As far as I know, in a domain PDC emulator manages the time throughout the domain. Is it still necessary to configure NTP on servers and client machines which are already in domain? Am I missing something? Kindly guide me in this regard.
↧
Is it necessary to configure NTP on servers & clients in domain
↧
log to computers.
hi all,
my environment consists of 2 domain controllers (dc1 and dc2)
and exchange 2010 that consists of 4 servers:
2 HUB/CAS servers (srvhc01,srvhc02)
2 mailbox servers (MBx01,MBX02) all of these servers reside in the same site.
one of the admin in active directory decided to set the " log on to computers " for each user to contain the user's computer
only .but that makes users can't access the outlook web access mail ,so beside adding the users computers to "log on to computers" ,he added (srvhc01,srvhc02)
but I noticed that outlook client keeps prompting for user name and password for a shorter period of time
so I added DC1 and DC2 to" log on to computers" in each user the solution still under test.
so the question what servers shall I add in the "log on to computers" so that I can not disturb logging to exchange services
is my conclusion right "the reason for being outlook keeps prompting for user name and password because the user logs to active directory through the hub/cas server "
please help me because my manager insist for applying this
↧
↧
I need to pull the DisplayName from the domain properties
I am using the Get-addomain -identity my.domain.local (its a domain in a forest) | select-object -property *
However the results are limited and cannot see all the attributes.
Or if that is not possible. I can see the name in the properties, but I dont know if changing the name would have any effect on the domain and it's children any effect at all
Thank you for your assistance
↧
EventAggregator for WAP messages received by SMS Router.
Hi,
In our domain controller I can see the following error several times a day, I have tried searching the internet, but not found any suggestion to what it is...
Comments ?
/Regards Andreas
↧
Microsoft Edge GPO
Hi Guy's,
we have a slight issue with Microsoft Edge which cannot be resolved with our current build and we need to revert to I.E. as our default browser.
Can anyone let me know if there is a GPO that can disable Microsoft Edge and ENABLE Internet Explorer. Any information would be greatly received.
Regards.
↧
↧
Create krb5.ini file
TO provide access to a vendor app across 2 domains I am being asked to create a krb5.conf file. Research shows I need to see the krb5.ini file in Windows to create this.
Does anyone have a desired setting and format for the file in a Windows AD domain?
↧
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
Hello all,
We have one forest multi child domain environment at different sites.
Domain function level is 2008
I am getting these events on one of my domain controllers from one of my child domain.
Just for the information, i am only having an issue during new group policy creation, when try to click on policy "Settings" on the domain controller at remote site "The System Cannot find the file specified" Popup occurs. Not sure if below event is relevant to this. Need support on this...
The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Replica root path is : "c:\windows\sysvol\domain"
Replica root volume is : "\\.\C:"
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.
[1] Volume "\\.\C:" has been formatted.
[2] The NTFS USN journal on volume "\\.\C:" has been deleted.
[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
[4] File Replication Service was not running on this computer for a long time.
[5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication
Service.
[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
To change this registry parameter, run regedit.
Click on Start, Run and type regedit.
Expand HKEY_LOCAL_MACHINE.
Click down the key path:
"System\CurrentControlSet\Services\NtFrs\Parameters"
Double click on the value name
"Enable Journal Wrap Automatic Restore"
and update the value.
If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
Regards, Sarfraz Aslam
↧
GPO Polices?
Hi All,
I am a little confused as to what polices are actually kicking in on my newly built machine on our domain.
We have a number of GPO Computer Policies that are saying have been applied. Two of these policies are Default domain policies. One is at the TOP level of the tree structure, is Not Enforced but Link Enabled. Security Filtering is applied to Authenticated Users.
Two is at the OU Level of the tree structure, is Not Enforced but Link Enabled. Security Filtering is applied to Authenticated Users.
when I carry out a gpresult /r I see both of these as being Applied Group Policy Objects. Does that mean that they are both being applied? they don't have identical policies as there are some differences. I am getting confused as to which one is actually used.
Any help or explanation would be greatly appreciated.
Regards.
↧
ONE ADC not replicating
We have configure one Additional Domain in my environment, from last few day server is not replicating with my Domain controller.
While running dcdiag /e getting below error.
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Also while doing manually replication from sites and service getting below error.
The naming context is in the process of being removed or is not replicated from the specified server.
↧
↧
How to backup Active Directory when D:\Windows\NTDS folders are not on C: volume (no longer part of System State)?
Our architect specified servers for new AD forest and domain. ADDS is to be installed to D:\Windows\NTDS (not the default C:\Windows\NTDS). These are VMs and a cloud provider will be backing up the VMs by snapshot. I suspect the backups of the VMs will be trustworthy (but "suspect" is not good enough in my estimation), so I always like to have my own Microsoft-specified and Microsoft-supported backup in my back pocket for when the complete disaster arrives - so I'm still covered, even if the cloud provider fails.
In the past I've used the usual Windows Server Backup, ran a scripted backup that performs a System State Backup of C: (which would have contained C:\Windows\NTDS, the registry, and all of Active Directory's components on the DC). But now I have to also back up D:\Windows\NTDS and System State Backup will not be backing up D:.
What is the recommendation?
