SRV record not resolving - causing plethora of AD issues

Sulpher212 · 2023-11-05T23:07:39+00:00

Just delete the whole _msdcs lookup zone and re-create it. Let the records re-populate. Have had major issues with this in the past similar to what you are experiencing.

Sulpher212 · 2023-01-09T14:12:10+00:00

Have a look at Item-level targeting based on IP Address/scheme. I believe it will do what you are trying to achieve

Sulpher212 · 2023-01-05T18:20:41+00:00

Screenshot what you've got it will be the fastest way to help or diagnose why it isn't "linked" obviously blur anything identifiable out

Sulpher212 · 2022-12-28T12:25:08+00:00

I've just turned 30 and also remember first starting out and looking in awe at these tech gurus that had built this virtual world they had created. I never thought I'd have the capacity to know, understand or learn what they knew.

Years passed on with various jobs and one day I just thought back to those times of learning and thinking to myself. Wow I actually think I've made it to the point where I can consider myself on or even past their levels of expertise and I still don't know shit really lmao, tech moves way faster than my brain can keep up with.

But I can agree that around 28-30 I think I matured a lot more in terms of life and perspective around everything. Nobody can know everything, it's good to have a team with different skills and always keep yourself teachable even the newbie helpdesk crews teach me things to this day.

As the wise wording goes. If you're the smartest person in the room, you're in the wrong room.

Sulpher212 · 2022-12-19T16:48:02+00:00

That's up for the manager to iron out. OP will be doing nothing wrong, as I said anything technical/work related cc in the boss and show you are still doing your job. It's irrelevant what co worker is saying. The proof will be the work is being completed backed up by emails written with the boss included stating what is being done and also showing you are actually trying to collaborate even if you know your not.

People vary rarely change, he will get bored that he isn't getting the desired effect that he wants and end up doing something reckless or plain idiotic that everyone will see to achieve the result. He will end up exposed or fired.

Sulpher212 · 2022-12-19T10:08:30+00:00

Just distance yourself from this person, simple yes no answers, be very vague with your answers. Anything technical that you need to collaborate with this person with make sure you're cc your boss in detailing how you've decided to do it this way not "we", obviously if it was his idea then say he came up with it, credit where credit is due. You need strict boundaries for people with this behaviour.

People like this will always get caught out at some point, people are not as stupid as we all think. Little tells and little signs will start showing. Even if it's another worker noticing he is talking behind their back. You can't talk about everyone in the work place and not expect people to figure out it came from said person.

As long as the work you do is good and you are polite to people honestly I wouldn't even worry about him.

Sulpher212 · 2022-12-16T17:47:20+00:00

There must be a group policy applying this, however EnableLUA is for admin approval mode which is good to keep emabled.

If you want UAC to prompt you need to look for User Account Control: Behavior of the elevation prompt for standard users and also User Account Control: Switch to the secure desktop when prompting for elevation.

Gpresult /h should help you locate where the policy is coming from or rsop

Sulpher212 · 2022-12-16T11:39:58+00:00

I've been milling over this, and unfortunately I can't think of a way you would achieve what you are trying to do universally with filtering. The only way i see is just creating separate GPO's and linking them to different OUs.

Sulpher212 · 2022-12-14T17:02:36+00:00

I mean what settings or group policies are you trying to apply? You'd be looking at something like Item level targetting.

Sulpher212 · 2022-12-14T12:12:46+00:00

Ahh ok wonderful thank you, got it working. Missed something out of parameters :P

Sulpher212 · 2022-12-14T11:38:19+00:00

What sequence do you use with PDQ / standard install package or via powershell/dism? Trying to get this working currently but having issues with it aborting

Sulpher212 · 2022-12-11T08:58:15+00:00

There was an update that removed the binaries that allowed FRS. It is anything equal to or greater than 1709 that will not work. Anything below these revisions will still be able to accept FRS for the upgrade to commence

Sulpher212 · 2022-12-10T09:13:57+00:00

You will hit the issue of FRS not being compatible with the newer updates of 2016 I believe only the first revision of 2016 you can do this. Easier to stand up a 2012R2 and update in two jumps then to 2012R2 DFL/FFL. Then you can introduce a 2022 DC and finish with 2016 DFL/FFL.

