XP, Windows 2003 on Windows 2012R2/2016 domain controllers

October 11, 2018, 11:33 am

≫ Next: Adding a UPN Suffix that is already synced to O365

≪ Previous: LastlogonTimestanmp Shows Future Date - showobjectmeta shows f191c38d-bdea-4cb4-862d-24ed6f996ed1 instead of DC Name

Dear

One of my clients, operating in the aviation sector, still uses about 10 Windows 2003 servers and about 100 XP workstations.I know, this is for a long time already, no longer supported by Microsoft.

But they need to use hardware and software in aviation component production which is only certified by Airbus on these configurations.They still have 2003 domain controllers and 2003 DFL and FFL and want to migrate AD to at least Windows 2012R2 or 2016 with the 2012R2 or 2016 DFL/FFL.I know there are some issues with SMB1 for XP, but this can be solved.

My question is: are there more known issues? Is there someone out there who did this before and willing to share his/her experiences?XP and Windows 2012R2 DC is supported, but what with the DFL and FFL?

Because it’s not supported, its hard to find documentation @ Microsoft about possible issues and remediation's.

Any help is welcome.

Regards

Peter

Peter Van Keymeulen, IT Infrastructure Solution Architect, www.edeconsulting.be

↧

Adding a UPN Suffix that is already synced to O365

October 11, 2018, 11:46 am

≫ Next: Can't log in to local computer after created active directory

≪ Previous: XP, Windows 2003 on Windows 2012R2/2016 domain controllers

Hello,

We have 2 forests: one.org and two.ca; Both are synced with Office365 in a single tenant.

We would like to add a UPN suffix called two.ca to the one.org forest - will this cause any issues since that UPN suffix is already synced to Office365 and assigned to another forest? Is there any other way to achieve this?

Thanks!

↧

Can't log in to local computer after created active directory

October 7, 2018, 10:38 am

≫ Next: AD user photos not getting replaced

≪ Previous: Adding a UPN Suffix that is already synced to O365

Hello, so I have some problems...I'm a computer systems student and now I'm studying system administration.I'm using Windows Server 2008 R2 on VMware software.I had a task to try create an active directory, so after I made it using tutorials, I had to restart my virtual machine, after done that I can't see my created users which I created before, I named my active directory randomly: ACTIVE , now when I turn on my virtual machine I see log in to ACTIVE/Administrator and I can log in to it, when I try to change user I see that if I want to log in back to my local computer I need to write SERVER\local user name , SERVER is the name how I called my computer when installed windows server, so when ever I type SERVER\Administrator it shows that it will connect to SERVER but when ever I type password it just says that can't log in because user name or password is incorrect, I know that everything is correct, I even tried to log in to other users I created before but none of them worked...I can't edit anything on my active directory , I even can't disable it...I'm beginner at this so please can anyone help me how can I log back to my local computer ?? Also sorry for not the best english language skills..

↧

AD user photos not getting replaced

October 7, 2018, 12:46 am

≫ Next: DNS server getting Error

≪ Previous: Can't log in to local computer after created active directory

Windows Server 2008 R2

previously, two admins can upload/replace user AD photos using a 3rd party tool. lately, i have noticed that doesn't work anymore and that i have to delete existing user photos (using PS remove-userphoto) before it can be replaced.

i don't see any errors in the event viewer relating to this and no searches turns up related to this.

what could be causing this?

↧

DNS server getting Error

October 6, 2018, 4:39 am

≫ Next: Report

≪ Previous: AD user photos not getting replaced

Dear Support,

Suddenly our domain control dns service having issue so please let me know how resolve the same.

Below are the error message.

Event id 4000

The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Event ID 4007

The DNS server was unable to open zone _msdcs.unigel.in in the Active Directory from the application directory partition ForestDnsZones.unigel.in. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Regards,

Itsupport

↧

Report

October 11, 2018, 6:17 pm

≫ Next: Active Directory 2016

≪ Previous: DNS server getting Error

In Active Directory i can see employee id.

Active Directory - Find- Advanced -Click Fields-User-Employee ID.

Is it possible to pull the report of a user accounts employee ID along with job title and DisplayName

i.e User Account Employee ID Job Title DisplayName

↧

Active Directory 2016

October 9, 2018, 2:01 am

≫ Next: Authoritative and non authoritative system state backup restore

≪ Previous: Report

Hello,

We would like to implementation of new fresh active directory on windows server 2016. I have a question about the ADC. Can we install ADC on each branch location instead of RODC? Will any occurred issue with the ADC? Will take much bandwidth utilization?

Kindly suggest as soon as possible.

Thanks,

↧

Authoritative and non authoritative system state backup restore

October 1, 2018, 12:48 pm

≫ Next: ويندوز 10 برو لا يمكنه الاتصال بخادم DNS ويندوز سيرفر 2008 R2???

≪ Previous: Active Directory 2016

Hello

Please define me about authoritative and non authoritative system state backup restore in your own words with example. thanks

Regards

↧

ويندوز 10 برو لا يمكنه الاتصال بخادم DNS ويندوز سيرفر 2008 R2???

October 10, 2018, 11:49 pm

≫ Next: Regarding Authentication Logs Printing on Domain Controller

≪ Previous: Authoritative and non authoritative system state backup restore

السلام عليكم

واجهت مشكلة في تسجيل ويندوز 10 برو في النطاق المحلي للشبكة على الرغم من أن الويندوز 7 وباقي الاصدارات من الويندوز تم تسجيلها دون اي مشكلة

الا انه في جميع المحاولات لتسجيل الويندوز 10 برو في النطاق بائت بالفشل عبر رسالة مفادها

That domain couldn't be found. Check the domain name and try again

معلومات مهمة : قمت بتغيير عنوان النطاق Dns server بحيث يكون مطابق للخادم المراد التسجيل فيه

قمت بتعطيل جدار الحماية .

