Installing Ubiquiti UniFi Controller 5 on Raspberry Pi

Installing Ubiquiti UniFi Controller 5 on Raspberry Pi
UniFi

The next step is to install the UniFi Controller software.

Add the UniFi repository to the sources list, using the following commands:

echo 'deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti' | sudo tee -a /etc/apt/sources.list.d/ubnt.list > /dev/null
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
sudo apt-get update

Install UniFi, using the following package install command:

sudo apt-get install unifi -y

*The installation takes a couple of minutes to complete, but is fully automated and includes all the prerequisite components such as MongoDB and OpenJDK Java 7.

Disable the default MongoDB database instance, using the following commands:

echo 'ENABLE_MONGODB=no' | sudo tee -a /etc/mongodb.conf > /dev/null

Without making this small configuration change, you will have two separate instances of MongoDB running; an unused default database instance, and the UniFi database instance. This is obviously not desirable on a device with limited resources, such as the Raspberry Pi.

Update to the latest release of the Snappy Java Library, using the following commands:

cd /usr/lib/unifi/lib
sudo rm snappy-java-1.0.5.jar
sudo wget http://central.maven.org/maven2/org/xerial/snappy/snappy-java/1.1.3-M1/snappy-java-1.1.3-M1.jar
sudo ln -s snappy-java-1.1.3-M1.jar snappy-java-1.0.5.jar

*This fixes a number of issues particularly with the older models of Raspberry Pi, but also brings the library well up-to-date as the version Ubiquiti includes with the UniFi package is from 2013.

Once completed, reboot your Raspberry Pi using the following command:
sudo reboot

When the reboot is complete, use a web browser to view HTTPS port 8443 on your Raspberry Pi:

https://(hostname.local/ip):8443

Updating

Before updating the UniFi Controller software, it is highly recommended that you first backup the controller configuration.

To update the UniFi Controller software to the latest version, simply use the standard Debian package update and upgrade commands:

sudo apt-get update && sudo apt-get upgrade -y

The UniFi Controller software will be updated along with all other packages installed on your Raspberry Pi.

Alternatively, if you just want to update the UniFi Controller software only, run the initial package installation command again:

sudo apt-get install unifi -y

 

Flash Drive with Multiple Versions of Windows

How to Create a Master Installation Flash Drive with Multiple Versions of Windows

wmi_top

You’ve got your collection of Windows ISOs and maybe you’ve burned installation DVDs or flash drives for them. But why not make yourself a master installation drive that you can use to install any version of Windows?

Setting up a bootable USB Drive that includes multiple ISOs is actually pretty easy, We’re going to do it using a clever little free tool named WinSetupFromUSB, so go ahead and download the latest version of that. You can even include some non-windows ISOs on the disk, like Linux distributions and antivirus rescue disks. For a complete list of what you can include on your USB drive, check out their supported sources page. There is one important note from that page worth calling out. The tool works with single Windows ISOs from Microsoft. If you have a dual ISO that includes both the 32-bit and 64-bit versions of Windows, you won’t be able to use it. But you can always download single ISOs (one for 32-bit and one for 64-bit) and stick them both on the USB if you need to.

Next, make sure you have blank USB drive big enough to hold all the ISOs you want to install, along with a little extra space. A 16 GB drive should give you enough space for two or three versions of Windows. If you have a 32 GB drive, you should be able to fit all the versions of Windows you could want. If you want to include other ISOs as well, you might need a bigger drive.

WinSetupFromUSB is a portable tool, so there’s no installation. Once you have it downloaded, double-click the archive to extract the files a new folder. If you’re running a 64-bit version of Windows, run the executable with “x64” in the name. If you’re running a 32-bit version of Windows, run the file without the “x64” in the name.

wmi_1

If you already had your USB drive inserted when you launched the tool, it should be listed in the box at the top of the window. If you didn’t have it inserted already, go ahead and plug it in now and then click Refresh.

wmi_2

Next, click the “Advanced Options” check box.

wmi_3

Instead of working like a regular check box, clicking it opens an “Advanced Options” dialog box. In the Advanced Options dialog, select the “Custom menu names for Vista/7/8/10/Server Source” check box. This setting allows you to provide your own names for the folders in which the Windows ISOs are stored and the boot menu names you see when you start a computer using the USB drive. You can close the “Advanced options” dialog when you’re done.

