Adding a Child Domain in a Main Domain in Windows 2008 R2

There are several good reasons for splitting the new office into its own child domain, here are 3 of them:

• Less Network Traffic between your main office and the new one – that means your company will spend less money on the direct connection between the two offices and you will never experience a network delay.
• You will be able to delegate control of the new network to another administrator who actually lives in the location of the new office. If your offices are close and you are about 20 minutes away to any one of them, then I guess that’s no big deal. But if your main office is located in New York and the new office is going to be in … oh, let’s say Paris, how the heck are you going to get there in case of an emergency? See my point?
• Having the child domain will allow you to keep track what is going on in a specific office.

These are only the main good reasons for creating a child domain. Once you start working in an environment with sub domains you will realize there are a lot more good reasons for splitting the two locations in your Active Directory.

Before you begin …

1. In order to create a child domain on your network, you will need another server, or rather a Domain Controller.

You can build that DC in your main office and then ship it out to the new office. This DC will also be a Global Catalog as well as DNS Server to assist all the clients in the new office with any DNS requests, etc.

2. You also need to prepare your current network for the new sub domain. So before you begin with the new DC configuration you need to do the following:

• Create a new site in your Active Directory that will represent the physical structure of your network. In my example our main office is in New York and the new one is in Chicago. Based on that info, you would create a new site for the Chicago office.
• In addition to the new site you will also need to create a new subnet for your new location. It will allow you to track all of your machines by location. This new subnet should be assigned to your new location.

Once you prepare your network as mentioned above, we are now ready to create a new Domain Controller.

Creating a New Domain Controller

Once you have prepared your network for you child domain and have created the site and sub domain, it’s time to install the new DC on our new site.

As you can see our main office is in New York and we have 3 DCs already configured in the New York Site (see the screenshot below).

Our new site called Chicago doesn’t have any DCs configured yet –- this is where we are going to configure our new DC.

1. After you have installed Windows Server 2008 on your new machine and completed all the Initial Configuration Tasks, open up Server Manager and click on the Roles section.

2. We will need to install the Active Directory Domain Services (ADDS) Role first. So go ahead and check the box next to it and click Next.

3. In this window you will see some additional information about ADDS. Once ready, click on Next.

4. As always you are being informed that once the installation is completed the server will restart and you will need to use the ADDS Installation Wizard to make the server a fully functional Domain Controller.

Go ahead and click on the Install button.

5. The installation will now run for a few minutes.

6. Now it’s time to click on the link and run dcpromo.exe.

7. Go ahead and click Next on the welcome screen.

8. And Next again (for more detailed information on this step you can check out this post on Installing Active Directory Domain Services on Server 2008).

9. Since this is going to be your child domain, make sure you select the Existing forest option and then select Create a new domain in an existing forest.

When ready, click on the Next button.

10. Type in your domain name with the correct internet suffix. In my example I’m are using our globomantics.com domain.

Since this domain already exists and you are logged in to this machine only as a local administrator you will also need to enter alternate credentials of a domain administrator in order to proceed.

So go ahead and click on the Set button.

11. Enter the domain administrator’s name and password, then hit OK.

12. When ready, click on Next.

1

3. In this step you will need to enter the Fully Qualified Domain Name (FQDN) of your child domain in two steps.

The first is the FQDN of your parent domain. In our example it is going to be globomantics.com.Next you need to enter the single-label DNS name of your child domain — that means anything that is before the globomantics.com.

In my example I entered na for na.globomantics.com — as seen on the bottom.

That will be our FQDN for the new child domain. Once ready, click on the Next button.

14. Now it’s time to select a site for this DC.

Now you see why we needed to create the new site before we started this installation. Select the correct site and click Next.

15. As mentioned earlier we are going to make this DC be our DNS server as well as Global catalog for our new site.

Make sure both check-marks are checked and then click on the Next button.

16. I would recommend leaving the default locations for these databases unless you have a really good reason not to. Click Next.

