- Log on to the computer as a member of the Domain Admins group.
- Open Active Directory Users and Computers.
- Click View, and then click Advanced Features.
- First, clear permissions on the OU for which you want to remove protection. To do this, right-click the OU, and then click Properties.
- In OU Properties, click the Security tab, and then click Advanced.
- In Permission Entries, select the Deny entry for the Everyone group, and then click Remove.
- Click OK to close the Advanced Security Settings, and then click OK to close OU Properties.
- Second, clear permissions on the parent container of the OU for which you want to remove protection. To do this, right-click the parent container, and then clickProperties.
- In ContainerProperties, click the Security tab.
- In Group or user names, select the Everyone group, and then clear the Deny check box for Delete All Child Objects, and then click OK to close Container Properties.
Wednesday, 6 April 2016
To remove protection that prevents an OU from accidental deletion
Tuesday, 5 April 2016
DHCP - Event ID 1046 - Authorized issue.
To resolve this issue, follow these steps:
- Start the Active Directory Service Interfaces (ADSI) Edit MMC snap-in. To do this, follow these steps:
- Click Start, click Run, type Adsiedit.msc, and then click OK.
- Click Tools, and then click ADSI Edit.
- In the console tree, expand the Configuration container, expand CN=Configuration, expand CN=Services, and then expand CN=NetServices.
- In the details pane, you may find objects that resemble the following:CNF:<GUID>,CN=NetServices,CN=Services,CN=Configuration, domain
- Right-click the objects, and then click Delete.
- Exit the ADSI Edit MMC snap-in.
Force Active Directory replication on a domain controller
In order to force Active Directory replication, issue the command ‘repadmin /syncall /AeD’ on the domain controller. Run this command on the domain controller in which you wish to update the Active Directory database for. For example if DC2 is out of Sync, run the command on DC2.
A = All Partitions
e = Enterprise (Cross Site)
D = Identify servers by distinguished name in messages.
By default this does a pull replication - which is how AD works by default. If you want to do a push replication use the following command:
repadmin /syncall /APeD
P = Push
You want to do a push replication if you make changes on a DC and you want to replicate those changes to all other DC's. For example, you make a change on DC1 and you want all other changes to get that change instantly, run repadmin /syncall /APeD on DC1.
For view the replication status
repadmin /showrepl
repadmin /showrepl <dcname>
repadmin /showrepl * /csv >showrepl.csv
A = All Partitions
e = Enterprise (Cross Site)
D = Identify servers by distinguished name in messages.
By default this does a pull replication - which is how AD works by default. If you want to do a push replication use the following command:
repadmin /syncall /APeD
P = Push
You want to do a push replication if you make changes on a DC and you want to replicate those changes to all other DC's. For example, you make a change on DC1 and you want all other changes to get that change instantly, run repadmin /syncall /APeD on DC1.
For view the replication status
repadmin /showrepl
repadmin /showrepl <dcname>
repadmin /showrepl * /csv >showrepl.csv
Saturday, 31 October 2015
Port Forwarding in Cisco Router
To
forward your services you would type in the following
ip nat inside source static <protocol> <inside IP address> <inside port #> <Inside Global IP or Interface> <External Portx>
Example for Remote Desktop Connection
ip nat inside source static tcp 172.16.1.126 3389 fastethernet 0/1 3389
The first IP is the server inside your network. The FastEthernet 0/1 would be an example of the port you have connect to your DSL Modem , Cable Modem, or whatever you have it hooked into to get Internet.
ip nat inside source static <protocol> <inside IP address> <inside port #> <Inside Global IP or Interface> <External Portx>
Example for Remote Desktop Connection
ip nat inside source static tcp 172.16.1.126 3389 fastethernet 0/1 3389
The first IP is the server inside your network. The FastEthernet 0/1 would be an example of the port you have connect to your DSL Modem , Cable Modem, or whatever you have it hooked into to get Internet.
Thursday, 13 August 2015
Cisco Router Site to Site VPN
R1(config)# crypto isakmp policy 1
R1(config-isakmp)# encr 3des
R1(config-isakmp)# hash md5
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 2
R1(config-isakmp)# lifetime 86400
R1(config)# crypto isakmp key firewallcx address 1.1.1.2
R1(config-ext-nacl)# permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
R1(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmac
R1(config-crypto-map)# set peer 1.1.1.2
R1(config-crypto-map)# set transform-set TS
R1(config-crypto-map)# match address VPN-TRAFFIC
R1(config- if)# crypto map CMAP
R2(config-isakmp)# encr 3des
R2(config-isakmp)# hash md5
R2(config-isakmp)# authentication pre-share
R2(config-isakmp)# group 2
R2(config-isakmp)# lifetime 86400
R2(config)# crypto isakmp key firewallcx address 1.1.1.1
R2(config)# ip access-list extended VPN-TRAFFIC
R2(config-ext-nacl)# permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
R2(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmac
R2(config)# crypto map CMAP 10 ipsec-isakmp
R2(config-crypto-map)# set peer 1.1.1.1
R2(config-crypto-map)# set transform-set TS
R2(config-crypto-map)# match address VPN-TRAFFIC
R2(config)# interface FastEthernet0/1
R2(config- if)# crypto map CMAP
Network Address Translation (NAT) and IPSec VPN Tunnels
R1(config)# ip nat inside source list 100 interface fastethernet0/1 overload
R1(config)# access-list 100 remark -=[Define NAT Service]=-
R1(config)# access-list 100 deny ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
R1(config)# access-list 100 permit ip 10.10.10.0 0.0.0.255 any
R1(config)# access-list 100 remark
R2(config)# ip nat inside source list 100 interface fastethernet0/1 overload
R2(config)# access-list 100 remark -=[Define NAT Service]=-
R2(config)# access-list 100 deny ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
R2(config)# access-list 100 permit ip 20.20.20.0 0.0.0.255 any
R2(config)# access-list 100 remark
R1# show crypto session
Thursday, 30 July 2015
Bare metal restore
A bare metal restore is the process of reformatting a computer from scratch after a catastrophic failure. Typically the process involves reinstalling the operating system and software applications and then, if possible, restoring data and settings.
Volume Shadow Copy Service (VSS)
VSS is a set of Component Object Model (COM) application programming interfaces (APIs) that provides standardized interfaces, enabling third-party backup and restoration software to centrally manage the backup and restore operations on a variety of applications. VSS also implements a framework that enables volume backups to be performed while applications on a system continue to write to the volumes.
VSS has three components:
- Requestor—The application that requests the creation of a shadow copy.
- Provider—The interface that provides the functionality to actually make the shadow copy.
- Writer—Application-specific software that acts to ensure that application data is ready for shadow copy creation.
Requestors, providers, and writers communicate in the VSS framework to create and restore volume shadow copies. A shadow copy of a volume duplicates all the data held on that volume at one well-defined instant in time.
A requestor initiates the backup and restore processes. The provider controls the processes and instructs a writer to prepare a dataset for backup. When everything is ready, a requestor then instructs a provider to create a shadow copy.
Subscribe to:
Posts (Atom)