Tag Archives: Active Directory

Azure Active Directory Connect – High Availability

Posted on by
3

When working in Enterprise environments the High Availability (HA) question is often raised. (Azure Active Directory Connect – High Availability)
Also for the new and shining Azure Active Directory Connect (AADConnect) tool.

The tool itself is the successor of DirSync, with a lot of new features. For instance Password Write Back. Get the tool here: https://www.microsoft.com/en-us/download/details.aspx?id=47594

But back to the question:
NO there is no possibility for HA of the AADConnect tool.

But there is a nice solution, Staging Mode.

But what is this staging mode?

In a Staging Mode scenario you install 1 server with AADConnect, which will be the active server, and a second server with AADConnect, which will be the ‘Standby’ server. Because that’s what it essentially is.

The Staging server is a fully functional AADConnect server, with a fully populated Metaverse, BUT there are a few thing is does not do:

  • No exports occur to your on-premise Active Directory;
  • No exports occur to Azure Active Directory;
  • Password synchronization and password write-back are disabled.

In case the primary server goes offline (for whatever reason) you can manually disable the Staging Mode on the second server and this one will do the synchronization!

Azure Active Directory Connect - High Availability

Azure Active Directory Connect - High Availability

Reset Trust Relationship for Domain Computer

Posted on by
1

When a computer somehow loses the trust relationship with the domain (for instance when longer than 30 days not connecting to the domain, or in a virtual environment returning to a snapshot) the usual steps you have to take are:

  1. Get the computer out of the domain to a workgroup (remember the local admin password!)
  2. Reboot
  3. Rejoin the domain
  4. Reboot

With powershell to the rescue it is an easier process:

Test-ComputerSecureChannel -Repair -Credential YourDomain\AdminUser

From the get-help

NAME

Test-ComputerSecureChannel

SYNOPSIS

Tests and repairs the secure channel between the local computer and its domain.

SYNTAX

Test-ComputerSecureChannel [-Credential [<PSCredential>]] [-InformationAction {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend}] [-InformationVariable [<System.String>]] [-Repair] [-Server [<String>]] [-Confirm] [-WhatIf] [<CommonParameters>]

DESCRIPTION

The Test-ComputerSecureChannel cmdlet verifies that the secure channel between the local computer and its domain is working correctly by checking the status of its trust relationships. If a connection fails, you can use the Repair parameter to try to restore it.

Test-ComputerSecureChannel returns “True” if the secure channel is working correctly and “False” if it is not. This result lets you use the cmdlet in conditional statements in functions and scripts. To get more detailed test results, use the Verbose parameter.

This cmdlet works much like NetDom.exe. Both NetDom and Test-ComputerSecureChannel use the NetLogon service to perform the actions.

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=293925

Checkpoint-Computer

Reset-ComputerMachinePassword

Restart-Computer

Stop-Computer

REMARKS

To see the examples, type: “get-help Test-ComputerSecureChannel -examples”.

For more information, type: “get-help Test-ComputerSecureChannel -detailed”.

For technical information, type: “get-help Test-ComputerSecureChannel -full”.

For online help, type: “get-help Test-ComputerSecureChannel -online”

Set default OU for new AD computers

Posted on by
Reply

As we all know the standard Default Container for newly created computer objects is ‘Computers’

But I want my newly created computer objects in another Organizational Unit (OU), Always!

This can be easily achieved by an old friend: REDIRCMP

You have to use the Container-CN (which can be easily found with ADSIEdit!)

Always handy J