Full Forest Recovery of Windows Server 2012 R2

Similar Messages

• Rename forest domain name windows server 2012 R2

  I have single DC windows server 2012 R2 ex:abc.local i want to change forest domain name to ab.local?

  Hello,
  is that an already running domain or is the server just installed?
  If the latter demote and promote with the new name again.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

• How to install and configure Exchange Server 2010 DR (disaster recovery) on Windows server 2012.

  We need to install and configure Exchange Server 2010 with DR(disaster recovery on Server 2012.
  Pls suggest step by step.
  Pankaj Kumar

  Hi,
  Here is an article which may help you for your reference.
  Deploying High Availability and Site Resilience
  https://technet.microsoft.com/en-us/library/dd638129(v=exchg.141).aspx
  Besides, there is a related thread here.
  https://social.technet.microsoft.com/Forums/exchange/en-US/577c9433-a20b-442e-8ce7-be59aea35855/preparation-for-deploying-exchange-2010-servers-at-remote-site-dr-site?forum=exchangesvrdeploylegacy
  Hope this is helpful to you.
  Best regards,
  Belinda Ma
  TechNet Community Support

• [Forum FAQ]How to upgrade Windows Server 2008 R2 with a GUI to Windows Server 2012 Server Core

  We found that some customers willing to upgrade Windows Server 2008 R2 GUI to Windows Server 2012 Server Core recently. This article provides detailed steps to perform the upgrade.
  Analysis
  Upgrading from Windows Server 2008 R2 with a GUI installation to Windows Server 2012 with Server Core directly
  is not supported. If you do that, you will receive the error message below(Figure 1) in Compatibility report: 
  Figure 1.
  In these scenario, you can upgrade to Windows Server 2012 firstly. After the upgrade process is completed, you can switch freely between Server Core and Server with a GUI modes.
  Produces
  You can follow the steps below to perform an upgrade from Windows Server 2008 R2 with a GUI installation to Windows Server 2012 Server Core mode:
  1. Upgrade to Windows Server 2012 with a GUI mode
  1) Firstly, please boot into Windows Server 2008 R2 with a Windows Server 2012 installation DVD inserted.
  2) Select the operating system you want to install with a GUI mode.
  We can see 2 options (Server Core Installation or Server with a GUI) for each operating system version. (Figure 2)
  Figure 2.
  Note: Please make sure you have enough disk space on system partition. Or you will get such an error in Compatibility report.(Figure 3)
  Figure 3.
  After the Compatibility check, the installation will continue. It will take several minutes until upgrading is done.(Figure 4)
  Figure 4.
  2. Switch the GUI mode to Server Core
  Method 1: Using Server Manager
  1) Open Server Manager, click
  Manger and select “Remove Roles and Features” to start the
  Remove Roles and Features Wizard.
  2) In Features,
  uncheck the box next to the “User Interfaces and Infrastructure” option, and then click “Next”. (Figure 5)
  Figure 5.
  Now tick the “Restart the destination Server automatically if required” box, then click “Remove”. (Figure 6)
  Figure 6.
  Method 2: Using Windows PowerShell
  There are multiple ways to remove the GUI via Windows PowerShell, we introduce the way of using the ServerManager module.
  You can also run the commands in Windows PowerShell with an administrator to remove the GUI feature:
  “Import-Module ServerManager”
  “Uninstall-Windowsfeature Server-Gui-Shell –Restart”
  or
  “Uninstall-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra –Restart”
  It will take a period of time to remove the GUI feature and reboot. When the system boots up, you will get into the Windows Server 2012 with Server Core mode. (Figure 7)
  Figure 7.
  More information:
  Switch between Full and Server Core in Windows Server 2012 using PowerShell 3.0
  http://blogs.technet.com/b/puneetvig/archive/2012/10/16/switch-between-full-and-core-in-windows-server-2012-using-powershell-3-0.aspx
  Windows Server Installation and Upgrade
  http://technet.microsoft.com/en-us/windowsserver/dn527667.aspx
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  Hi,
  Brian is right, for mange the Server 2008r2 sp1 we recommend use the Windows 7 or 7.1 platform.
  More information:
  Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1)
  http://www.microsoft.com/en-us/download/details.aspx?id=7887
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• One way trust relationship between different domain windows server 2012 in different forest

  I'd like to build trust correctly between the domains A.local and B.int. A.local is on a Windows 2012 . B.int is on a Windows 2012 . Both machines are
  connected to the same LAN. The forest level in A.local
  machine is Windows Server 2008 and The forest level in B.int
  is Windows server 2012.
  I want a one-way trust relationship, i.e. users from A.local gain access to B.local.
  my problem it i create the trust put when i go to validate the trust between A.Local and B.int give me this error :
   The secure channel (SC) reset on Active Directory Domain Controller \\dc2.B.int of domain B.int to domain A.Local failed with error: There are currently no logon servers available to service the logon request.
  NOTE : Recently I
  UPGRADE THE Active Directory FROM 2008 R2 TO 2012 and i ping on A.local to B.int
  it is ping by name and IP but from b.int ping by IP JUST >>>
  ihab

  Hi,
  yes i already do it the setup conditional forwarding between the 2 domains and
  the firewall it is off 
  ihab

• How to install first forest and active directory on the windows server 2012 R2 core?

  hi to all
  i installed a windows server 2012 R2 Core edition on the server platform and i want install first forest and Domain on this server core by cmdlet...but i cannot install it. i search in the technet and other sites and blogs on the internet
  and i saw many commands that use for install it such as "DCpromo /unattend" and even
  "Install-addsforest" in the powershell but still i cannot get a result from these commands.
  i need step-by-step guide that help me for install new forest and domain in the server 2012 R2 core.
  thanks a lot friends

  C:\PS>Install-ADDSForest
  -DomainName mydomain.local -CreateDNSDelegation
  -DomainMode Win2012 -ForestMode Win2008R2
  -DatabasePath "d:\NTDS"
  -SysvolPath "d:\SYSVOL"
  -LogPath "e:\Logs"
  you can use above example
  Darshana Jayathilake

• From english evaluation to dutch full licensed? (Windows Server 2012 R2 Essentials)

  Hello,
  I've installed and evaluated Windows Server 2012 R2 Essentials English.
  This server edition works like a charm for my smaller projects.
  I've been testing this version and I'm at 'Windows License valid for 159 days'.
  Now I would like te use this setup for one of my projects, so I would like to transform this evaluation version to a full version.
  I bought a full license of Windows Server 2012 R2 ESSENTIALS 1-2 CPU Dutch.
  What is the best way to transform my current setup (Evalution - English) completely to a full license Dutch?
  - I can buy an english version of this full version, but witch one? (It must be the correct language, because I tried changing the productkey of my evaluation english to the full dutch one, without succes)
  - Install from scratch the full version and load a backup of the evalution edition? (Already tried this, this ends up running the english evaluation again)
  - Any other suggestion?
  Thank you very much!

