Hello.
I have installed 2 root domains in 1 forest, the root 1 is Win2K12 Datacenter (DNS), and the root 2 is Win2K8 SP2 Enterprise x64. And I wanted to create a child domain under the root 2, with Win2K12 Datacenter, also I have been ran Adprep.exe before the installing, but cannot setup the child domain successfully.
The installation is always showing "Replicating the schema directory partition". I have no any idea for the issue...
Kind Regards.
Is there a tool or the command through which I can see if the DC is demoted, its been replicated across the domain and forest.
The reason I require this is coz I need to demote a DC and uninstall the DNS and the new DC will then be using the same Ip address. But before that I need to ensure that the demoation replication along with the DNS are been replicated across the domain or forest. Possibly a tool or command which will force thso across will be great.
Hello,
On one of my Additional domain controller FRS is getting stop with below error
"The File Replication Service has stopped after taking an assertion failure." and generating event ID 13505 & 13555. Have found one solution says below steps.
" stop netlogon and ntfrs service
del %systemroot%\ntfrs\jet\Ntfrs.jdb
del %systemroot%\ntfrs\jet\Sys\Edb.chk
del %systemroot%\ntfrs\jet\log\edb.log
del %systemroot%\ntfrs\jet\log\res1.log
del %systemroot%\ntfrs\jet\log\res2.log
Want to know is there any issue i go with above steps.
Thanks
Abhijit
A. V. Deshpande
Hi everyone
What are the requirements/steps to install a Windows Server 2012 domain controller into a Windows Server 2003 domain?
Where do I have to pay attention, e.g. kerberos authentication, old systems and so forth?
Any suggestions would be appreciated.
Regards
Peter
Hello,
I am going to install IAS service on server which is not a Domain Controller. I want to explicitly mention the Domain Controller in IAS service for authentication.
Please let me know how do I explicitly mention the DC in IAS for authentication redirection.
Mahesh
Hello i'm having a problem setting up my server2012 Domain Controller to use DNS and DHCP.
My network looks like this. ISP-->Sonicwall TZ205(192.168.1.1)-->Netgear Switch(192.168.1.3)-->
Server 2012(192.168.1.2). When i first installed the Server i just had it as a DC, and the firewall was doing DHCP & DNS. I then realized that the server had to have DNS on it.
So i disabled DHCP from the firewall and added DHCP & DNS Roles to my server. My server name is TicketServer01.local. I setup DNS like i read online and it put my server in the Forward lookup Zone, but didn't put anything for the Reverse Lookup Zone. Then i added DHCP. In DHCP i added 03 Router and put in 192.168.1.1 so it would handout the firewall ip for the gateway to the clients. The clients can get online, and seems to work fine, but i cant get the server to access the Internet. Has a yellow traingle and wont access the web. Tried pinging the firwall and it works. Try ping any external websites etc google and it drops all packets. Do you guys have any ideas to why my server cant get online..
Server TCPIP setting- 192.168.1.2 255.255.255.0 192.168.1.1 DNS 192.168.1.2 127.0.0.1
We have many applications in our company that use LDAP binding to authenticate and authorize users. Most often these applications are sitting on non-windows systems, but there are windows servers as well that do this functionality. The way we have it setup is that we provide a username for the LDAP bind (ldp$<application name> is our standard for the user name) and then the applicaiton passes the applicaiton user/password through through to AD for authentication and authorization. Pretty standard stuff.
We have an application that has periodically lost its LDAP connection over the past few months. The application log (on the application server, not the AD application event viewer) seems to be stating that they are having a user/password problem, but when I check the logs for the LDP$appname account and the application user that is being passed to AD, I cannot find any failed logins at all during the time the application loses its LDAP connection. No other applications are having troubles with LDAP at this time and kerberos is working fine throughout the company as a whole. The problem is "solved" by the application owner rebooting the configuration server. Obviously this isn't really a solution and I would like to know what is actually happening. I keep asking them to call me when the problem is happening so I can do some tests when it isn't working, but they have failed to do so.
What I'm wondering is how I could possibly check for a failed LDAP bind. As I said, I've trolled through the security logs and can't find anything out of the ordinary, but that will only show problems in authentication, it won't show "failed LDAP binds" or similar problems. Is there anything that I am missing? Is there a log that I am not aware of I can check? Even something like successful binds would be helpful, as I could show them successful binds during the outage. Basically I'm looking for anything that would show the problem to be AD related, or anything that would show the problem *wasn't* AD related. Thanks.
Hi all,
I am working on security compliance task that requires that users who connect to RDS servers not be able to browse active directory under any circumstances, and they showed me that the user can browse AD by going to print from any application and then click on find printer and then things get uglier from there until they can actually see the domain and the OUs and what not.
I disabled the find printer button with a GPO, but I am not sure this is enough, because I am sure there are lots of other ways for them to access to browse AD. I am still working on it and researching left and right but thought to post this question in hope of an expert on this matter to point me in the right direction to remediate this security matter.
Some info about the infrastructure:
All servers are windows server 2008 r2
Forest and domain functional level 2008 r2.
I really appreciate any help or comments.
Thanks in advanced.
Mohsen Almassud
Dear All:
We have configured the Group Policy on Windows Server 2012 Domain & it is applied for Windows 7 client however the group policy does not work for Windows XP. Do we need to do anything extra fro Windows XP.
Arun Khatri
The following error occurred attempting to join the domain "mydomain".
An attempt to resolve the DNS name of a domain controller in the domain being joined has failed. Please verify this client is configured to reach a DNS server that can resolve DNS names in the target domain.
