Windows Server Archives - Page 4 of 7

Systems Admin

Troubleshoot “Your Computer Could Not Be Joined to the Domain” Error

The 'maximum number of computer accounts' error comes from ms-DS-MachineAccountQuota, the domain-wide AD attribute that limits how many machine accounts any single authenticated user can create (default: 10). This article walks the four ways to fix it: delegate Create Computer Objects on the OU (recommended), raise the global quota in ADSI Edit (with caution), use a domain admin account (lazy), or reset/delete a stale computer object that is in the way. Includes the post-change replication step and the common pitfalls (setting the quota to 0, delegating to Authenticated Users, forgetting orphan objects, wrong default OU).

Systems Admin

Troubleshoot On-Premise Active Directory (DNS Edition)

The three most common AD-DNS failure modes and how to fix each: clients pointing at the wrong DNS server (point at a peer DC + loopback, never the DC's own external IP); the AD-integrated zone gone missing (recreate as Primary AD-integrated, restart Netlogon to re-register SRV records, verify with dcdiag /test:dns); and inter-DC replication broken (repadmin /replsummary, /showrepl, /syncall /A /e /P, plus time skew and firewall checks). Includes the four-tool diagnostic kit (nslookup SRV / dcdiag / repadmin / Event Viewer Directory Service) and 7 common pitfalls.

Systems Admin

Manage Hyper-V VM Checkpoints

How Hyper-V checkpoints actually work (differencing-disk chain), when to use them (lab rollback, patch dry-run, demo reset, short-term oh-no insurance), why they aren't a backup, the Production vs Standard distinction (default Production - app-consistent via VSS - safe for most workloads except DC/SQL/Exchange replicas), the GUI flow for create / revert / apply / merge, the Edit Disk wizard for manual merge of orphaned chains, the PowerShell equivalents (Checkpoint-VM, Restore-VMSnapshot, Remove-VMSnapshot), and 7 common pitfalls (don't snapshot a DC, USN rollback, long-lived checkpoints, disk-space crunch, revert vs running VM).

Systems Admin

Configure Disk and Volumes in Windows Server

How to add a new disk to a Windows Server, bring it online, initialize it as GPT, create one or more volumes (NTFS / ReFS), and the design choices that decide whether the storage stays predictable or gets weird six months later. Walks the Hyper-V add-disk flow, the Server Manager bring-online + initialize + New Volume Wizard procedure, the NTFS vs ReFS trade-off (general purpose vs resilient / VM-host / backup), the PowerShell equivalent (Get-Disk / Initialize-Disk / New-Partition / Format-Volume), and 7 common pitfalls (MBR by accident, Disk Management on Storage Spaces, wrong file system, forgot Bring Online after reboot, drive-letter collision).

Systems Admin

Clean Up Stale DNS Records with PowerShell

One PowerShell script that walks every Primary forward zone on a DNS server and removes every record (A, NS, SRV, CNAME, PTR) that names or points at a demoted host - in one pass. Covers why scavenging alone doesn't catch them, the manual DNS Manager review (zone Properties Name Servers, DomainDnsZones host records, _msdcs SRV records under sites), the full Remove-DNSRecords.ps1 with -WhatIf-first usage, the trailing-dot trap on SRV/NS data, verification with Resolve-DnsName + dcdiag /test:dns, and 7 common pitfalls (skipped -WhatIf, missed trailing dot, non-Primary zones, reverse zones, scavenging assumptions, downstream-DNS confusion, client caches).

Systems Admin

Change the IP Address of a Domain Controller

Three GUI clicks to set a new IP, four CLI commands (ipconfig /flushdns, /registerdns, nltest /dsregdns, dcdiag /fix) to re-register with DNS, and one downstream-consumer audit afterwards. Walks the pre-flight (second DC, console access not RDP, replication health, downstream-consumers list), the GUI procedure with screenshots, the PowerShell-only equivalent (Remove-NetIPAddress / New-NetIPAddress / Set-DnsClientServerAddress), DNS-pointer trap (don't point at the DC's old IP), the SRV-records-need-nltest /dsregdns trap, and 7 common pitfalls (RDP'd into it, peer DCs caching old IP, stale scavenger window, FSMO concerns).

