles are on the same server – yours will probably be spread out more efficiently.

2. Put the Server 2003 Disk into your Schema Master’s CD drive. (Note: It is DISK 2 that you require).

3. On the Schema Master server, Start > Run > cmd {enter}

4. Execute the following command, (Note: Your CD may have a different drive letter).

[box]D:CMPNENTSR2ADPREPADPREP /FORESTPREP[/box]

5. Read the warning, > press C > {Enter}.

Now you need to prepare the domain.

1. Above you located your Schema Master with the,

“netdom query /domain:YOURDOMAINNAME fsmo”

command, do the same to locate your Infrastructure Master server and then put the Windows 2003 Server (DISK 2) in that server.

2. On the Infrastructure Master server, Start > Run > cmd {enter}

4. Execute the following command, (Note: Your CD may have a different drive letter).

[box]D:CMPNENTSR2ADPREPADPREP /DOMAINPREP[/box]

5. Then as directed (see above) issue the following command,

[box]D:CMPNENTSR2ADPREPADPREP /DOMAINPREP /GPPREP[/box]

6. If you have, a complex multi site environment, you now need to allow time for full domain replication before you proceed.

7. Now on your new 2003 domain controller you can run DCPROMO (Install DNS first!).

 

Related Articles, References, Credits, or External Links

NA