Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

disjoined computer object

$
0
0

Hi,

what is the default settings for computer object complete removal from AD, after the computer was disjoint from domain?

I see few servers that were disjoint a week ago with the sign of disabled account.

I guess it should eventually disappear?

Thx.


--- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis



Finding out who is logged into what computer ? To find out where user logged in?

$
0
0


Hello Friends :

I want to show you that how can you findout the place which your domain users are logging in ,
Of Course i mean the computer account which the user is using for logging in :

1- The first way is to use a free command line tool called "PsLoggedOn v1.33" you can downlaod it from here:
    http://technet.microsoft.com/fa-ir/sysinternals/bb897545(en-us).aspx

2- The second way is to use a free and open source third pary application called " Kaboodle " :
    http://www.kaboodle.org/index.html

3-The Thirs way is to use a command line tool called "NBTSCAN " you can see a sample trick here :
  
 C:\nbtscan>nbtscan 192.168.0.100-200
 Doing NBT name scan for addresses from 192.168.0.100-200

 IP address       NetBIOS Name     Server    User             MAC address
 ------------------------------------------------------------------------------
 192.168.0.119    SQUASH           <server>  SQUASHMAN        12-34-ba-c0-52-32
 192.168.0.153    BUMBLE-BEE       <server>  BUMBLE-BEE       00-0f-1f-b3-b5-89

 C:\nbtscan>

You can downlaod it from here : http://linux.wareseeker.com/download/nbtscan-1.5.1.rar/334598


Network is my LOVE

need to find servers 2016 in ad

$
0
0

Hi,

I need to find couple of servers 2016 that were installed and forgotten.

Please provide a script that will allow to generate a list of servers with OS name.

Tried some from web they list just all servers. I need to find 2016.

Thx.


--- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

One AD Username Logon to Multi Desktop

$
0
0

How can i create a AD username can logon to Multi PC?

Example:

Domain name: Webdomain

Username: BBC then PC1, PC2, PC3, .....PCn  can use the username BBC?

Creating Username BBC in AD twice is getting me error because it is not allowed to create same name.

Please advice thank you :-)


server 2012 r2

$
0
0

Have server 2012 which I migrated from sbs 2008. Ran all the migration tools and dcpromo. Everything was working fine but now I can't see the AD users and computers. Not sure what happened. Any help would be awesome.

Global Catalog and Infrastructure Master is not placed on any of the DC

$
0
0

Hi All,

In a forest, can we have a domain controller without Global Catalog and Infrastructure Master roles.

If yes, could you please help me in detailed.

Thanks,


Sivakumar Thayumanavan

OperatingSystemVersion Attribute Update

$
0
0

I have laptops which have their OS upgraded from 10.0 (14393) to 10.0 (16299). The computer object still shows the OperatingSystemVersion attribute as 10.0 (14393) and hasn't updated.

How do computers update their Active Directory computer attributes, such as OperatingSystemVersion? Also how often does the computer interact with their AD attributes?

Thanks

msds-generationid is not set for windows 2012

$
0
0
msds-generationid is not set for windows 2012 virtual domain controller on vmware. Could it be because it was upgraded from earlier versions of the OS or any other reason and what would be the implications of the msds-generationid not being set?

The second AD DC (windows 2016 server) constantly automatic restart

$
0
0

Hi,

here is the situation.

1.  AD primary DC (windows 2012 R2) works well

2.  Windows 2016 works well after installation with the roles of AD, DNS ,DHCP without joining AD.

3.  Promote the windows 2016 to AD DC  successfully (joining AD and as the role of AD DC) .

4.  The windows 2016 server constant automatic restart 

Does anyone can help me?

Thanks in advance.

How to active directory Smart Card Authentication with external certificate works

$
0
0

HI,

We are planning to have AD authentication for users with smart card and certificate for smart card comes from third party issuer. How to do this. 

How smart card authentication works.

