high ports - Windows 10

How to find high ports for outbound communication?

    netsh int ipv4 show dynamicport tcp
    netsh int ipv4 show dynamicport udp
    netsh int ipv6 show dynamicport tcp
    netsh int ipv6 show dynamicport udp 

_kerberos-master - how to point *nix systems to domain controllers

_kerberos-master - SRV record by design is not registered in Active Directory/DNS, but many *nix systems tries to locate this record. I can register single or multiple records (to use round-robin) and point *nix systems to selected domain controllers in Active Directory.
And... it is not exactly true. *nix systems tries to locate this record only just in case when password is wrong and this _kerberos-master domain controller should have the freshest password in the network. For me - almost every domain controller receiving passwords in the same time. We have two sites, but there is no wait before replication. On both production domains we have low number of domain controllers so srv record is only for *nix systems, to ensure them, that they have all required data.
Currently we will have fresh servers from *nix family in domain so it will be very useful and better configured.

LDAP optimization - domain controllers

From KB315071 Instructions for configuring per domain controller or per site policy

Create a new query policy under:
CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,forest root
Set the domain controller or site to point to the new policy by entering the distinguished name of the new policy in the "Query-Policy-Object" attribute. The location of the attribute is a follows:

The location for the domain controller is:
CN=NTDS Settings, CN=DomainControllerName, CN=Servers,CN=site name,CN=Sites,CN=Configuration,forest root
The location for the site is:
CN=NTDS Site Settings,CN=site name,CN=Sites,CN=Configuration,forest root

ldifde -i -f ldappolicy.ldf -v -c DC=X DC=forest root

dn: CN=Extended Timeout,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
changetype: add
instanceType: 4
lDAPAdminLimits: MaxReceiveBuffer=10485760
lDAPAdminLimits: MaxDatagramRecv=1024
lDAPAdminLimits: MaxPoolThreads=4
lDAPAdminLimits: MaxResultSetSize=262144
lDAPAdminLimits: MaxTempTableSize=10000
lDAPAdminLimits: MaxQueryDuration=300
lDAPAdminLimits: MaxPageSize=1000
lDAPAdminLimits: MaxNotificationPerConn=5
lDAPAdminLimits: MaxActiveQueries=20
lDAPAdminLimits: MaxConnIdleTime=900
lDAPAdminLimits: InitRecvTimeout=120
lDAPAdminLimits: MaxConnections=5000
objectClass: queryPolicy
showInAdvancedViewOnly: TRUE 

measure ldap bind time - for Active Directory powershell script

How to check simple bind anonymously for all domain controllers? Maybe using this script:

#####################Variables#####################
$repeats = 10
###################################################

#####################Main#####################
import-module activedirectory 
cls 
$myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() 
$domCtrls = $myforest.Sites | % { $_.Servers } | Select Name 
$domCtrls | %{
    $domCtrl = $_
    $totalTime = 0
    $i = 0
    $maxTime = 0; $minTime = 100
    while ($i -ne $repeats) {
        $c = New-Object System.DirectoryServices.Protocols.LdapConnection ($domCtrl.Name + ":389")
         
        # Anonymous, Basic, Digest, DPA (Distributed Password Authentication), 
        # External, Kerberos, Msn, Negotiate, Ntlm, Sicily 
        $c.AuthType = [System.DirectoryServices.Protocols.AuthType]::Anonymous

        $c.SessionOptions.ProtocolVersion = 3
        $c.SessionOptions.SecureSocketLayer = $false

        $time = (Measure-Command {$c.Bind()}).TotalSeconds
        $c.Dispose()

        $totalTime += $time 
        if ($minTime -gt $time) { $minTime = $time }
        if ($maxTime -lt $time) { $maxTime = $time }
        $i++
    }
    $avgTime = $totalTime / $repeats 
    $domCtrl.name + "`t" + $minTime + "`t" + $avgTime + "`t" + $maxTime
}

Output is formatted with tabs co You can copy/paste strictly to Excel or to Word and convert to a table.

check group policy templates - compare-ADMX.ps1

How to find missing admx or adml files - of course - You should provide proper path and regional settings:

import-module ActiveDirectory

cls
$currentDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$currentDomain = $currentDomain.Name

$admls = get-item ("c:\windows\sysvol_dfsr\sysvol\" + $currentDomain + "\Policies\PolicyDefinitions\en-us\*.adml")
$admxs = get-item ("c:\windows\sysvol_dfsr\sysvol\" + $currentDomain + "\Policies\PolicyDefinitions\*.admx")

$admls | %{
    $adml = $_
    $admlName = $adml.name
    $admlFullName = $adml.FullName
    $admxName = $admlName.Substring(0, $admlName.Length - 5) + ".admx"
    if (Get-Item ($admlFullName + "\..\..\" + $admxName) -ErrorAction SilentlyContinue) {
        #do nothing 
    } else {
        ".......... " + $admxName + " is missing"
    }
}

$admxs | %{
    $admx = $_
    $admxName = $admx.name
    $admxFullName = $admx.FullName
    $admlName = $admxName.Substring(0, $admxName.Length - 5) + ".adml"
    if (Get-Item ($admxFullName + "\..\en-us\" + $admlName) -ErrorAction SilentlyContinue) {
        #do nothing 
    } else {
        ".......... " + $admlName + " is missing"
    }
}

MBAM 2.5 sp1 - issue with reports after system update

MBAM 2.5.1100.0 (clear MBAM 2.5 sp1 - no fixes) issue with reports after installation of the following fixes:

KB4033369

KB4284878

KB4230450

System contains two servers - frontend and database server (with reporting services). Issue is after installation on database/report server.

how to determine if dll is registered?

How to find if dll is already registered?
Use regedit and search in scope of HKEY_CLASSES_ROOT\CLSID\ - I must confirm it.