How to find NTP server in your Active directory domain

Use the following command from any domain joined server/client. you will receive out put like bellow

C:\Users\user>w32tm /monitor
DC02.domain.local[10.255.5.7:123]:
    ICMP: 9ms delay
    NTP: +0.0466250s offset from DC.domain.local
        RefID: DC.domain.local [10.255.24.10]
        Stratum: 2
ADC01.domain.local[10.192.10.15:123]:
    ICMP: 14ms delay
    NTP: -0.0239011s offset from DC.domain.local
        RefID: DC.domain.local [10.25.2.12]
        Stratum: 2
DC02.domain.local[10.11.20.7:123]:
    ICMP: 17ms delay
    NTP: +0.0111994s offset from DC.domain.local
        RefID: DC.domain.local [10.25.20.12]
        Stratum: 2
DC03.domain.local *** PDC ***[10.20.58.40:123]:
    ICMP: 3ms delay
    NTP: +0.0000000s offset from DC03.domain.local
        RefID: DC03.domain.local [10.255.240.102]
        Stratum: 2

In above out put the red highlighted DC is your NTP server, from which your all DCs getting time.

and DC03 is your PDC, from which all other DCs sync their time, is your main source of time, you should care about DC03 time, if its time got incorrect then all other DCs and client will also get the wrong time. So PDC should be a reliable and will be better if it is a physical machine. per my experience the Virtual machines don't have reliable clock. 

The trust relationship between this workstation and the primary domain failed(resolved)

The "the trust relationship between this workstation and the primary domain failed" occurs

(1) If you are trying to login with any computer that has not connected to your domain since long time

(2) You have multiple domain controllers and have replication issues between them.

(3) one of your domain controllers is down currently which has the password of this computer object.

 If you resolve the replication issue, then you should not face this error anymore.
How to resolve?
First run the following command on effected computer facing above error.
nltest /dsgetdc:domain.local

it will show you that on which domain controller your system is trying to be authenticated at the moment, as you have multiple domain controllers.
 Now go to that Domain controller and check the password reset date of this effected computer

As below:

(Go to AD user and computer and from view select Advance feature and search the effected system object and note its path/location where it is placed and then go on that path/location and right click on the effected computer object and go to its properties and then attribute editor tab and there you will find the pwdLastSet attribute).
it will show you that when the password of this computer object was set.
most probably it will be an old date.

now you have to reset the password of this computer object through the following command, should be run from that effected computer.(if you can not login with domain user then can login with any local users)

netdom resetpwd /s:DomainControler1 /ud:domain\user1 /pd:*

 

The above command will reset the password of the effected computer and will replicate to the domain controller.

Note:- on client OS (Windows 7 etc) you have to install remote server administration tools, otherwise you will receive an error while running the above command.

Now restart this affected computer and try to login with domain user it should login now without any error.

Enable user for Lync through Lync power shell command

Some time you trying to enable an account for lync that have ever admin rights and you receive the following error in lync control panel.

Active directory operation failed on "Domai.controler". you cannot retry this operation: "insufficient access rights to perform the operation 00002098: secErr: DSID-0315bb9. problem 4003 (INSUFF ACCESS RIGHTS). data 0)"

To resolve this issue you have to enable this account through lync power shell using the following command.

C:\users\administrator> Enable-CsUser "user1" -SipAddressType EmailAddress -SipDomain domainname.com -RegistrarPool "lync.com.local"
 

How to show last password reset date of users in an OU in active directory 2008 R2

How to show last password reset date of users in an OU in active directory 2008 R2.

get-aduser -searchbase "OU=ouname,OU=ouname,DC=domainnaem,DC=domainname" -Filter * -Properties passwordlastset | FT passwordlastset,UserPrincipalName >C:\store\MT.csv

How to export the value of specific fieled of user property in active directory 2008 r2

How to export the value of specific field in of a user property in active directory 2008 r2

get-aduser -searchbase "OU=ouname,OU=ouname,DC=domainname,DC=net" -Filter * -Properties thumbnailPhoto | FT thumbnailph

oto,UserPrincipalName >C:\store\abc.csv

How to export member list of destribution group in exchange 2007

Use the following command in exchange management shell.



