Tag: Active Directory

Windows Server 2019 FFL/DFL

Q: Where is Windows Server 2019 FFL/DFL? A: There isn't one. Since there was no updates or changes to the Forest or Domain functional levels of AD, there is not a 2019 level, but only a 2016 level. This is the information about Windows FFL/DFL's: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels This image also shows the various paths and options

To virtualize the PDCe or not to virtualize the PDCe…

The question isn’t can you, but should you virtualize the Primary Domain Controller emulator (PDCe) FMSO role holder. And of course, the answer is, ‘It depends’. Of course it does, why wouldn’t it be black or white? Because there are too many options to consider. Finding the PDCe: There are a few different ways to

Set-AutoDiscoverSiteScopeExchangeServers Part 2

In the part 1 of this function, we covered an option to set all Exchange servers to use every AD site in an organization, minus any 'deployment' ones. But what if you have a very large organization, with multiple data centers hosting Exchange servers, various regions to support, and you want to target specific locations

Set-AutoDiscoverSiteScopeExchangeServers Part 1

In this blog post a few years ago: https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Exchange-Active-Directory-Deployment-Site/ba-p/604329 was a discussion around Exchange AutoDiscoverSiteScope information. The good news is, it worked perfectly in a lab, however, rarely is any production environment like a lab. Thus, there was some missing information. We're updating the article to include solutions to fix the problem. This post is

Get-GroupMemberCount

Need to know a member count of ALL distribution groups and e-mail enabled security groups in your organization that exports to a CSV file? Then this function is for you. Get-GroupMemberCount This function simply creates a .CSV file of all the e-mail enabled groups and current member count. May not be the most elaborate task,

No longer expire your passwords

The world is always changing and the password expiring value is one that recently was updated. Microsoft has updated the stance around expiring passwords: https://blogs.technet.microsoft.com/secguide/2019/05/23/security-baseline-final-for-windows-10-v1903-and-windows-server-v1903/ The short answer is, only the expiring portion of the password policy is being discussed. You way want to still expire passwords, but with technologies like Windows Hello, the world

MO_Module introduction

I’d like to introduce you to my MO_Module. It’s a PowerShell module, combining several daily administrative tasks into simple Verb-Noun Functions for engineers to perform their jobs easier. I was developing/maintaining several different PS modules, which became more work, so I thought I’d just combine everything into one single place. Since my primary technologies are

Exchange needs Active Directory

I was recently called into help on a ‘Crit Sit’ (Critical Situation) that a customer had with their Exchange 2010 environment. During the previous night, a few of the Databases that have a total of 3 copies spread across a DAG flipped to different servers. This ultimately was caused by Exchange asking AD a question

Schema administrator has a mailbox

Q: Why does the Schema Admin have a mailbox? A: It’s by design! What? Yes, this is normal behavior for Exchange Server 2013 & 2016.  If the account you are using for the install does not have a mailbox, one will be created for that account. Typically, engineers will use an Active Directory (AD) account with a mailbox when

DAG’s spread across multi-domains?

Q: Can you spread an Exchange DAG (Database Availability Group) between two domains? A: No. Now the story: Say you have a single forest named: Contoso.com. In that forest, you have two child domains: East.Contoso.com and West.Contoso.com. You also have Exchange servers deployed in both East and West domains, but none in the root domain. Is it possible to host some