Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Home Folder - User Move to Another Server

November 30, 2018, 10:57 am
$
0
0

Greetings.  For our AD users, we have the home folder path set to the data server user share (ex.\\dataserver\username$).  As a school district, each school has it's own data server.  Users (teachers/students) often move locations which moves them to a new data server but everything is routed together as a WAN. <o:p></o:p>

The issue is when a user moves to a new school, often they log in there before their data share is moved to the new server and then the local profile is still looking to the old server.  The only way we've found to fix this is to remove the local profile which then will then pull the new account location.  We are not doing roaming profiles and are using folder redirection that points to the home folder drive (H:).<o:p></o:p>

Is there a way to have this home directory information renewed at each login?  <o:p></o:p>

Thank you for your help.

Ryan

Search

Ristric few user from out network through ADFS

December 4, 2018, 3:02 am
$
0
0

Hi,

How can I restrict few users from outside of my network to access my website using ADFS 2012 R2.

Example. All my company users has to access abccompany.com from company network and Public network but my Sales department users has to access from company network only not through public network. Whenever those user access from public network it should block.


Ristric few user to access authenticate from public network

December 4, 2018, 3:02 am
$
0
0

Hi,

How can I restrict few users from outside of my network to access my website using ADFS 2012 R2.

Example. All my company users has to access abccompany.com from company network and Public network but my Sales department users has to access from company network only not through public network. Whenever those user access from public network it should block.



How do I change the Domain Admin Password complexity requirement

December 4, 2018, 4:07 am
$
0
0
I'm looking for the GPO that controls the Domain Admin Password complexity in Windows Server 2008 R2. Can anyone help me locate this setting?

NTFS C drive Access Denied

December 4, 2018, 4:34 am
$
0
0

Hello, a colleague of mine mistakenly denied administrative rights on a c:\ drive in windows server 2012 r2. He right click the c drive then properties, from the security menu, he wanted to deny a user but he mistakenly deny Administrator  and since then the c:\ has denied access to everyone and access to  active directory users and computers has been dienied likewise.  access to MMC is also denied by the system. How can i reset the permissions or rights on the c:\ dirive. Thanks

Cancel AD DS Promotion on Windows Server 2016

November 26, 2018, 8:04 am
$
0
0

On one of our servers, somebody (who probably only was supposed to install the AD Management Tools), instead decided to install the AD DS Role on one of our Windows Server 2016 boxes!

At the moment, it displays (in Server Manager):

"Post-deployment Configuration:

Configuration required for Active Direct Domain Services at <servername>

Promote this server to a domain controller"

Can we just remove the AD DS Role, or do we have to continue with the promotion to a DC and then demote it afterwards?

Many thanks.

Password policy for users without PC

December 4, 2018, 7:31 am
$
0
0

currently we are using Active directory authentication for our wifi, however every user needs to change their password every 90 days but they only have their own smartphone as an device. Is there a solution for this problem?

Resetting 200 passwords by out IT department every 90 days is no option.

Enable option for user account in AD

December 4, 2018, 6:00 am
$
0
0

Hi All,

What needs to be checked before and after for enable below option in Domain admin account properties.

"Account is sensitive and cannot be delegated"

Thanks in advance.

vicky

Search

KCC could not add this REPLICA LINK due to error.

June 17, 2011, 7:09 am
$
0
0

Dear Team

Few Hours ago I created a new AD Site in USA using VPN and installed a new AD. installation was just completed without any error.

Simply I created Site, Subnet and pushed that DC to new Site called USA-AWS. When I check replication using repadmin /showrepl I'm getting below mentioned error. But when I create object they are getting reflected in all sites.

 

Any suggestions.

Source: USA-GVA\USADC01
******* 2 CONSECUTIVE FAILURES since 2011-06-17 15:09:04
Last error: 1722 (0x6ba):
            The RPC server is unavailable.

Naming Context: CN=Configuration,DC=ramzon,DC=net
Source: USA-GVA\USADC01
******* WARNING: KCC could not add this REPLICA LINK due to error.

Naming Context: DC=ramzon,DC=net
Source: USA-GVA\USADC01
******* WARNING: KCC could not add this REPLICA LINK due to error.

Regards Suman B. Singh

NIC Teaming - Windows 2016 server and Active directory ADDS

December 4, 2018, 8:14 am
$
0
0

Hi There,

Struggling to find a solid Microsoft response on this one please. Im deploying physical domain controllers running windows server 2016 standard with ADDS and I would like to know what the best practice is for network configuration please? specifically for domain services

The servers are HP DL380 with 2 x 10GB network cards

Specifically...

