Demoting a Domain controller without uninstalling the Role

Windows 2012 has integrated and forced the use of Server Manager more. You can no longer use dcpromo to promote and demote the domain controller.

So do I need to uninstal the Active Directory role to demote a domain controller?:
No, you can use the Powershell cmdlet Uninstall-ADDSDomainController instead.

Remove-ADUser -> Remove-ADObject

So I was spring cleaning a lot of disabled users from a customer Active Directory. After a while I noticed that I couldn’t remove all user account. Some just wouldn’t go away.

So what the.. [Read more…]

Remembers that casting variables is sticky

So I got a question about a variable that was acting up in a colleague’s script, so we took a look together and solved it. I really like what he managed to do once we figured it out. Lars made a script that configured some parts of IIS site from a CSV file (blog post in swedish, script in english). At one time we had a variable called $test and that was casted to string. Then later we were trying to use the same variable for a hashtable and it didn’t work.

What happens if you cast a variable and then try to enter some other type into it.

So remember to remove the variable using Remove-Variable when you are done.

Or you could just recast it everytime..

Different methods of removing user profiles

Sometimes I see people removing user profiles by just going into explorer. Going to the SystemDrive\Users folder, and using delete. Well this worked perfect on Windows 2003. But with upgrades to the profiling system with Windows 2008 and later this is a really bad idea.

There are 2 basic ways to remove user profiles in Windows today. And one for the special people.

[Read more…]

Using Network Monitor to check for LDAP traffic before demoting Domain Controller.

Well a simple capture filter I used to find what machines used the LDAP service on a Domain Controller I was demoting. But before running this I needed to remove a couple of DNS references to the server so clients wouldnt get here.

Well this includes lots of traffic We dont really want so lets ignore all traffic with other domain controllers.

Add the output with an AND OUTPUT GOES HERE to the end. So it will look like this:

But wait, what is ::1 doing in there? Well if you have IPv6 the resolver will return that IP, so dont worry. Now just lets see who talks with the server. And migrate make sure they dont have any static entries pointing at this Domain Controller.

Update 30/1, added requirement of synflag to reduce packets to only initial.

Find granted rights in a directory structure

So.

A long long long time ago I needed to find all rights that were set. So I wrote a script that lets me pipe the information to a CSV file.

There is a similar tool from Sysinternals called Access Enum, but:

  1. It outputs a txt file that is harder to work with afterwords.
  2. I didnt think of it when I needed it done.

So grab it from the Technet Gallery page.

 

 

Getting an error while removing an DFS namespace server

I have seen a few get the following error while trying to remove obsolete DFS namespace servers. Usually the server has been removed permanently before removing the server from the DFS namespace. More than once have I seen people being a bit to smart for their own good, by removing the namespace server using ADSIedit.

How to get:

  • Permanently remove a namespace server
  • Use adsiedit to cover up the misstake by removing the namespace server in the DFS configuration
  • Get baffled by it still being in the DFS Managment console
  • Trying to remove the server the correct way

Result:

What to do:

Readd the namespace server to the DFS Configuration using ADSIedit.

Use the correct way of removing an obsolete DFS root server using the correct command:

Remove an obsolete namespace server on a Windows 2000 Server
Remove an obsolete namespace server on a Windows 2003 Server
Remove an obsolete namespace server on a Windows 2008 and newer Server

Remove an obsolete DFS nameserver Windows 2008 and newer

A simple explanation how to remove an obsolete DFS namespace server from a Windows 2008/2008r2 Server. Since Microsoft removed the Support tools with Windows 2008 and replaced them with RSAT, there is no need to install any tools anymore. Just a command and happiness.

Getting an error about:

See my blog entry about errors removing DFS namespace server

Remove an obsolete DFS nameserver Windows 2003

A simple explanation how to remove an obsolete DFS namespace server from a Windows 2003 Server:

  • Download & Install Windows Support Tools for Windows 2003

Getting an error about:

See my blog entry about errors removing DFS namespace server

Remove an obsolete DFS nameserver Windows 2000

A simple explanation how to remove an obsolete DFS namespace server from a Windows 2000 Server:

  • Download & Install Windows Support Tools for Windows 2000

Getting an error about:

See my blog entry about errors removing DFS namespace server