wmi_4

Now comes the somewhat tricky part. You’ll be adding Windows versions one at a time. The first time you add something to the USB drive (and only the first time), you’ll want to make sure that the “Auto format it with FBinst” check box is selected. This lets WinSetupFromUSB format the drive appropriately for booting. If you know you’ll be booting a computer in UEFI mode (or if you’re unsure), then select the “FAT32” option. Otherwise, you can use the “NTFS” option.

wmi_5

Next, select your first Windows ISO. Select the check box next to the “Windows Vista / 7 / 8 / 10 /Server 2008/2012 based ISO” section and then click the browse button (“…”) to its right. Locate and open the ISO you want to add.

wmi_6

If it’s a large ISO and you’re using the FAT32 file system, you may get a notification that the file is too large and will be split in two. That’s fine, so go ahead and click OK.

wmi_7

Double-check that you have the correct USB drive selected at the top of the window and that the right ISO is shown in the box. Then, click “GO.”

wmi_8

If you’re using a large USB drive, you may get a warning asking if you’re sure that’s the drive you want to use. Go ahead and click “Yes.”

wmi_9

If the auto format option is enabled (and it should be for the first ISO you add to a disk), you’ll also get a warning letting you know that the drive will be formatted and anything on it will be erased. Click “Yes” to continue.

wmi_10

WinSetupFromUSB will now format the drive and then pop up a window where you can enter a custom folder name for the ISO that’s between 1 and 7 characters. If you don’t type anything for 30 seconds, the default will be used automatically.

wmi_11

A similar window will now open that lets you type a custom name that should appear in the boot menu. This time, the name can be between 5 and 35 characters, so you have a bit more room to be specific. And again, you have 30 seconds to type a new name before the default is used automatically.

wmi_12

At this point, WinSetupFromUSB will begin creating folders, adding the ISO to your USB drive, and adding the options to the boot menu. This can take several minutes and you can gauge the progress in the window’s status bar.

wmi_13

When WinSetupFromUSB is done, you’ll get a simple “Job done” confirmation window. Click “OK.”

wmi_14

WinSetupFromUSB now returns you to the main window. You can exit the program or you can continue adding additional ISOs to your boot disk. You’ll add additional ISOs using the same process, but there are a couple of things to keep in mind as you do it:

  • When you add additional ISOs to an existing boot disk, make sure the “Auto format it with FBinst” check box is not selected. It won’t be by default when you return to the window (or when you start the program again), but it doesn’t hurt to make sure. You only want to format the disk with the very first ISO you add.
  • You’ll need to click “Advanced Options” and enable the “Custom menu names for Vista/7/8/10/Server Source” check box each time you add a new ISO. Make sure you don’t forget this step before clicking Go or you won’t be able to add a custom name for the ISO to your menu.

But that’s it. Otherwise, just follow the same steps each time you want to add a new ISO to the boot disk. You don’t have to add them all in one session either. You can come back any time and add something new. When you’re done, you can boot up a computer using your USB drive (which you may be able to do even if your BIOS won’t let you) and be rewarded with a nice boot menu like this:

wmi_15

While it doesn’t sport the most intuitive interface, WinSetupFromUSB is lightweight and works well. And once you get the hang of adding ISOs to the package, it’s a breeze to set yourself up with a powerful boot disk that will let you install whatever version of Windows you want, as well as a number of other bootable tools.

DPI Settings on RDP Sessions

Do you have a computer with High-DPI screen? A very high resolution display? And is everything too small to see within your Remote Desktop Connection, try this solution…

This issue is caused by lack of not being DPI scaling aware of the Remote Desktop Client. If you open a Remote Desktop connection to a server or other computer the native resolution of the computer is used instead of the scaling to 1920×1080, so you’ll get very small icons etc.

1.

First tell Windows to look for a manifest file for an application by default. This can be done by setting a registry entry.

Open regedit and navigate to the registry key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide
Right-click, select NEW -> DWORD (32 bit) Value
Type PreferExternalManifest and then press ENTER.
Right-click PreferExternalManifest, and then click Modify.
Enter Value Data 1 and select Decimal.
Click OK. Exit Registry Editor.