Thanks,

Sai Siva Kumar


Thanks

DFS Replication Errors in Server 2016 Domain Controller

$
0
0

I have 2 domain controllers namely DC1 & DC2. 

Both DC's are migrated from old server 2008/2012 servers to 2016 servers.[all are VM guests]. I migrated OS and AD one by one, example I first removed DC2, and installed 2016, then promoted it as DC. afterwards when I tried to remove DC1 but got some errors therefore I remove it by dcrpromo / forcefully it and deleted its entries from DC2. afterwards i installed new 2016  on DC1 and promoted it as DC. now both are on server 2016 working fine, user can login with both servers, GPO applying fine, replicating all data ok.

In DC1 event viewer I am seeing following errors.

Error 2010
The DFS Replication service has detected that all replicated folders on volume C: have been disabled or deleted. 
Additional Information: 
Volume: DFC1C48B-0000-0000-0000-501F00000000

Error 4606
The DFS Replication service is not replicating the SYSVOL replicated folder. If the domain controller was demoted and the DFS Replication service has been replicating SYSVOL, this event is expected and no user action is required. 

Additional Information: 
Replicated Folder Name: SYSVOL Share 
Replicated Folder ID: 3E924A01-9986-4FCD-9D7B-1727E3BB2C11 
Replication Group Name: Domain System Volume 
Replication Group ID: D69F0A32-4398-40EE-8A20-E619BC4CA7BA 
Member ID: EA3CA468-0F3A-4807-BD4B-3EE700D95816 
Read-Only: 0

Error 4010
The DFS Replication service detected that the replicated folder at local path C:\Windows\SYSVOL_DFSR\domain has been removed from configuration. 

Additional Information: 
Replicated Folder Name: SYSVOL Share 
Replicated Folder ID: 3E924A01-9986-4FCD-9D7B-1727E3BB2C11 
Replication Group Name: Domain System Volume 
Replication Group ID: D69F0A32-4398-40EE-8A20-E619BC4CA7BA 
Member ID: EA3CA468-0F3A-4807-BD4B-3EE700D95816

Along with these, I am also seeing Error 1863 in Event viewer under Directory Services

This is the replication status for the following directory partition on this directory server. 
Directory partition:
DC=MYDOMAIN
This directory server has not received replication information from a number of directory servers within the configured latency interval. 
Latency Interval (Hours): 
24 
Number of directory servers in all sites:
1 
Number of directory servers in this site:
1 
The latency interval can be modified with the following registry key. 
Registry Key: 
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) 
To identify the directory servers by name, use the dcdiag.exe tool. 
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".


However If I run all the diagnostic rules on DC1 like  net share , replication, group policies, dcdiag showing all things ok. Results are below.

Text
C:\Windows\system32>net share

Share name   Resource                        Remark
-------------------------------------------------------------------------------
C$           C:\                             Default share
D$           D:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\Windows                      Remote Admin
NETLOGON     C:\Windows\SYSVOL_DFSR\sysvol\MYDOMAIN\SCRIPTS
                                             Logon server share
SYSVOL       C:\Windows\SYSVOL_DFSR\sysvol   Logon server share
The command completed successfully.
Text
C:\Windows\system32>repadmin /replsummary
Replication Summary Start Time: 2018-08-30 08:17:11
Beginning data collection for replication summary, this may take awhile:
  .....

Source DSA          largest delta    fails/total %%   error
 DC2                  22m:38s    0 /   5    0
 DC1                 21m:43s    0 /   5    0

Destination DSA     largest delta    fails/total %%   error
 DC2                  21m:43s    0 /   5    0
 DC1                  22m:38s    0 /   5    0
Text
C:\Windows\system32>repadmin /queue
Repadmin: running command /queue against full DC localhost
Queue contains 0 items.
Text
C:\Windows\system32>dcdiag /test:frsevent
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = DC1
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site-Name\DC1
      Starting test: Connectivity
         ......................... DC1 passed test Connectivity
Doing primary tests

   Testing server: Default-First-Site-Name\DC1
      Starting test: FrsEvent
         ......................... DC1 passed test FrsEvent
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running partition tests on : mydomain
   Running enterprise tests on : mydomain




ROSP Takes ages to show the results

$
0
0
When I run rsop.msc on the Servers, it takes forever and no results seen. Has anyone experienced the same issue?

