In this scenario Password for the administrator account is incorrect and you will have to reset the password
Boot the Windows Server 2012 R2 from CD/DVD
Enter Your Language and other preferences and Click Next
Repair Your Computer
Select Troubleshoot menu
Select Command Prompt menu
Run the following commands at the Command Prompt
ren Utilman.exe Utilman.exe.old
copy cmd.exe Utilman.exe
Press Windows Key + U and in the command prompt include the following commands. In this case Abcd@1234 is the administrator password.
net user administrator Abcd@1234
Close the command prompt and login using the given password
Please note that,
- IP is configured statically
- DNS server is installed with the AD
Click on “Add roles and features”
By default Role based or feature based installation option is selected. Press Next
Select the appropriate Server and press Next.
Select both Active Directory Domain Services and DNS server roles.
Press Install to start the installation process.
wait till the Installation finishes
Promote this server to a domain controller
Add a new forest
Provide the DSRM password
In this case the default is selected
NetBIOS name is given (default)
keep the default
review the options
After the installation server will be rebooted
After installing the read only domain controller you may have witnessed that if you create any object on RODC, it will be replicated into the writable DC. The reason is you are actually connected to the writable DC not the RODC AD.
Right click the domain and select “Change domain controller” to check out the connected DC
To manage RODC server you can delegate permission to user
this user wont have permission to write changes to active directory
go to run type “dsmgmt”
in the command prompt type
add user_name administrators
when there is no connection with the writable domain controller
prepopulate passwords to store accounts passwords in cache otherwise users wont be able to log in
In this article we are going to discuss how to change SID using sysprep.exe tool. If you are someone who is cloning servers most probably you would have encountered the error stating SID is identical when you try to join to domain.
STEP 01: Go to run and type sysprep command. you will be directed to sysprep folder in windows directory
STEP 02: Find sysprep.exe and right click and select run as administrator option.
STEP 03: On the system preparation tool box tick the generalize box and click OK
STEP 04: System will auto restart and setting configuration will appear. select country or region / app language / keyboard layout and click next.
STEP 05: provide the product key. If you dont have one just click the skip button
STEP 06: Select I accept in license terms section
STEP 07: Provide password for built in administrator account and select finish
Congratulations !! you have successfully generated a new SID
This tutorial discuss what to do next after finished installing WSUS server
please keep in mind that WSUS is installed on windows server 2012R2 environment
WSUS server configuration
Go to windows server update services,
options > Computers
and select “use group policy or registry settings on computers” option
Group policy configuration
go to “Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update”
- Configure Automatic Updates
- Specify intranet Microsoft update service location
- Enable client-side targeting
Configure Automatic Updates
Specify intranet Microsoft update service location
Type the location – http://name-of-the-domain:8530 (default value is given here)
Enable client-side targeting
type the name of the group you have created under computer
After finished configuration force group policies using gpupdate /force command and confirm that client machines are added to the WSUS server.
Keep in mind that,
This feature first introduced in Microsoft in Windows Server 2008 R2 where you will have to use PowerShell commands to activate.
In server 2012 R2 you can use Active Directory Administrative Center tool to activate Windows Recycle Bin.
To enable the feature Forest Functional Level must be at least Windows Server 2008 R2.
You can raise then Domain Functional Level using “Active Directory Users and Computers” tool.
You can also use “Active Directory Domains and Trusts” tool to raise the functional level.
User account should belong to “Domain Admins” or “Enterprise Administrators” group.
Raising Domain Functional Level is one time thing and cannot be reversed. Will have to restore the forest from a backup
When you type command “nslookup” you might encounter following error stating
Default Server : UnKnown
right click reverse lookup zone and click new zone
create a primary zone (by default it is already selected)
type the network ID (subnet of your network)
Then don’t forget to select the Reverse lookup zone name:
Then click next and keep the default dynamic update type and complete the new zone wizard
Still you might encounter the same error.
Right click on the newly created zone and select “New Pointer (PTR)…”
Enter the ip address of the DNS server and name of the Host and click OK
Now try “nslookup” and you will see the correct server name. And don’t forget to flush DNS (ipconfig /flushdns) if you still find the same result.
Use Active Directory Domains and Trusts tool to change the forest functional level
And make sure user is a member of a Enterprise Administrators group