Related questions

migrating or transferring Primary DC as secondary DC and secondary DC as Primary DC with DNS

2018-07-12 05:14 ITndian Guy imported from Stackoverflow

Need the best practices for migrating or transferring Primary DC as secondary DC and secondary DC as Primary DC.Also please guide how the DNS will work once roles are transferred

PDC - mydc1 (2008r2Windows)

SDC - mydc2 (2012r2Windows)

Want to make mydc2 (2012r2Windows) as PDC and mydc1 (2008r2Windows) as SDC

Also guide me do i need to transfer the DNS roles also i need the mydc2 (2012r2Windows) to have those roles

See also questions close to this topic

  • How to query only specific LDAP domains out of the ADAS forest

    I have a situation where in my application queries Global Catalog over 3269 port for fetching a DN, it always expects a unique result for each user query and it throws exception if the result is more than one CN for same user (If user is part of more than one AD group). I want to avoid this situation by querying only 2 domains out of complete set of domains in the forest, please guide me if i can achieve this by any filter on Global Catalog query or is it possible to query two domains at the same time , thanks in advance.

  • Find Inactive Ad users but Guest

    I have been using the below code to find inactive Ad users who haven't logged in in the last 30 days, which is working pretty well.

    Now I want to exclude a few users from the results which I need help on. I want to exclude Guest and krbtgt, potentially also excluding any accounts with the terms temporary or template.

    import-module activedirectory 
$domain = "%domain%" 
$DaysInactive = 30 
$time = (Get-Date).Adddays(-($DaysInactive))

# Get all AD User with lastLogonTimestamp less than our time and set to enable
Get-ADUser -Filter {LastLogonTimeStamp -lt $time -and enabled -eq $true} -Properties LastLogonTimeStamp |

# Output Name and lastLogonTimestamp into CSV
select-object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv %ltsvcdir%\Nem\InactiveUsers.csv -notypeinformation
  • SetAccessRule - Some or all Identity references could not be translated

    I have a script that creates a directory and a group in Active Directory. Only users in the group will have access to the directory. Most of the time it works just fine without any problems, but sometimes I get an Exception and I don't know why. Any ideas what the problem is?

    My code:

    [...]

New-ADGroup -Server $adserver -Path $adpath -Description $description -Name $groupname -GroupScope DomainLocal -GroupCategory Security
New-Item -Path $dirpath -Name "$dirname" -ItemType "directory"

Start-Sleep -s 30     #wait to make sure directory is created

$dp = "$dirpath\$dirname"

$Acl = Get-Acl $dp

#fileradmingroup
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($admingroup,"FullControl","ContainerInherit,ObjectInherit","None","Allow")
$Acl.SetAccessRule($Ar) 
Set-Acl $dp $Acl

#remove inherited permissions
$Acl.SetAccessRuleProtection($true,$false) 
Set-Acl -Path $dp -AclObject

#new created group $groupname
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($groupname,"DeleteSubdirectoriesAndFiles, Write, ReadAndExecute, Synchronize","ContainerInherit,ObjectInherit","None","Allow")
$Acl.SetAccessRule($Ar)     #this is the line where the exception occurs
Set-Acl $dp $Acl

[...]

    And here is the Exception:

    Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity
references could not be translated."
At L:\Skripte\Skript2.ps1:178 char:9
+     $Acl.SetAccessRule($Ar)
+     ~~~~~~~~~~~~~~~~~~~~~~~
   + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
   + FullyQualifiedErrorId : IdentityNotMappedException