  I think you would have to do a migration.
  You should add another Domain Controller, transfer FSMO roles.
  Remove the English Essentials Server, then install the Dutch one in Migration mode.
  You can then remove that second DC.
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• Can a 180 trial license of Windows Server 2012 R2 Essentials be converted to full use license without uninstalling

  Hi,
  Is it possible to convert a 180 day trial version Windows Server 2012
  R2 Essentials to a full retail license? Or do I have reinstall it again?
  I found this information: http://technet.microsoft.com/library/jj574204
  But it doesn't say anything about Windows Server 2012 R2 Essentials.

  Is this also true of the WSE 2012 R2 is a domain controller?  The TechNet article was pretty clear that if the server is a domain controller, then you cannot convert from trial to retail (though if I read the TechNet article literally, then it looks
  like that is only true for WS Standard and Datacenter).
  I'm just trying to get a head start on my new server while I wait for WSE 2012 R2 to get delivered in the mail, but I would hate to migrate my DC to the trial server only to have to reinstall again!
  Thanks!
  --rob

• Windows Server 2012 C Drive gets always full with exchange server 2013 installed

  Hi All
  My C drive gets full always with exchange server 2013 installed what would be the reason because this is causing extremely bad to my environment can somebody help me please
  Thanks & Regards, Santosh Chowdary Vasireddy System Administrator Prolifcs DHFLVC Silicon Towers, 5th Floor, Survey #14, Kondapur, Hyderabad – 500 032. Work +91 40 3999 1999 Ex.1656 l Cell +91 9849277255 l [email protected] A Global
  Provider of IBM, Microsoft and Testing Solutions Award Winner for Technical Excellence, BPM, SOA, Portal and Governance

  Hi,
  Based on your description, I understand that this issue (C drive gets always full) occurred after Exchange
  Server 2013 installed.
  à
  But my exchange server is installed in different Drive (EX: D)
  I suggest that you should check file system to see what folders or files are taking up the space recently.
  This issue may be not related to Exchange server.
  Please refer to the following article and enable Disk Cleanup Utility. Then monitor the result.
  Enabling
  Disk Cleanup Utility in Windows Server 2012
  Meanwhile, please check if the winsxs directory is growing bigger.
  How
  to Reduce the Size of the Winsxs directory and Free Up Disk Space on Windows Server 2012 Using Features on Demand
  By the way, please check if you have installed update rollup 2836988. I noticed that Windows.edb file grows
  very large. For more details, please refer to the following KB.
  The Windows.edb file grows very large in Windows 8 or Windows
  Server 2012
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• RelayState parameter is full support with ADFS in Windows Server 2012?

  We have implement Single Sign-On with ADFS. (Service Provider - salesforce.com , identity provider - ADFS). When we authenticate with ADFS it will
  authenticate successfully, but it will redirected to salesforce full site instead of mobile site. Salesforce document mentioned that we need to handle RelayState parameter on ADFS. And I saw some article mentioned that 'RelayState' parameter is not fully support
  for Windows Server 2012. Please let us know Windows Server 2012 is fully support for the 'RelayState' parameter and if it is how to handle it on ADFS. Thanks. 

  Hi Prasad,
  Regarding ADFS related issue, I suggest you refer to experts from the following forum to get professional support:
  Claims based access platform (CBA), code-named Geneva Forum
  http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  In addition, here is a related thread for your reference:
  RelayState Support in ADFS 3.0?
  http://social.msdn.microsoft.com/Forums/vstudio/en-US/25239ff7-a33d-4f3e-a7a8-5a3c47d733f7/relaystate-support-in-adfs-30?forum=Geneva
  Best Regards,
  Amy

• Forest and domain functional level Windows Server 2012 R2 - what's new?

  Hi, I still can't find documentation about the new domain and forest functional levels in WS 2012 R2.
  a) "What's New in Active Directory in Windows Server 2012 R2"
  http://technet.microsoft.com/en-us/library/dn268294.aspx
  No word about it.
  b) "Understanding Domain and Forest Functional Levels"
  http://technet.microsoft.com/en-us/library/cc771294.aspx
  Still WS 2012.
  Thorsten

  For what's New in Active Directory in windows server 2012 R2,
  Read the following Blog
  http://policelli.com/blog/archive/2013/06/27/whats-new-in-active-directory-in-windows-server-2012-r2-preview/
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer".

• [Forum FAQ] Introduce Backup in Windows Server 2012 R2 Essentials

  Windows Server 2012 R2 Essentials provides reliable ways to perform regular backups of your server and backups of your network computers.
  1. Server Backup
  Description:
  Backs up your server running Windows Server Essentials. The data is backed up to an external USB drive. You can also perform full system restore of server.
  Operations:
  On Dashboard, please select DEVICES and then navigate to the server which you need to backup. Right click the server and select Set up backup. When set up complete, you will be able to
  Start a backup for the server. (Figure 1)
  Figure 1
  More information:
  Manage server backup in Windows Server Essentials
  Restore or repair your server running Windows Server Essentials

