Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

Archive for the ‘Windows Server’ Category

(2016-10-14) Windows Server 2016 Now Available On MSDN

Posted by Jorge on 2016-10-14


Microsoft released Windows Server 2016 about three weeks ago. Read about it here.

Yesterday Microsoft also made the Windows Server 2016 ISOs available on MSDN. Use this link to get to those ISOs. You do need to have an account for MSDN and you need to eligible to be able to download the ISOs.

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Advertisements

Posted in Windows Server | Leave a Comment »

(2016-09-26) Windows Server 2016 Has Been Released

Posted by Jorge on 2016-09-26


Microsoft has released Windows Server 2016!

An evaluation version of Windows Server 2016 is available through Microsoft downloads. Somewhere in October, Windows Server 2016 will be generally available (GA).

Read more about it:

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Updates, Windows Server | 1 Comment »

(2015-10-15) Remote PowerShell To Servers Fails

Posted by Jorge on 2015-10-15


Imagine you want to achieve something on a list of servers, and for that you want to use remote PowerShell. Good idea! Smile

Let’s say you have some list of servers in an array, and all servers are specified with their NetBIOS name. For every server you would like to retrieve its Windows version and build number (or of course something else). You could use the following PowerShell script:

$allExistingRWDCs = @("R1FSRWDC1","R1FSRWDC2") $allExistingRWDCs | %{ $rwdc = $_ $rwdcRemotePoSHSession = New-PSSession -ComputerName $rwdc Invoke-Command -Session $rwdcRemotePoSHSession -ScriptBlock { Param( $rwdc = $rwdc ) $windowsVersion = (Get-WmiObject Win32_OperatingSystem).Version $windowsBuildNumber = (Get-WmiObject Win32_OperatingSystem).BuildNumber Write-Host "" Write-Host "Host Name................: $rwdc" -ForeGroundColor Yellow Write-Host "Windows Version..........: $windowsVersion" -ForeGroundColor Yellow Write-Host "Windows Build Number.....: $windowsBuildNumber" -ForeGroundColor Yellow } -Args $rwdc Remove-PSSession $rwdcRemotePoSHSession Write-Host "" }

You copy the script into a PowerShell command prompt window, and….., life is good!

image

Figure 1: Remote PowerShell By Using NetBIOS Style Server Names – Success

I always prefer to use FQDNs instead of NetBIOS style hostnames, therefore I adjust my script accordingly as shown below

$allExistingRWDCs = @("R1FSRWDC1.IAMTEC.NET","R1FSRWDC2.IAMTEC.NET") $allExistingRWDCs | %{ $rwdc = $_ $rwdcRemotePoSHSession = New-PSSession -ComputerName $rwdc Invoke-Command -Session $rwdcRemotePoSHSession -ScriptBlock { Param( $rwdc = $rwdc ) $windowsVersion = (Get-WmiObject Win32_OperatingSystem).Version $windowsBuildNumber = (Get-WmiObject Win32_OperatingSystem).BuildNumber Write-Host "" Write-Host "Host Name................: $rwdc" -ForeGroundColor Yellow Write-Host "Windows Version..........: $windowsVersion" -ForeGroundColor Yellow Write-Host "Windows Build Number.....: $windowsBuildNumber" -ForeGroundColor Yellow } -Args $rwdc Remove-PSSession $rwdcRemotePoSHSession Write-Host "" }

You copy the script into a PowerShell command prompt window, and….., life is suddenly not that good!

image

Figure 2: Remote PowerShell By Using FQDN Style Server Names – Failure

REMARK: depending on the situation you may see other errors messages, like for example “Access Denied”

What the heck! You try to troubleshoot this one, and it may appear to be a tough nut to crack! Although this error message may give you a hint in which direction you should look at, but in my personal case I got the “Access Denied” error. In summary, remote PowerShell while using NetBIOS names was successful and it failed while using FQDNs. At first I started to check the WinRM settings. Again, in my case there was nothing that gave me a hint what could be wrong, until I started to do some network traces, and that’s when I understand what could be wrong. In the network trace I saw, when using FQDNs, that the proxy server was being accessed. Now why the heck is remote PowerShell trying to access the server through the Proxy Server?

With this blog post, I want to save you a long period of swearing and hair pulling.

When you have configured System Wide Proxy Settings , Remote PowerShell will use its configuration accordingly. In my case, the configuration was similar to:

image

Figure 3: System Wide Proxy Settings – Proxy Server FQDN, Port and Bypass List

  • Proxy Server FQDN = GATEWAY.IAMTEC.NET
  • Proxy Server Port = 3128
  • Do not use the proxy server for the following addresses that are also available internally:
    • *.IAMTEC.NL <== FQDN of the internet domain, that’s also available internally (split DNS)
    • <Local> <== Definition for locally used names

With <local>, I first thought that would support both FQDNs and NetBIOS names. WRONG!!!

