How to Rename a Domain Controller


How to rename my Windows 2003 Domain Controllers?

There are 2 methods for performing the rename procedure. One is easier and done through the GUI; the other is more complex and requires the installation of the Windows Server 2003 Support Tools.

Method #1 - Through the GUI
Although easier to implement, if you rename a domain controller through the System Properties dialog box, DNS and Active Directory replication latency may delay the ability of clients to locate or authenticate to the renamed domain controller. The length of this latency depends on your network design and the replication topology of your organization.

Method #2 - By using Netdom.exe
Netdom.exe (Windows Domain Manager) this command-line tool enables renames a domain controller in a Windows Server 2003 domain, and also administrators to manage Windows Server 2003 and Windows 2000 domains and trust relationships from the command line.

Netdom.exe It only requires one reboot of the DC that had its name renamed.

Note: Domain Controllers running Microsoft's Certificate Authority services (CA) can never be renamed.

Important: To rename a domain controller using the Netdom.exe tool, the domain functional level must be set to Windows Server 2003.

You must install the Windows Server 2003 Support Tools. Click here to Download: 2003 Support Tools.

To rename a DC with the name from Server1 in the SAHaseeb.edu domain to Server001 follow the next steps:

Syntax
Open Command Prompt and type:
  1. Netdom Computername Server1.SAHaseeb.edu /Add:Server001.SAHaseeb.edu

You can verify the new name was indeed added to the computer object by viewing it through Adsiedit.msc
msDS-AdditionalDnsHostName:

Ensure the computer account updates and DNS registrations are completed, then type:
2. Netdom Computername Server1.SAHaseeb.edu /Makeprimary:Server001.SAHaseeb.edu

After restart your computer, you can see lists of primary and/or any alternate names.
Open Command Prompt and type:
Netdom Computername Server1.SAHaseeb.edu /Enumerate

Last syntax
3. Netdom Computername Server001.SAHaseeb.edu /Remove:Server1.SAHaseeb.edu
0 comments

How to implement LimitLogin


Limitlogin V1.0

LimitLogin is an application that adds the ability to limit concurrent user logins in an Active Directory domain.
It can also keep track of all logins information in Active Directory domains.

LimitLogin capabilities include:
*         Limiting the number of logins per user from any machine in the domain, including Terminal Server sessions.
*         Displaying the logins information of any user in the domain according to a specific criterion (e.g. all the logged-on sessions to a specific client machine or Domain Controller, or all the machines a certain user is currently logged on to).
*        Easy management and configuration by integrating to the Active Directory MMC snap-ins.
*         Ability to delete and log off user session remotely straight from the Active Directory Users and Computers MMC snap-in.
*         Generating Login information reports in CSV (Excel) and XML formats.

Download the LimitLogin: link1   link2

Configuration:

Setting up LimitLogin

Prerequisites
1)      Before setting up LimitLogin on the web server, you will need to make sure that ASP.NET is installed on the Windows 2003 server.
2)      Make sure the following Web Extension is set to Allowed in IIS Services: ASP.NET v1.1.4322.

Limitlogin setup components

LimitLogin set-up is combined of three different components: IIS (Web Service), Active Directory and Client.
The set-up should be done in this order since there are dependencies between the components.

LimitLogin is set-up through 3 different MSI installers:
  1. LimitLoginIISSetup.msi, which installs the LimitLogin Web Service (WSLimitLogin)
  2. LimitLoginADSetup.msi, that sets up the Active Directory changes needed for LimitLogin to work.
  3. LimitLoginClientSetup.msi, which installs the client-side requirements for LimitLogin.

LimitLoginIISSetup 1:

The 1st step is to setup up the LimitLogin Web Service and make sure its up and running before we can further continue.
The system requirements for this setup are:
  • Windows Server 2003 with IIS installed


1)      Add WSLimitLogin.asmx to the top of list in the Documents tab of the website.
2)      Verify “Integrated Windows Authentication” is set on the “Directory Security” tab of the website under “Authentication and Access Control”.
Note: Web site must integrated authentication not anonymous.
3)      Attempt to connect to http://hostname/WSLimitLogin.

LimitLoginADSetup 2:


Once the LimitLogin Web Service is set-up and running, you can continue with running the Active Directory Setup.
The Active Directory Setup portion is divided into 2 main parts:

  1. The Forest Setup (or "forestprep")
  2. The Domain Setup (or "domainprep")

The system requirements for this setup are:
  • Windows XP with .NET Framework version 1.1 or Windows Server 2003 (Recommended: Windows 2003 Domain Controller)
  • At least one Windows Server 2003 Domain Controller in the domain

In the 'Installation Options' screen you have 3 options:

    1. 'Prepare your Active Directory Forest for LimitLogin' option should run first.
    2. 'Prepare your Active Directory Domain for LimitLogin'.
    3. 'Install LimitLogin AD MMC add-in tools on this machine' option should run last, after the Forest and Domain preparations have successfully completed

On the first installation, all three check-boxes should be checked.

Prepare your Active Directory Forest for LimitLogin.

This option performs the following operations:

  • Modifies the Configuration Partition to add the LimitLogin AD MMC integration menus.
  • Extends the Forest schema to include the LimitLogin Class and Attributes.

Once this step is successfully completed, you may move to prepare you domain to LimitLogin.

Prepare your Active Directory Domain for LimitLogin.

This option performs the following operations:

  • Creates and configures the llogin.vbs, llogoff.vbs and limitlogin.wsdl files.
  • Creates an Application Directory Partition for LimitLogin.

In the 'Domain Setup' screen, you need to provide the following three parameters:

  • UNC path of the file share where the login scripts will go (e.g. \\Servername\Share).
          Note: This can be a hidden share).
  • Host name of the Web server
  • The LimitLogin Web Service (Default is WSLimitLogin)
  • Optional Use SSL - check this box if you configured the LimitLogin Web Service to use SSL for greater security.

Install LimitLogin AD MMC add-in tools on this machine

This option should run last, after the Forest and Domain preparations have successfully completed.
You will get a pop-up telling you to copy the llogin.vbs, llogoff.vbs and limitlogin.wsdl files to your share. Copy the files at this time.

LimitLoginClientSetup 2:

In order for the domain clients to work with the LimitLogin server-side components, there are client side requirements that need to be installed on every domain member machine. These requirements are installed using the LimitLoginClientSetup.msi installer.

The client setup installs the following:
  1. SOAP Runtime (needed to connect the Web Service)
  2. WTSApiAx.dll (Needed to collect the Session ID before it is sent to the Web Service)

The system requirements for installing the client for LimitLogin
  • Client machines must have .NET Framework version 1.1.4322 or higher to install the client.

Click here to download: .NET Framework V1.1.4322
0 comments

How to implement LimitLogin part2

0 comments
Subscribe to: Posts (Atom)