Welcome to 

    micky.com

   


















     

   
 

    

    




Welcome to my SBS page for Active Directory


Knowledge base articles
The Active Directory Migration Tool displays a "RPC server is unavailable" error message in Windows Small Business Server 2003
Other Articles



Newsgroups



Links
Understanding Active Directory, Part I
Understanding Active Directory, Part II



Blogs
Active Directory Cookbook Blog



Presentations
Active Directory and Group Policy
Support WebCast: DNS in the Active Directory Tree



Notes
To force a AD policy update in Windows XP/2003 run "gpupdate /force" at a command prompt.

To force a AD policy update in Windows 2000 run "secedit /refreshpolicy /machine_policy" and "secedit /refreshpolicy /user_policy".


How to use

secedit /refreshpolicy {machine_policy | user_policy}[/enforce]

gpupdate [/target:{computer | user}] [/force] [/wait:Value] [/logoff] [/boot]



Slow file copy to the SBS 2003 server

(Examples, Photocopiers with SMB, Linux, Windows 9x)

When you copy a file to a share on the server it is very slow. The solution is to disable SMB signing on the server and the clients. KB document for Windows 2000 server and Windows XP/2000 clients - Slow SMB Performance When You Copy Files from Windows XP to a Windows 2000 Domain Controller.

If you apply the registry settings as described in Workaround 1 you will note that on the next reboot of the server the settings are back to where they were before.

The reason for this is that in SBS 2003 a GPO called 'Default Domain Controller Policy' takes care of those settings and thus overwrites any registry change you make manually.

To fix this problem three steps are involved:

Disable SMB policies in the 'Default Domain Controller Policy".
Disable SMB policies in the 'Default Domain Policy'.
Apply the policies to the server and the workstations.

The four settings in each policy are:
Microsoft Network server: Digitally sign communications (always)---> Disable
Microsoft Network server: Digitally sign communications (if client agrees)---> Disable
Microsoft Network client: Digitally sign communications (always)---> Disable
Microsoft Network client: Digitally sign communications (if server agrees)---> Disable

Open the Group Policy Management tool from the Administrative tools and drill down until you see the link to the 'Default Domain Controllers Policy'. Right click the policy and choose edit. Once you have changed the settings in the 'Default Domain Controllers Policy' you must also do it for the 'Default Domain Policy'

Drill down to the 'Security Options' and you will see the four settings that need to be unchecked.

Apply the policies to the server and the workstations.

With these steps completed, you can now reboot computers to make the changes take affect. Note, because these group policies are applied to computers and network bindings, you will have to reboot the Server Twice because it cannot read AD policies to impact network conditions because the AD isn't started until the network section is already operating. You can avoid the need for two reboots by using the SECEDIT command to rush the policy.

(For the W2K workstations, you will need to reboot twice, in the case of XP workstations they will need to be restarted 3 times)



Usergroups



books

 

 

 

 

 

 

    

 

     ( )

 

 

 

 

                                                             This page was written and designed by Michael Jenkin 2011 ©