As mentioned in MS-KBQ262981, “<local>” only covers NetBIOS name style addresses, and NOT FQDNs. Therefore, any FQDN needs to be explicitly specified or be covered by some wildcard FQDN.

So, what was the solution in my case?

Answer: Add the wildcard FQDN that covers my internal AD forest. Therefore “*.IAMTEC.NET” should be added to the bypass list!

Using the following command, I was able to reconfigure the System Wide Proxy Settings:

NETSH WINHTTP SET PROXY PROXY-SERVER="GATEWAY.IAMTEC.NET:3128" BYPASS-LIST="*.iamtec.net;*.iamtec.nl;<local>"

REMARK: when configuring the System Wide Proxy Settings, services that leverage those settings may exist that need to be restarted to consume the new configuration. One of those examples is ADFS. However, this does not apply to Remote PowerShell.

image

Figure 4: Setting Proxy Server FQDN, Port and Bypass List

Now let’s retry the script that uses the FQDN of the servers. Yes, life is good again!

image

Figure 5: Remote PowerShell By Using FQDN Style Server Names – Success

YES! Smile

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Posted in System Wide Proxy Settings, Windows Server | 1 Comment »

(2015-07-16) Support For Windows Server 2003 Has Ended!

Posted by Jorge on 2015-07-16


Still on Windows Server 2003? Be aware that as of July 14th there is no support anymore for Windows Server 2003, unless you are willing to pay Microsoft big $$$ to still receive patches/fixes.

Read more about it here.

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Support, Updates, Windows Server | Leave a Comment »

(2014-07-24) Possible Issues When Running Both W2K3 And W2K12R2 DCs For The Same AD Domain

Posted by Jorge on 2014-07-24


If you are upgrading your AD from W2K3 to W2K12R2, you might be experiencing issues when running both OS versions at the same time. The guys at ASKDS have written a great blog post about this.

Click on the following link to read all about it and what you can do about it.

It turns out that weird things can happen when you mix Windows Server 2003 and Windows Server 2012 R2 domain controllers

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Active Directory Domain Services (ADDS), Windows Server | Leave a Comment »

(2014-02-25) Updates For Exchange 2007, 2010 And 2013 Released To Support W2K12R2 OS, AD, DFL/FFL

Posted by Jorge on 2014-02-25


Today Microsoft released updates for Exchange 2007, 2010 and 2013 to be supported:

  • On a W2K12R2 server
  • In an AD with W2K12R2 DCs
  • In an AD where DFL/FFL is W2K12R2

Exchange 2007

  • Technical details can be read here.
  • SP3 RU13 and later provides that support. Get RU13 from here.

Exchange 2010

  • Technical details can be read here.
  • SP3 RU5 and later provides that support. Get RU5 from here.

Exchange 2013

  • Technical details can be read here.
  • SP1 and later provides that support. Get SP1 from here.

The supportability matrix is available here.

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Active Directory Domain Services (ADDS), Exchange Server, Windows Server | Leave a Comment »

(2013-09-11) Follow-Up On “AD DB Becomes Corrupted When W2K12 Hyper-V Host Server Crashes”

Posted by Jorge on 2013-09-11


The guys from the AskPFE Team Blog have written a great follow-up article about the corruption of Active Directory databases in virtualized domain controllers running on Windows Server 2012 Hyper-V host computers. Kudos and credits of course go to the writer of the post on the AskPFE Team Blog. BE AWARE THAT THIS NOW ALSO APPLIES TO W2K8R2 HYPER-V HOSTS AND OTHER HYPER-V GUEST!

SOURCE: Clarifications on KB 2853952, Server 2012 and Active Directory error c00002e2 or c00002e3

<QUOTE SOURCE=”Clarifications on KB 2853952, Server 2012 and Active Directory error c00002e2 or c00002e3”>

Hey y’all, Mark and Tom here to clear up some confusion on MSKB 2853952, that describes the corruption of Active Directory databases in virtualized domain controllers running on Windows Server 2012 Hyper-V host computers.

The article was released in July 2013 with title “Active Directory database becomes corrupted when a Windows Server 2012-based Hyper-V host server crashes” but has sense since been renamed to “Loss of consistency with IDE-attached virtual hard disks when a Windows Server 2012-based Hyper-V host server experiences an unplanned restart” Confused already?  Please continue reading!!

The Problem

Following “hard” shutdowns (i.e. the plug is pulled) on Windows Server 2012  Hyper-V hosts, virtualized Domain Controller role computers may experience boot failures with error 2e2.

2e2 boot failures have occurred for years on DCs running on physical hardware when some specific guidelines (we’ll get to those in a minute) were not being followed. Deploying Active Directory – and therefore, AD databases, which are really just Jet databases, (as discussed in our AD Internals post) in a virtual environment introduces another additional root cause which is mitigated by MSKB 2853952.

The KB tells us that Jet databases placed on virtual IDE drives on virtual guests are vulnerable to corruption when the underlying Windows Server 2012 hyper-V host computer experiences an unplanned shutdown. Possible causes for such unscheduled shutdowns might include a loss of power to the data center or simply the intern tripping on the power cable in the data center. It has happened before and it will happen again.

Domain controller log files or database files that are damaged by an unscheduled shutdown may experience normal mode boot failures with a stop c00002e2 or c00002e3 error. If auto reboot is enabled on your domain controllers following a blue screen, DCs may continually reboot once their hyper-V host restarts.

Text and graphical examples of the c00002e2 are shown below

c00002e2 Directory Services could not start because of the following error: %hs Error Status: 0x%x. Please shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information.”

image

Figure 1: Uh oh…

The KB goes on to explain that this behavior occurs because the Hyper-V virtual IDE controller reports incorrectly “success” if the guest requests to disable the disk cache. Consequently, an application, like Active Directory, may think an I/O was written directly to disk, but was actually written to the disk cache. Since the power was lost, so was contents of the disk cache.

The Fix

There are four fundamental configuration changes to lessen the possibility from this occurring (whether DCs are deployed on physical or virtual machines):

  1. Make sure you are running on Server class hardware. That means that physical hard drives hosting Active Directory databases and other jet-dependent server roles (DHCP, FRS, WINS, etc) reside on SAS drives as opposed to IDE drives. IDE drives may not support forced unit access that is needed to ensure that critical writes by VM guests get transitively committed through the virtual hosts to underlying disk.
  2. Drive controllers should be configured with battery-backed caching controllers so that jet operations can be replayed when the hyper-V hosts and guests are restarted.
  3. If Hyper-V hosts can be configured with UPS devices so that both the host and the guest enjoy graceful shutdowns in the event of power losses, all the better.
  4. If you feel like the auto-reboot behavior masks the 2e2 or 2e3 boot errors, then disable the “automatically restart” option by going to the advanced tab on system properties under startup and recovery.

Next, MSKB 2853952 or the July 2013 cumulative rollup 2855336 (we’ve detailed these rollups in an earlier post) which includes standalone QFE 2853952 should be installed on Windows Server 2012 Hyper-V hosts and Windows Server 2012 guests.

A pending update, currently scheduled for release today (September 10th, 2013) will update 2853952 to apply to

  • Windows Server 2008 R2 Hyper-V hosts.
  • Windows 7 and Windows Server 2008 R2 virtual guests running on either Windows Server 2008 R2 or Windows Server 2012 Hyper-V hosts.

In summary, the updated version of KB 2853952 should be installed on both Windows Server 2008 R2 and Windows Server 2012 Hyper-V hosts (using the existing version of KB 2853952), and Windows 7 / Windows Server 2008 R2 virtual guests utilizing a jet-based store like Active Directory.

A workaround that can be deployed NOW, is to deploy jet databases, including the Active Directory  database and log files on virtual SCSI drives when Windows Server 2008 R2 and Windows Server 2012 virtual guests resides on Windows Server 2012 virtual hosts.

The reason SCSI or Virtual SCSI is recommended is that SCSI controllers will honor forced unit access or requests to disable write cache. Forced Unit Access (FUA) is a flag that NTFS uses to bypass the cache on the disk – essentially writing directly to the disk. SCSI has supported this via the t10 specification but this support was not available in the original t13 ATA specifications. While FUA support was added to the t13 ATA specifications after the original release, support for this has been inconsistent. More importantly, Windows does not support FUA on ATA drives.

Active Directory uses FUA to perform un-buffered writes to preserve the integrity of the database in the event of a power failure. AD will behave this way on physical and virtual platforms. If the underlying disk subsystem does not honor the FUA write, there could be database corruption and/or a “USN Bubble”. Further, some SCSI controllers feature a battery backed cache, just in case there are IOs still in memory when power is lost. (Thanks to fellow PFE Brent Caskey for doing some digging on this)

Applying the July update rollup and the pending September updates on the relevant Hyper-V hosts and virtual guests will greatly reduce the likelihood of damage to jet files when Hyper-V guests reside on virtual IDE disks. However the recommendation is still to use virtual SCSI disks for jet-based workloads and other critical data.

