My notes for commands I used to Prepair 2012 server for demotion.
Most commands work on 2016, the rest will work on older servers.
Public IP(ISP DNS) used for external domain name resolution,should always be configured in Forwarder of DNS servers.
NEVER use public IP configured directly in the NIC either of the DC or clients.
Make sure the DC points to another DC for it's primary DNS server, and itself second. Latest from MS is to have the loopback adapter listed as a third option in network adaptor.
Reinicialize netlogon shares if they disapear
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters sysvolready change to 0 then back to 1
Clear all logs powershell script
wevtutil el | Foreach-Object {wevtutil cl "$_"}
Domain Controller Diagnostic List
dcdiag /v >>dcdiag.results.txt
dcdiag /e
dcdiag /d
dcdiag /a
dcdiag /c /v
dcdiag /test:advertising
dcdiag /test:netlogons
dcdiag /v /c /d /e /s:YourDomain.local >>c:\dcdiag.log
Specific source DC use /ReplSource:<DC>
NetDom Query fsmo <<<<Powershell App
GPResult /H C:\secpol.htm <read secpol.htm when done
DFSRDIAG.EXE POLLAD <<<< run on all servers
DFSRDIAG.EXE PollAD /Member:DOMAIN\Server1
DFSRMIG.EXE /GETMIGRATIONSTATE
DFSRMIG.EXE /GETGLOBALSTATE
repadmin /replsum
repadmin /showrepl
repadmin /showreps
repadmin /syncall
ntfrsutl ds DaServer
ntfrsutl poll /now
ntfrsutl sets
dfsutil /spcinfo
dfsutil /spcflush
MMC/Tools/DFS Management --- right hand menu >>> CREATE DIAGNOSTIC REPORTS
Net stop and start ntfrs
__________________________________________
ntdsutil.exe
ds behavior
connections
_________________________________________
RESET DNS
IpConfig /flushDns
IpConfig /registerDns
net stop dns
net stop netlogon
net start dns
net start netlogon
_______________________________________________________________
Reset the DSRM Administrator Password
Click, Start, click Run, type
ntdsutil
and then click OK.
At the Ntdsutil command prompt, type
set dsrm password
At the DSRM command prompt, type one of the following
lines:
To reset the password on the server on which you are
working, type
reset password on server null
type the password.
forest YourDomain.local
(DSRM PASSWORD)-> WhateverYouLike
_____________________________________________________________________
Reset Time Server
w32tm /config /manualpeerlist:time.nist.gov /syncfromflags:manual /reliable:YES /update
W32tm /resync /rediscover
_____________________________________________________________________
Fix Journal Wrap Error
To modify the default behavior, make the following changes in the registry
to instruct FRS to handle the JRNL_WRAP_ERROR status automatically:
1. Stop FRS.
2. Start Registry Editor (Regedt32.exe).
3. Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters
4. On the Edit menu, click Add Value, and then add the following registry
value:
I inserted this Key, it was not there.
Value name: Enable Journal Wrap Automatic Restore
Data type: REG_DWORD
Radix: Hexadecimal
Value data: 1 (Default 0)
5. Quit Registry Editor.
6. Restart FRS.
______________________________________________________
>> How to rebuild the SYSVOL tree and its content in a domain <<
https://support.microsoft.com/en-us/help/315457/how-to-rebuild-the-sysvol-tree-and-its-content-in-a-domain
SYSVOL on newly promoted DC is not synchronising, but replication looks ok?
https://blogs.technet.microsoft.com/ziggy/2013/08/20/sysvol-on-newly-promoted-dc-is-not-synchronising-but-replication-looks-ok/
How to remove completely orphaned Domain Controller
https://support.microsoft.com/en-us/help/555846
PROMISSING>>>>^^^^^^^
How to remove orphaned domains from Active Directory
https://support.microsoft.com/en-us/help/230306/how-to-remove-orphaned-domains-from-active-directory
DFS Replication: How to troubleshoot missing SYSVOL and Netlogon shares
https://support.microsoft.com/en-us/help/2958414/dfs-replication-how-to-troubleshoot-missing-sysvol-and-netlogon-shares
SYSVOL and Group Policy out of Sync on Server 2012 R2 DCs using DFSR
http://jackstromberg.com/2014/07/sysvol-and-group-policy-out-of-sync-on-server-2012-r2-dcs-using-dfsr/
How to configure an authoritative time server in Windows Server
https://support.microsoft.com/en-us/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server
Step-By-Step: Migrating Active Directory FSMO Roles From Windows Server 2012 R2 to 2016 <<<< PROMISING
https://blogs.technet.microsoft.com/canitpro/2017/05/24/step-by-step-migrating-active-directory-fsmo-roles-from-windows-server-2012-r2-to-2016/
Restoring and Rebuilding SYSVOL
https://technet.microsoft.com/en-us/library/cc816596(v=ws.10).aspx
server 2012
Fix: Active directory corrupted (NTDS ISAM Database Corruption errors in eventlog)
https://social.technet.microsoft.com/Forums/windowsserver/en-US/172eb4bb-a8df-42ce-a1c7-472d33dc210a/fix-active-directory-corrupted-ntds-isam-database-corruption-errors-in-eventlog?forum=winserverDS
Give Anyone Credentials with Azure Active Directory
https://redmondmag.com/articles/2017/07/01/azureadb2b.aspx
SYSVOL Replication Migration Guide: FRS to DFS Replication
https://www.microsoft.com/en-us/download/details.aspx?id=4843
https://gallery.technet.microsoft.com/PowerShell-Active-4ffedca4?ranMID=24542&ranEAID=TnL5HPStwNw&ranSiteID=TnL5HPStwNw-UrTObc1H4Xr3BI_8FIYqXQ&tduid=(9d370126878cc542a1f4dc177390473f)(256380)(2459594)(TnL5HPStwNw-UrTObc1H4Xr3BI_8FIYqXQ)()
https://support.microsoft.com/en-us/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server
