November 25

Password Not Synced to the on-premises Active directory When Office 365 Admins reset a user’s password

Here is the link from Microsoft https://support.microsoft.com/en-ca/help/3187256/password-isn-t-synced-from-azure-ad-to-the-local-on-premises-directory

Scenarios allow password writeback. The following table lists scenarios in which password writeback occurs and doesn’t occur.

Scenario Password writeback
Users who perform self-service password reset through https://passwordreset.microsoftonline.com Yes
Admins who perform self-service password reset through https://passwordreset.microsoftonline.com Yes
Password change in My Apps or in Office 365 portal Yes
Admins who perform password resets by using the Azure Management Portal Yes
Admins who perform password resets by using the Microsoft 365 admin center No
Passwords at new user creation through Azure Management Portal, Microsoft 365 admin center, or Azure AD PowerShell Module No
Admins who use the Set-MsolUserPassword cmdlet by using the Azure AD PowerShell Module No
Category: Azure, Windows Server | LEAVE A COMMENT
November 12

How to Fix GPO Sysvol Permissions Error

Problems:

In a multi domain controllers Forest, some of the domain controllers have the following error

The SYSVOL permissions of one or more GPO’s on this domain controller are not in sync with the permissions for the GPO’s on the Baseline domain controller.

 

The Cause:

Domain controllers create two Domain Admin accounts with permissions on the GPOs. You can not see them  in the GUI but running icacls {GPO UID}, you can see two Domain Admin accounts.

In GUI, you only see one Domain Admins account

Run CMD in elevated mode,  you can see there are two main admins account

icacls “{GPO UID}”

The Solutions

First, remove both domain admin account

icacls “{GPO UID}” /remove:g “<localdomain>\Domain Admins”

Second,  add a single Domain Admin account back to the GPO

icacls “{GPO UID}” /grant “<localdomain>\Domain Admins”:(OI)(CI)(F)

Third, do the same on the other affected Domain controllers.

Finally, wait or manually forced replication again with these two commands

repadmin /syncall

repadmin /syncall /AdePq

 

Category: Uncategorized, Windows Server | 3 Comments on How to Fix GPO Sysvol Permissions Error
July 4

How to Configure PDC to synchronize time with external NTP server

1) Stop the W32Time service: C:>net stop w32time
2) Configure the external time sources, type: C:> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
3) Make your PDC a reliable time source for the clients. Type: C:>w32tm /config /reliable:yes
4) Start the w32time service: C:>net start w32time

type w32tm /resync  (this will force a sync to the new servers)

finally, check if the server is using the new ntp server.

w32tm /query /source
Display time source

 

 

Category: Windows Server | LEAVE A COMMENT
March 21

WDS Client Failed to Start Error 0xc0000001

Problem:

In the server, you see the following error in the WDS log file:

                The Following Client failed TFTP Download:   ErrorCode: 13

At the client computer, you see the following error screen:

                Windows failed to start. A recent hardware or software change might be the cause.  Status:0xC0000001

Solution:

Make the following changes on WDS server

Open tab “TFTP” and change the maximum block size to e.g. 1024.

Uncheck “enable variable Window Extension”

 

If the wds server and the client machine are located in different networks, add  ip helper-address in the switch.

ip helper-address x.x.x.x   (WDS server's ip address)

Solution 2: add the drivers to the install image package.

1 Download the latest laptop/desktop network card driver and add the driver package.

 

 

Add driver packages to the Install Image

 

 

 

 

Category: Windows Server | 1 Comment on WDS Client Failed to Start Error 0xc0000001
March 21

WDS Server Not Working After in Place upgrade from Windows 2012 to Windows 2019

Problem:

Windows Deployment Services cannot be located on the specified server. The server might be down, there might be problems with the network, Windows Deployment Services might not be installed, the installation might be corrupt or you might not have permission to access the server.

How to fix:

On the WDS Server run the following commands in an Elevated Command Prompt:

wdsutil /uninitialize-server
wdsutil /initialize-server /reminst:{RemoteInstallFolder}   (example: WDSUTIL /Initialize-Server /RemInst:D:\RemoteInstall)

 

Category: Windows Server | 20 Comments on WDS Server Not Working After in Place upgrade from Windows 2012 to Windows 2019
March 7

DNS Manager Error Access was denied. Would you like to add it anyway?

Active directory, two domain controllers, one is at 192.168.0.0/24  Vlan 1, the other is at 172.16.0.0/24 Vlan 20.

Problem: DNS Manager can not access the remote DNS server by using its ip address.

However, DNS manager can access the remote server by using its FQDN.

Solutions: 

After checking the firewall, user account permission, and DNS settings, etc,  everything looks fine. I have googled and could not find a solution.

Here is the trick to fix this issue:  Add the remote server’s reverse lookup zones, and let the domain controllers sync.  See the picture below.

 

The DNS manger can access the remote server by using its IP address after the active directory synced.

 

 

Category: Windows Server | 1 Comment on DNS Manager Error Access was denied. Would you like to add it anyway?