A particular ip range not able to join pc to domain Nslookup and domain is reachable from client
↧
Network path was not found while join the PC to domain
↧
Password Expired
Dear Team,
We have windows server 2003 R2 with sp2 DC. All the users password was set never expired. Yesterday i had applied Default Domain Policy with complex Password enabled, Minimum Password age:8 character, 3 Password history,Maximum password age:60 days,Miniumum Password age:59 days.
I have removed never password expired on few users, but still they are not able to change password nor its prompting for Password expired message.
Kindly advise.
↧
↧
ldp say forestFunctionality: 0 = ( WIN2000 ); but is W2008
Hello,
I'm try to add a new W2016 DC to my domain (2 DC W2008 R2 already presents), I can't procede to promote W2016 to DC because says that forest level is W2000.
In both DC W2008, in mmc gui, "Active Directory Domains and Trusts" say "Current forest functional level:Windows Server 2008"
In ldp.exe, in DC1: forestFunctionality: 0 = (WIN2000 );
but in DC2: forestFunctionality: 3 = (WIN2008 );
How can I solve this issue?
thank you in advance.
↧
Prevent an user from removing members of a group but allow to add members
Hi All,
I have a Group Called "VIPs" in AD
I have 2 users, namely User1 and User2 in AD
What i want is below:
User1 should only add members to the group "VIPs" (he should not be able to remove users from the group)
User2 should only remove members from the group "VIPs"(he should not be able to add users to the group)
↧
Active Directory LDAPs: how to force TLS v1.2?
Hi All,
I'm running Active Directory on Windows Server 2008 R2, and I have LDAPs configured an running fine.
I have recently upgraded a client application that connect to LDAPs, and it has disabled connection to TLS 1.0, so I need to force LDAPs to work on TLS 1.2
Ho can I do this?
I have already followed this HowTo:
Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows
Thanks!
I'm running Active Directory on Windows Server 2008 R2, and I have LDAPs configured an running fine.
I have recently upgraded a client application that connect to LDAPs, and it has disabled connection to TLS 1.0, so I need to force LDAPs to work on TLS 1.2
Ho can I do this?
I have already followed this HowTo:
Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows
Thanks!
↧
↧
Domain Controller shows Public Network
Dear Support,
Could it have any impact on Domain Controller when the network of Domain Controller is "Public network"?
How could the network be changed from "Public" to "Domain" if it have impact on DC?
Thanks!
Best Regards,
Daniel
↧
ControlAccessRight RightsGUID Values
Hi I'm working on Powershell script to create a machine account and as part of giving right to users / groups to have access to add that machine to the Domain im looking for some Rights GUID values .
On searching i got the below values for guid's:
RIGHTS_GUID_RESET_PASSWORD = "00299570-246D-11D0-A768-00AA006E0529"
RIGHTS_GUID_VALIDATED_WRITE_DNS = "72E39547-7B18-11D1-ADEF-00C04FD8D5CD"
RIGHTS_GUID_VALIDATED_WRITE_SPN = "F3A64788-5306-11D1-A9C5-0000F80367C1"
RIGHTS_GUID_ACCT_RESTRICTIONS = "4C164200-20C0-11D0-A768-00AA006E0529"
which helped in selecting the four options for domain user account security properties , what if i need to allow more permission for this security group , like i need to enable the "Change Password " permission for the "Domain Users" what will be the GUID value , can you please share the complete list of guid values or provide me a solution to add Domain users and provide him with necessary rights to get joined to the domain .
Os : win 10
↧
Active Directory Configuration Question
Here is the background on a DMZ Forest/Domain configuration I have setup:
Two RODC's in a DMZ with member servers in the same DMZ. These DC's and member servers are in different Vlans seperated by Firewalls and communicate with the RODC's over the AD Ports that are open between these Vlans.
The Two RODC's communicate with the 2 Read/Write DC's in a different DMZ using ISAKMP (IPSEC) on port 500 as well as port 53.
The RODC's and member servers are in a single separate site (DMZ-1). The two R/W DC's are in a single separate site (DMZ-2).
All is working good. We pre-stage the computer accounts and run a script to domain join new member servers to the RODC's. All authentication works, etc.
When looking at the firewall logs, the member servers continue to try and communicate with the R/W DC's in the other site only on LDAP port 389 and that traffic is dropped (by design as no ports are open between those servers and the R/W DC's).
So, my questions is, is that just normal traffic for the member servers to look outside their own site to 'ping' the DC's in the other site? Again, all authentication and everything is working just fine, but want to verify. I don't want to open port 389 from DMZ-1 to DMZ-2.
Thanks in advance.
↧
Installation of Certificate Authority Role
Where should I install certificate authority role ? do I need to have dedicated machine in a domain, can I install in domain controller where Active Directory is installed.
Thanks, Ram Ch
↧
↧
Password Never Expires - Turning Off Isn't Working
All of our users were set to "password never expires". I'm making them expire now but when I uncheck "password never expires" on a user it doesn't seem to be taking effect. When I do:
Net user USERNAME /domain
on that user it still shows password never expires. This should be simple. How do I get the password to expire and continue making them expire based on the password expiration time?