17. In this windows you will need to setup the Directory Services Restore Mode Administrative Password for restore purposes.

Go ahead and type that in and then click on the Next button.

18. On this summary window double check your selections and when ready click Next.

19. You can check the box Reboot on completion and let the installation complete.

Congratulations! Your Child Domain has been created!

How to Make Your Laptop Choose a Wired Connection Instead of Wireless ?

Have you ever connected your Laptop to a wired network point in your house and continued to get wireless  network speeds ? Here’s how you can quickly fix that, the easy way.

Giving Your Wired Connection Higher Priority

Press the Win + R keyboard combination and type ncpa.cpl into the run box, then hit enter.

When the Network Connections window opens you will need to hit the alt key to display the classic menu bar.

Once its available click on advanced, and then choose the Advanced Settings option.

Here you will see the preference of your network connections. In order to make your laptop use a wired connection, if available, even when connected to a wireless network, you will need to select Wi-Fi and then click on the green arrow pointing down.

This will automatically bump Ethernet to the top.

That’s all there is to it.

How to Create a VPN Server on Your Windows Computer Without Installing Any Software ?

Windows has the built-in ability to function as VPN server, although this option is hidden. This trick works on both Windows 7 and Windows 8. The server uses the point-to-point tunneling protocol (PPTP.)

This could be useful for connecting to your home network on the road, playing LAN games with someone, or securing your web browsing on a public Wi-Fi connection – a few of the many reasons you might want to use a VPN.

Limitations

While this is a pretty interesting feature, it may not be the ideal way to allow VPN connections to your local network. It has some limitations:

• You will need the ability to forward ports from your router.
• You have to expose Windows and a port for the PPTP VPN server directly to the Internet, which is not ideal from a security standpoint. You should use a strong password and consider using a port that isn’t the default port.
• This isn’t as easy to set up and use as software like LogMeIn Hamachi and TeamViewer. Most people will probably be better off with a more complete software package like those two.

Creating a VPN Server

First, you’ll need to open the Network Connections window. The quickest way to open it is to press the Windows key, type ncpa.cpl, and press Enter.

Press the Alt key, click the File menu that appears, and select New Incoming Connection.

You can now select the user accounts that can connect remotely. To increase security, you may want to create a new, limited user account rather than allow VPN logins from your primary user account. (Click Add someone to create a new user account.) Ensure the user you allow has a very strong password, as a weak password could be cracked by a dictionary attack.

Select the Through the Internet option to allow VPN connections over the Internet. You can also allow incoming connections over a dial-up modem, if you have the dial-up hardware.

You can then select the networking protocols that should be enabled for incoming connections. For example, if you don’t want people connected to the VPN to have access to shared files and printers on your local network, you can uncheck the File and Printer Sharing option.

Click the Allow access button and Windows will set up a VPN server.

If you want to disable the VPN server in the future, you can delete the Incoming Connections item from your Network Connections window.

Router Setup

You will now need to log into your router’s setup page and forward port 1723 to the IP address of the computer where you set up the VPN server. For more instructions, read How to Forward Ports on Your Router.

For maximum security, you may want to create a port forwarding rule that forwards a random “external port” – such as 23243 – to “internal port” 1723 on your computer. This will allow you to connect to the VPN server using port 23243, and will protect you from malicious programs that scan and attempt to automatically connect to VPN servers running on the default port.

You can also consider using a router or firewall to only allow incoming connections from specific IP addresses.

To ensure you can always connect to the VPN server, you may want to set up a dynamic DNS service like DynDNS on your router.

Connecting to Your VPN Server

To connect to the VPN server, you will need your computer’s public IP address (its IP address on the Internet) or its dynamic DNS address, if you set up a dynamic DNS service above.

Use the Connect to a network option in Windows and enter your computer’s public IP address. Provide the username and password you created to log in.

For more instructions on connecting, read How to Connect to a VPN on Windows.

How to See What Web Sites Your Computer is Secretly Connecting To ?

