Today I wanted to share a nice project that was done by someone I know to test for AD Replication status.
The feature is really nice and it allow to diagnostic any replication error, or to see if it’s working correctly.
To see how it look; (images took from the github reposterie)
To quote github, the reason behind the tool are;
The old version of the tool had a time bomb in it – an expiring SSL certificate – that rendered the app unusable sometime around September 2022. Only through great effort internally were we able to periodically renew this certificate and republish the app, and the app was architected in such a way that excising the signing certificate check was more work than just rewriting the whole thing. (I know about the Sirona DLL hack, but still.)
The old tool had no active maintainers and no one who was still around was familiar with the app’s internals or source code.
The old tool was showing its age… I mean, that Office-style ribbon was straight out of the Windows Vista era, was it not? Plus it contained a bunch of outdated TechNet links. You might argue that WinForms is similarly old-fashioned, but I just so happen to think WinForms is and always was PEAK Windows UI.
Now we can maintain and improve this tool together. The Active Directory community.
With the end of Internet Explorer this month, if you update your computer, I wanted to talk a bit the enterprise site list manager of Microsoft.
It’s a nice tool to create a list of site that need IE mode inside Edge.
Keep in mind that if you hardcode a shortcut, ie; “iexplorer.exe https://link_to_go” the redirection no longer work, as the update make Edge display the EOL of Internet Explorer and Edge open with tip for Enterprise mode, thus not catching the link that was trying to open.
For enterprise site list it’s in basic a simple .XML file with entry inside it.
You can put the file inside a fileshare, locally into a desktop or on a website centrally.
Today I wanted to share some small tips to debug Egde policies.
Not everyone know it, but you can list your GPO settings you push to the client !
It’s a really nice add-on to Edge, as it allow to see if your targetting in your GPO work or not, and if the settings you push is the desired’s one.
To display the windows you just have to enter in the browser bar; edge://policy
A windows like this one will appear;
Inside the windows you have the timestamps of the last time the policy was retrived.
If you need tod ebug IE Enterprise mode you can go to the edge://compat windows.
Like in that example we can see the .xml push by GPO was in error.
Next post I will talk how to debug the xml’s file 🙂 but with those tips atleast now we can spot where the error is if the policy dont work as intended.
Today I wanted to talk an issue I seen, it’s not common, but it’s an error that can happen. It’s if you rename a DC like if it’s a normal computer, not the correct way. The problem after is it break your Active Directory Database.
After the reboot you will see that error on the login screen of the DC;
Security database on the server does not have a computer account for this workstation trust relation on domain controller.
To recover you need to use netdom the old way.
Please know it’s an issue with only one DC in a single forest. Don’t do those step if you have other working DC or a bigger forest.
First we do a backup in case something bad happen.
That should do the trick to revert back to the good name, after that if you want to rename a DC, remember it’s not a good idea, but at that point it’s easier to promote another’s one to do the trick. If you need to keep the old server up, you can make sure you have another DC, and after you demote and re-promote with the good name the DC you wanted to change the name.
Today I wanted to share a small bug you can encounter on QEMU / KVM if you are testing Windows 10’s machines. It’s something new I seen, so I wanted to discuss it.
The bug is simple to see, it’s in the Windows 10 setup at the start if you see a business login / portal that is not for your business then you must think the system UUID is probably taking one already registered online.
It’s something I never seen before, but it was reported there (or there), so it’s why I talk it.
In that case the user was seeing a login page from another business, as seen here when he used a normal ISO.
In such case to bypass that problem make sure to change the UUID, that way to make QEMU use the system UUID;
-enable-kvm -uuid $(dmidecode -s system-uuid)
In the OOBE make sure it’s offline too.
I will quote the answer from Aarad Prasad for that part;
Make sure the process is offline, by disabling your network adapter while in the OOBE process. Get an elevated prompt by pressing Shift+F10 and executing the following in powershell:
Today I will share a quick tip if you want to add a group to the locla admin group easily.
Sometime you need to use restricted group’s policy, but when the environement is already setup some time it’s easier to just do a batch.
The batch is nice as it target the OU you want, and it add the Domain Group you want to the local admin group. Please adjust the script for the Administrators groups name depending on the Windows language.