FAQ about this update

This update probably sent many of your admin spidey sense tingling and for good reason. Let’s try to answer ones that you are thinking about.

Does this only affect Active Directory?

By reading the actual problem you’ll notice it’s not a problem with Active Directory itself so the answer is no. The title of the KB has been updated to reflect this and hopefully provide some clarity. The problem is with applications that require I/O guarantee. IDE doesn’t provide I/O guarantee and neither does Virtual IDE.

 

How Should I Be Configured?

You are going to want to have your data stored on Virtual SCSI (vSCSI) disks for the reasons stated above.

What about physical machines on IDE drives, are they at risk too?

Yes. If you still have physical machines that are running on IDE drives, you will want to try to move the server data to SCSI disks as well.

I have all my data on the boot drive, can I boot off Virtual SCSI?

You cannot. In Server 2012 R2 we actually have Virtual SAS which you can use for both boot and data. For now you’ll need to use a separate virtual SCSI disk for data.

Is only Server 2012 affected by this?

No this also affects 2008 R2. However the new update is now for both 2008 R2 and 2012.

Where do I apply this update, host, guest or both?

The update should be applied to Windows Server 2012 hosts, and in a post July 2013 update, Windows Server 2008 R2 Hyper-V hosts, and Windows Server 2012/Windows Server 2008 R2 / Windows 7 virtual guests.

Anything else we should be doing for this?

You’ll want to make sure any operational and configuration changes are in place to avoid any unscheduled down time until you are able to move the data to a virtual SCSI disk and apply the appropriate updates.

 

I have a lot of DCs that are set up improperly, a little help?

Tom recently helped out a customer with moving their DB and logs to SCSI disks. Thanks to PowerShell and his powershell-fu, this is all pretty simple but it does take the AD service down on the target DC for a period of time.

First, on the Hyper-V host, you’ll need to attach a new disk to the virtual machine. Launch PowerShell as an admin on the host. Pre-identify the VM name and the physical location where you’ll create the new VHDX file.

Then run:

$vhd = New-VHD -Path [PATH TO VHDX] -SizeBytes 10GB -Dynamic:$false Add-VMHardDiskDrive -path $vhd.path -ControllerType:SCSI -ControllerNumber 0 -VMName [VMNAME]

Obviously, replace the bracketed parameters with your parameters. Also modify the disk size to something appropriate for your database. 10GB will cover most customers.

After, you need to log on to the guest VM to create the volume and move the DB. In the example below, we’ve used drive letter E. Modify this based on your company standards or configuration.

First, check to see if the disk is offline, and set it to online if it is.

Get-Disk | Where { $_.OperationalStatus -eq "Offline" } | Set-Disk -IsOffline:$false

Once it’s online, you just need to create the volume. PowerShell makes this very easy on Windows Server 2012. If you’re using 2008, you will need to replace this part with diskpart commands. For the sake of brevity, we’ll just cover PowerShell.

Get-Disk | Where { $_.PartitionStyle -eq "RAW" } | Initialize-Disk -PartitionStyle:GPT -PassThru | New-Partition -UseMaximumSize -DriveLetter E | Format-Volume -Full:$false -FileSystem:NTFS -NewFileSystemLabel "NTDS" -Force

Ok, that doesn’t look easy, but it’s all one line, making use of the PowerShell pipeline. As we complete each task, we pass the result to the next cmdlet. Finally, we end up with an E drive. Next, we need to move the database and logs. We’ll use ntdsutil to do this.

First, stop NTDS. Then, run ntdsutil. Modify the paths below to fit the drive letter you chose above.

#stop NTDS Stop-Service NTDS -Force #use NTDSutil to move logs/db ntdsutil activate instance ntds files move db to e:\NTDS move logs to e:\NTDS quit quit

Verify the output from ntdsutil. If you’re scripting this out, I recommend extensive testing ahead of time. You may be able to use Test-Path to figure out if the database and logs moved successfully or not. Assuming everything checked out, run Start-Service NTDS to restart NTDS. Congrats, you’re made it to SCSI disks.

Any questions please let us know in the comments.

Mark “Crash test dummy #1” Morowczynski and Tom “Crash test dummy #2” Moser

</QUOTE SOURCE=”Clarifications on KB 2853952, Server 2012 and Active Directory error c00002e2 or c00002e3”>

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Posted in Active Directory Domain Services (ADDS), Updates, Updates, Virtualization, Windows Client, Windows Server | Leave a Comment »

(2013-09-09) Windows 8.1 And Windows Server 2012 R2 Available For Subscribers

Posted by Jorge on 2013-09-09


Windows 8.1 RTM and Windows Server 2012 R2 RTM are available today for TechNet and MSDN Subscribers!