Has your internet connection become slower than it should be? There may be a chance that you have some malware, spyware, or adware that is using your internet connection in the background without your knowledge. Here’s how to see what’s going on under the hood.

How to Check What Your Computer is Connecting To ?

So, how do you find out what the problem is? There is an easy method using the netstat command from a command prompt window. This works with Windows 7, Vista, and XP. If you’re still using XP, make sure you are running at least Service Pack 2.

We will use the netstat command to generate a list of everything that has made an internet connection in a specified amount of time. To use the netstat command, you must run the command prompt window as administrator. Open the Start menu and enter “cmd.exe” in the Search box. When the results display, right-click on cmd.exe and select Run as administrator from the popup menu.

If the User Account Control dialog box displays, click Yes to continue. Note: You may not see this dialog box, depending on your User Account Control settings.

At the command prompt, type the following command and press Enter.

netstat -abf 5 > activity.txt

The –a option shows all connections and listening ports, the –b option shows you what application is making the connection, and the –f option displays the full DNS name for each connection option for easier understanding of where the connections are being made to. You can also use the –n option if you wish to only display the IP address. The 5 option will poll every 5 seconds for connections to make it more easy to track what is going on, and the results are then piped into the activity.txt file.

Wait about two minutes and then press Ctrl + C to stop the recording of data.

Once you’ve finished recording data, you can simply open the activity.txt file in your favorite editor to see the results, or you can type activity.txt at the command line to open it in Notepad.

The resulting file will list all processes on your computer (browsers, IM clients, email programs, etc.) that have made an internet connection in the last two minutes, or however long you waited before pressing Ctrl + C. It also lists which processes connected to which websites.

If you see process names or website addresses with which you are not familiar, you can search for “what is (name of unknown process)” in Google and see what it is. It may be a system function you don’t know about or a function of one of your running programs. However, if it seems like a bad site, you can use Google again to find out how to get rid of it.

Using CurrPorts to Check What Your PC is Connecting To

You can also use a free tool, called CurrPorts, to display a list of all currently opened TCP/IP and UDP ports on your local computer. It is a portable program and doesn’t need to be installed. To use it, extract the .zip file you downloaded (see the link at the end of this article) and run cports.exe.

For each port that CurrPorts lists, information about the process that opened the port is displayed. You can select connections and close them, copy a port’s information to the clipboard or save it to an HTML file, an XML file, or a tab-delimited text file. You can reorder the columns displayed on the CurrPorts main window and in the files you save. To sort the list by a specific column, simply click on the header of that column.

CurrPorts runs under Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista, and Windows 7. There is a separate download of CurrPorts for 64-bit versions of Windows. You can find more information about CurrPorts and how to use it on the website listed below.

Download CurrPorts from http://www.nirsoft.net/utils/cports.html.

How to Reset Your Forgotten Domain Admin Password on Server 2008 R2

Forgetting your password is always a pain, but luckily there’s an easy way to reset your Domain Administrator password. All you need is a copy of the Windows Server 2008 R2 installation disk and one simple command line trick.

Replacing Utilman.exe

Boot off the Windows disk and select the “Repair your computer” option from the lower left-hand corner.

Follow through until you get to the option to open the Command Prompt, which you’ll want to select.

First you’ll want to type in the following command to backup the utilman.exe file:

MOVEC:\Windows\System32\Utilman.exe C:\Windows\System32\Utilman.exe.bak

Now you will need to copy cmd.exe and rename it Utilman.exe:

COPY C:\Windows\System32\cmd.exe C:\Windows\System32\Utilman.exe

Now you can go ahead and reboot your machine. When its done booting up again and you are at the Logon screen click on the Ease of access icon.

I bet you weren’t expecting that open a command prompt  To change the password type:

net user administrator *

Once you press enter you will asked to set a new password and then confirm it, when entering your new password don’t worry if you can’t see them as you type, they are invisible, they are however being remembered.

Once you’re logged in again don’t forget to delete Utilman.exe and then rename Utilman.exe.bak back to plain old Utilman.exe.