How to configure a one way trust in Server 2019

Step 1 – configure DNS on domain 1 so it can find domain 2.
1. Open DNS Manager on domain1 and create a forward lookup zone.
2. Right click Forward Lookup Zone and choose New Zone – Next – Stub zone.
3. To all DNS servers in this DOMAIN – next – Zone name:  domain2.com – next.
4. Enter the IP address of the dns server for the trusted domain (domain2) then enter for it to resolve – Next – Finish.
5. Open command prompt and ping new stub zone “ping domain2.com” and verify reply.

Step 2 – configure DNS on domain 2 so it can find domain 1.
1. Open DNS Manager on domain2.com and create a forward lookup zone.
2. Right click Forward Lookup Zone and choose New Zone – Next – Stub zone.
3. To all DNS servers in this DOMAIN – next – Zone name:  domain1.com – next.
4. Enter the IP address of the dns server (domain1) for the trusted domain then enter for it to resolve – Next – Finish.
5. Open command prompt and ping new stub zone “ping domain1.com” and verify reply.

Step 3 – Configure trust on Domain 1.
1. Open Server Manager – AD DS – AD Domains and Trusts.
2. Right click domain1.com – properties – Trusts tab – Click New Trust…
3. Choose a name for the trust (I use the domain name I’m allowing access) – Next.
4. Choose appropriate Trust Type (External in my example) – Next.
5. Choose your desired direction. In this video I’m setting up a One-way: outgoing. This allows the door to domain 1 to open out so that the other domain2 can come in. Users in domain 2 can authenticate and log in to domain 1.
6. Choose Sides of Trust. This domain only.
7. Choose Outgoing Trust Authentication Level – Domain wide is easier as it allows all workstation log ins. 
Selective authentication – you will need to grant access to each server or workstation or use groups. I’m using Selective authentication for this video.
8. Create a trust password – Next. Review summary – Next – Next.
9. Confirm if the other side has already been created – this video – no – Finish.

Step 4 – Configure trust on Domain 2.
1. Open Server Manager – AD DS – AD Domains and Trusts.
2. Right click domain2.com – properties – Trusts tab – Click New Trust…
3. Choose a name for the trust (I use the domain name I will access) – Next. 4. Choose appropriate Trust Type (External in my example) – Next.
5. Choose your desired direction. In this part I’m creating a One-way: incoming.
6. Choose Sides of Trust. This domain only.
7. Enter same password you created in previous trust creation.
8. Review summary – Next – Next
9. Confirm Incoming Trust if you want. Next – Finish!

DFSRMIG for Server 2019 Domain Controller error

Server 2019 DC install error – Verification of replica failed. You MUST migrate the specified domain to use DFS replication using the DFSRMIG command.

Quick Migration of FRS to DFSR SYSVOL

1. Test that sysvol is shared and advertising: Dcdiag /e /test:sysvolcheck /test:advertising

2. Migrate to prepared state: Dfsrmig /setglobalstate 1

3. Check DFSRmig progress: Dfsrmig /getmigrationstate

4. If step 3 successful then migrate to Redirected State: Dfsrmig /setglobalstate 2

5. Check DFSRmig progress again: Dfsrmig /getmigrationstate

6. Migrate to eliminated state: Dfsrmig /setglobalstate 3

7. Check DFSRmig progress again: Dfsrmig /getmigrationstate

If successful, then migration is finished and you can retry adding 2019 domain controller. Please subscribe to my YouTube channel!
youtube.com/steveshoemake

How to make a password reset website for AD users Windows Server 2012r2

In the past, you could use the IISADMPWD to make a website for your Active Directory users to change passwords.  That functionally is no more with Server 2012 and higher.  At the time – we didn’t have the funds to buy a password reset solution for our department so I found another way.  Using remote desktop services – RD Web Access you can accomplish the same thing for free.  Below is my tutorial on how to do this.

Windows Server Active Directory users password change website:

FWI Error cannot deploy to any of the player machines

Four Winds Interactive digital signage error.

When you make changes to the signage template in the Content Manager Desktop to change a video or other part of the display and receive the following error:

Error “Cannot deploy to any of the player machines. Check your network configuration or machine properties and deploy again”
Status: Player machine not configured.
FWI Error cannot deploy

 

 

 

 

 

 

 

 

 

 

Resolution:
Login to display connected player (Intel NUC) and open the Content Player Configuration.

 

 

 

 

 

 

 

 

 

 

Go to the Device tab – Advanced section – add a check mark in the box for “Allow player data to be access as a network share” and then click ok.

 

In red, you see the warning about opening a network share on the player. This is what allows the content manager desktop deployment manager to access and upload new files to the player.  You will then notice you can see the share that it creates called “Signage” by default.

 

 

 

 

 

 

 

 

 

 

In case you were wondering where those files being deployed to the signage were at – they are inside the share using the following path: shared folder called “Signage\Channels\(default)\Content”
On the device locally you can browse C:\Users\Public\Documents\Four Winds Interactive\Signage\Channels\(default)\Content

Now you can try to redeploy your updated changes to the signage device from your Content Manager Desktop.