2.

Next step is to make a manifest file, , you can download it here.  Important is that you save the file in the same directory as the Remote Desktop Client executable (mstsc.exe).
%SystemRoot%\System32\”

3.

Now try and connect with Remote Desktop again.

 

VBS Scripts – Drives,Printers & Fonts

Drives.vbs

'Remove Drives

ON ERROR RESUME NEXT

DIM objNetwork,colDrives,i

SET objNetwork = CREATEOBJECT("Wscript.Network")

SET colDrives = objNetwork.EnumNetworkDrives

FOR i = 0 to colDrives.Count-1 Step 2
 ' Force Removal of network drive and remove from user profile 
 ' objNetwork.RemoveNetworkDrive strName, [bForce], [bUpdateProfile]
 objNetwork.RemoveNetworkDrive colDrives.Item(i),TRUE,TRUE
NEXT

'Connect Drives

On Error Resume Next

Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Shell.Application")
brugernavn = objNetwork.UserName

' Attach Share
objNetwork.MapNetworkDrive "H:", "\\Server\Share", TRUE
objShell.NameSpace("H:").Self.Name = "Share"

' Attach User Share
objNetwork.MapNetworkDrive "U:", "\\Server\UserShare\" & brugernavn, TRUE
objShell.NameSpace("U:").Self.Name = brugernavn & "´s dokumenter"

Printers.vbs

Set objNetwork = CreateObject("WScript.Network")

on error resume next

objNetwork.AddWindowsPrinterConnection "\\Server\Printer1"
objNetwork.AddWindowsPrinterConnection "\\Server\Printer2"

objNetwork.RemovePrinterConnection "\\Server\Printer3"


objNetwork.SetDefaultPrinter "\\Server\Printer1"

FontInstall.vbs

Const FONTS = &H14&

Set objShell = CreateObject("Shell.Application")
Set objFolder = objShell.Namespace(FONTS)
objFolder.CopyHere "\\Server\Share\Fonts\HelveticaNeueLTStd-Cn.otf"

 

Robocopy Scripts – Sync network shares

Robocopy Script 

@ECHO OFF
SETLOCAL

SET _source=\\Server1\Share1
SET _dest=D:\Shares\Share2

SET _what=/ZB /E
:: /COPYALL :: COPY ALL file info
:: /ZB :: Use restartable mode; if access denied use Backup mode
:: /SEC :: copy files with SECurity
:: /E :: Copy Subfolders, including Empty Subfolders.
:: /PURGE :: Delete dest files/folders that no longer exist in source.
:: /MIR :: MIRror a directory tree - equivalent to /PURGE plus all subfolders (/E)

SET _options=/R:5 /W:5 /XO /TEE /ETA /NDL /NP 
/LOG:RoboCopyLog.txt
:: /R:n :: number of Retries
:: /W:n :: Wait time between retries
:: /LOG :: Output log file
:: /TEE :: Output to console window, as well as the log file
:: /NFL :: No file logging - don’t log file names
:: /NDL :: No dir logging - don’t log directory names

ROBOCOPY %_source% %_dest% %_what% %_options%

blat.exe -f Administrator@email.dk -to me@email.dk -server smtpserver.dk -subject "RoboCopy Sync" -body "Robocopy script has completed" -attach RoboCopyLog.txt

:: Remember to copy blat.exe to "%SystemDrive%\Windows\System32\"

:: You can also download RoboMirror

Outlook – Error “The name of the security certificate is invalid or does not match the name of the site.”

Problem
Seen in Outlook when connecting to a mailbox on an Exchange Server, its caused by using a self signed certificate OR a purchased certificate, where the internal and external names are different.