Here is the essential working section from the scripted backup:
WBADMIN Delete SystemStateBackup -KeepVersions:1 -Quiet >> %MyLogFile%WBADMIN Start Backup -BackupTarget:E: -SystemState -Quiet >> %MyLogFile%
Notice that my script cleans up the destination backup volume E: to minimize the size of the backup and to ensure there is free space prior to starting the backup. WBADMIN does not have an equivalent "Delete" option for non-SystemStateBackup backups. The E; volume is then picked up as a file system backup and archived, so I always have multiple generations of backup history.
So what does Microsoft's Active Directory team recommend for a good solid backup of the DC?
P.S. I had already asked this question in the Windows Server > Backup– Windows and Windows Server forum, but that moderator recommended I ask here.
George Perkins
↧
Adding additional details to the user fields in Active Directory
Is there a way of adding additional user fields that will be visible for all Active Directory user accounts. E.g. adding of a field called Salary Code.
↧
ADFS 4.0 - The certificate key algorithm is not supported
Hello all,
I try to use certificate authentication on an ADFS 4.0 server. I used an ECC-256 bit user certificate (ECDSA_P256).ADFS authentication fails with following error in eventlog.
Exception details:
System.NotSupportedException: The certificate key algorithm is not supported.
at System.Security.Cryptography.X509Certificates.PublicKey.get_Key()
...
Authentication works with none ECC certificates.
My qustions are :
1.) Which key algorithm are supported by ADFS certification authentication ?
2.) Is it possible to add none supported algorithm to ADFS ?
Regards ...
↧
isGlobalCatalogReady: FALSE; The Gloabal Catalog Ready Parameter is NOT converting to Ture
We have three sites in active directory domain site and services. One of sites domain controllers were not marked as Global Catalog. We have marked them as GC in NTDS settings.
However, if I connect through LDP then the paramater is still GlobalCatalogReady: FALSE; I am not sure how can mark it forcefully. Can any one please guide.
If I Run the command REPADMIN /SHOWREPL then it shows given below message.
not advertising as a global catalog.
↧
↧
During past x amount of hours 37 connections to this domain controller?
Hey friends,
I am trying to troubleshoot the cause of one of my domain controllers (vmware virtual server servers) shutting down last night and while looking through the System log in the event viewer I spotted something that I am trying to determine how concerned I should be about it. The first sentence concerns me the most because I am not sure if it's an issue or not. So at that location we do have users from other office go there and log in so they should be hitting that domain controller any way.
Also, in Computer Management, Under shared folders I looked at the "sessions" folder and can see a mix of computer authenticated that are local to that site and also some from other other sites, I am thinking those are visitors to the office?
Below is from the System log in the even viewer.
During the past 4.21 hours there have been 60 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet object(s) covering the above IP addresses with mapping to one of the existing sites. The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes. The current maximum size is 20000000 bytes. To set a different maximum size, create the above registry value and set the desired maximum size in bytes.
Phil Balderos
↧
renaming custom attribute
We're installing a new fax system and while attempting to tie it to active directory I had to create some new attributes. however i didn't realize until to late that when i pasted the names in the Common Name field (name had a "-") it removed
the "-" in the LDAP Display name. is there any way i can correct this?
thanks
↧
Do you be announced as the next Directory Services Guru? Read about TechNet November 2018 competition!!
What is TechNet Guru Competition?
Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!
One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.
Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.
If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in November 2018 and must be in English. However, the original blog or forum content can be from beforeNovember 2018.
Come and see who is making waves in all your favorite technologies. Maybe it will be you!
Who can join the Competition?
Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.
How can you win?
- Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
- Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
- (Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.
Do you have any question or want more information?
Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.
If you win, people will sing your praises online and your name will be raised as Guru of the Month.
↧
Debugging Directory Services and Lsass.exe
Hi Guys,
I have some weird issues happening with my DC's and it is only happening on W2k12 R2 and 2016 DC's.
We have some third party agents that runs on DC's that related to logon events.
And somehow when server come up this agent causing shutdown the LSASS.exe and directory services to go down.
Due to this you cannot login to server at all and basically DC becomes not functional...
How can I debug this scenario and where we can find exactly what causing this issue?
Can someone give me direction please?
Thanks,
Gokhan Cil
↧
↧
Active directory reports
Hi
i need free full funciton AD reporting tool i am using 30days trial ADManger plus
any one knows any microsoft tool are available for detailed reporting
I used CSVDE it's giving more details i dont know how to filter that and whencrated, whendeleted timings also not showing properly
kindly help me
Thanks
↧
Active directory report generation
Hi all,
if we do any modification on active directory objects report should be generated .is there any script to do this task.
↧
Active Directory reports for monitoring and management
Dear All
I have some queries concerning the management of Active Directory in Domain environment in order to generate reports/logs to find users and computers information.
The queries are as follows.
- How many users are active in active directory
- How many users are disable in active directory
- How many users have been deleted since the active directory domain configured
- How many users are login to domain (required at least one month users login record )
- How many computers are active in active directory
- How to get the computers operating systems version
- How many inactive/disable computers are in active directory
- How many computers have been deleted since the active directory domain configured
- How many Virtual Machines are running in Domain environment and the placement of VHD files of Virtual Machine on local storage or SAN
I understand that these are complicated queries to explain however I would appreciate your assistance of any sort. i will be grateful if you will help me out with scripts that will guide me to generate the reports helpful for organization in managing their infrastructure.
Regards,
↧