  3. Microsoft Azure Backup
  Descriptions:
  Performs an online backup of files or folders on your server. When you use Azure Backup to back up server data, the information is encrypted by using your passphrase before it is uploaded to a secure datacenter on the Internet.
  Operations:
  1) Open Dashboard and follow the path: HOME-> Get Started-> ADD-INS-> Integrate with Windows Azure Backup. Then as Figure 3 shows, you need to “Click to sign up for Windows Azure Backup” and “Click to download Windows Azure
  Backup integration module”.
  Figure 3
  Please note: when you click to download, you may encounter the issue as Figure 4 shows. If so, please follow the path:
  Tools-> Internet Options-> Security->
  Trusted sites-> Add this website to the zone and add
  http://downlaod.microsoft.com,
  https://activedirectory.windowsazure.com in Trusted sites in IE. (Please uncheck
  Require server verification (https:) for all sites in this zone). Then please check if you can download as normal.
  Figure 4
  2) After you download the OnlineBackupAddin, please run it. Then begin to install the add-in. (if any issue occurs in your installation of add-in, please navigate to C:\PrgramData\Microsoft\Windows Server\Logs folder and check
  InstallAddin log file if you can find some clues.)
  3) During your installation, KB 2873390 may be required. Please download the update package and run it. Then Windows Azure Backup Agent Upgrade Wizard appeared. Please follow it and complete as Figure 5
  and Figure 6 show.
  Figure 5
  Figure 6
  4) Then please re-open Dashboard, you will find ONLINE BACKUP option. (Figure 7) There will be three steps that you need to do: (i)
  Upload a certificate. (ii) Register your server.
  (iii) Configure backup settings.
  Figure 7
  (i). Upload a certificate. (In this example, we use the second option: Upload certificate to Windows Azure Backup vault)
  Please logon Windows Azure, select RECOVERY SERVICES and click
  NEW. Follow the path: RECOVERY SERVICES-> BACKUP VAULT->
  QUICK CREATE. Please type NAME and select
  REGION, then click CREATE VAULT. When create completes, please click the name of this new recovery service that you create. As Figure 8 shows. Then select Manage Certificate to add or update the certificate file (.cer) that contains
  a public key for the vault. The certificate is used to register servers with the vault.
  Figure 8
  (ii). Register your server
  On Dashboard, navigate to Online Backup and click Register. (Figure 9)
  Figure 9
  Then it will check the certificate. And then you need to set a passphrase to secure your data. (Figure 10)
  Figure 10
  When you set passphrase complete, please click Next to continue. When register successfully. You will see Figure 11.
  Figure 11
  (iii). Configure backup settings
  When register completes, please click Configure Online Backup. Then you can follow the Configure Online Backup wizard to configure online backup (add folders), specify the backup schedule, specify the backup retention policy and choose bandwidth usage. The
  all process will be shown in Figure 12-16.
  Figure 12
  Figure 13
  Figure 14
  Figure 15
  Figure 16
  After all configurations complete, you will be able to see that the server integrates with Windows Azure Backup. (Figure 17)
  Figure 17
  On the Dashboard in server essentials, you will be able to start backup online. (Figure 18)
  Figure 18
  After backup online, you will see the protected data as Figure 19 and Figure 20 show in Dashboard and Windows Azure.
  Figure 19
  Figure 20
  More information:
  Manage Online Backup in Windows Server Essentials

• Number of Windows Server 2012 R2 Essentials Servers

  I am looking at migrating a small real estate agency to Window Server 2012 R2 from Windows Server 2003 x86.  Looking to combine 12 servers ( Essentially PCs running Windows Server 2003) less than 20 users, to 2/3 dual core or quad core servers. I am
  looking at Essentials due to cost, but have some questions.
  1) Can you have more than one Windows Server 2012 R2 Essentials server in the environment? Since the server install defaults to being a domain controller.
  2) If you can have more than one Windows Server 2012 R2 Essentials, can you have more than one domain controller?
  2) Can you migrate/upgrade a Windows Server 2012 R2 Essentials server to Windows Server 2012 R2 Standard or Data Center?
  Thanks for you time.
  DJ

  I confirm your Suggestion that Windows Server 2012 R2 Essentials must be the domain controller at the root of the forest and domain, and must hold all the FSMO roles.
  You can have more than one Server(Standard, datacenter) with the Windows Server Essentials Experience role installed in your network.
  you can migrate from essentials Edition to Standard as Long you purchase the Standard license but is not possible to purchase th eupgrade license fro essentials to Standard. you need the full license.
  thanks
  diramoh 

• Newbie looking to setup home virtual lab to do Windows Server 2012 R2 Labs for school

  Hey all, hopefully someone can point me in the right direction here. Im looking to setup a virtual lab with 3 windows server 2012 r2 machines running, all connected to the internet and within the same network so I can work on labs for class.
  I have all 3 machines installed and running fine together though figuring out how to get them all connected is confusing the hell out of me.
  I've been scouring google and forums and such looking for some sort of guide and i cant seem to find anything. All help is much appreciated thanks!