1. Should we team the NICs using windows teaming?

2. What are the supported teaming configurations (switch independent/LACP) active/active or active/passive

3. Any reasons not to use LACP? im guessing because active/active is not recommended

I've read numerous articles stating that active/active should not be used and also that teaming is not recommended etc but nothing recent and not alot from official Microsoft either way on the matter.

Could anyone shine some light on this please? a MS article in black & white would be useful :-)

I'm proposing to team the NICs using switch independent/Dynamic or address hash and configure a standby NIC.

Sysvol Constantly disconnecting

November 30, 2018, 10:44 am
$
0
0

I have 8 Servers accross the State Mixed 2008R2 and 2012R2.

Recently the sysvol has stopped working.

This is causing group policy not to function.

I have to rebuild it once a month or so.

This just started happening out of the blue.

I reset it using D4 and D2 on the burflags, and it fixes the issue for a while.

Rename computer Account: "The account already exists"

February 8, 2017, 12:57 pm
$
0
0

Hi All.

I have an active directory in 2012 R2 functional level (upgraded from 2003) and I'm prestaging computer objects.

I need to change the name of a computer (Windows 7) already joined to domain without disjoin, but  I only want to allow to change the computer to a desired name, so I prestage a new computer object.

When I try to change the computer hostname the message "The account already exists" appear after prompting for credentials but...if I change the Domain filed in "Member of" from the complete domain (XXX.local)  to NETBIOS (XXX) domain name the computer is renamed.

The user is a domain admin, no OU restrictions... ¿Any ideas? ¿Is it a normal situation?

Thaks!!

CA Certificate Renewal - Screen for Request does not popup

August 7, 2018, 4:43 am
$
0
0

Hello,

I'm trying to renew the ca certificate of an enterprise issuing ca with the following procedure:

  1. Right click on CA
  2. Select "All tasks" --> "Renew CA cerrticate.."
  3. "Do you want to stop Active Directory Certificate Services now" --> Yes
  4. In the next screen I select "No" to keep the existing key pair.

But then it's getting strange:

After my experiences & all documents I read, there should popup a new screen asking for the CA to send the request to or save the req file. This screen is not occurring. It's just automatically starting the CA services again.

Do you have any idea?

We are running the CA on Windows Sever 2012 R2 Standard.

Thanks.

Regards Alex

Confirm Subtree Deletion....Why this??

June 14, 2013, 9:56 am
$
0
0

Hello all,

So today I tried to remove an old user out of AD 2003/2008 and for the first time I get the a message:

Confirm Subtree Deletion:

"Object username contains other objects. Are you sure you want to delete object %username% and all of the objects it contains?

If you cancel the running deletion, the objects deleted thus far will not be recovered.

WARNING: if you select Use Delete Subtree Server control check box, all objects within the subtree, including all delete-protected objects, will be deleted and the deletion cannot be canceled"

Check box: Use Delete Subree server Control

YES or No.

What is this all about? I haven't encountered this before and not recently while deleting users, old machines, etc??

Thank You in advance.

SM


Cannot access Active Directory on Windows 2016 server

December 3, 2018, 1:47 pm
$
0
0

We installed a Windows Server 2016 standard on a network that had a failing Windows 2012 Small Business Server.  We made the new 2016 server a domain controller and a DNS server.  Our intention was to remove the 2012 server, reinstall the OS and add it back on as a 2nd domain controller.  Unfortunately, the server crashed shortly after we installed the new server and management decided not to do anything with it.

I've just noticed that we cannot access AD from our 2016 server.  It says it "can't find a domain controller" even though AD shows that it's running as well as DNS is running.  My initial investigation into this problem indicated that it may be a DNS issue and the server is not recognize itself as the DNS server (again, even though it's running).

I didn't want to remove the DNS role and re-add it until I investigated this further

I have never experienced this before when adding a server to a network and then taking the old one off line.

Any ideas on what caused this and how to correct it.  I can't access active directory on the server so I'm kind of "dead in the water" as far as AD management is concerned.

Thoughts???  jtingley@verizon.net
Search

why

December 4, 2018, 3:06 pm
$
0
0
why you no let me play deltarune

Orphaned dc entry in REPADMIN /SHOWVECTOR /LATENCY

November 30, 2018, 5:54 am
$
0
0

Hi everyone, 

scenario: total 4 DomainController one of these RODC. The three writeable DCs are on the mainsite (default-first-site) and the rodc located on remote site. One year ago there was a dc crasch and one dc was uninstalled and installed again. Before metadatacleanup was done (after crash). DCs name is the same as before crash. No replication issues after the installation. 

