Audit Forest and Domain Functional Level


Just to share this.. it’s good for us to enable the audit event in the group policy in order just to see who,when and what are the recent changes in our domain controllers.


In my example, I did enable all audit policy in my domain controller group policy.


all audit in domain controller group policy



Here, I must admit that, every activities in your domain controllers will be logged and will cost you the size of disk space as well.

I mostly picked important logs such as Audit Forest Functional level. Let’s say, if you have so many domain admins group in parent domain, people can go anywhere. When your domain controller still set to Windows 2003 functional level, yet the domain admin members can upgrade or raise this to upper level such as Windows Server 2008.


When you upgrade the forest functional level, it saves the logs in the event viewer. you will see this in Directory Services.

event id forest functional level



Usually, I can use SCOM Alert to monitor this Event ID 2040 if there is a change.

ffl 1




In the General Tabs, it tells you that the New forest Functional Level is equal to 3. This “3” means that the forest functional level is raised to Windows Server 2008. please see reference below:

0 = Forest functional level: Windows 2000

1 = Forest functional level: Windows Server 2003 interim

2 = Forest functional level: Windows Server 2003

3 = Forest functional level: Windows Server 2008

4 = Forest functional level: Windows Server 2008 R2

5 = Forest functional level: Windows Server 2012


Another Event ID 1968 will tell you the previous functional level and current functional level.




Thank you for viewing and reading this article. ūüôā



reference URL :





Perform Backup of System State on Local Drive


This video tutorial below is to allow perform system state backup on local drive or critical volume. by default, you will be unable to store backup on local drive C:\

However, you can change the default behaviour of Windows Server 2008 R2 by adding a registry entry.

Check the video that I posted on YouTube:


Test the System backup using Command Prompt or Graphical User Interface.

However I prefer using command prompt due to faster backup.


1. right Click Command Prompt and click Run As Administrator.

2. Type the command :-> wbadmin start systemstatebackup -backuptarget:c:

Question:Can I install Exchange 2003 in Windows 2003 where I have Windows 2008 Domain Controller?

I’ve been asked by my friend on this question:

I have windows Server 2008 Active Directory, can Install Exchange 2003 in Windows 2003 in separate machines or servers?

My Answer:
Yes, you can.


1. I test with installation Active Directory of Windows Server 2008 R2 with Forest and domain functional level to Windows 2003.

2. Install Windows Server 2003 and Exchange 2003. Run Schema Preparation and Domain Prepare at Windows 2003 that you are going to install Exchange 2003.’

3. Run the Setup and follow the instruction.



Public DNS using Windows Server

A couple of days I have been searching any articles on the Internet about to publicise the DNS as an external. However, I only found on Microsoft TechNet, the URL link below was really useful for Securing DNS Server:

why I cover this topic, because it concerns to me that I try to find out why the Split DNS is vital for Internal and External network.

What I found !

If we want to make our own DNS to be a public DNS that can query  such host record A, CNAME (Alias), MX record, make sure that there are no internal IP address exposed to the Internet and also the zones for internal should not be there.

External DNS server should be in DMZ Zone and where you don’t keep the internal records in this DNS. External DNS (which is for public DNS) was a stand alone server that does not join domain of the internal network.

I’ve tried some proven point that external users can query the internal IP Address,hostname and zones IF I put the Internal and DMZ IP address in the Public DNS Server. This can be done by simple command such as NSLOOKUP.

In my Local Network, There is an Internal DNS Server where only records all zones, IP address of internal site only.

My Public DNS only handles such records below:

www           resolve website     where ip address              resolve  mx record   where ip address                         resolve domain      where ip address

My Internal DNS Server

www.netoverme.local                  resolve       internal website

ns1.netoverme.local                     resolve       nameserver


Why this error comes out?

Why This error comes out?

If you have 2 Domain Controller which replicate each other, if the first domain controller goes down, this would be the error.

I’ve done this due to migration of Windows Server 2003 to Windows server 2008 R2. When I tried to transfer the schema partition, I’ve to do it in Windows Server 2003 and Change the Roles to my window server 2008. Then I tried to restart, and this comes out the error.

Shrink your disk partition

Hello every one… first of all happy new year 2011…

my first post of year 2011, I make a simple post for the user to shrink the hard disk partition in order to make separation of system partition, and data partition..

it’s really simple. what you have to do is the steps below:

  1.  Right click on My computer and select Manage

  3.  Expand the computer management and select Disk Management under Storage
  4. click the disk you want to shrink. For example on C:\ drive which has 500GB and you want to make 100GB as a data storage. Just do right-click the disk and Shrink Volume is selected


4. Type the space you want to make as data partition. in my example I type 100GB (100000MB)