  Alright sorry for the delay, I was given exact setup instructions so I figured I'd be good to go but I'm still hung up basically at the same spot.
  Here's the setup guide:
  Two servers, a domain controller and an application server. Follow
  the setup instructions below.
  1. Open your server’s Networking and Sharing Center.
  2. Double-click the Ethernet connection to open the Ethernet Status dialog box.
  3. Click Properties to open the Ethernet Properties dialog box.
  4. Double-click Internet Protocol Version 4 (TCP/IPv4) to open the Internet Protocol
  Version 4 (TCP/IPv4) Properties dialog box.
  5. Enter the following information:
  IP address: 192.168.1.50
  Subnet mask: 255.255.255.0
  Preferred DNS server: 192.168.1.50
  6. Click on the Advanced button.
  7. In the IP addresses section, click the Add button.
  8. When the TCP/IP Address dialog box opens, enter the following information:
  IP address: 192.168.100.55
  Subnet mask: 255.255.255.0
  9. Change the name of the server to RWDC0x, where x is the number of your table from
  1 to 6
  Installing Active Directory
  The RWDC0x virtual machine will be the primary Active Directory domain Controller and
  the DNS server. Therefore, to configure the RWDC0x server, use the following steps:
  1. Login to RWDC0x as Administrator.
  2. On the Server Manager console, open the Manage menu and click Add Roles and
  Features.
  3. When the Add Roles and Features Wizard starts, click Next.
  4. On the Select installation type page, click Next.
  5. On the Select destination server page, click Next.
  6. On the Select server roles page, click to select Active Directory Domain Services and
  click Next.
  When the Add Roles and Features Wizard dialog box opens, click Add Features.
  8. Back on the Select server roles page, click to select DNS Server and click Next.
  9. When the Add Roles and Features Wizard dialog box opens, click Add Features.
  10. Back at the Select server roles page, click Next.
  11. On the Select features page, click Next.
  12. On the Active Directory Domain Services page, click Next.
  13. On the DNS Server page, click Next.
  14. On the Confirm installation selections page, click Install.
  15. When the installation is complete, click Close.
  16. On the Server Manager console, click the Tools menu (upper left) and click DNS.
  17. When the DNS Manager console opens, right-click RWDC0x and click New Zone.
  18. When the New Zone Wizard appears, click Next.
  2
  19. On the Zone Type page, Primary zone will already be selected. Click Next.
  20. On the Forward or Reverse Lookup Zone page, Forward lookup zone will already be
  selected. Click Next.
  21. For the Zone name, type contoso.com and click Next.
  22. On the Zone File page, click Next.
  23. On the Dynamic Update page, click Next.
  24. When the wizard is complete, click Finish.
  25. On the Server Manager console, click the Yellow Exclamation Symbol and click
  Promote this server to a domain controller.
  26. When the Active Directory Domain Services Configuration Wizard starts, click Add a
  new forest.
  27. In the Root domain name text box, type contoso.com. Click Next.
  28. On the Domain Controllers Options page, for the Directory Services Restore Mode
  (DSRM) password boxes, type Password01. Click Next.
  29. On the DNS Options page, click Next.
  30. On the Additional Options page, click Next.
  31. On the Paths page, click Next.
  32. On the Review Options page, click Next.
  33. On the Prerequisite Check page, click Install.
  34. After the computer reboots itself, login to RWDC01 as contoso\administrator with the
  password of Password01.
  35. Open the DNS Manager console.
  36. In the DNS Manager console, expand RWDC01, expand Forward Lookup Zones, and
  click contoso.com. Then right-click contoso.com and click Properties.
  37. When the Contoso.com Properties dialog box opens, click the Change button.
  38. When the Change Zone Type dialog box opens, select Store the zone in Active
  Directory and click OK.
  39. When it asks if you want the zone to become Active Directory integrated, click Yes.
  40. For Dynamic Updates, select Non-secure and secure.
  41. Click OK to close the contoso.com Properties dialog box.
  42. Click Reverse Lookup Zones. Then right-click Reverse Lookup Zones and click New
  Zone.
  43. When the wizard opens, click Next.
  44. On the Zone Type page, click Next.
  45. On the Active Directory Zone Replication Scope page, click Next.
  46. On the Reverse Lookup Zone Name page, click Next.
  47. On the Reverse Lookup Zone Name page, type 192.168.1 in the Network ID and click
  Next.
  48. On the Dynamic Update page, click Next.
  49. When the wizard is complete, click Finish.
  Installing DHCP
  The RWDC0x will also be the primary DHCP server for the virtual environment. Therefore,
  use the following steps to install and configure DHCP on the RWDC0x:
  1. Login to RWDC0x as Administrator.
  2. On the Server Manager console, open the Manage menu and click Add Roles and
  3
  Features.
  3. When the Add Roles and Features Wizard starts, click Next.
  4. On the Select installation type page, click Next.
  5. On the Select destination server page, click Next.
  6. On the Select server roles page, click to select DHCP and click Next.
  7. When the Add Roles and Features Wizard dialog box opens, click Add Features.
  8. Back at the Select server roles page, click Next.
  9. On the Select features page, click Next.
  10. On the DHCP page, click Next.
  11. On the DNS Server page, click Next.
  12. On the Confirm installation selections page, click Install.
  13. When the installation is complete, click Close.
  14. Using Server Manager, open the DHCP console.
  15. Expand the rwdc0x.contoso.com node.
  16. Right-click IPv4 and click New Scope.
  17. When the New Scope Wizard starts, click Next.
  18. For the Name, type Main Scope.
  19. For the Start IP address, type 192.168.1.30. For the End IP address, type 192.168.1.40.
  Click Next.
  20. On the Add Exclusions and Delay page, click Next.
  21. On the Lease Duration, change the lease duration to 1 day. Click Next.
  22. On the Configure DHCP Options page, click Yes, I want to configure these options
  now. Click Next.
  23. On the Router (Default Gateway) page, click Next.
  24. On the Domain Name and DNS Servers page, type contoso.com for the Parent domain.
  In the IP address, type 192.168.1.50, and click Add. Click Next.
  25. On the WINS Servers page, click Next.
  26. On the Activate Scope, make sure Yes, I want to active this scope now, and click Next.
  27. When the wizard is complete, click Finish.
  28. In the DHCP console, right-click rwdc01.contoso.com and click Authorize.
  29. Close the DHCP console.
  Creating a Software Folder
  Because you will not have Internet access, you must create a Software folder to hold
  the software and share the folder using the following steps:
  1. On RWDC0x, create a folder called C:\Software.
  2. Open the properties dialog box for the C:\Software folder
  3. Share the Software folder using the name Software.
  4. Assign the Allow Full Control share permission to the Everyone special identity.
  5. Copy all files and folders from the Software folder from your instructor’s thumb drive to
  the Software folder.
  6. Close the Explorer windows.
  Now, configure your application server.
  1. Login to Server01 as Administrator.
  2. Open your server’s Networking and Sharing Center.
  4
  3. Double-click the Ethernet connection to open the Ethernet Status dialog box.
  4. Click Properties to open the Ethernet Properties dialog box.
  5. Double-click Internet Protocol Version 4 (TCP/IPv4) to open the Internet Protocol
  Version 4 (TCP/IPv4) Properties dialog box.
  6. Enter the following information:
  IP address: 192.168.1.60
  Subnet mask: 255.255.255.0
  Preferred DNS server: 192.168.1.50
  7. Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box.
  8. Click Close to close Ethernet Statusdialog box.
  9. Double-click the computer name to open the System Properties dialog box.
  10. Click Change to open the Computer Name/Domain Changes dialog box.
  11. Type Server01 in the Computer name text box.
  12. Click Domain and type Contoso.com in the text box. Click OK.
  13. When it asks for a name and password of an account with permissions to join the
  domain, use contoso.com\administrator and Password01. Click OK.
  14. When the Welcome to the contoso.com domain message appears, click OK.
  15. When a message appears stating that you must restart your computer, click OK.
  16. Click the Close button to close the System Properties dialog box.
  17. When it says that you must restart your computer, click Restart Now.
  I went through this once and I couldnt get past "12. Click Domain and type Contoso.com in the text box. Click OK" without an error.
  I uninstalled all machines and VMware entirely, reinstalled VMware and then reinstalled machines, went though the guide again, same error when trying to connect the app server to the contoso.com domain.
  Here's a screenshot of the error:
  I also tried changing both machines to bridged connection, no luck, as well as NAT connection, still no luck.
  Any help is greatly appreciated... Thanks guys!