More info: Download Windows 8.1 RTM, Visual Studio 2013 RC and Windows Server 2012 R2 RTM Today

Downloads:

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Windows Client, Windows Server | Leave a Comment »

(2013-09-05) Querying An Event Log Of One Or Multiple Computers For A String

Posted by Jorge on 2013-09-05


Have you ever had the need to query multiple computers for a specific string in some Event Log? Well, look no further! Here is a PowerShell script that does it for you!

# SCRIPT NAME: Search-EventLog-For-String.ps1 Param ( [string[]]$listOfServers, [string]$discoverDC, [string]$eventLogName, [string]$stringToSearchFor, [bool]$table, [bool]$list ) If ($discoverDC.ToUpper() -eq "LOCALDOMAIN") { $listOfServers = ([system.directoryservices.activedirectory.Domain]::GetCurrentDomain()).DomainControllers | ?{$_.IPAddress –ne $null} | %{$_.Name} } If ($discoverDC.ToUpper() -eq "LOCALSITE") { $adSiteLocalComputer = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name $listOfServers = ([system.directoryservices.activedirectory.Domain]::GetCurrentDomain()).DomainControllers | ?{$_.IPAddress –ne $null -And $_.SiteName -eq $adSiteLocalComputer} | %{$_.Name} } $relatedEvents = @() $listOfServers | %{ $relatedEventsOnServer = Get-WinEvent -ComputerName $($_) -LogName $eventLogName | ?{ $_.Message -match $stringToSearchFor} $relatedEvents += $relatedEventsOnServer } If ($table) { $relatedEvents | FT Id, MachineName, LogName, TimeCreated, Message -AutoSize } Else { $relatedEvents | FL Id, MachineName, LogName, TimeCreated, Message }

Some examples….

Search-EventLog-For-String.ps1 -listOfServers R2FSMBSVA.ADDMZ.LAN -eventLogName Security -stringToSearchFor "An Error occured during Logon" -table $true

image

Figure 1: Specifying A Single Server And Displaying In Table Format

Search-EventLog-For-String.ps1 -listOfServers R2FSMBSVA.ADDMZ.LAN -eventLogName Security -stringToSearchFor "An Error occured during Logon"

image

Figure 2: Specifying A Single Server And Displaying In List Format

Search-EventLog-For-String.ps1 -listOfServers R2FSMBSVA.ADDMZ.LAN,R2FSRODC5.ADDMZ.LAN,R2FSRODC6.ADDMZ.LAN -eventLogName Security -stringToSearchFor "An Error occured during Logon" -table $true

image

Figure 3: Specifying A List Of Servers And Displaying In Table Format

Search-EventLog-For-String.ps1 -listOfServers R2FSMBSVA.ADDMZ.LAN,R2FSRODC5.ADDMZ.LAN,R2FSRODC6.ADDMZ.LAN -eventLogName Security -stringToSearchFor "An Error occured during Logon"

image

Figure 4: Specifying A List Of Servers And Displaying In List Format

Search-EventLog-For-String.ps1 -discoverDC LOCALDOMAIN -eventLogName System -stringToSearchFor "This computer was not able to set up a secure session with a domain controller in domain" -table $true

image

Figure 5: Discovering All DCs (RWDCs And RODCs) In The Same AD Domain As The Server The Script Is Executed On And Displaying In Table Format

Search-EventLog-For-String.ps1 -discoverDC LOCALDOMAIN -eventLogName System -stringToSearchFor "This computer was not able to set up a secure session with a domain controller in domain"

image

Figure 6: Discovering All DCs (RWDCs And RODCs) In The Same AD Domain As The Server The Script Is Executed On And Displaying In List Format

Search-EventLog-For-String.ps1 -discoverDC LOCALSITE -eventLogName "Directory Service" -stringToSearchFor "KCC" -table $true

image

Figure 7: Discovering All DCs (RWDCs And RODCs) In The Same AD Site As The Server The Script Is Executed On And Displaying In Table Format

Search-EventLog-For-String.ps1 -discoverDC LOCALSITE -eventLogName "Directory Service" -stringToSearchFor "KCC"

image

Figure 8: Discovering All DCs (RWDCs And RODCs) In The Same AD Site As The Server The Script Is Executed On And Displaying In List Format

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Posted in Event Log, Event Log, PowerShell, Tooling/Scripting, Windows Client, Windows Server | 1 Comment »

 
%d bloggers like this: