Authorizing DHCP Server by a non-enterprise administrator

Authorizing DHCP Server by a non-enterprise administrator

By default, only a administrator which is member of “Enterprise Admins” group can authorize the DHCP which is installed in domain environment. If the other accounts  would like to authorize the DHCP server which is a member server in child domain, you may get “Access is denied“.


To solve this problem, I try to grant the permission for child domain administrator.


1. At the forest root domain controller, log in as Domain Administrator.

2. Launch “Active Directory Sites and Services“.

3. On the menu, click “View > Show Services Mode.


4. Expand “Services > NetServices“.

5. Right-click “NetServices“, select “Delegate Control“.


6. On “Delegation of Control Wizard” screen, click “Next“.

7. On “Users or Groups” screen, add an user or group which you want to grant permission for authorizing DHCP servers to.


8. Click “Next“.

9. On “Tasks to Delegate” screen, select “Create a custom task to delegate“.


10. Click “Next“.

11. On “Active Directory Object Type” screen, select “This folder, existing objects in this folder, and creation of new objects in this folder“.


12. Click “Next“.

13. On “Permissions” screen, check “Full Control“.

14. Click “Next” .

15. Click “Finish“.

Now, the non-enterprise administrator user account can authorize the DHCP Server which is installed in Child Domain.



How to move a List from SharePoint 2010 to SharePoint 2013

How to move a List from SharePoint 2010 to SharePoint 2013

How to Set a Custom Logon Screen Background on Windows 7

How to Set a Custom Logon Screen Background on Windows 7


Enabling Custom Backgrounds


This feature is disabled by default, so you’ll have to enable it from the Registry Editor. You can also use the Group Policy Editor if you have a Professional version of Windows – scroll down a bit for the Group Policy Editor method.

Launch the Registry Editor by typing regedit into the search box in the Start menu and pressing Enter.

In the Registry Editor, navigate to the following key:


You’ll see an DWORD value named OEMBackground. If you don’t see it, right-click in the right pane, point to the New submenu and create a new DWORD value with this name.

Double-click the OEMBackground value and set its value to 1.

Note that selecting a new theme in the Appearance and Personalization window will “unset” this registry value. Selecting a theme will change the value of the key to the value stored in the theme’s .ini file, which is probably 0 – if you change your theme, you’ll have to perform this registry tweak again.

Changing the setting in group policy will allow it to persist even when you change your theme, but the Group Policy Editor is only available in Professional editions of Windows.

If you have access to the Group Policy Editor, launch gpedit.msc from the Start menu.

Navigate to the following section in the Group Policy Editor window:

Computer Configuration\Administrative Templates\System\Logon

You’ll find a setting named “Always use custom login background.” Double-click it and set it to Enabled.

Setting An Image

Your image file must be less than 256 KB in size. It’s also a good idea to use an image file that matches the resolution of your monitor, so it won’t look stretched.

Windows looks for the custom logon screen background image in the following directory:


By default, the info and backgrounds folders don’t exist. Navigate to the C:\Windows\System32\oobe folder and create them yourself by right-clicking inside the folder, pointing to New, and selecting New Folder.

Copy your desired background image to the backgrounds folder and name it backgroundDefault.jpg.

(I can see the inevitable question coming in the comments, so if you like this wallpaper image, you can get it here.)

The change will take effect immediately – no system reboot required. The first time you log out or lock your screen (try the WinKey-L keyboard shortcut), you’ll ee your new background.

Third-Party Tools

You don’t have to do this by hand. There are a variety of third-party tools that automate this process for you, like Windows Logon Background Changer, which we’ve covered in the past. Windows Logon Background Changer and other utilities just change this registry value and put the image file in the correct location for you.

SYSVOL Migration Series: Part 3 – Migrating to the ‘PREPARED’ state

Previous articles in this series contained an introduction to the SYSVOL migration procedure and explained how the Dfsrmig.exe tool can be used for SYSVOL migration. Keeping this background information in mind, we’re now ready to start the actual SYSVOL migration process. This article explains how to migrate replication of the SYSVOL share to the ‘PREPARED’ state. If the term ‘PREPARED state’ draws a blank, head on over to this post for a quick review of the SYSVOL migration process.

Before we begin …

The domain functional level needs to be raised to ‘Windows Server 2008’ domain functional level before SYSVOL migration can commence. Therefore, the first step in the SYSVOL migration process is to upgrade all domain controllers to Windows Server 2008. This can be done in a phased manner. Once all domain controllers have been migrated to Windows Server 2008, the domain administrator is ready to raise the domain functional level to ‘Windows Server 2008’ domain functional level.

In order to raise the domain functional level to ‘Windows Server 2008’:

a)       Open the ‘Microsoft Management Console‘ (MMC).

b)       Navigate to the ‘File‘ menu and select ‘Add/Remove Snap-in…’.

c)       Add the ‘Active Directory Domains and Trusts‘ snap-in.

d)       Select the domain whose functional level is to be raised from the left hand side pane and select ‘Raise domain functional level‘ from the right click menu.

e)       Select ‘Windows Server 2008‘ from the drop down list and click the ‘Raise‘ button to raise your domain functional level to Windows Server 2008.

