In order to reorganize an Active Directory forest, with multiple child domains into a single domain, I used the ADMT (Active Directory Migration Tool) 3.2 from Microsoft. This modification is an intraforest migration because all domains are in the same forest.
While ADMT supports an intraforest migration, I encountered a specific issue for migrated computers from a child domain to the parent domain: “The security database on the server does not have a computer account for this workstation trust relationship“
Security database trust relationship
Well, I was very perplex by this error, because the ADMT agent reported an successfully operation, and the computer account existed in the new Active Directory domain.
In fact, you will get this error each time you want to migrate a computer with an intraforest and the target operating system is Windows Server 2012 R2. Let’s see why and how to resolve this issue.
Microsoft released the Cumulative Update 11 for Exchange 2013 and Exchange 2016 CU1 in December 2015. With these new packages, they changed the behavior of Exchange Management Shell, (Exchange Powershell).
Prior to 2013 CU11 and 2016 CU1, when you start the EMS, it will connect by default to the local Exchange Server. But with CU11, Exchange Powershell will be proxy to the server where the user’s mailbox is located. It means that when you start the EMS console, it will probably try to connect to another server.
When all your servers are up to date, in some circonstances, you can get an error when launching the EMS: “No mapping for the Unicode character exists in the target”:
Mapping Unicode error
If you get this error, do not panic and stay calm :). You can find some posts where you need to rebuild the powershell virtual directory, but do not do this! Let’s see how to resolve this issue easily.
With Active Directory, you can deploy some Internet Explorer configuration using Group Policy (GPO). But sometime, settings for Internet Explorer are not modified, even if the GPO is correctly applied.
This behavior is not a bug, it’s a feature 🙂 When IE Security is enabled, GPO can’t change configuration for Internet Explorer. Continue reading →
With System Center Configuration Manager 2012, there is a new functionality: Application Catalog. Using Application Catalog, you can deploy an application on user collection, and all users can use this web page to install or request an application.
To launch the Application Catalog, you can use the existing link on Software Center:
Link Software center
Depends on your system configuration, Internet Explorer can prompt for your login / password. Even if you are in your domain.
During the installation of Microsoft SQL Server, you have two choices regarding the account used to start the “SQL Server” service:
Local System of the computer.
Service account, user account, created in Active Directory.
Microsoft recommends to use the service account instead of local system. However, when using service account, you can have this error in SQL Logs: The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos Continue reading →
During the migration phase of SCCM 2007 clients to SCCM 2012 infrastructure, I had an issue with the Software Update Point: a lot of computers not reported their Software Update compliance and didn’t evaluated any new software updates.
After a troubleshooting, in the WUAhandler.log on client side, there was this error:
OnSearchComplete - Failed to end search job. Error = 0x80244022. Scan failed with error = 0x80244022. Continue reading →