You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
> If any data is copied from the _root_ of a device, the destination directory will adopt the "hidden" attribute during the copy process.
28
+
> If any data is copied from the _root_ of a device, the destination directory adopts the "hidden" and "system" attributes during the copy process.
29
29
30
30
### Parameters
31
31
@@ -113,15 +113,15 @@ These throttling options are used to specify the maximum I/O bandwidth that Robo
113
113
| /xc | Excludes existing files with the same timestamp, but different file sizes. |
114
114
| /xn | Source directory files newer than the destination are excluded from the copy. |
115
115
| /xo | Source directory files older than the destination are excluded from the copy. |
116
-
| /xx | Excludes extra files and directories present in the destination but not the source. Excluding extra files won't delete files from the destination. |
116
+
| /xx | Excludes extra files and directories present in the destination but not the source. Excluding extra files doesn't delete files from the destination. |
117
117
| /xl | Excludes "lonely" files and directories present in the source but not the destination. Excluding lonely files prevents any new files from being added to the destination. |
118
118
| /im | Include modified files (differing change times). |
119
119
| /is | Includes the same files. Same files are identical in name, size, times, and all attributes. |
120
120
| /it | Includes "tweaked" files. Tweaked files have the same name, size, and times, but different attributes. |
121
121
| /max:`<n>`| Specifies the maximum file size (to exclude files bigger than *n* bytes). |
122
122
| /min:`<n>`| Specifies the minimum file size (to exclude files smaller than *n* bytes). |
123
-
| /maxage:`<n>`| Specifies the maximum file age (to exclude files older than *n* days or date). |
124
-
| /minage:`<n>`| Specifies the minimum file age (exclude files newer than *n* days or date). |
123
+
| /maxage:`<n>`| Specifies the maximum file age to exclude files older than *n* days or a date based on when the files were last _modified_. |
124
+
| /minage:`<n>`| Specifies the minimum file age to exclude files newer than *n* days or a date based on when the files were last _modified_. |
125
125
| /maxlad:`<n>`| Specifies the maximum last access date (excludes files unused since *n*). |
126
126
| /minlad:`<n>`| Specifies the minimum last access date (excludes files used since *n*) If *n* is less than 1900, *n* specifies the number of days. Otherwise, *n* specifies a date in the format YYYYMMDD. |
127
127
| /xj | Excludes junction points, which are normally included by default. |
@@ -155,7 +155,7 @@ These throttling options are used to specify the maximum I/O bandwidth that Robo
155
155
| /nc | Specifies that file classes aren't to be logged. |
156
156
| /nfl | Specifies that file names aren't to be logged. |
157
157
| /ndl | Specifies that directory names aren't to be logged. |
158
-
| /np | Specifies that the progress of the copying operation (the number of files or directories copied so far) won't be displayed. |
158
+
| /np | Specifies to not display the progress of the copying operation (the number of files or directories copied so far). |
159
159
| /eta | Shows the estimated time of arrival (ETA) of the copied files. |
160
160
| /log:`<logfile>`| Writes the status output to the log file (overwrites the existing log file). |
161
161
| /log+:`<logfile>`| Writes the status output to the log file (appends the output to the existing log file). |
@@ -179,17 +179,17 @@ These throttling options are used to specify the maximum I/O bandwidth that Robo
179
179
180
180
#### Remarks
181
181
182
-
- Using **/PURGE** or **/MIR** on the root directory of the volume formerly caused robocopy to apply the requested operation on files inside the System Volume Information directory as well. This is no longer the case as if either is specified, robocopy will skip any files or directories with that name in the top-level source and destination directories of the copy session.
182
+
- Using **/PURGE** or **/MIR** on the root directory of the volume formerly caused robocopy to apply the requested operation on files inside the System Volume Information directory as well. This is no longer the case as if either is specified, robocopy skips any files or directories with that name in the top-level source and destination directories of the copy session.
183
183
184
184
- Modified files classification applies only when both source and destination filesystems support change timestamps, such as NTFS, and the source and destination files have different change times but are otherwise the same. These files aren't copied by default. Specify **/IM** to include them.
185
185
186
-
- The **/DCOPY:E** flag requests that extended attribute copying should be attempted for directories. Robocopy will continue if a directory's EAs couldn't be copied. This flag isn't included in **/COPYALL**.
186
+
- The **/DCOPY:E** flag requests that extended attribute copying should be attempted for directories. Robocopy continues the copy operation even if a directory's EAs couldn't be copied. This flag isn't included in **/COPYALL**.