Figure 1: Raise the domain functional level to ‘Windows Server 2008’. Continue reading

SYSVOL Migration Series: Part 1 – Introduction to the SYSVOL migration process

he File Replication Service (FRS) is used for replicating the contents of the SYSVOL share between Windows domain controllers. However, Windows Server 2008 domain controllers, which are operating in the Windows Server 2008 domain functional level, can use the DFS Replication service for replicating the contents of the SYSVOL share. A new Windows Server 2008 feature makes it possible for administrators to migrate replication of the SYSVOL share from FRS to the more reliable and efficient DFS Replication service.

This series of blog posts describe the procedure for migrating the replication of the SYSVOL share on Windows Server 2008 domain controllers from FRS replication to the DFS Replication service.

NOTE:  The Windows Server 2008 SP2 release includes a couple of important bug-fixes in DFS Replication that address a few customer reported issues in SYSVOL migration. If you plan to migrate replication of the SYSVOL share to DFS Replication, it is highly recommended that you upgrade to Windows Server 2008 SP2 first.
The RTM release of Windows Server 2008 R2 includes these bug fixes.

Why migrate?

The DFS Replication service offers several advantages over the older File Replication Service (FRS). Some of the advantages that accrue from using the DFS Replication service are:

a)       Efficient, scalable and reliable file replication protocol which has been tested extensively to ensure data consistency in multi-master replication scenarios.

b)       Differential replication of changes to files using the Remote Differential Compression (RDC) algorithm, which enhances efficiency in branch office scenarios.

c)       Flexible scheduling and bandwidth throttling mechanisms.

d)       Self-heals from USN journal wraps and database corruptions – end user intervention and monitoring requirement is minimal.

e)       Provides a new UI management tool (MMC snap-in) for ease of administration.

f)        Provides built in health monitoring tools for ease of monitoring deployments.

g)       Improved support for Read Only Domain Controllers.

It is hence highly recommended that customers migrate replication of the SYSVOL share to the DFS Replication service.

Migration – in a nutshell Continue reading

DFS Step-by-Step Guide for Windows Server 2008

ou can install the DFS components by using the following procedures.

Installing Windows Server 2008 and DFS

During Setup, follow the on-screen prompts to install Windows Server 2008. Refer to the section “Lab Requirements” earlier in this guide for details about which servers must run Windows Server 2008 and which servers can run Windows Server 2003 R2 or Windows Server 2003 SP1.

After Windows Server 2008 is installed, you can install the DFS components and open the DFS Management snap-in by using the following procedures.


The method below using the Server Manager tool enables you to install DFS as a part of the file server role. This method also installs other file server tools, such as File Server Resource Manager and File Server Management.

To install DFS as part of the file server role

  1. Click Start, point to All Programs, point to Administrative Tools, and then click Server Manager.
  2. In the console tree of Server Manager, right-click the Roles node, and then click Add Roles.
  3. Follow the steps in the Add Roles Wizard, and supply the information described in the following table.
Add Roles Wizard page

What to enter

Before You Begin

Click Next after you verify that the requirements listed on the page have been met.

Select Server Roles

Select the File Services check box.

File Services

Click Next.

Select Roles Services

Select the Distributed File System check box to install both DFS Namespaces and DFS Replication.

To install DFS Namespaces or DFS Replication individually, select the check box that corresponds to the part of DFS that you want to install.

Create a DFS Namespace

Select the Create a namespace later using the DFS Management snap-in in Server Manager check box.


Click Install to install the file server role and DFS.

Installation Progress

This page is automatically replaced by the Installation Results page when installation is completed.

Installation Results

Note any errors, and then click Close to close the wizard.

Use the following procedure if the file server role has already been added.

Continue reading

Dcdiag error

 have two domain controllers both server 2008, and the domain function level has been raised to 2008. We migrated from a single dc running server 2008 previously. If I run :

dcdiag /v /c /d /e /s:win2k8dc1 >c:dcdiag.txt

I receive the following error:

Starting test: VerifyEnterpriseReferences

The following problems were found while verifying various important DN

references. Note, that these problems can be reported because of

latency in replication. So follow up to resolve the following

problems, only if the same problem is reported on all DCs for a given

domain or if the problem persists after replication has had

reasonable time to replicate changes.

[1] Problem: Missing Expected Value

Base Object: CN=WIN2K8DC1,OU=Domain Controllers,DC=JEWELS,DC=LOCAL

Base Object Description: “DC Account Object”

Value Object Attribute Name: msDFSR-ComputerReferenceBL

Value Object Description: “SYSVOL FRS Member Object”

Recommended Action: See Knowledge Base Article: Q312862

[2] Problem: Missing Expected Value

Base Object: CN=WIN2K8DC2,OU=Domain Controllers,DC=JEWELS,DC=LOCAL

Base Object Description: “DC Account Object”

Value Object Attribute Name: msDFSR-ComputerReferenceBL

Value Object Description: “SYSVOL FRS Member Object”

Recommended Action: See Knowledge Base Article: Q312862

LDAP Error 0x20 (32) – No Such Object.

……………………. WIN2K8DC1 failed test Continue reading