Active Directory Limitations

According to this Technet limits:

Maximum number of objects

- each AD Domain Controller can create up to 2.15 billion objects - due to DNT limit (Distinguished Name Tags) - including all objects replicated from all partitions stored on DC - we can create new DC to start with a new DNT number - start from zero; from Windows 2012 there is the attribute - approximateHighestInternalObjectID (RootDSE)
- SID or RID limit - 1 billion (up to Windows 2008R2) or 2 billion (from Windows 2012) per domain - this unique number of objects can be created in the lifetime of a domain - deleted accounts can't be refurbished so this limit can't be avoided - the only way is to migrate objects to a new domain - of course before reach of the limit - when the limit is reached - no new accounts can't be created including accounts for create trust;
- number of entries in DACL - approximately 1,820 (due to size limit 64kB);
- group membership for security principals - 1,015 - limit is only for security principals and size of the token - it is not connected with membership in distribution groups;

Name length limitations

- fqdn can't be longer than 65 characters including dots and other characters - so long domain names is not a good idea;
- MAX_PATH length up to 260 characters - for example to access GPO the total length of GPO files must fit in this limit, so if 65 characters can be used for domain name, you must include slashes, SYSVOL, group policy GUID and so on;
- NETBIOS name - 15 characters (plus one special, not visible);
- DNS host name - 24 characters;
- OU names - 64 characters;
- sAMAccountName - 20 characters (internally it is possible up to 255 characters);
- Simple bind name limit - up to 255 characters for distinguished name; Error <49>: ldap_simple_bind_s() failed: Invalid Credentials
Server error: 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 57, v1771
Error 0x80090308 The token supplied to the function is invalid
(limit can be eliminated by using secure LDAP binds;
- number of GPO applied - up to 999 per user or computer - this is not a limit for total number of GPO per domain;

Trust limits

- Kerberos clients can traverse up to 10 trust links;
- only local trusts and transitive trusts are considered when something should be found;

LDAP limits

- up to 5,000 operations per transaction;
-

32bit printer driver on 64bit system - migration from Windows 2008 to Windows 2012R2

If you want to add 32 bit drivers to 64 bit Print Server You must use pnputil to upload drivers to the system (like for 64 bit drivers) and finally You must use 32bit Powershell Add-PrinterDriver – from this level enabling 32bit drivers is possible on 64bit system.

How to start 32bit version of Powershell? MSDN link:
Starting the 32-Bit Version of Windows PowerShell

When you install Windows PowerShell on a 64-bit computer, Windows PowerShell (x86), a 32-bit version of Windows PowerShell is installed in addition to the 64-bit version. When you run Windows PowerShell, the 64-bit version runs by default.

However, you might occasionally need to run Windows PowerShell (x86), such as when you are using a module that requires the 32-bit version or when you are connecting remotely to a 32-bit computer.

To start a 32-bit version of Windows PowerShell, use any of the following procedures.
In Windows Server® 2012 R2

On the Start screen, type Windows PowerShell (x86). Click the Windows PowerShell x86 tile.
In Server Manager, from the Tools menu, select Windows PowerShell (x86).
On the desktop, move the cursor to the upper right corner, click Search, type PowerShell x86 and then click Windows PowerShell (x86).
Via command line, enter: %SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

In Windows Server® 2012

On the Start screen, type PowerShell and then click Windows PowerShell (x86).
In Server Manager, from the Tools menu, select Windows PowerShell (x86).
On the desktop, move the cursor to the upper right corner, click Search, type PowerShell and then click Windows PowerShell (x86).
Via command line, enter: %SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

In Windows® 8.1

On the Start screen, type Windows PowerShell (x86). Click the Windows PowerShell x86 tile.
If you are running Remote Server Administration Tools for Windows 8.1, you can also open Windows PowerShell x86 from the Server ManagerTools menu. Select Windows PowerShell (x86).
On the desktop, move the cursor to the upper right corner, click Search, type PowerShell x86 and then click Windows PowerShell (x86).
Via command line, enter: %SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

In Windows® 8

On the Start screen, move the cursor to the upper right corner, click Settings, click Tiles, and then move the Show Administrative Tools slider to Yes. Then, type PowerShell and click Windows PowerShell (x86).
If you are running Remote Server Administration Tools for Windows 8, you can also open Windows PowerShell x86 from the Server ManagerTools menu. Select Windows PowerShell (x86).
On the Start screen or the desktop, type PowerShell (x86) and then click Windows PowerShell (x86).
Via command line, enter: %SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

I testted this procedure with about 300 drivers (150 64bit and 150 32bit) and it works perfectly. It was a migration from 2008R2 Print Server to 2012R2 PrintServer.

Available tools (Print Migration Wizzard) can't manage huge print drivers library (above 2GB), we had 4,5GB so only manual process was possible. We migrated manually all drivers (copy all *inf* folders with printer drivers), register them using pnputil, add ports using PowerShell, add printers (connect them 64bit drivers with Ports) and later using 32bit version of Powershell:

- add printer drivers for 32bit.

Confusing gpo setting - pre-release features

Very confusing setting in gpo (one of many):

To disable pre-release features or settings You shouldn't enable this policy, You must disable it. Very, very confusing.

Windows 2016 or Windows 10 - Check updates Install updates - grayed out

Strange error/configuration problem. Windows 2016 or Windows 10 (Enterprise, but it's probably connected with every SKU) - policies applied and as an administrator You can't check for updates and You can see this stupid message:
Some settings are managed by your organization

Very funny, I'm an administrator, the gpo works perfectly for Windows 2008/R2/2012/R2 but for 2016 not.
Multiple people have the same problem but for some unknown reason there are not too many solutions. The best one is here - Microsoft forum for Partners.
In a few words:
- change to Not Configured policy Remove access to use all Windows Update features;
- do two restarts;
It should work now.

Powershell Invoke-WebRequest with webproxy

To use Invoke-WebRequest I can't just specify:
Invoke-WebRequest -Uri "http://some.host.com/some.file.txt" -Proxy "proxy1.in.my.company:80"
because I'll receive error message like:

Invoke-WebRequest : The ServicePointManager does not support proxies with the proxy1.in.my.company scheme

Reason? You must specify explicite the protocol http, so it should looks like:
Invoke-WebRequest -Uri "http://some.host.com/some.file.txt" -Proxy "http://proxy1.in.my.company:80"

Of course - you can specify or you must specify credentials or use just only -ProxyDefaultCredentials to use current logon information.

Exchange 2010 and Active Directory 2012R2 - compatibility

Just to remember:
from Paul Cunningham blog
from Technet web site
Exchange 2010 is no longer a blocker for 2012R2 domain controllers - with SP3 and RU5 of course

TMG DNS cache - draft

Dim root
Set root = CreateObject("FPC.Root")

'Declare the other objects that are necessary.
Dim array ' An FPCArray object
Dim settings ' An FPCLowLevelSettings

' Get references to the array object and to the low-level
' settings object.
Set array = root.GetContainingArray
Set settings = array.ArrayPolicy.LowLevelSettings

WScript.Echo "DNS cache settings:" & vbCrLf & _
" TTL of entries for unsuccessful lookups: " & _
settings.DnsCacheNegativeTtl & vbCrLf & _
" Maximum size of a single record: " & _
settings.DnsCacheRecordMaxKB & vbCrLf & _
" Maximum size of the Firewall service DNS cache: " & _
settings.DnsCacheSize
The following VBScript code sets a new value for the DnsCacheNegativeTtl property: ' Create the root object.

Dim root
Set root = CreateObject("FPC.Root")

'Declare the other objects that are necessary.

Dim Policy ' An FPCArrayPolicy object

' Get an array policy object and set the new value of the
' DnsCacheNegativeTtl property of the low-level
' settings object.

Set Policy = root.GetContainingArray.ArrayPolicy
Policy.LowLevelSettings.DnsCacheNegativeTtl = 7200

Policy.Save

WScript.Echo "Done!"