 

Solution
1. On the Exchange Server > Start > All Programs > Microsoft Exchange Server {version} > Exchange Management Console.
Exchange 2016
Set-ClientAccessService -Identity <server> -AutoDiscoverServiceInternalUri https://mail.mydomain.com/autodiscover/autodiscover.xml

Set-OwaVirtualDirectory -Identity "<server>\OWA (Default Web Site)" -ExternalUrl https://mail.mydomain.com/owa -InternalUrl https://mail.mydomain.com/owa

Set-EcpVirtualDirectory -Identity "<server>\ECP (Default Web Site)" -ExternalUrl https://mail.mydomain.com/ecp -InternalUrl https://mail.mydomain.com/ecp

Set-WebServicesVirtualDirectory -Identity "<server>\EWS (Default Web Site)" -ExternalUrl https://mail.mydomain.com/EWS/Exchange.asmx -InternalUrl https://mail.mydomain.com/EWS/Exchange.asmx

Set-ActiveSyncVirtualDirectory -Identity "<server>\Microsoft-Server-ActiveSync (Default Web Site)" -ExternalUrl https://mail.mydomain.com/Microsoft-Server-ActiveSync -InternalUrl https://mail.mydomain.com/Microsoft-Server-ActiveSync

Set-OabVirtualDirectory -Identity "<server>\OAB (Default Web Site)" -ExternalUrl https://mail.mydomain.com/OAB -InternalUrl https://mail.mydomain.com/OAB

Set-MapiVirtualDirectory -Identity "<server>\mapi (Default Web Site)" -ExternalUrl https://mail.mydomain.com/mapi -InternalUrl https://mail.mydomain.com/mapi

Set-ClientAccessServer -Identity <server> AutoDiscoverServiceInternalUri https://mail.mydomain.com/Autodiscover/Autodiscover.xml

Set-OutlookAnywhere -Identity "<server>\RPC (Default Web Site)" -ExternalHostname mail.mydomain.com -InternalHostname mail.mydomain.com -ExternalClientsRequireSsl $true -InternalClientsRequireSsl $true -DefaultAuthenticationMethod NTLM
Exchange 2010 and SBS 2011 (change the values in red)

Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “EXCHANGE-MAIL\EWS (Default Web Site)” –InternalUrl https://mail.publicdomain.co.uk/EWS/Exchange.asmx

Set-OABVirtualDirectory -Identity “EXCHANGE-MAIL\OAB (Default Web Site)” -InternalURL https://mail.publicdomain.co.uk/OAB

Set-ActiveSyncVirtualDirectory -Identity “EXCHANGE-MAIL\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://mail.publicdomain.co.uk/Microsoft-Server-Activesync

Outlook Anywhere Note

If you intend to use Outlook Anywhere, you may also want to execute the following command. Particularly if you use SBS, which has a habit of setting remote.publicdomain.com as the default outside name.

Set-WebServicesVirtualDirectory –Identity ‘EXCHANGE-MAIL\EWS (Default Web Site)’ –ExternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx

Exchange 2007 (change the values in red)

Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “EXCHANGE-MAIL\EWS (Default Web Site)” -InternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “EXCHANGE-MAIL\oab (Default Web Site)” -InternalUrl https://mail.publicdomain.co.uk/oab

Set-UMVirtualDirectory -Identity “EXCHANGE-MAIL\unifiedmessaging (Default Web Site)” -InternalUrl https://mail.publicdomain.co.uk/unifiedmessaging/service.asmx
For Small Business Server 2008
For SBS 2008 the commands are Different! (the following commands are for Exchange 2007 on SBS 2008 ONLY;

Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “EXCHANGE-MAIL\EWS (SBS Web Applications)” -InternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “EXCHANGE-MAIL\oab (SBS Web Applications)” -InternalUrl https://mail.publicdomain.co.uk/oab

et-UMVirtualDirectory -Identity “EXCHANGE-MAIL\unifiedmessaging (SBS Web Applications)” -InternalUrl https://mail.publicdomain.co.uk/unifiedmessaging/service.asmx
Note: where EXCHANGE-MAIL is internal and mail.publicdomain.co.uk is external name

2. Then open the IIS Manager Expand Application Pools > MSExchangeAutodiscoverAppPool > Right Click > Recycle.
Note: You may have to enter the FQDN of the server rather than its Netbios name!!