187
187
188
-
- If either **/IoMaxSize** or **/IoRate** are specified, robocopy will enable copy file throttling to reduce system load. Both can be adjusted to optimal values and copy parameters, but the system and robocopy are allowed to adjust them to allowed values as necessary.
188
+
- If either **/IoMaxSize** or **/IoRate** are specified, robocopy enables copy file throttling to reduce system load. Both can be adjusted to optimal values and copy parameters, but the system and robocopy are allowed to adjust them to allowed values as necessary.
189
189
190
-
- If **/Threshold** is used, it specifies a minimum file size for engaging throttling. Files below that size won't be throttled. Values for all three parameters can be followed by an optional suffix character such as [KMG] (kilobytes, megabytes, gigabytes).
190
+
- If **/Threshold** is used, it specifies a minimum file size for engaging throttling. Files below that size aren't throttled. Values for all three parameters can be followed by an optional suffix character such as [KMG] (kilobytes, megabytes, gigabytes).
191
191
192
-
- Using **/LFSM** requests robocopy to operate in 'low free space mode'. In this mode, robocopy will pause whenever a file copy would cause the destination volume's free space to go below a 'floor' value. This value can be explicitly specified using **/LFSM:_n_**[KMG] flag.
192
+
- Using **/LFSM** requests robocopy to operate in 'low free space mode'. In this mode, robocopy pauses whenever a file copy would cause the destination volume's free space to go below a 'floor' value. This value can be explicitly specified using **/LFSM:_n_**[KMG] flag.
193
193
194
194
- If **/LFSM** is specified with no explicit floor value, the floor is set to 10% of the destination volume's size. Low free space mode is incompatible with **/MT** and **/EFSRAW**.
195
195
@@ -213,42 +213,48 @@ These throttling options are used to specify the maximum I/O bandwidth that Robo
213
213
214
214
It's highly recommended when running the `robocopy` command to create a log file that can be viewed once the process completes verifying its integrity. In the following examples, each one uses the `/LOG:` parameter. To append any log information to the same log file, use the `/LOG+:` parameter instead.
215
215
216
-
To copy all files and subdirectories, including empty directories, from the "Records" folder to the "Backup" folder on drive "D", type the following:
216
+
To copy all files and subdirectories, including empty directories, from the "Records" folder to the "Backup" folder on drive "D", type:
To mirror the contents of the "Records" folder to the "Backup" folder on drive "D", delete any files in the destination that don't exist in the source with 2 retries and waiting 5 seconds between each retry, type the following:
222
+
To mirror the contents of the "Records" folder to the "Backup" folder on drive "D", delete any files in the destination that don't exist in the source with 2 retries and waiting 5 seconds between each retry, type:
To copy all files and subdirectories that aren't empty from the "Records" folder to the "Backup" folder on drive "D", retaining the file data, attributes, and timestamps with 16 multi-threaded copy operation, type the following:
228
+
To copy all files and subdirectories that aren't empty from the "Records" folder to the "Backup" folder on drive "D", retaining the file data, attributes, and timestamps with 16 multi-threaded copy operation, type:
To move files and subdirectories, excluding empty directories, from the "Records" folder to the "Backup" folder on drive "D", and exclude files older than 7 days, type the following:
234
+
To move files and subdirectories, excluding empty directories, from the "Records" folder to the "Backup" folder on drive "D", and exclude files older than 7 days, type:
To copy all files and subdirectories, including empty directories, from the "Records" folder to the "Backup" folder on drive "D" showing the estimated time for each file and delete any files and directories in the destination that don't exist from the source, type the following:
240
+
To copy all files and subdirectories, including empty directories, from the "Records" folder to the "Backup" folder on drive "D" showing the estimated time for each file and delete any files and directories in the destination that don't exist from the source, type:
To copy all files and subdirectories from the folder named "Records" on the "C" drive to a folder named "Backup" on the "D" drive while limiting the I/O rate to 1 megabyte per second during the copy operation, type the following:
246
+
To copy all files and subdirectories from the folder named "Records" on the "C" drive to a folder named "Backup" on the "D" drive while limiting the I/O rate to 1 megabyte per second during the copy operation, type:
247
247
248
248
```cmd
249
249
robocopy C:\Records D:\Backup /iorate:1m
250
250
```
251
251
252
+
To skip copying files from a source folder to a destination folder when the files already exist in the destination folder, regardless of whether they're newer, older, or modified, type:
To perform a planned shutdown of a device in 10 minutes and capture the reason in the shutdown event tracker with the comment "Scheduled maintenance", type:
Copy file name to clipboardexpand all lines: WindowsServerDocs/identity/ad-ds/deploy/virtual-dc/adds-on-azure-vm.md
+13-15
Original file line number
Diff line number
Diff line change
@@ -1,10 +1,10 @@
1
1
---
2
2
title: Install Active Directory Domain Services on an Azure virtual machine
3
3
description: How to create a new Active Directory forest on a virtual machine (VM) on an Azure virtual machine.
