Showing posts with label server. Show all posts
Showing posts with label server. Show all posts

Saturday, January 04, 2020

Technical Post - Netlogon and SYSVOL not creating when promoting server to Domain Controller

Here's one that's been bugging me for a few months now..

At one of the schools we support, we needed to add an additional domain controller to an existing domain.  Sounds simple right? 

During the promotion process, the server creates the SYSVOL and Netlogon folders, but they wouldn't share.

The new server is running Microsoft Windows Server 2019, whereas the older server is still running 2012.

After doing some Googling, it appears this is a more common issue than I had originally thought, which is surprising since I've promoted and demoted many domain controllers over the years and have never had an issue like this.

Anyway, I managed to solve it in the end with a bit of searching.

Firstly, on the newer server, open Regedit and browse to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters"

Change SysVolReady from 0 to 1

This will create the SYSVOL share.

To create the Netlogon share, I then had to manually create a folder called 'scripts' in the following location - c:\windows\sysvol\domain\

Once created, restart the Netlogon service.

That's the folders created and ready, but alas replication is not working between the servers.  Onwards to the next step...

On the old domain controller, look in Event Viewer for an error regarding DFS Replication (ID 2213).  The error will read "The DFS Replication service stopped replication on C:  This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled."

Beneath the error will be a GUID.  Copy this long number.

Open an elevated command prompt and enter

wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="00000000-0000-0000-0000-000000000000" call ResumeReplication

Where 00000000-0000-0000-0000-000000000000 is, enter the GUID number from the error message (ID 2213)

Now run the following command to see the state of replication and you 'should' see that all servers are now showing State 4 (Normal) and replicating successfully.

For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state

For information, the other states are....

0 = Uninitialized
1 = Initialized
2 = Initial Sync
3 = Auto Recovery
4 = Normal
5 = In Error

Now Active Directory and file replication between DCs should be working (you can double-check by running DCDIAG and looking for any errors).

I hope this helps someone!

Wednesday, April 10, 2019

Technical Post - Creating new Active Directory user accounts on Windows Server 2016 using Powerscript

A useful little Powerscript which I have written for student user creation in a Windows Active Directory.  Some features may not be useful to all since I wrote this for our needs in our school, but it's pretty straight forward to use and I'm sure it could easily be modified to fit someones needs if they wanted the same.  The script creates the user object in Active Directory, adds them to groups, creates their user folder (on a different server), and sets the correct permissions on that folder.

I've posted this here more of a reminder to me if I ever need to revisit it, and I'm sure there is probably a far better and efficient way of doing this, but it may help someone, somewhere!

A couple of things to bear in mind..  Our student username format begins with two digits, then the first three letters of their surname, and then the first three letters of their forename (ie 19WilStu).   AND obviously, any references to server names and folder locations will need to be updated with your details

Please feel free to comment, and let me know if you have a better way of doing it :D

Write-Host ""
Write-Host "  STUDENT USER CREATION SCRIPT (Powerscript V1)"
Write-Host "  ---------------------------------------------"
Write-Host "             By Stu -  09/04/2019"
Write-Host ""

# ---------------------------------------------------------------------
# -     LETS GET SOME VARIABLES AND CREATE THE USERNAME FORMAT        -
# ---------------------------------------------------------------------
#
$forename = read-host -prompt 'Input users forename'
$surname = read-host -prompt 'Input users Surname'
$year = read-host -prompt 'Input users year - (This is the number in their username eg. 15, 06, 03)'
$forename_Three = ($forename.SubString(0,3))
$Surname_Three = ($surname.SubString(0,3))
$username = $Year + $Surname_Three + $Forename_Three
Write-Host "Hello $username"

# ---------------------------------------------------------------------
# -              CHECK TO SEE IF USER EXISTS OR NOT                   -
# ---------------------------------------------------------------------
#
if (dsquery user -samid $username)
{
Write-Host "Found user - PLEASE RESTART AND START AGAIN"
Pause
exit
}
    else {"Did not find user - Let's continue to setup the user"}

$password = read-host -prompt 'Enter default password'
Write-Host ""
Write-Host " We have everything we need to create the user account. Please wait"
Write-Host ""


# ---------------------------------------------------------------------
# -             CREATE USER OBJECT IN ACTIVE DIRECTORY                -
# ---------------------------------------------------------------------
#
New-ADUser $username -AccountPassword (ConvertTo-SecureString -AsPlainText $password -Force) -ChangePasswordAtLogon $True -path "OU=Year$Year,OU=Pupils,OU=Domain Users,DC=yourdomain,DC=local" -Company "Year$Year" -DisplayName "$forename $surname" -Description "Initial Password is $password" -HomeDrive U -HomeDirectory "\\Yourfileserver\folder\students\userareas\Year$Year\$username" -HomePage "www.yourwebsite.com" -UserPrincipalName "$username@domain" -EmailAddress "$username@youremaildomain.com" -Enabled $True -SamAccountName $username -Surname $Surname -GivenName $Forename -ea Stop

Add-ADGroupMember -Identity "Pupils" -Members $username
Add-ADGroupMember -Identity Year"$Year"Group -Members $username

# ---------------------------------------------------------------------
# -           USER AREA FOLDER CREATION AND PERMISSIONS               -
# ---------------------------------------------------------------------
#
$samAccountName = $username
$fullPath = "\\Yourfileserver\folder\students\userareas\Year$Year\{0}" -f $samAccountName
$driveLetter = "U:"

$User = Get-ADUser -Identity $samAccountName

if($User -ne $Null) {
    Set-ADUser $User -HomeDrive $driveLetter -HomeDirectory $fullPath -ea Stop
    $homeShare = New-Item -path $fullPath -ItemType Directory -force -ea Stop
    $acl = Get-Acl $homeShare
    $FileSystemRights = [System.Security.AccessControl.FileSystemRights]"Modify"
    $AccessControlType = [System.Security.AccessControl.AccessControlType]::Allow
    $InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
    $PropagationFlags = [System.Security.AccessControl.PropagationFlags]"InheritOnly"
    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($samAccountName, $FileSystemRights, $InheritanceFlags, $PropagationFlags, $AccessControlType)
    $acl.AddAccessRule($AccessRule)
    Set-Acl -Path $homeShare -AclObject $acl -ea Stop
    Write-Host ("HomeDirectory created at {0}" -f $fullPath)


# ---------------------------------------------------------------------
# -This bit creates the default subject folders in the users user area-          -
# ---------------------------------------------------------------------

new-item \\Yourfileserver\folder\students\userareas\Year$Year\$username\Art -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\Business -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\Design -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\Drama -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\English -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\Food -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\Geography -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\History -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\ICT -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\Languages -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\Maths -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\Music -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\PE -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\Personal -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\RE -itemtype directory
new-item \\Yourfileserver\folder\students\userareas\Year$Year\Science -itemtype directory

Clear-Host
Write-Host ""
Write-Host "User $username has now been created successfully"
Write-Host ""
Write-Host "Username : $username"
Write-Host "Password : $password"
Write-Host ""
Pause