Systems Admin

Disable Windows Firewall with PowerShell

When you legitimately need to turn the host firewall off (debugging, lab, migration window) and how to do it cleanly with PowerShell. Get-NetFirewallProfile reads the per-profile state; Set-NetFirewallProfile -Enabled False flips them off; the same cmdlet with True flips them back. Includes the targeted-single-rule alternative (Disable-NetFirewallRule), a try/finally cleanup pattern, the schedule-a-forcing-function-to-re-enable pattern, and the common pitfalls (forgot to re-enable, wrong profile, GPO override, trusted-the-wrong-tool).

Systems Admin

Enable Windows Firewall with PowerShell

Re-enable Windows Defender Firewall on a Windows Server with one cmdlet per profile. Get-NetFirewallProfile reads the per-profile state (Domain / Private / Public); Set-NetFirewallProfile -Enabled True flips them all on at once. Covers the three profiles, the read-then-set-then-verify pattern, the rest of the per-profile properties (default actions, logging, notifications), per-rule operations (New-NetFirewallRule, Get-NetFirewallRule, Enable/Disable), and the common pitfalls (turned off for testing, disabled only one profile, GPO override, block-all-outbound footgun).

Systems Admin

Configure FSRM Quota

How to install File Server Resource Manager, build a reusable quota template (e.g. 500 MB hard quota with an 85% warning threshold), apply it to a folder, and test that hard enforcement returns the same not-enough-space error a full disk would. Includes the New-FsrmQuotaTemplate / New-FsrmQuota PowerShell equivalents for scripting many folders, the NTFS-quotas-vs-FSRM-quotas trade-off, and 6 common pitfalls (auto-apply at the wrong root, hard quota on an already-over folder, missing SMTP, edited-quota-not-matching-template, permission errors masquerading as quota issues, SrmSvc stopped).

Systems Admin

Remove (Demote) a Domain Controller

Two paths to remove a Domain Controller from Active Directory - graceful demotion via Server Manager (Remove Roles and Features wizard) for an online DC, and manual / forced removal via ADUC delete-from-Domain-Controllers-OU for an offline one. Walks both paths end to end with the actual screenshots. Includes the FSMO transfer pre-flight, the Test-ADDSDomainControllerUninstallation cmdlet, the post-demote AD Sites and Services cleanup, and a one-shot DNS scrub script that removes A/NS/SRV/CNAME records for the demoted DC across every Primary forward zone in one pass.

Systems Admin

Universal Group Membership Caching

How to enable Universal Group Membership Caching (UGMC) on a remote AD site so user logons no longer have to traverse a slow WAN to a Global Catalog. Walks the GUI three-click path (Sites and Services > site > NTDS Site Settings > Properties > Enable UGMC) with the actual screenshots, the Set-ADObject PowerShell equivalent (one bit on the NTDS Site Settings options attribute, 0x20), the design choice between UGMC and a local Global Catalog, the 8-hour cache refresh behaviour, and the common pitfalls (right-clicking the wrong node, first-logon needs the GC, stale cache after Universal Group changes).

Systems Admin

Configure a Domain Controller as a Global Catalog Server

How to add the Global Catalog flag to an existing Domain Controller in Active Directory Sites and Services, and the PowerShell equivalent (one bit on the NTDS Settings options attribute via Set-ADObject). Walks the GUI three-click path, the Set-ADObject cmdlet, post-change verification with Get-ADDomainController IsGlobalCatalog / dsquery server -isgc / repadmin /options / Test-NetConnection on port 3268, the partial-attribute-set replication timing caveat, and the common pitfalls (right-clicking the wrong tree node, leaving only one GC, demoting accidentally).

Tag: Windows Server