Not able to join an AAD joined machine to on premise Active Directory

$
0
0

Hi I am not able to join the AAD join machine to on premise AD. This is required for Windows 10 co management.

Can any body suggest a way forward.


Regards Sushain KApoor

Is Extension Attribute Replaced by msDS-cloudExtensionAttribute?

$
0
0

Hello,

I was just checking extension attribute in windows server 2012 and I did not found it. Instead, I found msDS-cloudExtensionAttribute's

Are they same? and with same functionalities and what is the reason to change with "cloud" in name?

Is it to support cloud? Please provide any link for reference if any...

Regards,

Nilesh Kamble

Could not obtain information about Windows NT group/user 'DOMAIN\user', error code 0x5

$
0
0

Hello, we running MSSQL Server 2008 R2 on Windows Server 2008 R2.

For MSSQLSERVER service we use special domain account (specified during installation of SQL Server).

Now we have some trouble with setting up replication, generally we have error: "Could not obtain information about Windows NT group/user 'DOMAIN\user', error code 0x5", when try to start or delete replication instances or access other pages\features.

For example, when I go to 'Permissions' page in Server Properties, and open 'Effective' tab in SQL Server Management Studio, I can see properties only for some domain accounts (that have Logins in MSSQL), for others I have error "Could not obtain information about Windows NT group/user 'DOMAIN\user', error code 0x5".

I go to AD, try to view differents in those accounts, but at first glance it seems that they are identically.

Please help!


as is



export the ad users list with created date and last login date

$
0
0

Dear All

 please help me to create the report for the below mentioned requirement.

I need to  export  ad user list  to  an excel sheet with the created date and the last login  details.

kindly help me  much much appreciated.

Best regards

Jaga


Jags

Minimum permissions required to create gMSA account

$
0
0

Hello Team,

What are minimum permissions required to create gMSA account?

We delegated the create/delete permissions on the msDS-groupmamagedserviceaccount object with no luck, is there something else that we need to take care of.

https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts

"Membership in Domain AdminsAccount Operators or ability to create msDS-GroupManagedServiceAccount objects, is the minimum required to complete the following procedures."



Stop computers from using a specific domain controller for joining the domain.

$
0
0

We have a remote network segment that houses a few resources at a colo. The only communication between the two segments is between the active directory domain controllers. Computers on our main network segment are trying to use the DC at the remote segment which of course fails and causes issues, especially with joining our domain. I have already followed the Microsoft docs to change the priority and weight to much higher values on the remote DC. This does not seem to affect the behavior we are experiencing. 

Any ideas would be greatly appreciated.

What happens to user profiles on domain rename operations?

$
0
0

I have 18 DCs and more than 1.000 workstations (90% Windows 7)  spreaded on 5 countries in 15 different locations.

So, we´re planning a DOMAIN RENAME operation

Will user´s profiles be changed in any way?

What happens after domain rename regarding user´s profiles?

i´m assuming that users keeping their SIDs, the user profilew won´t change but they´ll keep their physycal paths c:\users\<LOGIN> folder structure and, thjerefore, MS Outlook and other dataa, am I right?

DR ADC( backup domain controller) OS corrupted

$
0
0

We are facing a issue while creating the backup domain controller  we found a error " active directory domain services could not replicate the directory partition  cn= schema , cn=configuration, dc =xyz, dc=local, from the remote active directory

"the source server is currently rejecting replication request"

Viewing all 31638 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>