In order to reorganize an Active Directory forest, with multiple child domains into a single domain, I used the ADMT (Active Directory Migration Tool) 3.2 from Microsoft. This modification is an intraforest migration because all domains are in the same forest.
While ADMT supports an intraforest migration, I encountered a specific issue for migrated computers from a child domain to the parent domain: “The security database on the server does not have a computer account for this workstation trust relationship“
Security database trust relationship
Well, I was very perplex by this error, because the ADMT agent reported an successfully operation, and the computer account existed in the new Active Directory domain.
In fact, you will get this error each time you want to migrate a computer with an intraforest and the target operating system is Windows Server 2012 R2. Let’s see why and how to resolve this issue.
For each product, like Windows or Office, Microsoft introduces new features or new configuration options. All of these can be managed using Group Policy Object (GPO) but you must get the latest policy definitions if you want set the new options. For exemple, with Windows Server 2012 R2, you need to import Windows 10 ADMX in order to manage it by GPO.
Windows 10 ADMX with Server 2012
Let’s see how to import ADMX file for Group Policy Object.
Using System Center Configuration Manager on a wide computer scope can result in unexpected or untrue reporting. For example, some computers can be off for a long time or an administrator has removed it from managed computers, they are inactive clients.
When you deploy an Application or Software Updates with SCCM 2012, some reports can be totally wrong, they don’t reflect the reality, if a lot of computer are no more managed but still exist in SCCM.
To workaround this, Microsoft introduced the Inactive Client property. SCCM Client gets and puts information to the management point and if it doesn’t report for a number of days, it will be set as Inactive Object. Inactive Clients can be excluded from reporting in order to be more accurate.
Inactive Client report
Let’s see how to change the default number of days before an object will be set as inactive .
If you manage a System Center Configuration Manager solution in your enterprise, you may have branch sites with slow bandwidth. When you deploy an Application, users in this remote site complain of slow network connections because of SCCM’s downloads.
Several solutions can be used to solve this issue, as BranchCache or deploy a Distribution Point on site. Using BranchCache needs to modify configuration on Windows Servers and Clients, like role installation and GPO. Moreover Distribution Point needs infrastructure on site, so budget allocation. Fortunately, Microsoft allows us to easily manage BITS transfer using SCCM.
Let’s see how to do deploy this configuration on remote sites.
Do you know that you can easily display a World Map of your servers location with System Center Configuration Manager 2012?
This feature is built in with SCCM, and it lets you to quickly have a look on the health of your infrastructure. Moreover, some managers like to have this map available for project presentation.
SCCM Server World Map
In this post, I set the location for one Primary server, but you can do it for all Primary and Secondary sites. Let’s see how to do that:
When you deploy a computer with System Center Configuration Manager 2012 using OSD, the WinPE phase displays a name like “IT Organization“. It is possible to change this name by your real corporation name.
WinPE IT Organization
Let’s see how to do that.
If you try to setup IPAM, you can get an error during the provisioning IPAM server step.
“Provisioning IPAM has failed. Check inner exception for more details. Some or all identity references could not be translated”
IPAM Provisioning failed
This error is raised because you try to provision it on a Domain Controller. By design IPAM can not be installed on a DC.
On Technet, Microsoft writes:
An IPAM server is a domain member computer.
|You cannot install the IPAM feature on an Active Directory domain controller.
You could get more information here.
By default, System Center Configuration Manager 2012 use a small TFTP block size, 512 bytes. This behavior is set to be compatible with all network configuration, but the result is that the PXE boot speed can be slow using Operating System Deployment with SCCM.
We can resolve this problem by adding a registry key on the PXE Server. Modification must be made on PXE Distribution Point.
It is possible to change the product key in System Center Configuration Manager 2012 (SCCM 2012). By example, if you installed the product in trial mode and get your license key after the installation.
SCCM 2012 Evaluation period
Change Product Key
Unfortunately, the license key can not be changed using SCCM Console but we must change it using Configuration Manager Setup.
SCCM Configuration Manager Setup
SCCM Configuration Manager Setup
- Select Perform site maintenance or reset the site.
SCCM Perform site maintenance
- Select Upgrade the evaluation edition to a licensed edition. Copy/paste your license.
SCCM Change Product Key
System Center Configuration Manager 2012 brought the possibility for a collection to refresh its members using Incremental Update. It means that the collection will periodically evaluate new resources only, and does not execute a Full Update Membership.
SCCM Collection Incremental
By default, the interval is set to every 5 minutes. But if you want to increase or decrease it, you can do it easily with the SCCM Console.