While creating a new Domain in my Lab, wasn’t able to promote the Domain Controller as the password for the Local Administrator is not required so the promotion will fail until the local administrator password is set to required.
Solution:
net user Administrator <Password> /passwordreq:yes
Ran a DCDiag on my Active Directory Domain Controller.
DCDiag is a quick way to check the health of Active Directory.
While reading through the report I noticed that the replication to my Forest controller was not replicating to my Domain Controllers.
See the date and time when the last replication was received:
It turns out that the NetLogOn service on the Forest controller was in a Paused state.
NetLogon service maintains a secure channel between the Forest domain controller and the domain controller for authenticating users and services. If its stopped or paused, unable to register DNS records or authenticate users.
Once this has been resumed, replication between the Forest and the Domain Root will work.
You can verify this by open a Command Prompt on the Domain Controller and running the following command:
repadmin /syncall
Was recently patching my HomeLab environment when i realised i hadnt installed the SCCM Client onto my Domain Controllers.
One of the pre-reqs to install the SCCM Client is that the Client Push service account needs to be a local administrator on the server. As a Domain Controller doesnt have Local Users and Groups option under Computer Management, we need to add the service account via command line.
Run Command Prompt as an administrator and run the following command to add a service account called svc_SCCM_CP as a local administrator:
net localgroup Administrators /add TEST\svc_sccm_cp
If done correctly, you should get the message:
The command completed successfully.
Now i can install the SCCM Client without issues.
1 Giant Nerd 