[PS] C:\Windows\system32>Get-DistributionGroupMember -identity "distributiongroupname" | Export-C
sv > "c:\pic\zeesh.csv"
cmdlet Export-Csv at command pipeline position 2
Supply values for the following parameters:
Path: c:\pic\zzzz.csv

How to show the current unique connections with mailbox servers in Microsoft exchange 2007

Use the following command in exchange management shell.

(get-logonstatistics -server mailboxservername |% {$_.username} | sort -unique).count

 

Note:

if you have mailbox cluster then you have to use mailbox cluster name.

Can not RDP/access/login to a VM in hyper-v, heartbeat: no contact

If you can not login to a VM in hyper-v and also can not RDP to a VM. shows HeartBeat: no contact.

use the following procedure to resolve.

1)Restart the effected VM.
2)Press F8 to enter/log in safe mode.
3)Login to the VM with local admin Or try any other user if possible.
4)From the effected VM window Go to Action-->insert integration services setup disk.
5) Now Double click on CD/DVD icon in effected VM.
6) Open root folder, here you will see, the setup file. double click on it.
it will install the HAL on your VM.
7)Restart the VM.
that's it. now should be able to access/RD it..

How to configure SSL in NLB

(1) First you have generate CSR from one server in NLB,
(2) Generate SSL certificate from your CA or online SSL provider (Digicert, Godaday etc).
(3) Copy your SSL certificate to your server from which CSR was generated and install it.
(4) Now you have to export this certificate from this Server.
(5) Copy this exported certificate to the other node in NLB.
(6) Import this (exported) Certificate to the other node in NLB.

Now that's it.

But
If you have published the required URL through some firewall (ISA etc), then you also have to import the exported certificate on your ISA server.

How to import??

On ISA server Start--> Run-->mmc--->add snaf-in and certificate, certificate-->personal--->import Browse the certificate which was exported form from NLB server.

after that open the required URL policy rule in ISA managment window. Right Click-->properties-->listener--properties--certificate-->select
ceritficate----here you will see the new certificate,, select that new ceritificate and click new.
thats it..all done.

 

how to download FCS updates manualy

search in Google "mpam-fe", it will go to Microsoft updates site, from there you can download latest updates according to your infrastructure(32bit OR 64 bit).after completion of update (mpam-fe), just double click on this (mpam-fe) and FCS updates will be installed,   

How to find the serial number of remote a computers in your network.

copy past the following code in notepad and save in "*.vbs" file. then double on it, it will ask for computer name. just enter the name of computer in your network and it will show you its serial number.

==============================//////======================
On Error Resume Next
Dim strComputer
strComputer = InputBox("Enter the name of the computer:")
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSMBIOS = objWMIService.ExecQuery ("Select * from Win32_SystemEnclosure")
For Each objSMBIOS in colSMBIOS
MsgBox strComputer & ": " & objSMBIOS.SerialNumber
Next
===========///////================================///////=====

Or login remotely to that system and type the following command.

C:\Users\Administrator>wmic bios get serialnumber
 

who have changed the password of a user in AD

The following command will show that when the password has been changed

C:/>net user username

Then from above command you will know that when that user password has been changed.
then go to event viewer and security logs on your DC and check the events that are accord at that time, you will see the event ID=4724,

please note that Auditing will be already enabled in your AD environment.

How to export certificate from Domain controler

Use the the following command to generate certificate.

C:\>certutil -ca.cert certificatename.crt

you will find your generated certificate in C:\
please note that Active Directory Certificate Services will be installed on your Domain controller, you can change the certificate extension according to your requirements.

Free SSL certificate

https://ssl.comodo.com/free-ssl-certificate.php
https://www.instantssl.com/free-ssl-certificate.html

How to activate windows 8

Open command prompt with admin rights

Type the following command, it will show you that your window  8 is activated or not.
c:>slui.exe

If your window is not activated then type the following command with key.
slmgr.vbs -ipk <key>

Without "<>" please