Jan 21

MS16-101: NTLM fallback is now prohibited

Преди времесе зачетох в следната статия:

Troubleshooting failed password changes after installing MS16-101

В нея се споменава за пароли, NTLM, последствия от Ms16-101 – кофти patch, не се случва за първи път т.е.нищо интересно.

Continue reading

Jan 08

Configuring Windows Components Logging

“Човек и добре да живее, все ще му се наложи да дебъгва”:

Directory Services Debug Logging Primer

Списъкът е огромен, но не очаквам да е изчерпателен.

Jan 15

“Could not retrieve default replication accounts” during RODC Promotion

The task was to promote the first RODC in a mixed OS domain with Windows 2003 Forest/Domain functional levels. Before DC promotion the AD Schema was successfully extended and there was one Writable Domain Controller (Windows Server 2013 R2) up and running.

I noticed some RODC related groups are missing even trough adprep finished without any errors:

  • Read-only Domain Controllers
  • Allowed RODC Password Replication Group
  • Denied RODC Password Replication Group

I thought they will appear after first RODC promotion. But that was not the case!

These groups, along with many others, are created AFTER you transfer the PDC role to a domain controller, running Windows Server 2008 or later!

After transferring the PDC role these groups were created:

Nice to know it 🙂

Thereafter the first RODC was promoted successfully!

References:

Dec 14

Set-ADUser : Insufficient access rights to perform the operation when setting the Title attribute in Active Directory

Представете си, че имате обикновен потребител в Active Directory домейн, примерно Updater@pkg.lab. Искате той да има право да променя полето Title на определен списък с потребители.

Атрибутът Title отразява длъжността (т.е. Job Title) на потребителя в организацията.

За тази цел сте делегирали права Read/Write за атрибута Title в определени организационни единици:

Continue reading