Simon's Citricks

Here are the commands you need if you want to demote and re-promote a Domain Controller with PowerShell Move FSMO Roles: Move-ADDirectoryServerOperationMasterRole -Identity nameofthedcwhereyouwanttomovetheroles -OperationMasterRole pdcemulator, ridmaster, infrastructuremaster, schemamaster, domainnamingmaster (the roles you want to move) Check if everything worked: Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator Demote Demote Test Test-ADDSDomainControllerUninstallation -DemoteOperationMasterRole - LastDomainControllerInDomain -RemoveApplicationpartitions (Only needed when it is the last Domain Controller in your Environment) Start Demote Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition Promote Promote: Windows features Install-WindowsFeature -name AD-Domain-Services -IncludeManagementTools Test-Promote: Test-ADDSForestInstallation -DomainName your.dom

Today I will introduce you my new article on how to create a client certificate with OpenSSL so that you can use it for LDAPS You need to create two files in your new folder which we will need later on (I prefer notepad++ for the creation of my files): 1             1.  Your request.inf file 2             2.  Your v3ext.txt file 1.     Request.inf (save as .inf with notepad++) [Version]  Signature="$Windows NT$"  [NewRequest]  Subject = "CN= your-active-diretory.fqdn” f.ex : “simonAD.testinfo.com” (enter the FQDN of your AD Server)  KeySpec = 1  KeyLength = 2048 (enter the key length with fits your need. Some say you need to take at leas 2048 to make LDAPS work)  Exportable = TRUE  MachineKeySet = TRUE  SMIME = FALSE  PrivateKeyArchive = FALSE  UserProtected = FALSE  UseExistingKeySet = FALSE  ProviderName = "Microsoft RSA SChannel Cryptographic Provider"  ProviderType = 12  RequestType = PKCS10  KeyUsage = 0