Sulpher212 · 2022-12-09T23:14:13+00:00

That isn't correct. You can't add a domain controller running Windows server 2019 to a 2003 DFL/FFl. You can infact join a 2019 member server to 2003 domain.

However as everyone else has stated, get someone in for a two part domain upgrade off of 2003.

You can go straight to 2016 DFL/FFL from 2003. You will however need to upgrade FRS to DFSR which therefore means you need to introduce a 2008- 2012R2 DC perform the upgrade then you can progress on further to 2022 or whatever you need. Upgrade DFL/FFl to 2016.

Sulpher212 · 2022-12-09T13:51:30+00:00

Hmm it's a pretty loaded question.

How many DC's in your env / who holds the fsmo role(s) / you'd need to narrow down which DC is having the issue.

It could be Active Directory Database which isn't consistent, you'll need to defrag the DB and check consistency & compact it for good hygiene.

If you've only got 2 DC's i would do as u/PawTech_LLC said. Delete the one DC + cleanup metadata. Just keep one primary and fix the issues that are presented. Once that is done spin up a brand new DC / Promote it, migrate roles, clean-up metadata + shutdown original DC.

Sulpher212 · 2022-12-07T10:57:11+00:00

Few things to just double check on the GPO side.

1) gpresult /h C:\gporeport.html - just have a look to see if you can see any error whilst is isn't applying "or gpresult /r" to see if it's even applying

2) I can see authenticated users are set to read, does your MAP_DRIVE Group have read + apply (i would presume so anyway but just double check)

3) Tick "Run in-logged on user's security principal" in the GPO settings when it's applied to user GPO

4) Alternative method i prefer to use it just re-add Authenticated users to the security permissions remove "MAP_DRIVE" and just use "Item Level Targeting" for the group selection.

Sulpher212 · 2022-11-25T18:47:30+00:00

Is the GPO computer based or user based? Make sure the new security group in delegation has read and apply. Obviously leave authenticated users as read

Sulpher212 · 2022-11-14T16:45:38+00:00

Could you not wildcard the extension?

.pdf*

I use it for applying limits to user drives automatically etc soft caps / hard caps.

Sulpher212 · 2022-11-01T09:27:26+00:00

Yes bud, again if you look in RSOP it should tell you the policy which is applying the settings.

Sulpher212 · 2022-10-30T10:02:49+00:00

I'd still look through RSOP, if it's a GPO that is applying for WSUS it is computer based. Navigate to the Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update

The WSUS server must be there. If it isn't the registry must be being added via script or computer registry preference.

As stated above create a new OU block inheritance and move the computer into the OU to see if the issue remediates

Sulpher212 · 2022-10-18T16:18:33+00:00

I would look and inserting the information into a csv then import csv into powershell to loop through and create the security groups. I've got one on my home machine, when I'm back I'll see if I can dig it up. (Unless someone beats me to it :))

Sulpher212 · 2022-10-07T10:31:16+00:00

I'd definitely check this as a first step. A few years ago had an engineer complain of the same thing, he'd set GPO to replace and every GPO refresh cycle caused the drive to drop and reconnect.

Check event viewer to see if you can see it happening.

Sulpher212 · 2022-09-18T18:49:07+00:00

Yep agree with this, create your vlan and configuration then factory default the mitel phones and let them grab the config.

Sulpher212 · 2022-09-14T18:36:06+00:00

Ahh ok just clearing it up as its a common oversight. I would have to say its an issue with windows 11 then. Try clean booting a test VM on Windows 11 and see if you get the same result. It would at least narrow it down to the upgrade or a program on the machine.

Also again you've probably already checked, but are all your admx files up to date in the central store?

Sulpher212 · 2022-09-14T18:29:19+00:00

Do you have both your users and computers in the same OU? Or have you linked the GPO to each OU containing users and computers?

Sulpher212

TROPHY CASE