• Learning Windows server 2012 R2 & 2012 core

  Hi,
  How do i configure a fast and standard solution with 1domain (Windows
  Server 2012 R2) and 1subdomain(Windows Server 2012 Core) implemented with a webserver and security for dns?
  Thx

  Hi
  Maybe this can help,
  Nslookup test:
  cmd => nslookup => set type=mx => host.net.
  Organizational unit:.be
  Active directory users and computers openen => rmb op domeinnaam => new => organtizational unit aanmaken => Protection uitvinken
  Computer Manueel toevoegen aan domein:
  1)DNS veranderen naar 192.168.1.1 van het domein zelf
  2)Add-Computer -domainname host -cred administrator@host -passthru -verbose
  GPO voor chrome installeren:
  1)Group policy management => in OU PC's => new policy aanmaken
  2)rmb policy en klik edit
  3)onder computer => software => new package => pad ingeven waar je msi bestand hebt gezet van chrome => \\S1\netlogon\msi\chrome.msi
  4)client heropstarten en aanmelden met domeingebruiker => powershell => Restart-Computer
  5)mapje waar MSI in zit => security => domain controller (user) toevoegen met volledig beheer
  GPO voor browser block chrome:
  3)block listed urls..
  4)op client gpupdate
  Failed login events:
  1)Group policy instellen op OU Servers: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ ==> Failed logins aanzetten
  2)gpupdate /force
  1)powershell
  2)get-windowsfeature => install-windowsfeature SMTP-Server
  3)Internet information services => S1 => Domain RMB => properties => Acces tab => Relay => Add => Group computers => IP: 192.168.1.1 subnet 255.255.255.0 => Ok => ok
  3b)Eens afmelden en aanmelden met fout wachtwoord zodat er een log geschreven wordt met audit failure in de security log van event viewer
  4)Eventviewer security log => op failed audit log RMB => attach => Geef andere naam => next => next start program => program: powershell.exe =>
  open the propery dialog aanvinken
  5)Run wheter user is logged in or not aanvinken => tabke conditions: start the task only if AC power afvinken! => ok => paswoord administrator ingeven
  6)powershell: get-executionpolicy => resultaat moet remotesigned zijn => view tabke => script pane aanzetten =>
  Script geven: $smtpServer = ìsmtp2.school.beî
  $msg = New-Object Net.Mail.MailMessage
  $smtp = New-Object Net.Mail.SmtpClient($smtpServer)
  $msg.From = ì[email protected]î
  $msg.ReplyTo = [email protected]î
  $msg.To.Add([email protected]î)
  $msg.subject = ìhacking attempt?î
  $msg.body = ìlogin/pwd failure on S1.î
  $smtp.Send($msg)
  7)Script opslaan in mapje op C schijf => powershell cd naar mapje met script => ls commandoTo configure the time source for the forest
  8)Task scheduler openen => naar event viewer tasks => login => rmb properties => actions => powershell.exe edit => add arguments: -command "C:\Script\login.ps1" => ok => password admin ingeven
  9)Testen
  *Op welke manier kan je je MX records controleren met NSLOOKUP
  cmd => nslookup => set type=mx => host.net.
  *Commando powershell om Client toe te voegen aan het domein:
  Add-Computer -domainname host -cred administrator@host -passthru -verbose
  Best practice analyzer:
  1)Server manager => klik op dns en op ADDS => Scroll naar onder tot bij BPA => Task start scan => bekijk resultaten:
  Vraagje: Welke suggesties zou je kunnen oplossen:
  DNS server should have scavenging enabled
  De PDC emulator master moet geconfigureerd worden
  1)To configure a domain controller in the parent domain as a reliable time source
  *W32tm /config /reliable:yes /update
  2)To configure the time source for the forest
  *w32tm /config /computer:s1.host.net /manualpeerlist:ntp.belnet.be /syncfromflags:manual /update
  Tijd moet gelijk zijn van S1 en S2!!
  Corefig opstarten in powershell:
  1)cd C:\corefig
  2)execution policy aanpassen: Set-ExecutionPolicy bypass
  3).\corefig.ps1
  4)naam veranderen in corefig
  Commando om S2 toe te voegen aan het domein in de OU servers:
  1)DNS instellen
  Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 192.168.1.1
  2)Toevoegen aan OU servers
  Add-Computer -domainname sdhost -cred administrator@host -OUPath "OU=Servers,OU=OU,DC=Host,DC=net"
  Herstarten
  OPPASSEN HIERMEE ALS S2 ZELF DC MOET WORDEN!
  Voorzie je server van de DNS-rol via windows powershell:
  1)Import-Module Servermanager
  2)Get-WindowsFeature
  2)Add-WindowsFeature "DNS" -restart
  Remoteaccess:
  S1 remote access geven voor administrators bij active directory
  view => advanced features enablen
  => Remote management users => HOST\Administrator toevoegen met full rechten
  => Remote Desktop users => HOST\Administrator toevoegen met full rechten
  Bekijk welke firewall regel op dit moment Remote Management nog blokkeert en laat
  die communicatie toe:
  1)Op S2 in powershell: Configure-SMRemoting.exe -enable
  2)op S1 => Server manager => manage => add servers => S2 ingeven => ok
  3)Active directory installeren op s2 via add roles (via S1)
  4)S2 promoveren to domain controller
  5)credentials van s1 gebruiken => naam subdomain 'premium'
  6)DSRM passwoord: P0wnerken
  7)PREMIUM
  DNS instellen van s2 zelf
  Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 192.168.1.2
  C2)DNS server instellen op S2 : 192.168.1.2
  Toevoegen aan domein premium.host.net => inloggen met admin account van s2 domein
  herstarten van C2
  Maak†van†deze†tweede†server†nu†een†domeincontroller†voor†het†nieuwe†domein
