DFS Troubleshooting on Windows Server 2008 R2

AD computers report


Get-ADComputer -Filter * -Property * | Select-Object Name,OperatingSystem,DistinguishedName,modifyTimeStamp,LastReboot | Export-CSV AllWindows.csv -NoTypeInformation

What’s New in Active Directory Domain Services in Server 2012? AD – Server 2012

Managing RID Pool Depletion

Active Directory: LDAP Syntax Filters

Troubleshooting Active Directory Account Lockout

Find All Active/Used IP Addresses on Your Network


Open the Command Prompt and type in the following:

FOR /L %i IN (1,1,254) DO ping -n 1 192.168.10.%i | FIND /i “Reply”>>c:\ipaddresses.txt

Powershell getting the RID pool values


function Grab-RidWaterMark
{
param ($domainDN)
$de = [ADSI]”LDAP://CN=RID Manager$,CN=System,$domainDN”
$return = new-object system.DirectoryServices.DirectorySearcher($de)
$property= ($return.FindOne()).properties.ridavailablepool

#get the high/low parts of int64 value, which is the samething that “large integer converter: in LDP is doing.
[int32]$totalSIDS = $($property) / ([math]::Pow(2,32))
[int64]$temp64val = $totalSIDS * ([math]::Pow(2,32))
[int32]$currentRIDPoolCount = $($property) – $temp64val

Write-Host “Total SIDs that can be created: $totalSIDS”
Write-Host “Latest RID pool high water mark: $currentRIDPoolCount”
}

Results:

PS C:\> Grab-RidWaterMark -domainDN “dc=brad,dc=forest,dc=test”
Total SIDs that can be created: 1073741823
Latest RID pool high water mark: 12271600

Refer :

https://blogs.technet.microsoft.com/brad_rutkowski/2010/04/23/iadslargeinteger-in-powershell-getting-the-rid-pool-values/

Finding a locked-out user’s location

Explain about account lockout event ids ?


Let us see the account lockout event ids in Windows Server 2003:

Event Id Event Type Event Occured Reason
529 Failure Audit Logon Failure Unknown user name or bad Password
539 Failure Audit Logon Failure The user trying to logon is already locked
612 Policy Change Policy Changed General Audit Policy changed
643 Policy Change Domain Policy Changed Changes in Account Lockout and Password policis
644 Success Audit User Account Locked Out The user account has reached the account lockout threshold
671 Success Audit User Account Unlocked User Account Unlocked
675 Failure Audit Logon Failure Pre-authentication failed

 

Event Id Event Type Event Occured Reason
4625 Failure Audit Logon Failure Unknown user name or bad Password
4719 Policy Change Policy Changed General Audit Policy changed
4739 Policy Change Domain Policy Changed Changes in Account Lockout and Password policis
4740 Success Audit User Account Locked Out The user account has reached the account lockout threshold
4767 Success Audit User Account Unlocked User Account Unlocked
4771 Failure Audit Logon Failure Kerberos Pre-authentication failed
%d bloggers like this: