Windows Server Active Directory domain controller showing network as “private” instead of domain

Restart the Network Location Awareness service and the network type should automatically switch back to Domain.

Advertisements

Set Windows network type public private using powershell

List all network interfaces/profiles: Get-NetConnectionProfile

Find the InterfaceIndex number of the adapter you wish to change, then use the command:

Set-NetConnectionProfile -InterfaceIndex <index number> -NetworkCategory Private

Remove old name server from Windows DNS

You can’t delete name servers from the DNS console. Run this powershell on the dns server.

Remove-DnsServerResourceRecord -ZoneName “ad.domain.com” -RRType “Ns” -Name “@” -RecordData “server.ad.domain.com.”

and

Remove-DnsServerResourceRecord -ZoneName “_msdcs.ad.domain.com” -RRType “Ns” -Name “@” -RecordData “server.ad.domain.com.”

Windows AD DNS – reverse DNS, automatically add DNS records for non AD machine

Reverse DNS –

open DNS, create a reverse lookup zone, Primary zone, all DNS servers in the domain, IPv4, network ID – enter whatever it is for the network (e.g. 192.168.1), allow only secure dynamic updates, finish.

Does not work with AD-bound computers unless other DHCP configuration is done.

To fix this: open DHCP, right click IPV4, properties, Advanced tab, Credentials. You have to create a new user for this purpose, and add it to the DnsUpdateProxy group.

To have DNS records automatically created for devices not part of AD:

Go to DHCP. Right click scope, open properties, DNS Tab, check Dynamically update DNS records for DHCP clients that do not request updates.

Powershell for loop syntax

$servers = @(“dc1″,”dc2″,”backup”,”server”,”wds”,”wsus”)

foreach ($server in $servers) {
Write-Output “Updating” $server
Invoke-GPUpdate -Computer $server
}

UNC hardening

Create a new GPO that applies to ALL computers and servers. (Configure Group Policy to apply to all domain-joined computers link)

Computer Configuration > Policies > Administrative Templates > Network > Network Provider: Hardened UNC paths

 

Enable it and add these two entries:

\*NETLOGON  RequireMutualAuthentication=1, RequireIntegrity=1
\*SYSVOL    RequireMutualAuthentication=1, RequireIntegrity=1

Create a free website or blog at WordPress.com.

Up ↑