4
-
author: iainfoulds
4
+
author: justinha
5
5
ms.author: justinha
6
-
manager: daveba
7
-
ms.date: 6/28/2022
6
+
manager: femila
7
+
ms.date: 03/18/2025
8
8
ms.topic: article
9
9
---
10
10
@@ -19,7 +19,7 @@ AD DS can run on an Azure virtual machine (VM) in the same way it runs in many o
19
19
* An Azure virtual machine [availability set](/azure/virtual-machines/availability-set-overview) to put two Active Directory Domain Services (AD DS) domain controllers in.
20
20
* Two Azure virtual machines to run AD DS and DNS.
21
21
22
-
### Items that are not covered
22
+
### Items that aren't covered
23
23
24
24
*[Creating a site-to-site VPN connection](/azure/vpn-gateway/tutorial-site-to-site-portal) from an on-premises location
25
25
*[Securing network traffic in Azure](/azure/security/azure-security-network-security-best-practices)
@@ -39,17 +39,17 @@ If you don't have an Azure subscription, [create a free account](https://azure.m
39
39
40
40
The following script automates the process of building two Windows Server 2019 VMs, for the purpose of building domain controllers for a new Active Directory Forest in Azure. An administrator can modify the variables below to suit their needs, then complete, as one operation. The script creates the necessary resource group, network security group with a traffic rule for Remote Desktop, virtual network and subnet, and availability group. The VMs are each then built with a 20 GB data disk with caching disabled for AD DS to be installed to.
41
41
42
-
The script below can be run directly from the Azure portal. If you choose to install and use the CLI locally, this quickstart requires that you are running the Azure CLI version 2.0.4 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI 2.0](/cli/azure/install-azure-cli).
42
+
The script below can be run directly from the Azure portal. If you choose to install and use the CLI locally, this quickstart requires that you're running the Azure CLI version 2.0.4 or later. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI 2.0](/cli/azure/install-azure-cli).
43
43
44
44
| Variable Name | Purpose |
45
45
| :---: | :--- |
46
46
| AdminUsername | Username to be configured on each VM as the local administrator. |
47
47
| AdminPassword | Cleartext password to be configured on each VM as the local administrator password. |
48
-
| ResourceGroupName | Name to be used for resource group. Should not duplicate an existing name. |
48
+
| ResourceGroupName | Name to be used for resource group. Shouldn't duplicate an existing name. |
49
49
| Location | Azure location name that you would like to deploy to. List supported regions for the current subscription using `az account list-locations`. |
50
-
| VNetName | Name to assign the Azure virtual network Should not duplicate an existing name. |
51
-
| VNetAddress | IP scope to use for Azure networking. Should not duplicate an existing range. |
52
-
| SubnetName | Name to assign the IP subnet. Should not duplicate an existing name. |
50
+
| VNetName | Name to assign the Azure virtual network Shouldn't duplicate an existing name. |
51
+
| VNetAddress | IP scope to use for Azure networking. Shouldn't duplicate an existing range. |
52
+
| SubnetName | Name to assign the IP subnet. Shouldn't duplicate an existing name. |
53
53
| SubnetAddress | Subnet address for the domain controllers. Should be a subnet inside of the VNet. |
54
54
| AvailabilitySet | Name of the availability set the domain controller VMs will join. |
55
55
| VMSize | Standard Azure VM Size available in the location for deployment. |
@@ -60,7 +60,7 @@ The script below can be run directly from the Azure portal. If you choose to ins
60
60
| DC2IP | IP address for second domain controller. |
61
61
62
62
```azurecli
63
-
#Update based on your organizational requirements
63
+
#Add lines for AdminUsername and AdminPassword, and update based on your organizational requirements
64
64
Location=westus2
65
65
ResourceGroupName=ADonAzureVMs
66
66
NetworkSecurityGroup=NSG-DomainControllers
@@ -71,8 +71,6 @@ SubnetAddress=10.10.10.0/24
71
71
AvailabilitySet=DomainControllers
72
72
VMSize=Standard_DS1_v2
73
73
DataDiskSize=20
74
-
AdminUsername=azureuser
75
-
AdminPassword=ChangeMe123456
76
74
DomainController1=AZDC01
77
75
DC1IP=10.10.10.11
78
76
DomainController2=AZDC02
@@ -149,7 +147,7 @@ az vm create \
149
147
150
148
If the Azure virtual machines created as part of this process will be an extension of an existing on-premises Active Directory infrastructure, the DNS settings on the virtual network must be changed to include your on-premises DNS servers before deployment. This step is important to allow the newly created Domain Controllers in Azure to resolve on-premises resources and allow for replication to occur. More information about DNS, Azure, and how to configure settings can be found in the section [Name resolution that uses your own DNS server](/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances#name-resolution-that-uses-your-own-dns-server).