  ìpremiumî.†Daar†zijn†twee†werkwijzen†voor.†Zoek†deze†methodes†op†en†noteer†deze
  summier†hieronder:
  - Werken met DCPROMO.exe
  - Werken met GUI vanop S1
  Je†mag†zelf†kiezen†welke†methode†je†toepast.†Noteer†hier†wel†de†commandoís†die†je
  toepast:
  Werken met GUI: new existing domain to current forest => naam PREMIUM
  Netwerkkaarten toevoegen:
  VCLOUD => Niet customizen!!!
  Firewall disablen S2:
  netsh firewall set opmode disable
  Op S1 => chrome => ip in url : https://192.168.1.150:446 => proceed => logingegevens:
  naam: openfiler
  pass: password
  Services => CIFS / NFS => Enable => Start
  manage volumes => 1GB volume => start cyl = 1, end cyl = 128 => ongeveer 1GB
  Add volume group => NFS als naam en 1GB volume toevoegen => Add volume => naar onder scrollen:
  Naam: NFS
  Bestandssysteem: EXT4 kiezen
  *Add new physical volume 10GB: MINSTENS 35 CYLINDERS TUSSENLATEN!!!!
  Start cyl = 164, end cyl = 1469, is ongeveer 10GB
  Volume groups => Nieuwe aanmaken met SMB als naam => Add volume => volume selecteren en toevoegen => naar uw smb volume group gaan
  => SMB volume kiezen => naam: SMB => MAX Geheugen => EXT4 bestandssysteem
  1)Clocksettings zetten via ntp server: ntp.belnet.be (Moet gelijk zijn met domaincontroller waarin je hem toevoegd)
  2)DNS zetten van S2
  Hostname: of
  Primary DNS: 192.168.1.2
  Secondary DNS: 192.168.1.1
  Gateway: 192.168.1.254
  3)Accounts:
  Expert view!
  *Use windows domain controller and authentication aanvinken
  Security Mode: Active directory
  Domain / workgroup: PREMIUM
  Domain controllers: s2.premium.VAhost.net
  ADS realm: PREMIUM.HOST.NET
  Join domain: aanvinken
  Administrator username: Administrator
  Administrator password: Azerty123
  *Naar onder scrollen tot kerberos 5: Aanvinken
  Realm: premium.host.net
  KDC: s2.premium.host.net
  Admin server: s2.premium.VAhost.net
  Share aanmaken:
  1)Shares => klikken op SMB / NFS => Nieuwe subfolder aanmaken: SMBshare / NFSshare
  2)subfolder klikken => maak share => bij rechten naar beneden scrollen => Domain admins: PG & RW, Domain users: RO
  3)Update
  Systeem beveiliging:
  1)system => Network access configuration => Nieuw netwerk toevoegen
  Name: Sharenetwork
  Network/host: 192.168.1.0
  Netmask: 255.255.255.0
  Type: Share
  2)Update
  Protocol aanzetten:
  Shares => subfolder smbshared => Volledig vanonder scrollen => SMB/CIFS protocol op rw zetten
  Connect to share met:
  root
  Azerty123
  Connect Z-schijf met SMB share:
  1)RMB op SMB share
  2)Map network drive
  3)Pad SMB share intypen
  4)connecten met share account of finish 1)Private storage en manueel ip adres ingeven
  Beveiliging backup:
  1)Active directory van S1
  2)OP s1 zelf volledig nieuwe OU: "TEMP Accounts" aanmaken => accidentally delete afzetten!!
  3)2USers aanmaken die lid zijn van de groep ("member of") Guest
  4)Op S1 => C schijf => nieuwe map map aanmaken en delen
  5)Op advanced sharing van gedeelde map => Guest 1 Full control => Everyone alleen read rechten
  6)Testen op client of je op Guest1 tekstbestand kan aanmaken en via Guest2 op die share map niet.
  7)Als het werkt Guest1 verwijderen en bekijk sharing permissions op Guest1 map
  *Wat stel je vast bij verwijderen Guest1 via active directory:
  De guest account wordt vervangen door een ander account met een lange naam
  die full control heeft over de map
  8)Guest1 terug opnieuw aanmaken, wat stel je vast?
  Guest1 heeft geen rechten meer over de map en de aangemaakte account blijft staan
  Recycle BIN:
  1)Open Active directory administrative center
  2)Klik op uw domein links
  3)Rechts => enable Recycle Bin
  4)Verwijder Guest1 op AD
  5)Guest1 komt te staan bij deleted users/objects op Recycle Bin
  6)Mogelijkheid om te restoren
  7)Delete OU Temp accounts => Lukt niet onmiddellijk => Omdat er nog objecten in zitten
  *Zoek op welke technieken je kan toepassen om een backup te nemen van je Active Directory. Bekijk uiteraard ook welke 2 manieren
  er zijn om een backup van je AD terug te plaatsen (Authoritative en non-authoritative):
  -13.1.1 Authoritative Restore
  Dit proces herstelt de AD na bc een wijziging die ongedaan gemaakt moet worden.
  AD wordt hersteld vanaf de backup, de backup overschrijft dan alle andere DC's met eventuele nieuwere informatie.
  -13.1.2 Non-Authoritative Restore
  Terugzetten van gegevens van de backup. Nadien ontvangt de DC updates van andere DC's die gemaakt zijn sinds de backup.
  Backup S1:
  Eerst probleem openfiler oplossen:
  1)openfiler opstarten vanuit vmcloud
  2)cd /etc/samba
  3)vim smb.conf (toevoegen: strict allocate = yes) => eerst i voor insert => opt einde escape => :wq voor opslaan
  4)/etc/init.d/smb restart
  Backup zelf
  1)Install windows backup in server manager => add roles => features
  2)Open windows backup
  3)Action => backup once
  4)Different options => Custom kiezen => System State backuppen
  5)Remote disk kiezen
  6)pad share: \\of\smb.smb.SMBshare
  7)Als backup mislukt, de aangemaakte files door de backup manueel verwijderen en backup terug opnieuw proberen
  !!!Als openfiler ineens verdwijnd van domein, moet je de tijd nakijken van beiden systemen (moeten gelijk zijn met max 5min verschil)
  Restore backup (authoritatief ingesteld)
  http://technet.microsoft.com/ru-ru/library/cc816878(v=ws.10).aspx
