16 décembre 2015

Active Directory replication fails with error Target Principal name incorrect

I recently had a problem with a client's Active Directory   2 Active Directory sites were unable to connect during a few days, and in the meantime the domain controllers changed their computer's account password (see Murphy's Law)  When the network came back, the Active Directory replication tools gave the following error :   DCDIAG reports that the Active Directory Replications test has failed with error -2146893022: “The target principal name is incorrect." This oriented me towards this microsoft... [Lire la suite]
Posté par jcdemarque à 11:10 - - Permalien [#]
Tags : , , , , , , , , ,

16 décembre 2015

Active Directory : replication error target principal name incorrect

Lors d'un dépannage client, j'ai du résoudre un problème de réplication Active directory assez particulier.   2 sites Active Directory ont été coupés pendant plusieurs jours, et durant ce laps de temps, les contrôleurs de domaine ont changé le mot de passe de leur compte ordinateur (cf loi de Murphy)  Après la coupure, le client n'a pas tout de suite remarqué que les réplications ne se faisaient plus. Au bout d'un temps, il a lancé des outils de diagnostique qui ont retourné l'erreur suivante :   DCDIAG reports... [Lire la suite]
Posté par jcdemarque à 11:03 - - Permalien [#]
Tags : , , , , , , ,
11 avril 2013

How to find inactive computer accounts in Active Directory

From time to time you might need to clean up the Active Directory from computer accounts which are no longer active. Computers that has been reinstalled, replaced with new ones, old VMs. In many of those case you’ll might just end up with active directory full of computer objects that are obsolete. In fact those old unused accounts are called stale accounts. AD Tidy tool The creator of this tool is Chris Wright from the UK. There is free version and paid version of this tool. This tool is about 4 Megs in size and... [Lire la suite]
Posté par jcdemarque à 16:49 - - Permalien [#]
Tags : , , , , , ,
12 décembre 2012

Samba 4 released, brings Free alternative to Active Directory

The long wait is over — the Samba project has announced the release of an Active Directory-compatible domain controller. No longer does having an Active Directory (AD) domain controller on a network automatically mean that, somewhere in the building, a Microsoft server is lurking. Today's release announcement of Samba 4.0 means that it is now possible to control an AD domain from a non-Windows system. "Samba 4.0 comprises an LDAP directory server, Heimdal Kerberos authentication server, a secure Dynamic DNS server, and... [Lire la suite]
23 novembre 2012

Au revoir Repadmin /showreps !

Suite au conseil d'un collègue, je vous propose de découvrir un outil qui permet de remplacer Repadmin en étant plus agréable à l'oeil.. il s'agit de AD Replication Status Tool. Ce logiciel permet d'avoir un visuel des réplications AD à un instant T. Relativement léger, il permettra lors d'audit ou de préventives d'avoir un rapide état des lieux de l'AD entre les différents contrôleurs de domaines.   https://www.microsoft.com/en-us/download/details.aspx?id=30005   Merci à Damien Charbonnel pour cet outil! Il faut un... [Lire la suite]
Posté par jcdemarque à 13:53 - - Permalien [#]
Tags : , , , , ,
04 novembre 2012

How To Find When A User Password Expires?

As an admin, how do we find out when a user’s password expires?   It is easy to find, once you know the command The one we need to run is Net User username /domain from the command prompt. It gives you more info than what you are looking for, but it has all the info about the password – when the password was changed, when will it expire etc. --> Please see the rest on the blog : http://www.howexchangeworks.com/2012/11/how-to-find-when-a-user-password-expires.html
Posté par jcdemarque à 16:14 - - Permalien [#]
Tags : , , , ,

27 septembre 2012

HOW TO: P2V a domain controller

A lot has been written about P2V’ing Windows Domain controllers. The preferred way is to build a new domain controller based on a virtual machine and demote the physical domain controller. Rebuilding a new domain controllers may not always be possible due to time constraints or other dependencies like additional software running on the domain controller which can not be easily migrated. However, P2V’ing of a domain controller is possible under the right conditions. These conditions are the same for any other transactional service... [Lire la suite]
Posté par jcdemarque à 11:04 - - Permalien [#]
Tags : , , , , , , , ,
24 septembre 2012

Windows Server 2012 Virtualized Domain Controllers

Domain controllers are very different from non-domain controller computers on your network and that makes duplicating or cloning them somewhat problematic. Domain controllers present important security considerations and virtualizing DCs is something that must be done with care. Windows Server 2012 makes it much easier to deploy and manage secure virtualized domain controllers. In this article, we will discuss some of the issues involved. Issues and solutions One example of the issues you might encounter is when you have two domain... [Lire la suite]
12 septembre 2012

Creating a AD user without knowing it’s initial password

That’s a tricky question. Every user we create in active Directory require an initial password that user will use to connect for the first time. At this step, user account can (and should be configured) to enforce a password change. From a security point of view there might have some problems with this initial password. It must be communicated to the end-user. If someone have access to the initial password and user identity, he can perform operation on behalf of someone else. To avoid such a situation, one solution can be to disable... [Lire la suite]
Posté par jcdemarque à 10:22 - - Permalien [#]
Tags : , , , , ,
09 août 2012

Active Directory Replication Status Tool

After a decade, we have a GUI tool to troubleshoot AD replication problems. It is called Active Directory Replication Status Tool.   Gone are the days where we used repadmin and all it’s different syntax to troubleshoot replication issues in AD. The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest. ADREPLSTATUS displays data in a format that is similar to REPADMIN /SHOWREPL * /CSV imported into Excel but with significant... [Lire la suite]
Posté par jcdemarque à 15:00 - - Permalien [#]
Tags : , , , , , , , , ,