Linux – Expand a Hard Disk with Ubuntu LVM

After you make the additional space available in VMWare/Xen/Hyper-V, first reboot your Ubuntu server so it can see the new free space (commenter Michal, below, points out that you can avoid this restart by asking the kernel to rescan the disk with ‘echo 1 > /sys/class/block/sda/device/rescan’). Then we’ll run the GNU partition editor to examine our disk:

root@myserver:/# parted
GNU Parted 2.2
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print free
Model: VMware Virtual disk (scsi)
Disk /dev/sda: 42.5GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos 
Number  Start   End     Size    Type      File system  Flags
        32.3kB  32.8kB  512B              Free Space
 1      32.8kB  255MB   255MB   primary   ext2         boot
        255MB   255MB   8192B             Free Space
 2      255MB   16.1GB  15.8GB  extended
 5      255MB   16.1GB  15.8GB  logical                lvm
 3      16.1GB  21.5GB  5365MB  primary
        21.5GB  21.5GB  6856kB            Free Space 
        21.5GB  42.5GB  21.0GB            Free Space <------
You can see your free space, so let’s partition it:
cfdisk

Pick your free space, select New, then choose a Primary or Logical partition. For a small server, it probably doesn’t matter too much, but remember in x86 Linux that you can have a maximum of 4 primary + extended partitions per disk. Beyond that, you’ll need to begin adding logical partitions in your extended partitions.

Select the Write command to create the partition, then (if necessary) reboot your system.

When your system comes back up, check on your new partition:

fdisk-l /dev/sda
Disk /dev/sda: 42.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/Osize (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000d90ee
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1*           1          31      248832   83  Linux
Partition 1 does not end on cylinder boundary.
/dev/sda231        1958    15476768    5  Extended
/dev/sda31958        2610     5239185   83  Linux
/dev/sda42610        3608    16815191   83  Linux <-----
/dev/sda531        1958    15476736   8e  Linux LVM 
So now let’s pull it into our LVM configuration. First we’ll create the physical volume:
$ pvcreate /dev/sda4
  Physical volume "/dev/sda4"successfully created
Let’s take a look at our physical volumes:
$ pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda5
  VG Name               ubuntu-1004
  PV Size               14.76 GiB / not usable 2.00 MiB
  Allocatable           yes(but full)
  PE Size               4.00 MiB
  Total PE              3778
  Free PE               0
  Allocated PE          3778
  PV UUID               f3tYaB-YCoK-ZeRq-LfDX-spqd-ggeV-gdsemo
  --- Physical volume ---
  PV Name               /dev/sda3
  VG Name               ubuntu-1004
  PV Size               5.00 GiB / not usable 401.00 KiB
  Allocatable           yes
  PE Size               4.00 MiB
  Total PE              1279
  Free PE               11
  Allocated PE          1268
  PV UUID               rL0QG1-OmuS-d4qL-d9u3-K7Hk-4a1l-NP3DtQ
  "/dev/sda4"is a new physical volume of "20.00 GiB"
  --- NEW Physical volume ---
  PV Name               /dev/sda4
  VG Name
  PV Size               20.00 GiB
  Allocatable           NO
  PE Size               0
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               uaJn0v-HbRz-YKv4-Ez83-jVUo-dfyH-Ky2oHV 
Now, extend our physical volume group (ubuntu-1004) into our new physical volume (/dev/sda4):
$ vgextend ubuntu-1004 /dev/sda4
  Volume group "ubuntu-1004"successfully extended
The whole purpose of this exercise is to expand the root filesystem, so let’s find our main logical volume:
$ lvdisplay
  --- Logical volume ---
  LV Name                /dev/ubuntu-1004/root
  VG Name                ubuntu-1004
  LV UUID                UJQUwV-f3rI-Tsd3-dQYO-exIk-LSpq-2qls13
  LV Write Access        read/write
  LV Status              available
  # open                 1
  LV Size                19.39 GiB
  Current LE             1892
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently setto     256
  Block device           254:0
Now, let’s extend the logical volume to all free space available:
$ lvextend -l+100%FREE /dev/ubuntu-1004/root
Next, extend the filesystem:
$ resize2fs /dev/mapper/ubuntu--1004-root
Finally, let’s check our free space:
df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/ubuntu--1004-root
                       39G   14G   24G  37% /   <---- 
none                  495M  176K  495M   1% /dev
none                  500M     0  500M   0% /dev/shm
none                  500M   36K  500M   1% /var/run
none                  500M     0  500M   0% /var/lock
none                  500M     0  500M   0% /lib/init/rw
/dev/sda1             228M  144M   72M  67% /boot

