Recently we have upgraded all the IE 9 to IE 11. The testing went well but didn’t realize that we found an issue after implementation.
The certain group policy settings which are applied to IE9 are deprecated. One of them is proxy settings.
We push the proxy settings through GPO, soon after the IE9 upgrade to IE11, the proxy settings stopped applying
So, to fix the problem, we need to have set of GPO settings that is applicable to IE11. There is a catch.
You need to have at least one windows 2012 server (member server) for creating and applying the policy.
There are 2 ways to fix it
- Find the list of registry changes that the GPO is going to make to the client system for IE 11 and create GPO registry preference
- Install a new windows 2012 member server and create the policy using that
We have had lot of issues with Time sync on members servers. If the time is not in sync with the domain controller, you may see issues but those errors and problem may not directly point to Time issues.
Once such scenario that I ran in to, in my environment, there are different time source,
- My root domain is syncing with parent company
- My primary child domain is syncing properly with root domain
- DMZ, and resource domain time are syncing with Vmware, and external source.
To add more complication to the existing problem,
- Partly my resource domain servers are in DMZ as well
- I have windows 2000 and windows 2003 servers
The best thing about resolving the problem is that, I don’t have to restart the server after making the changes. So i can make changes immediately and restart the time service without any downtime
- To prepare myself to resolve the problem is that, I need a report of all the servers which are not synching with the DC’s or domain. The script from Time Sync report from member servers and create a .txt file called server.txt and add all the servers in your organization in the same path where you have this .ps1 folder
- I need to segregate the list of servers based on their operating system
- Then I need to find their location (DMZ, site) to identify the nearest DC that I can contact
Finally, I could sort about 200 computers which are not syncing with DC’s. I tweaked the script and run the script to do a mass change. Of course, windows 2000 and windows 20003 must be treated differently (fortunately I just had 10 servers of this nature, so I did it individually)
Note: I don’t own the script, i’m not responsible for the scripts if it malfunctions
I started focusing more on Active directory. I thought it would help others to share my experience not just related to Exchange, but also Active directory, powershell scripts and so on.
Having said that, I was tasked to extract the information about my active directory topology,
Microsoft Active Directory Topology Diagrammer, tool was very useful.
But that wasn’t sufficient to document. I have found a script which extract almost all the information about your forest.AD Discovery script
There are 3 scripts, you can use either GUI or .exe file. I have ran this in my environment several time without any issues
Note: I don’t own this script. I’m not responsible for any consequences caused by this script as i didn’t program it
I have been going through lot of changes in my career for past few years. I have promised myself to start writing blogs again. I’ll start posting it very soon