I am running Windows Server 2012 and I am trying to connect with a windows 7 computer.
Any help?
I currently have 2 domain controllers at windows server 2003 sp2...can i add a new 2008 server as a domain controller ? into the 2003 domain ???
Thx
Steven J Einhorn
I have searched the forum and internet and couldn't find a answer. I wish I can get some help here.
Our domain has only two DCs, DC1 and DC2. They both running Server 2008 SP2 x86. The domain functional level is 2003. I found a few workstations don't get log-on script working. So I checked the SYSVOL on both DCs and found out they are different, DC2 has more entries under SYSVOL\ <Domain>\Policies\ than DC1. In the Event both DCs shows Event ID 13508 Warning says FRS couldn't replicate SYSVOL to each other. In Server Manager, I found "Widnows Server 2003 File Services" and "File Replication Service" are not even enabled. so I enabled them on both DCs. I have run the "ntfrsutl forcerepl dc1 /r "domain system volume (sysvol share)" /p DC2.<domain>" . But SYSVOL is still inconsistent between two DCs. My questions is how I can get SYSVOL replication back to work. Thanks a lot.
I was in the process troubleshooting a failed replication between the GC and a DC. Then I begin recieving error messages saying the domain is unavailable.
All of my active directory windows stopped working displaying a message that includes "The specified Domain either does not exist or cannot be contacted"
DCDiag output
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Administrator.LLRAMDHANNY>dcdiag /q
Fatal Error:DsGetDcName (HADES) call failed, error 1355
The Locator could not find the server.
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=LLRAMDHANNY,DC=LOCAL
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=LLRAMDHANNY,DC=LOCAL
......................... HADES failed test NCSecDesc
Unable to connect to the NETLOGON share! ("\\HADES\netlogon")
[HADES] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... HADES failed test NetLogons
An Error Event occurred. EventID: 0x00000406
Time Generated: 10/31/2012 04:50:07
Event String:
The processing of Group Policy failed. Windows attempted to retrieve
new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
An Error Event occurred. EventID: 0x00000406
Time Generated: 10/31/2012 04:55:09
Event String:
The processing of Group Policy failed. Windows attempted to retrieve
new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
An Error Event occurred. EventID: 0x00000406
Time Generated: 10/31/2012 05:00:12
Event String:
The processing of Group Policy failed. Windows attempted to retrieve
new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
An Error Event occurred. EventID: 0x00000406
Time Generated: 10/31/2012 05:05:15
Event String:
The processing of Group Policy failed. Windows attempted to retrieve
new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
An Error Event occurred. EventID: 0x00000406
Time Generated: 10/31/2012 05:10:17
Event String:
The processing of Group Policy failed. Windows attempted to retrieve
new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
An Error Event occurred. EventID: 0x00000406
Time Generated: 10/31/2012 05:15:20
Event String:
The processing of Group Policy failed. Windows attempted to retrieve
new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
An Error Event occurred. EventID: 0x00000406
Time Generated: 10/31/2012 05:20:23
Event String:
The processing of Group Policy failed. Windows attempted to retrieve
new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
An Error Event occurred. EventID: 0x00000406
Time Generated: 10/31/2012 05:25:25
Event String:
The processing of Group Policy failed. Windows attempted to retrieve
new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
An Error Event occurred. EventID: 0x00000406
Time Generated: 10/31/2012 05:30:28
Event String:
The processing of Group Policy failed. Windows attempted to retrieve
new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
An Error Event occurred. EventID: 0x00000406
Time Generated: 10/31/2012 05:35:30
Event String:
The processing of Group Policy failed. Windows attempted to retrieve
new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
An Error Event occurred. EventID: 0x00000406
Time Generated: 10/31/2012 05:40:33
Event String:
The processing of Group Policy failed. Windows attempted to retrieve
new Group Policy settings for this user or computer. Look in the details tab fo
r error code and description. Windows will automatically retry this operation at
the next refresh cycle. Computers joined to the domain must have proper name re
solution and network connectivity to a domain controller for discovery of new Gr
oup Policy objects and settings. An event will be logged when Group Policy is su
ccessful.
......................... HADES failed test SystemLog
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... LLRAMDHANNY.LOCAL failed test LocatorCheck
C:\Users\Administrator.LLRAMDHANNY>
Does anyone have any ideas?
Hi, i am from Spain, excuse my English
I have 3 Windows 2008 R2 DC with Integrated DNS
I have reverse lookup zones configurated but i don't know if is necesary for AD
Is reverse lookup zone necesary for AD?
Thanks for all and excuse again my bad English
Do you have something like a tutorial for repadmin.
It uses commands such as:
(1) To force replication:
RepAdmin/Syncall
(2) To show bridge head servers:
repadmin/bridgehead
(3) To force knowledge consistency checker to run:
repadmin/kcc <site>
Thank you,
In our domain we have 28 sites and each site have its own Domain Controllers and we have one data center where we have 3 DCs.
Domain Controllers run DNS role as well and DNS replication is active directory integrated.
For all clients local DC is configured as primary DNS and DataCenter DCs configured as secondary DNS.
Problem is, most of the times, client machines are not gettings authentication from local domain controller, most of the times authentication happnes from other location domain controller or data center DCs.
I have done the below troubleshooting steps;
DNS - verified in the DHCP and ensured that local domain controller (DNS) server configured as promary DNS server and data center DCs as secondary
SRV Records- verified and looks fine
Subnets - Verifed and found its configured according to the sites in AD
I can confirm the information in SRV records and AD subnet information is accurate.
Please help me resolving the issue
Mahesh