↧
Cannot join domain "the network path was not found"
I recently inherited a system when my company purchased another small comany. They are 4 states away so I'm trying to do everything remotely. There is a Server 2003R2 set up as AD, DC, DHCP, DNS. This has been set up for years and working fine. All of
a sudden 2 days ago, no one could see any other pc on the network. There are a couple of shared folders to databases that everyone needs to access. When trying to access those shared files on the server, they now get a 'network path cannot be found' error.
I tried joining a new pc to the domain I'm using to access their network remotely and I also got the network path cannot be found error. I can ping the server by name and ip and vice versa. nslookup give me correct info. File and print sharing active, client
for microsoft active. I can see all the printers on the network from the server and from all the other clients, just no other pcs show. All the workstations I'm dealing with first are windows 10 pro. I'm at a loss of what else to look for. Googled everything
and it seems it may be something with the DNS but I don't know exactly what I'm looking for. I've rebooted everything on the system numerous times. Any help is appreciated!
↧
Authoritative and non authoritative system state backup restore
Hello
Please define me about authoritative and non authoritative system state backup restore in your own words with example. thanks
Regards
↧
create a banned password list
Hello,
We got a client with a problem with weak passwords, currently the complexity level is 3/4 but it is not enough and we would like to create a banned password list in order to forbids 123456aA passwords.
How can we do it using the AD ?
Thank you in advance
Golan
↧
↧
User access to computer A
i have user that is trying to log into computer X on the domain but it is receiving error
You cannot log on because the method is not allowed .
I looked in local policy but I cant add the user there because it is grayed out and therefore this might be defined globally in DC. i looked in DC under policy/comp. config//security setting/user right assignment/ allow log on locally. If I add this particular
user there would this work and would it create any problems?
↧
Querying objects (users/computers) from imported list, across multiple domains using powershell
Hi,
This is my 1st post in TechNet forum...
I'm a big fan of PS scripting since it helps my job done more efficiently, but unfortunately, an a newbie for creating custom scripts as such, hoping to learn more from your expertise guidance.
So here's my question;
I got this below script to query for such info as stated in title/subject line, but after many attempts with various ways, still cannot fully grasp the concept of it on how to get the result I desired or even know some of the syntax/commands meaning for it.
Apologies for sounding like a whining kid. Just stressed out. I'd love to learn more PS skills when possible at my free time. :)
Please advise. Much is appreciated.
Sample;
$Servers = "test.com","sub.contoso.com","contoso.com"$WS = Get-Content "C:\Users\Public\Desktop\test-computers-list.csv"
$data = @()
foreach ( $Computer in $WS )
{ $data += Get-ADComputer $Computer -Server $Servers -Properties * | Select-Object CN,Enabled,LockedOut,DNSHostName,SamAccountName,Created,Deleted,AccountExpirationDate,PasswordExpired,PasswordLastSet,PasswordNeverExpires,PasswordNotRequired,LastBadPasswordAttempt,logonCount,LastLogonDate,OperatingSystem,OperatingSystemServicePack
}
Out-File "C:\Users\Public\Desktop\test-computers-list-result.csv"
↧
DHCP
Dear Friends,
I trust this mesage finds you well
i am sending this message in regards to a DHCP server. how can i obtain an ip Address from a DHCP server? and identify that the ip addresses have been obtained from the DHCP...
kindly regards,
Fritz
FRITZ MICALLEF
↧
LDAPS
When we install LDAPS certificates on domain controllers, will the normal traffic for user and computer authentication and replication, group policy etc.. also use LDAPS as opposed to LDAP?
↧
↧
User to SID & SID to user
Hi,
I have parent domain (domain1) and two child domains(childdomain1 and childdomain2). I was trying to find the SID details of a user with the following cmdlets.
$objuser = new-object system.security.principal.ntaccount "childdomain1\testacc1"
$objuser.translate([system.security.principal.securityidentifier])
The above works perfectly in child domains I can resolve the account and get the SID.
But it does not work on the parent domain and not on any servers joined to the parent domain. I can resolve the account but not translate the account to SID.
The Global catalog seems to be updated and has the user information. Not sure where i am going wrong. Looks like it must be something simple that am missing...
Could anyone shed some lights where i am going wrong please...
-Dhayanandh
↧
O365 Unlicensed product after password change. Need to automate.
Unlicensed product happens frequently Licensing and activation in Office 365 ProPlus Reduced functionality mode. This happens every time a user changes their password. We use ADFS. The old credentials stay in credential manager so the users get an unlicensed product error. To fix we delete cached credentials. Is there any way to prevent this from happening? No other Office installed on the computers - The users are indeed licensed in O365 portal - Signed in using domain account - Fixed by deleting cached credentials and running the ospp.vbs script. I am looking for a way to automate this process.
↧
Frequent lockout issue
Hi,
After changing the password for an domain account, May I know reason for occurring frequent account lockout.
what authentication mechanism causing the frequent lockout issue.
Let me know the steps to clear stale password.
↧