Archive for the ‘Active Directory’ Category

Now I can say , I am a certified Master in Active Directory and Windows server 2008 Technology. It took around 2 months to achieve this. Finally I have got , What I wanted . I am Happy 🙂

Profile Link –

Cheers ,



Below are few of my TechWiki Articles 🙂

Time Service Configuration on PDC Emulator FSMO Role holding Domain controller

Sysvol and netlogon share importance in Active Directory

Trust Relationship between Workstation and Primary Domain failed



Hello All,

This week I was assigned a task to clean up my Active directory(Disabled user accounts).I was knowing that dsquery and dsget
command lines will help me out (Though I was not aware of exact commandlines). Upon searching and putting this question on TechNet
Forum finally I got the commandline to accomplish the task.

dsquery user -disabled -limit 0

This command will list all the disabled user accounts in an AD enviornment. ( -limit 0 is used to list more than 100 disabled user accounts)

dsquery user -disabled -limit 0 | dsget user -fn -ln > disabled account.csv

Above command will give output in .csv format and the disabled users first and last name will be generated in the output file.

Apart from this we can list the members of perticular security group with following commandline

dsquery group -name “GroupName” | dsget group -members | dsget user -fn -ln > members.csv

for Member Of Information,

dsquery group -name “GroupName” | dsget group -memberof | dsget user -fn -ln > Memberof.csv

Hope this Helps.


-Prashant Girennavar.

Coordinated Universal Time (UTC) is a timing convention which all the Domain Controllers use in Active directory Envoirnment. PDC FSMO role use UTC Time Zone to sync the time Between Domain controllers in a Active directory Forest.( Local Time zone which is displayed on system and UTC both are different). Internally All the DC’s Follow UTC Timing’s.
Below is the Technet Link which can explains it –

Check out one more Technet link where MVP Awinish has explained about the UTC…


-Prashant Girennavar

After 3 Days of Struggle , Finally Configured the CAS server Between 2 Active Directory Site .

Here is my Lab setup.

2 Two Active Directory with Network,

1 DC/DNS , 1 Exchange and 1 Client on Each the sites.

Exchange has HT/CAS/Mailbox Role in both the sites . I thought of Configuring CAS server in both exchange servers. I started with changing the InternalURL on both Exchange CAS OWA Property. I had put in both InternalURL and put DNS entry of asscoiate with it ( is my Exchange server in site2). After doing this configuration I tried access the mailboxes which are store in exhange2 (site 2). I was able to access them without any problem.

When I tried to access mailbox which were in exchange1 (Site1) . Client was throwing me an error “THERE IS NO MICROSOFT EXCHANGE CAS SERVER CONFIGURED IN ACTIVE DIRECTORY SITE WHERE MAILBOX IS TORED”


I started Googling for a Resoltion of my problem. I changed the Authentication method to WINDOWS INTERGRATED ON BOTH THE SITES in OWA Virtual Direcotry of both Exchange server But no luck. Now it came up with some other error message.



Finally I have changed the InternalURL of First Active Directory Site to This is generated by default when we have installed CAS on Exchange1).

Tried accessing mailbox which are stored in site1 from site2 using OWA. Whippppeeeee Worked fine…….

So There was an issue with InternalURL , which I have changed in site2. So I have changed it to Default URL which was assinged by Exchange server.

Proxying Worked Absoultely Fine…

Hey Guys,

  Recently I have taken up my 70-648 Exam and Passed with flying colors… Now I have done with 70-648 , it was a time for me to kick off with 70-646 . One of the main topic in 70-646 is Upgardation of DC’s .

I thought of performing this in my lab setup .  Here is the Configuration I have used.

1. Put window server 2003 32  Bit OS in one of the VM.

2.Once You are done with putting the server 2003 and AD,DNS Etc on the server . We have to start using ADPREP.EXE .

 (Note – If you are upgarding the existing DC to windows server 2008 , Insert 2008 CD in your DC. Go to Source folder and Copy that to your Desktop)

After doing this we have to run ADPREP Command to prepare your Existing SCHEMA and Domain .

Below is the link Which I have refered to .

With the help above link . I have succesfully upgarded the OS of my DC.

While You are running ADPREP /DomainPrep Make sure that the Domain Functional Level is Windows server 2000 Native Mode. ( As it wont run on Mixed mode).

Next is WDS on windows server 2008 🙂



-Prashant Girennavar




A person who is like me ( I am still not mastered AD,DNS concepts ) who want to master and become a geek in directory services will face below mentioned problem when he start putting his AD and DNS in his lab.

I recently came across this problme when I installed AD, DNS in my Lab setup.

When I did a nslookup in cmd prompt I got below error message



  This is 90 % due to you have not configured the reverse lookup zone for your forward zone.

Note : how to configure reverse lookup zone please refer the technet article –

I am sure when you configure it , it will resolve the Name server FQDN without any issues.

DNS Search Suffix.

The DNS search suffix’s are used by the client side to resolve the suffix (Ex – , etc)

 MVP – ACE Fekay has written beautiful article on that ,  Here is the link for that ( I thought instead of me expalining its better to put the link for ACE Link which I have referred 🙂 )


Hope this helps for Newbee’s ( Like Me) 🙂

Any quesiton mail it to –