Adding the ESX/ESXi host to an Active Directory domain fails with the error “Errors in Active Directory operations”

When adding a 4.1 ESX/ESXi host to an Active Directory domain it fails or whilst adding you receive an error "Errors in Active Directory operations". If you have netlogond enabled on the host, you can check to see if you have similar entries in the netlogond.log: 20100820075107:0xf7c74b90:DEBUG:[LWNetSrvGetCurrentDomain () /build/mts/release/bora-234910/likewise/esxi- esxi/src/linux/netlogon/server/api/lwnet-pstore.c:83] Error  at /build/mts/release/bora-234910/likewise/esxi- esxi/src/linux/netlogon/server/api/lwnet-pstore.c:83 [code: 136] The issue is more than likely down to TCP/UDP ports not open between the ESX/ESXi host and Active Directory server. Make sure you have the following TCP and UDP ports open:- Required (TCP and UDP) ports are Port 88  - Kerberos authentication Port 123 – NTP Port 135 - RPC Port 137 - NetBIOS Name Service Port…
Read More

Configuring Windows Time for Active Directory

Over recent years I have noticed that Windows time configuration is sometimes overlooked and misconfigured and at some point may cause you major hassles. For anyone not aware, all machines in an Active Directory environment automatically find a time server to sync time with. Workstations use their authenticating Domain Controller, and the DCs sync with the server holding the PDC Emulator FSMO role. In a multi-domain forest, the PDC Emulator in each child domain synchronises with a DC or the PDC Emulator in the forest root domain. To ensure the time remains reliable across the forest, only the PDC Emulator in the forest…
Read More

Transfer/Seize FSMO Roles to Windows Server 2012 Using Powershell

Following information explains the Active Directory FSMO roles transfer process using powershell cmdlets. If FSMO role holder DC goes under upgradation process or down, we think about FSMO roles as its important and we know the traditional NTDSUTIL way of transferring and seizing FSMO roles which takes few minutes. However, using the power shell this is relatively easy and completes within few seconds. Powershell command :  Move-ADDirectoryServerOperationMasterRole Transfering all 5 FSMO roles syntax: Move-ADDirectoryServerOperationMasterRole -Identity “Target_DC_name” –OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster,SchemaMaster,DomainNamingMaster If target DC name is ADC, use below command to transfer all FSMO roles: Move-ADDirectoryServerOperationMasterRole -Identity “ADC” –OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster,SchemaMaster,DomainNamingMaster Role numbers can be used in command instead of role names. Transfer all 5 FSMO roles using numbers: Move-ADDirectoryServerOperationMasterRole -Identity…
Read More

Active Directory schema version numbers

I thought it would be a good idea to share with you a list of Active Directory schema version numbers Windows 2000 RTM with all Service packs = Schema version 13 Windows Server 2003 RTM with all Service packs = Schema version 30 Windows Server 2003 R2 RTM with all Service packs = Schema version 31 Windows Server 2008 RTM with all Service packs = Schema version 44 Windows Server 2008 R2 RTM with all Service packs = Schema version 47 Windows Server 2012 RC = Schema version 56 You can check the version with one of the following methods.…
Read More