  1)Herstart de domeincontroller in Directory Services Restore Mode Remotely
  => run => Msconfig.msc => stapkes staan in url: http://technet.microsoft.com/ru-ru/library/cc794729(v=ws.10).aspx
  2)Restore uw ADDS van je backup a.d.h.v. een non-authoritatieve restore.
  Dit zorgt ervoor dat de domeincontroller terug in de staat komt waarop de objecten die verwijderd zijn
  er terug bijstaan.
  http://technet.microsoft.com/ru-ru/library/cc794755(v=ws.10).aspx
  in cmd:
  =>wbadmin get versions -backuptarget:\\of\smb.smb.SMBshare
  =>wbadmin start systemstaterecovery -version:12/03/2013-12:37 -backuptarget:\\of\smb.smb.SMBshare -quiet
  3)Markeer objecten als authoritatief zodat ze niet worden overschreven bij het restoren door synchronisatiefouten
  tussen de verschillende domeinen.
  http://technet.microsoft.com/ru-ru/library/cc816813(v=ws.10).aspx <== hieraan beginnen
  => open run => ntdsutil
  => activate instance ntds => enter
  => authoritative restore => enter
  => restore subtree "OU=Stagiairs,DC=Host,DC=net" => enter
  => quit => enter
  => Start terug op met de domaincontroller in normale modus dus dsrm opstartmode uitschakelen: Safe boot uitvinken
  Nakijken of beide OU's Stagiairs en Guests er nog staan
  (In dit geval is OU guests wel verwijderd doordat we maar 1 DC hebben dus de informatie
  wordt niet gesynchroniseerd met een 2de DC)
  - Debian Machine toevoegen:
  Netwerkgegevens: NIC0 / Private management network / static - manual / IP = 192.168.1.3
  Als Machine aangemaakt is, nieuwe netwerkkaart toevoegen:
  NIC1 / Private storage network / static - manual / IP = 172.16.0.13
  op Debian machine:
  1)su - => enter => pass: Azerty123 => enter
  2)commando: pico /etc/network/interfaces
  Voeg volgende lijntjes toe aan het bestand
  iface eth0 inet static
  address 192.168.1.3
  netmask 255.255.255.0
  gateway 192.168.1.254
  iface eth1 inet static
  address 172.16.0.13
  netmask 255.255.255.0
  CTRL + O (opslaan) => CTRL + X (afsluiten)
  3)pico /etc/resolv.conf
  veranderd de bestaande lijntjes naar deze:
  domain host.net
  search host.net
  nameserver 192.168.1.1
  4)ifdown / ifup van eth0/eth1
  IPV6 instellen:
  Zelf gekozen ULA subnet:
  fdac:1fff:b0b0 (tot dit gedeelte mag random gegenereerd worden vanaf 'fd')
  Subnet 1: fdac:1fff:b0b0:4bd0:: /64
  Subnet 2: fdac:1fff:b0b0:4bd1:: /64
  /sbin/ip
  Remote settings toewijzen voor domain users aan clients (en eventueel toevoegen aan domein als dit nog niet gebeurt is)
  IPV6 instellen via Netwerkinstellingen (Default gateway openlaten)
          NIC0                    NIC1
  S1: fdac:1fff:b0b0:4bd0::1 /64            fdac:1fff:b0b0:4bd1::11 /64
  dns: ::1                    dns: fdac:1fff:b0b0:4bd1::11
  S2: fdac:1fff:b0b0:4bd0::2 /64            fdac:1fff:b0b0:4bd1::12 /64
  (dns: ::1)                (dns: fdac:1fff:b0b0:4bd1::12)
  Openfiler: fdac:1fff:b0b0:4bd0::150 /64        fdac:1fff:b0b0:4bd1::1 /64    
  S3: fdac:1fff:b0b0:4bd0::3 /64            fdac:1fff:b0b0:4bd1::13 /64
  C1: fdac:1fff:b0b0:4bd0::101 /64
  dns: S1
  C2: fdac:1fff:b0b0:4bd0::102 /64
  dns: S2
  Voor windows server core:
  *powershell
      netsh interface ipv6 add address "Ethernet" fdac:1fff:b0b0:4bd0::2
      netsh interface ipv6 add address "Ethernet 2" fdac:1fff:b0b0:4bd1::12
  Voor linux: (zowel openfiler als debian)
  VOOR DEBIAN 7 (alleen ifup commando gebruiken niet ifdown):
  /sbin/ip -6 addr add fdac:1fff:b0b0:4bd0::3/64 dev eth0 (voor debian)
  /sbin/ip -6 addr add fdac:1fff:b0b0:4bd1::13/64 dev eth1 (voor debian)
  of statisch in /etc/network/interfaces:
  iface eth0 inet6 static
  address fdac:1fff:b0b0:4bd0::3
  netmask 64
  iface eth1 inet6 static
  address fdac:1fff:b0b0:4bd1::13
  netmask 64
  pico /etc/resolv.conf => lijntjes toevoegen
  => domain host.net
  => search host.net
  => nameserver 192.168.1.1
  => nameserver fdac:1fff:b0b0:4bd0::1
  VOOR OPENFILER eth0: vim /etc/sysconfig/network-scripts/ifcfg-eth0
  => IPV6_AUTOCONF=no
  => IPV6INIT=yes
  => Toevoegen: fdac:1fff:b0b0:4bd0::150/64
  VOOR OPENFILER eth1: vim /etc/sysconfig/network-scripts/ifcfg-eth1
  => IPV6_AUTOCONF=no
  => IPV6INIT=yes
  => Toevoegen: fdac:1fff:b0b0:4bd1::1/64
  ~~ /sbin/ip -6 addr add fdac:1fff:b0b0:4bd0::150/64 dev eth0 (voor openfiler)
  ~~ /sbin/ip -6 addr add fdac:1fff:b0b0:4bd1::1/64 dev eth1 (voor openfiler)
  Risico's gedeelde application pool:
      -1 proces per application pool (=>zwaar proces dat veel resources nodig heeft)
          (als dit proces vastloopt alle websites geimpacteerd)
      -gebruikers kunnen in principe aan elkaars bestanden
  1)IIS installeren op S2 via server manager op S1
  2)Role services in setup, volledig vanonder => management service aanvinken (dit staat remote management toe)
  3)Op S1 Web server zoeken en enkel van IIS de management console installeren zodat IIS van S2 beheerbaar is
  4)Powershell op S2:
  Invoke-command -ScriptBlock{Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1}
  Invoke-command -ScriptBlock {Set-Service -name WMSVC -StartupType Automatic}
  Invoke-command -ScriptBlock {Start-service WMSVC}
  In IIS manager op S1 => Add connection => S2.premium.sdhost.net => account: administrator van S2
  In IIS Manager => Sites => new Website, 2 website aanmaken
      -'klant1.sdhost.net' Physical path => C:\inetpub\wwwroot\Klant1 => hostname = Klant1.host.net
      -'klant2.sdhost.net' Physical path => C:\inetpub\wwwroot\Klant2 => hostname = Klant2.host.net