151
149
152
-
After promoting the new domain controllers in Azure, they will need to be set to the primary and secondary DNS Servers for the virtual network, and any on-premises DNS Servers would be demoted to tertiary and beyond. VMs continue to use their current DNS settings until they are restarted. More information on changing DNS Servers can be found in the article [Create, change, or delete a virtual network](/azure/virtual-network/manage-virtual-network#change-dns-servers).
150
+
After promoting the new domain controllers in Azure, they'll need to be set to the primary and secondary DNS Servers for the virtual network, and any on-premises DNS Servers would be demoted to tertiary and beyond. VMs continue to use their current DNS settings until they're restarted. More information on changing DNS Servers can be found in the article [Create, change, or delete a virtual network](/azure/virtual-network/manage-virtual-network#change-dns-servers).
153
151
154
152
Information about extending an on-premises network to Azure can be found in the article [Creating a site-to-site VPN connection](/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal).
155
153
@@ -174,7 +172,7 @@ Connect to AZDC01 using the credentials you provided in the script.
174
172
* Review the selections made in the wizard and choose **Next**
175
173
176
174
> [!NOTE]
177
-
> The Prerequisites Check will warn you that the physical network adapter does not have static IP address(es) assigned, you can safely ignore this as static IPs are assigned in the Azure virtual network.
175
+
> The Prerequisites Check will warn you that the physical network adapter doesn't have static IP address(es) assigned, you can safely ignore this as static IPs are assigned in the Azure virtual network.
178
176
179
177
* Choose **Install**
180
178
@@ -210,7 +208,7 @@ Connect to AZDC02 using the credentials you provided in the script.
210
208
* Review the selections made in the wizard and choose **Next**
211
209
212
210
> [!NOTE]
213
-
> The Prerequisites Check will warn you that the physical network adapter does not have static IP address(es) assigned. You can safely ignore this, as static IPs are assigned in the Azure virtual network.
211
+
> The Prerequisites Check will warn you that the physical network adapter doesn't have static IP address(es) assigned. You can safely ignore this, as static IPs are assigned in the Azure virtual network.
Copy file name to clipboardexpand all lines: WindowsServerDocs/identity/ad-ds/manage/group-managed-service-accounts/group-managed-service-accounts/group-managed-service-accounts-overview.md
+1-2
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ ms.topic: article
5
5
ms.assetid: cef0693c-f861-48a7-a1c0-8d1bc06143ce
6
6
ms.author: roharwoo
7
7
author: robinharwood
8
-
ms.date: 09/17/2024
8
+
ms.date: 03/18/2025
9
9
---
10
10
# Group Managed Service Accounts Overview
11
11
@@ -49,7 +49,6 @@ Here are some other resources you can read to learn more about Managed Service A
49
49
50
50
-[Managed Service Accounts Documentation for Windows 7 and Windows Server 2008 R2](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff641731(v=ws.10))
-[Managed Service Accounts in Active Directory](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd378925(v=ws.10))
53
52
-[Getting Started with Group Managed Service Accounts](getting-started-with-group-managed-service-accounts.md)
54
53
-[Managed Service Accounts in Active Directory Domain Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd378925(v=ws.10))
55
54
-[Managed Service Accounts: Understanding, Implementing, Best Practices, and Troubleshooting](/archive/blogs/askds/managed-service-accounts-understanding-implementing-best-practices-and-troubleshooting)
0 commit comments