One of the best friends: ntdsutil.exe 😉
Select one, or all:
Seize domain naming master Seize PDC Seize RID master Seize schema master
(subsequently more info)
When modifying any security setting in the Default Domain Controllers Policy using the Group Policy Management Console (GPMC) from the console of a Windows Server 2008 R2 domain controller, GPMC incorrectly translates the SID for the Wdiservice account in the policy to a user name which is not recognized by the local machines where the policy is enforced.
This issue also occurs when a Windows 7 or Windows Server 2008 R2 member computer modifies any security setting in the Default Domain Controllers Policy on a Windows Server 2008 R2 domain controller.
Replace the value of a SeSystemProfilePrivilege: *S-1-5-32-544,NT Service\WdiServiceHost (initial value: *S-1-5-32-544,WdiServiceHost).
The supported upgrade paths are:
To determine the installed edition, run:
DISM /online /Get-CurrentEdition
To check the possible target editions, run:
DISM /online /Get-TargetEditions
Finally, to initiate an upgrade, run:
DISM /online /Set-Edition:EDITION_ID /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
WARNING: One important note, is that the server can’t be a DC at the time of upgrade. If you demote a DC using dcpromo, you can upgrade, then re-promote it (you may need to migrate FSMO roles, etc, in order to succesfully demote.)
General usage of DISM: http://technet.microsoft.com/en-us/library/dd744380(WS.10).aspx
KMS Client Setup Keys
|Windows Server 2008 R2 Datacenter||74YFP-3QFB3-KQT8W-PMXWJ-7M648|
|Windows Server 2008 R2 Enterprise||489J6-VHDMP-X63PK-3K798-CPX3Y|
Eeither changing it to a NS for microsoft.com or making it an A record for www.microsoft.com for instance would work. If of course this dns server is allowed to run the external dns resolving queries. If you are not interested in this you can either use an A record and point to internal resource name or turn it off.