Outlook – Manually Set up Office 365

Outlook 2013 (PC) Manually Set up for Office 365

Follow these instructions to do so:

1. Go to Control Panel, and click Mail.
2. Click Show Profiles and then click Add.
3. Type in a friendly name for the profile, and click OK.
4. Click to select the Manual setup, and click Next.
5. Click Microsoft Exchange, and then click Next.
6. In the Server box, enter outlook.office365.com.
7. Make sure that the Use Cached Exchange Mode option is selected.
8. In the User Name box, type your name (Eg; ‘John Smith’) and then click More Settings.
9. Click the Security tab, make sure ‘Encryption’ box is unticked and choose Anonymous Authentication.
10. Click the Connection tab.
11. Make sure that the Connect to Microsoft Exchange using HTTP check box is selected, and then click Exchange Proxy Settings.
12. In the ‘Use this URL to connect to my proxy server for Exchange’ box, enter:outlook.office365.com
13. Make sure that the ‘Only connect to proxy servers that have this principal name in their certificate’ check box is selected, and enter: msstd:outlook.com
14. Click both ‘On fast networks, connect using HTTP first, then connect using TCP/IP check box, and ‘On slow networks, connect using HTTP first, then connect using TCP/IP’ check boxes.
15. Under Proxy authentication settings, click Basic Authentication.
16. Click OK twice.
17. Click Check Name. You will be prompted to login. Enter your VUW login ID followed by @staff.vuw.ac.nz (Eg; smithjo@staff.vuw.ac.nz). Tick the box for ‘Remember my credentials’ .
18. When the server name and the user name are displayed with an underline, click Next.
18. Click Finish.

Complete Force Removal of a Domain Controller from Active Directory Guide

Know Your FSMO Locations

Make sure that the DC you are removing is not holding any of the FSMO Roles

i) On any health domain controller, click Start, click Run, type “Ntdsutil” in the Open box, and then click OK
ii) Type “roles”, and then press ENTER
iii) Type “connections”, and then press ENTER
iv) Type “connect to server <servername>”, where <servername> is the name of the server you want to use, and then press ENTER
v) Type “quit”, and then press ENTER
vi) Type “select operation target”, and then press ENTER
vii) Type “list roles for connected server”, and then press ENTER
viii) Review the listed roles and their host, if the DC that wish to remove is not listed proceed to step 4

Seizing FSMO Roles (The Last Resort)

If for what ever reason you can not do a clean transfer you will need to seize it

i) On any health domain controller, click Start, click Run, type “Ntdsutil” in the Open box, and then click OK
ii) Type “roles”, and then press ENTER
iii) Type “connections”, and then press ENTER
iv) Type “connect to server <servername>”, where <servername> is the name of the server you want to use, and then press ENTER
v) Type “quit”, and then press ENTER
vii) Type seize <role>, where <role> is the role you want to seize
viii) You will receive a warning window asking if you want to perform the seize. Click on Yes

***Note***
Do not put the Infrastructure Master (IM) role on the same domain controller as the Global Catalog server. If the Infrastructure Master runs on a GC server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a GC server holds a partial replica of every object in the forest.

Transferring the any hosted FSMO Roles

i) For the RID, PDC, and Infrastructure Master
1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Right-click the icon next to Active Directory Users and Computers, and then click Connect to Domain Controller.NOTE: If you are not on the domain controller where you want to transfer the role ,you need to take this step. It is not necessary if you are connected to the domain controller whose role you want to transfer.
3. Click the domain controller which will be the new role holder, and then click OK.
4. Right-click Active Directory Users and Computers icon, and then click Operation Masters.
5. In the Change Operations Master dialog box, click the appropriate tab (RID, PDC, or Infrastructure) for the role you want to transfer.
6. Click Change in the Change Operations Master dialog box.
7. Click OK to confirm that you want to transfer the role.
8. Click OK.
9. Click Cancel to close the dialog box.

