Related questions

migrating or transferring Primary DC as secondary DC and secondary DC as Primary DC with DNS

2018-07-12 05:14 ITndian Guy imported from Stackoverflow

Need the best practices for migrating or transferring Primary DC as secondary DC and secondary DC as Primary DC.Also please guide how the DNS will work once roles are transferred

PDC - mydc1 (2008r2Windows)

SDC - mydc2 (2012r2Windows)

Want to make mydc2 (2012r2Windows) as PDC and mydc1 (2008r2Windows) as SDC

Also guide me do i need to transfer the DNS roles also i need the mydc2 (2012r2Windows) to have those roles

See also questions close to this topic

  • LDAP Connect with PHP Q&A

    I really wanted to post this somewhere so it can be found easier. There isn't many tutorials regarding LDAP PHP User Login right up front in the search engine. I also had minor config oops because I'm a noob in this area. So I wanted to post those corrections as well. This code was originally created by Joe @ exchangecore.com. I have made alterations and editions. The ones I will notate however, are the ones that confused me.

    Here is the code:

    <?php

if(isset($_POST['username']) && isset($_POST['password'])):

    $adServer = "ldap://my-activedirectory.domain.local";

    $ldap = ldap_connect($adServer);
    $username = $_POST['username'];
    $password = $_POST['password'];

    if(!$username || !$password):

    echo "somethings empty!";

    else:

    $ldaprdn = $username . "@domain.local";

    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);

    $bind = @ldap_bind($ldap, $ldaprdn, $password);


    if ($bind) {
        $filter="(sAMAccountName=$username)";
        $result = ldap_search($ldap,"dc=domain,dc=local",$filter);
        ldap_sort($ldap,$result,"sn");
        $info = ldap_get_entries($ldap, $result);
        for ($i=0; $i<$info["count"]; $i++)
        {
            if($info['count'] > 1)
                break;
            echo "<p>You are accessing <strong> ". $info[$i]["sn"][0] .", " . $info[$i]["givenname"][0] ."</strong><br /> (" . $info[$i]["samaccountname"][0] .")</p>\n";
            echo '<pre>';
            var_dump($info);
            echo '</pre>';
            $userDn = $info[$i]["distinguishedname"][0]; 
        }
        @ldap_close($ldap);
    } else {
        $msg = "Invalid email address / password";
        echo $msg;
    }

    endif;

else:
?>
    <form action="#" method="POST">
        <label for="username">Username: </label><input id="username" type="text" name="username" /> 
        <label for="password">Password: </label><input id="password" type="password" name="password" />        <input type="submit" name="submit" value="Submit" />
    </form>
<?php endif; ?>

    So the parts you need to configure are:

    $adServer = "ldap://my-activedirectory.domain.local";

    and

    $ldaprdn = $username . "@domain.local";

    and

    $result = ldap_search($ldap,"dc=domain,dc=local",$filter);

    Now when I attempted this the $username line I told you to configure was written like this:

    $ldaprdn = 'mydomain' . "\\" . $username;

    You should know, in the future, this needs to be configured to how your login is actually going to read it. My system was not going to read it as DOMAIN\WADE. It needed to read it as WADE@DOMAIN.LOCAL.

    Thats really all there is to it. The next part is in the event you run into other LDAP scripts.

    I wanted to pull Active Directory data and I kept messing up the config. It would work. I am going to show you so you have an idea for what to look for yourself.

    In this case, just wanting to pull AD info, I came across this line:

    $ldap_connection = ldap_connect("domain.tld");

    Firstly, I didn't know what .tld was. tld stands for Top Level Domain. It is the "extension: portion of your domain name. So if you have www.google.com, the tld is com. Secondly, I thought I needed to put the AD server here. That wasn't the case. You simple need the domain.

    Now another line I came across was this:

    $ldap_base_dn = 'DC=domain,DC=tld,DC=tld';

    Again, I hadn't figured out TLD, but now ya know! In this portion you would breakable your whole domain spell out, and only use what you need. Since I saw two "DC=tld" parts, I thought I needed that. Now if you are in a multi master environment you may probably need to use them. I am and I only needed one. So if your domain is my-activedir.local it would be:

    $ldap_base_dn = 'DC=my-activedir,DC=local';

    So I switched domain to the name portion, and the tld to the end of my domain.

    That is all. Enjoy!

  • Querying Active Directory using C# for user email by employee ID

    Is it possible to get a user's email from Active Directory using employeenumber as the query term?

    I am using C#'s System.DirectoryServices and am a little bit lost. The previous developer at my company was using this process, but he had an email and was querying for the employee number. I have changed it to what I believe it should be, but to be honest, I don't understand the code that well.

    Is there something wrong with my code? every time i run it, I get a Null Reference error on the DirectoryEntry up_user = line. I assume it is because the previous line is not getting any entities.

    Also, is there any good documentation on this topic? Everywhere I look, the posts are from 2011 or 2013.

    I have the following: 

    try
{
    string email = string.Empty;
    ContextType authenticationType = ContextType.Domain;
    PrincipalContext principalContext = new PrincipalContext(authenticationType, "MATRIC");
    UserPrincipal userPrincipal = null;

    userPrincipal = UserPrincipal.FindByIdentity(principalContext, empnum);

    DirectoryEntry up_User = (DirectoryEntry)userPrincipal.GetUnderlyingObject();
    DirectorySearcher deSearch = new DirectorySearcher(up_User);
    SearchResultCollection results = deSearch.FindAll();
    if (results != null && results.Count > 0)
    {
        ResultPropertyCollection rpc = results[0].Properties;
        foreach (string rp in rpc.PropertyNames)
        {
            if (rp == "mail") 
            {
                email = rpc["mail"][0].ToString();
            }
        }

        if (email != string.Empty)
        {
            return email;
        }

        return null;
    }
            return null;
}
catch (Exception ex)
{
    throw ex;
}
  • Command to List Users From Multiple AD Groups WITH Each Group Name

    I'm trying to get a list of AD group members with each Group's members listed separately. I can list out all members of all groups, but how to separate the membership of each group?

    This is what I'm running:

    get-ADGroup -Server "<server_name>" -filter {Name -like  "*<common_text_in_each_group's_name*"} | get-ADGroupMember

    Unfortunately I'm trying to do this in a one-liner because when I try to create a ps1 file and run it, I get an error that it cannot find the groups in the domain my local machine is logged in to. I.E, the -Server argument doesn't work. All the groups are in a different domain from the machine I'm running PS on.

    When I did try creating a script/ps1 file, this is what I tried:

    $Groups = (Get-AdGroup -server '<server_name>' -filter * | Where {$_.name -like "*_some_text*"} | select name -expandproperty name)


$Table = @()

$Record = [ordered]@{
"Group Name" = ""
"Name" = ""
"Username" = ""
}



Foreach ($Group in $Groups)
{

$Arrayofmembers = Get-ADGroupMember -identity $Group | select name,samaccountname

foreach ($Member in $Arrayofmembers)
{
$Record."Group Name" = $Group
$Record."Name" = $Member.name
$Record."UserName" = $Member.samaccountname
$objRecord = New-Object PSObject -property $Record
$Table += $objrecord

}

}

$Table | export-csv "C:\temp\x_Groups.csv" -NoTypeInformation