  In DNS A-record toevoegen:
      -hostname: www
      -IP: 192.168.1.2
  Voor toegang via IPv6 ook een AAAA-record toevoegen:
      -hostname: www
      -IP: fdac:1fff:b0b0:4bd0::2
  Voor elke site ook een een CNAME-record aanmaken:
      -Alias name: klant1, FQDN: www.host.net
      -Alias name: klant2, FQDN: www.host.net
  In deze standaardopstelling schuilen enkele risicoís. Geef twee risicoís die de huidige
  configuratie (gedeelde application pool) met zich mee kan brengen:
  - Als je een website hebt die zwaar CPU belastend is (zoals foto's herschalen) heeft dit ook effect op je andere websites
  - Omdat je websites binnen dezelfde apppool zitten hebben ze eenzelfde identiteit en kun je geen aparte permissies opzetten.
  GROUP MANAGEMENT SERVICE ACCOUNT:
  New-ADServiceAccount IISPool1 -DNSHostName s1.amhost.net -PrincipalsAllowedToRetrieveManagedPassword Administrator -KerberosEncryptionType RC4, AES128, AES256
  Install-ADServiceAccount IISPool1
  Maybe you can do this tutorial to, it is a tuto for learning DFS & DNSSEC..
  Wat betekent de optie “dnssecok”
      -> Deze optie stelt de dnssecOK bit in voor deze query
      -> Dit verteld de server that de client dnssec verstaat en dat deze server hiervan gebruik kan maken met deze client
  Krijg je een bevestiging dat dit een secure antwoord is? (RRSIG)
      -> Neen want de zone is nog niet gesigneerd
  Controleer of de client C1 ingesteld is om secure responses af te dwingen bij zijn DNS
  caching server: get-dnsclientnrptpolicy. Resultaat?
      -> Het resultaat is niks, vermoedelijk omdat er geen instellingen zijn hiervoor
  Probeer opnieuw een request op C1 voor S1 met Resolve­DNSName. Is het signeren
  van de zone voldoende om secure antwoorden te krijgen op de client?
      -> Er komt opnieuw geen RSIG record dus dit is niet voldoende
  Om secure DNS responses op de client voor het domein securezone.lab af te dwingen
  wordt in het domein Host.net een GPO ingesteld. (nieuwe GPO voor hele domein).
  zoek op en stel deze GPO in voor responses van securezone.lab.
      -> default domain policy -> Edit =>    -> Computer Configuration > Policies > Windows Settings > Name Resolution Policy.
      "In the details pane, under Create Rules and To which part of the namespace does this rule apply, choose Suffix from the drop-down list and type sec.contoso.com next to Suffix."
      "On the DNSSEC tab, select the Enable DNSSEC in this rule checkbox and then under Validation select the Require DNS clients to check that name and address data has been validated by the DNS server checkbox."
      "In the bottom right corner, click Create and then verify that a rule for sec.contoso.com was added under Name Resolution Policy Table."
      => GPupdate /force uitvoeren
      => Dan kan de policy bekeken worden
  Je zorgt er uiteraard ook voor dat deze policy toegepast werd op de client (C1) en controleer dit opnieuw met get-dnsclientnrptpolicy.
      => GPupdate /force
      => get-dnsclientnrptpolicy => levert hetzelfde resultaat als op de server
  Opnieuw: Resolve­DnsName s1.securezone.lab ­server S1 ­dnssecok Wat krijg je als antwoord te zien? Wat is de oorzaak?
  (Distribueer) Kopieer de trust achor data van de secure.lab zone op S2 naar S1 en importeer die op de DNS van S1 als trusted anchor. (keyset­securezone.lab)
      http://technet.microsoft.com/en-us/library/hh831411.aspx
  opnieuw: Resolve­DnsName s1.securezone.lab ­server S1 ­dnssecok Krijg je nu een (beveiligd antwoord)?
      ->Ik krijg nu een beveiligd antwoord van de DNS server gesigneerd door securezone.lab met geldigheidstermijn
  p23 Distributed File System
  Installeer op beide server de “file services role”.
      -> Add roles and features
      -> File services
          -> DFS
  Maak een namespace aan (DOCUMENTATION) in je domein hOst.net. Stel de share­permissions zo in dat de groep ‘auteurs’ schrijfrechten heeft. gewone gebruikers
  mogen enkel leesrechten hebben.
      -> DFS manager
      -> Namespaces => Add namespace
  maak een folder aan in de namespace DOCUMENTATION met als naam PDF
      -> Add folder
  maak een tweede target aan voor de PDF folder
      -> Add target to folder
  stel replicatie in tussen de twee folder targets. De inhoud wordt vanaf nu dus gesynct.
      -> Automatisch bij 2de target volg de wizard
  Welke andere stappen zijn nodig om een volledig redundant DFS systeem op te zetten?
      -> De folder moeten via DFS geschared staan
      -> De replicatie moet ingesteld worden
  maak een diagnostisch raport aan over hoe replicatie gebeurt, en corrigeer eventue vastgestelde problemen.
      -> Rechtermuisknop op de replication object
      -> Create diagnostic report
      -> kies de reports
  stel quota’s in. In de map PDF maak je een subfolder CATALOGS aan, maar zorg dat die niet groter dan 10MB kan worden. Stel hiervoor een harde limiet in.
      -> install FSRM bij file services
      -> klik quotas => add quota => kies het bestand
      -> nieuwe quota => 10mb hard aanvinken
      -> save
      http://technet.microsoft.com/en-us/library/cc875787(v=ws.10).aspx
  omdat we willen vermijden dat de volledige bandbreedte ingenomen wordt door DFS,beperken we de replication speed tot 2MBps.
      -> Klik op de replication -> rechterkolom kies vor edit replication group
      -> Stel de 2MBps in