Month: January 2009

Tourist office and Google Maps combined

The strength new media is best showed when it’s simplified and usable by anyone.. take google maps, most people know about it, use it on their computer but if you’re on the go.. they prefer a Tom Tom or other simple device during the trip.. 

Read more

Securing Wireless with WHS Part II

Some of you might be using Windows 7 already and have noticed that the Wireless solution for Windows Home Server does work well with Windows 7. In fact, the computer does not challenge the user for a username or password, but just tells you it cannot connect. This is because Windows 7 has a different default setting for WPA-Enterprise authentication to wireless networks. By default the client computer will try to authenticate the user including the computername. IAS warnings in the eventlog are a result of Windows 7 computers trying to authenticate.

Read more

Windows 2008 Features (DFSRMIG)


The introduction of Windows 2008 brought us the famous Read-Only domain controller, the domain controller without passwords (unless explicitly approved) and one-way replication. That one-way replication also applied to the SYSVOL share. Sysvol is replicated by either FRS or DFSR depending on the initial setup of the domain. If you have upgraded your domain from Windows 2000 or Windows 2003 to Windows 2008 SYSVOL is still using FRS to replicate. When you have initially deployed Windows 2008 and set the forest functional level to use the Windows 2008 standards; DFSR is used. Usually the replication of Sysvol is two-way, you can change the contents on each domain controller and those changes are replicated to all domain controllers.

Read more

Windows 2008R2 features part II: Recycle Bin

Windows 2008 R2 Active Directory introduces the Recycle Bin option. If you deployed Windows 2008 R2 or upgraded your domain to the Windows 2008 R2 schema and you think the recycle bin is active, you are wrong. You have to specifically enable the recycle bin feature.

So upgrade your forestlevel and run the following command within a poweshell console:

Enable-ADOptionalFeature -Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=DirectoryService,CN=Windows NT,CN=Services,CN=Configuration,DC=rootdomain,dc=local’

 -Scope Forest -Target ‘rootdomain.local’


Read more

Windows 2008R2 features part I: Offline domain join

Since Windows NT4, clients who wanted to join a domain always needed a direct connection to the domain, either via VPN, dial-in or direct connection. New in Windows 2008R2 is the option for an offline domain join.. how does this work.. ? read on!

A new program is introduced called djoin.exe. We can use this to join a computer to the domain which is not directly connected. What does it do? It creates a text file that can be used by a Windows 7 or Windows 2008R2 client to join the domain.

Read more

Delegate the right to start/stop replication

Let’s say you want to isolate a domain controller for a certain time, you would issue the command:


normally this command requires Domain Admin/Enterprise Admin privileges.
Why and how to change that below.. first the usual warnings:
Playing with ADSIEDIT could damage your domain, please test everything in a lab environment first blabla.

Read more

Repadmin /expert

Repadmin is the tool used to troubleshoot replication in an Active Directory forest.. commands like repadmin /replsum (to view replication summary) or repadmin /showutdvec (to view USN per domain controller).. are common commands.. it get’s tougher when we want to create or modify links during troubleshooting.. then we use /add to add replication links between two servers..

But aren’t replication links the what we see in Sites & Services?
Actually no.. the links are the actual replication agreements between the two servers, each partition of the AD has it’s own replication link per server.. to view them we can use repadmin:

Read more