ii) For the Domain Naming Master role
1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Domains and Trusts.
2. Right-click the Active Directory Domains and Trusts icon, and then click Connect to Domain Controller.NOTE: If you are not on the domain controller where you want to transfer the role ,you need to take this step. It is not necessary if you are connected to the domain controller whose role you want to transfer.
3. click the domain controller that will be the new role holder, and then click OK.
4. Right-click Active Directory Domains and Trusts, and then click Operation Masters.
5. In the Change Operations Master dialog box, click Change.
6. Click OK to confirm that you want to transfer the role.
7. Click OK.
8. Click Cancel to close the dialog box.

iii) For the Schema Master Role
1. Click Start, click run, type mmc, and then click OK.
2. On the Console, menu click Add/Remove Snap-in.
3. Click Add.
4. Click Active Directory Schema.
5. Click Add.
6. Click Close to close the Add Standalone Snap-in dialog box.
7. Click OK to add the snap-in to the console.
8. Right-click the Active Directory Schema icon, and then click Change Domain Controller.NOTE: If you are not on the domain controller where you want to transfer the role ,you need to take this step. It is not necessary if you are connected to the domain controller whose role you want to transfer.
9. Click Specify Domain Controller, type the name of the domain controller that will be the new role holder, and then click OK.
10. Right-click Active Directory Schema, and then click Operation Masters.
11. In the Change Schema Master dialog box, click Change.
12. Click OK.
13. Click OK .
14. Click Cancel to close the dialog box.

Attempt a Force Removal

i) As a Domain Admin and in a command prompt type dcpromo /forceremoval
ii) If the force removal did not work pull the plug ( or shut down properly) and never every turn it back on while connected to the network

Clear the Metadata from AD

i) On any health domain controller, click Start, click Run, type “Ntdsutil” in the Open box, and then click OK
ii) Type “metadata cleanup”, and then press ENTER
iii) Type “connections”, and then press ENTER
iv) Type “connect to server <servername>”, where <servername> is the name of the server you want to use, and then press ENTER
v) Type “quit”, and then press ENTER
vi) Type “select operation target”, and then press ENTER
vii) Type “list domains”, and then press ENTER
viii) Type “select domain [n]”, [n] representing the domain, and then press ENTER
ix) Type “list sites”, and then press ENTER
x) Type “select site [n]”, [n] representing the site, and then press ENTERR
xi) Type “list servers in site”, and then press ENTER
xii) Type “select server [n]”, [n] representing the DC to be removed, and then press ENTERR
xiii) Type “quit”, and then press ENTER
xiv) Type “remove selected server”, and then press ENTER

Cleanup DNS by Removing all References to the Removed server

i) In the DNS snap-in, right click domain.whatever and Properties
1. Click on Nameservers tab: remove server
ii) Repeat the above instructions for Reverse lookup and all zones
iii) Open up _msdcs and check all folders within for server name or ip reference
iv) Repeat the above step for _sites, and all others
v) Repeat the above steps for the Reverse Lookup Zones

In Active Directory Sites and Services – delete server

Configure Domain Controller to synchronize time with external NTP server

Introduction

Configure Domain Controller to synchronize time with external NTP server (dk.pool.ntp.org)
UDP port 123 must be open on firewall to allow NTP traffic in and out from this DC.
From DC command prompt type “telnet portquiz.net 123” to test if the port 123 traffic can go out.

Logon to Domain Controller (with PDC role) with Administrator account and open elevated command prompt.

If you have multiple domain controller and don’t know which DC holds PDC role then use following command:

netdom /query fsmo

Configure external time sources

w32tm /config /reliable:yes /syncfromflags:manual /manualpeerlist:dk.pool.ntp.org

restart w32 time server, now DC should synchronize time with the ntp time servers.

net stop w32time && net start w32time
  • Check the Event Log on the server

w32tm sync commands:

Force synchronizing the time asap

w32tm /resync /nowait
 Check NTP configuration
w32tm /query /configuration
 Check NTP status
w32tm /query /status

Display time source

w32tm /query /peers

Display time between Domain Controllers

w32tm /monitor

Force domain computers to synchronize the time with the DC; use elevated command prompt

w32tm /config /syncfromflags:domhier /update
net stop w32time && net start w32time

Following commands will reset the time service to default.

net stop w32time
w32tm /unregister
w32tm /register
net start w32time