هل الويندوز 10 برو غير متوافق مع اليندوز سيرفر 2008 أر 2

windows 10 Pro N

1803

↧

Regarding Authentication Logs Printing on Domain Controller

October 2, 2018, 5:24 am

≫ Next: ADMT - Computer Migration

≪ Previous: ويندوز 10 برو لا يمكنه الاتصال بخادم DNS ويندوز سيرفر 2008 R2???

Hello Everyone,

I'm ingesting domain controller logs into QRadar. My question is regarding user authentication on a windows machine using local instead of domain name, does the authentication logs printed on the domain controller?

Thanks,

Anand Gulla

↧

ADMT - Computer Migration

October 8, 2018, 2:38 am

≫ Next: Roaming User Profile Not Completely Synchronized on Windows Server 2016

≪ Previous: Regarding Authentication Logs Printing on Domain Controller

Any body knows if I move computer object to another forest domain with ADMT tool, will user profiles like desktop, document ,etc will be kept or new user profile will be generated after user logon to new domain？

↧

Roaming User Profile Not Completely Synchronized on Windows Server 2016

October 3, 2018, 7:21 am

≫ Next: Do I have a disjointed Domain

≪ Previous: ADMT - Computer Migration

I've set up a little test domain as I am an intern at a corporation and we have to set up these servers throughout our internship so the people we work for know we are ready for the exam when that time comes. I've made the profile path for the users to \\Server\profile$ but whenever I try to log out or log in on one of the accounts I've made I get the message Roaming User Profile Not Completely Synchronized. I'm not sure why I get this message, but everything I do and save on the server from the users does get saved on the server. I think I get the error message by some bug. Have anyone experienced anything like this before? Thanks beforehand.

-RBye1

↧

Do I have a disjointed Domain

October 3, 2018, 12:34 pm

≫ Next: what is the use of regsrv32 schmmgmt.dll

≪ Previous: Roaming User Profile Not Completely Synchronized on Windows Server 2016

My domian FQDN is domain.domaindumb.com, my NetBios Domain is domain. Do I have a disjointed Domain?

The link below says "NetBIOS name of domain controller differs from subdomain of its DNS domain name The NetBIOS domain name of the domain controller isn't the same as the subdomain of the DNS domain name of that domain controller."

Disjoint namespace scenarios

https://technet.microsoft.com/en-us/library/bb676377%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396#View

HOSTNAME is name of the DC

USERDNSDOMAIN=DOMAIN.DOMAINDUMB.COM
USERDOMAIN=DOMAIN
USERDOMAIN_ROAMINGPROFILE=DOMAIN
USERNAME=noob

↧

what is the use of regsrv32 schmmgmt.dll

October 4, 2018, 10:26 am

≫ Next: ADFS Related issue

≪ Previous: Do I have a disjointed Domain

Can one explain about the use of regsrv32 schmmgmt.dll.

Abp

↧

ADFS Related issue

October 4, 2018, 9:26 pm

≫ Next: AD LDS partition problem.

≪ Previous: what is the use of regsrv32 schmmgmt.dll

My domain controller on window server 2008 R2

i want to install ADFS on window server 2012 R2

Is there any possibility?

↧

AD LDS partition problem.

October 7, 2018, 2:11 am

≫ Next: Protected user group in 2012 R2

≪ Previous: ADFS Related issue

1>We know there are 3 partitions in LDS, configuration, application and schema.

my understanding is schema is what kind of data we can store in LDS, but how about application and configuration.

I have 2 questions here,

Can you explain what is config and application partition for, any example how to use application partition?

Second is if the file system is like a tree, why I can't see Schema in first output in below ADSI query?

the first ADSI connection path is CN=configuration,DC=sentoso,DC=com

The second ADSI connection path is CN=schema,CN=configuraiton,DC=sentoso,DC=com,

↧

Protected user group in 2012 R2

October 8, 2018, 9:04 am

≫ Next: Active Directory Snapshot usage

≪ Previous: AD LDS partition problem.

Hi,

I have few privileged user account in my domain, planing to implement "protected user group" authentication mechanism.

All my NetApp shares can be connected using IP address.

Technically if user is part of protected user group NTLM authentication does not works.

In this case if I'm adding privileged account in storage shares will I able to connect the shares without issues.

↧

Active Directory Snapshot usage

October 8, 2018, 9:06 am

≫ Next: Active Directory cloning in 2012

≪ Previous: Protected user group in 2012 R2

Hi,

May I know the usage of "Active Directory Snapshot". How it works on multiple domain environment.

Please explain.

↧

Active Directory cloning in 2012

October 8, 2018, 9:13 am

≫ Next: dSHeuristics value change to 0 from 2

≪ Previous: Active Directory Snapshot usage

Hi,

Please explain me to avail the Active Directory cloning feature in 2012.

how does it helps in real time implementation. Does it replace the IFM installation method, If I clone the AD will I get system SID error?

Does other hyper-visor supports cloning the AD.

↧

dSHeuristics value change to 0 from 2

October 9, 2018, 12:43 am

≫ Next: Network path was not found while join the PC to domain

≪ Previous: Active Directory cloning in 2012

Hi,

We have DCs in my domain where dSHeuristics value is set to 0000002. Also, I would like to inform that, Exchange trusted subsystem and some other applications has access to AD via “Anonymous Logon”.

But due to security vulnerability, we have been asked to change it to 0000000 or <not set> to restrict anonymous logon.

My question is:

1) What will be impact if I change it to 0 ?

2) Is there any rollback plan?

↧