With Windows Server 2016, Microsoft integrated the Microsoft Defender service into the operating system. This built-in antivirus is now running constantly but it does not have the Defender GUI installed by default. If you want to activate the graphical user interface on the server, this can be done using Windows Server Manager or Powershell cmdlet.
Windows Defender GUI
Let’s see how to activate or disable the Windows Defender Graphical interface:
In order to reorganize an Active Directory forest, with multiple child domains into a single domain, I used the ADMT (Active Directory Migration Tool) 3.2 from Microsoft. This modification is an intraforest migration because all domains are in the same forest.
While ADMT supports an intraforest migration, I encountered a specific issue for migrated computers from a child domain to the parent domain: “The security database on the server does not have a computer account for this workstation trust relationship“
Security database trust relationship
Well, I was very perplex by this error, because the ADMT agent reported an successfully operation, and the computer account existed in the new Active Directory domain.
In fact, you will get this error each time you want to migrate a computer with an intraforest and the target operating system is Windows Server 2012 R2. Let’s see why and how to resolve this issue.
During an Active Directory migration, I needed to do an inventory of the computers to migrate. Because some computers do not exist anymore but not removed from Active Directory. I created a Powershell script based on the Last Logon Timestamp property.
CSV file from the script
This powershell script creates a CSV file with the computer name, the last logon property and the operating system. Some domains were based on Windows Server 2003 or 2008, I could not use Active Directory commandlets, so I used the LDAP Search.
Sometimes, you may need to change the product key, the license, of an existing SQL Server installation. This can happen if you installed the product in Evaluation mode or if you want to upgrade to Enterprise from Standard edition. Fortunately, this modification does not require to uninstall and reinstall SQL Server. It can be done using Setup Wizard.
SQL Server Product Key
But, you may not have the Product Key displayed in your msdn subscription portal. It can be find in the .iso file that you downloaded from the website.
Let’s see how to do that:
For each product, like Windows or Office, Microsoft introduces new features or new configuration options. All of these can be managed using Group Policy Object (GPO) but you must get the latest policy definitions if you want set the new options. For exemple, with Windows Server 2012 R2, you need to import Windows 10 ADMX in order to manage it by GPO.
Windows 10 ADMX with Server 2012
Let’s see how to import ADMX file for Group Policy Object.
If you manage one or several file servers in your infrastructure, you may have the will to customize the Access Denied error message displayed to users. This feature can be used since Windows 8 and Windows Server 2012. It is called Access-Denied Assistance.
Access Denied Custom Message
Access-Denied Assistance can be useful if you want to simplify the process to grant folder permissions to users. Sometime, the user does not know the full path, neither rights needed.
With Access-Denied Assistance, shared folder administrator will receive an email with all information required. No more call for user access.
Let’s see how to do that with Server 2012 R2.
If you manage one or several file servers in your infrastructure, you may have the will to prevent users to paste files with specific extensions. This behavior can be motivated because you don’t have enough storage for big files or for security reasons. Moreover, if you use DFSR to replicate shared folder to another site, you don’t want to block the bandwidth with a movie replication.
Microsoft Windows Server included a role which provide us the ability to manage files on shared folder: File Server Resource Manager (FSRM).
File Server Resource Manager FSRM
In order to block, deny some file extensions, we need to install and configure this role. Let’s see how to do that with Server 2012 R2.
Do you know that you can easily display a World Map of your servers location with System Center Configuration Manager 2012?
This feature is built in with SCCM, and it lets you to quickly have a look on the health of your infrastructure. Moreover, some managers like to have this map available for project presentation.
SCCM Server World Map
In this post, I set the location for one Primary server, but you can do it for all Primary and Secondary sites. Let’s see how to do that:
If you try to setup IPAM, you can get an error during the provisioning IPAM server step.
“Provisioning IPAM has failed. Check inner exception for more details. Some or all identity references could not be translated”
IPAM Provisioning failed
This error is raised because you try to provision it on a Domain Controller. By design IPAM can not be installed on a DC.
On Technet, Microsoft writes:
An IPAM server is a domain member computer.
|You cannot install the IPAM feature on an Active Directory domain controller.
You could get more information here.
I had a issue with Windows System Image Manager (WSIM) when I tried to create a catalog from Windows 8.1 WIM file. Even if it was start with full Administrator rights, I got this error:
“Cannot obtain read/write access for … In order to generate a catalog file, you must have read/write access to the Windows image file and its containing folder.”
WSIM Cannot obtain read/write access