Repadmin is the tool used to troubleshoot replication in an Active Directory forest.. commands like repadmin /replsum (to view replication summary) or repadmin /showutdvec (to view USN per domain controller).. are common commands.. it get’s tougher when we want to create or modify links during troubleshooting.. then we use /add to add replication links between two servers..
But aren’t replication links the what we see in Sites & Services?
Actually no.. the links are the actual replication agreements between the two servers, each partition of the AD has it’s own replication link per server.. to view them we can use repadmin:
Let’s say an object in AD has an attribute that is a reference to another object based on DN The targeted object is deleted.. and the attribute field changes to the deleted objects CN like: CN=nameADEL:ff920d6f-d823-4fff-9448-b645bd40d5e2,CN=Deleted Objects,DC=child,DC=ROOTDOMAIN,DC=LOCAL Now when we try to clone that object to create a new object (for example user copy) the AD U&C […]
!PASSED! As one of the first (now 27 worldwide), I can now call myself an MCM:Windows 2008-Directory!.. Congrats to all others!The Microsoft Certified Master: Windows Server 2008, Active Directory program provides the most in-depth and comprehensive training that is available today for the latest version of Windows Server 2008 with a focus on Active Directory. […]
So let’s say you want to know how many objects are created on a domain controller, you want to see shen it’s receiving a new RID pool? checkout the RID-SET Set ObjRid= GetObject (“LDAP://CN=RID Set,CN=DC01,OU=Domain Controllers,DC=fabrikam,DC=com”) it lists all the properties that the LOCAL! DC uses to handout RID numbers.. if the rIDPreviousAllocationPool and rIDAllocationPool […]
Anyone installed a forest trust before.. probably else you would not be reading this post.. how does authentication work in a forest trust?
Well there are two authentication mechanisms in Windows NTLM and Kerberos, both can be used in a forest trust, and both work differently. Setting it up brought me the following authentication schema..
So the problem:
All mailboxes of the users are migrated to a central Exchange server, comming from various Exchange 5.5/2003/2003 mailservers (contact me if you want to know how 🙂 ) . and mailboxes where cloned.. now the client needs to be pointed to the new exchange server else Outlook will not work. The challenge, how do you change your mapi profile.
We had 4 scenario’s
1: The domain is NT4 no trust or no domain at all!
2: The domain the user is in, has a trust with the Exchange domain
3 The domain the user is in is a Windows 2000/2003/2008 domain no trust
4: The user is in the domain