Changing SID of cloned VMs

The fastest way to build a larger virtual environment (either test or production), is to install one VM and then clone it. This process is not the same for every environment. Additionally, it depends on the mechanism of the VM cloning process.

Additionally, every computer in the AD domain has its own identification. This identification is not its name. The computer name is useful for us. Moreover, this identifier must be unique.

Continue reading

Windows Server 2012 NIC Teaming

One of the biggest improvements in Windows Server 2012 is a feature of NIC teaming. At first glance, it is not a big deal; NIC teaming exists for years. Yes, there is a teaming feature, but not on all systems. Additionally, we can make such teaming only between NICs of the same brand and often the same model.

With Windows Server 2012 and later, we can make a team of any NICs in the system. Even more, NICs may have different speeds. Also, we can make more than one team in the same server.

Continue reading

Changing IP address using the command line

There is no doubt that all of you, my readers, can set a static IP address on any Windows machine. It’s so easy task. However, I’ve got a trick question – can you quickly change the IP address? What’s more, can you perform this operation on multiple computers in a short time?

Yes, you can do that manually. However, doing this manually we can make a mistake. You can become bored or simply type a wrong number. Great way to make a havoc.

Continue reading

Dude, what happening to my Windows server?

The successful administration of every server for the great part depends on your capability to have an insight into the server’s daily operations. We may have a general picture about the status of a particular service, like an e-mail or database, and still be missing crucial signs of the improper operations on a daily level.

The simplest way to monitor any server, including Windows servers, is the SNMP monitoring of the essential parameters – CPU load, RAM usage or free disk space. Mikrotik Dude can assist us in this task.

Continue reading

NETLOGON event 5807

Recently, I found a lot of NETLOGON warnings in the system log. As I know my network is very clean, I was very curious about this. Every anomaly in my network requires careful examination.

After analysis of the log file, I found the root cause of this warning. Over time, we added some servers in the test network and at the same time added them to the AD domain. However, I omitted to define this subnet range in the AD site structure.


Continue reading

Enabling Windows features from the command line

Windows Server has available only the basic services after installation. We can enable additional features on request. We may later enable other features, like SNMP service. In addition, sometime we have to do that from a script or command line.

We have a powerful command for such task – DISM. This command can be used with both online Windows folders and offline installation disks.

Continue reading

How to troubleshoot the Kerberos error 4771 and locked user accounts

When user try to login on the workstation, he or she needs to provide correct username and password. Workstation will contact a domain controller (DC) and try to obtain a Kerberos ticket for the user. In case that an username and a password are correct, DC will return a Kerberos ticket on ticket or TGT to that workstation. After that, user have TGT associated with his username across whole Active Directory (AD) site.

However, more interesting problem arise when an user didn’t provide correct username or a password. After few wrong passwords, often 3, the account will be locked. And then we need to either wait some time for system to unlock that account automatically or we must manually unlock an user account.

Such error is recorded in DC Security log as the Kerberos error 4771 on the Kerberos Authentication Service.

Continue reading