Here is my question: after integrating the "new dc" I detected after executing this command

repadmin /showvector /latency "CN=schema,dc=domain,dc=de"

that DSA is set to "deleted DSA"

I found these Links, so everything was fine. 

https://www.mcseboard.de/topic/143789-alte-repadmin-einträge-entfernen/

https://community.spiceworks.com/topic/505590-server-2012-tombstoned-objects-cleanup

Event ID 1864 occured serveral times and half a year later it disappeared. Great!

After executing the same command again I see 3 DCs alive and one orphand. 

If I use PowerShell see the Output: 

Get-ADReplicationUpToDatenessVectorTable -Target dc01 | fl


LastReplicationSuccess : 29.10.2018 16:42:46
Partition              : DC=domain,DC=de
PartitionGuid          : 527f8e23-92f1-4cb3-8064-df93389127af
Partner                : CN=NTDS Settings,CN=DC01,CN=Servers,CN=Default-First-S
                         ite-Name,CN=Sites,CN=Configuration,DC=domain,DC=de
PartnerInvocationId    : db5d40d3-95f4-4b47-99bf-c6133424188
Server                 : dc01.domain.de
UsnFilter              : 10698889

LastReplicationSuccess : 24.11.2017 18:04:15
Partition              : DC=domain,DC=de
PartitionGuid          : 527f8e23-92f1-4cb3-8064-df93389127af
Partner                :
PartnerInvocationId    : 8c568a69-233b-454d-8294-01d33be3d02f
Server                 : dc01.domain.de
UsnFilter              : 23959668

LastReplicationSuccess : 29.10.2018 16:41:12
Partition              : DC=domain,DC=de
PartitionGuid          : 527f8e23-92f1-4cb3-8064-df9cd89127af
Partner                : CN=NTDS Settings,CN=DC02,CN=Servers,CN=Default-First-S
                         ite-Name,CN=Sites,CN=Configuration,DC=domain,DC=de
PartnerInvocationId    : 71171eab-c620-49ff-b1c4-9e331fe034da
Server                 : dc01.domain.de
UsnFilter              : 34571773

LastReplicationSuccess : 29.10.2018 16:42:10
Partition              : DC=domain,DC=de
PartitionGuid          : 527f8e23-92f1-4cb3-8064-df9c339127af
Partner                : CN=NTDS Settings,CN=DC03,CN=Servers,CN=Default-First-S
                         ite-Name,CN=Sites,CN=Configuration,DC=domain,DC=de
PartnerInvocationId    : 57f842e8-9b08-427a-b194-db919e333529
Server                 : dc01.domain.de
UsnFilter              : 35223142

Is it possible to remove the cursive entry (no PartnerInvocationID)? If it is possible how and where can I remove it? I searched in ADSI but found nothing. Sites and Services also no match. 

Thanks for your advice. 

Viele Gruesse /best wishes Alexander (blog.it-koehler.com)

Issues with GPO

November 30, 2018, 5:48 am
$
0
0

HI All,

I have a question related to weird Domain Controller behaviour.
We got two DC they both are in different OU with different Group policies. (I Know this is not right but this was setup badly initially and we are still suffering from changed policies etc)

Now our PRTG software users (using AD authentication ) can only (force) authenticate to one domain and with second domain only domain administrators can login. I believe this issue is related to group policies. Would anyone can help as why this is happening and what setting in group policy is creating this behaviour.

I have described my scenario with details.

userxyz (normal domain user) and adminxyz(domain administrator). Both users are domain users and authorized users for prtg
PRTG is using domain administrator account as a service account.

DC1: Authorised users can authenticate from by forcing through DC1.   Both users can authenticate
DC2: Only authenticated domain administrator can authenticate from PRTG.
userxyz Cannot authenticate using DC2.


Regards

Active Directory Merge and rename. Best approach rename or migrate

November 29, 2018, 8:06 pm
$
0
0

I have 2 2016 domains. DomainA.local and domainB.corp. Separate forests. DoainA has our ERP software and related servers. Mainly an SQL server and an application which is accessed by a terminal server in that same domain. DomainB hosts all other servers and workstations. We don’t have Exchange. Using office 365 with our public domain name. I want to join the 2 domains into one domain name which is a sub of our public domain for example AD.public.ca

my goals are

-not to disrupt existing security settings for ERP and SQL in domainA

- to keep permissions on the file server folders in DomainB

- for users in DomainB to keep their local user profiles after joining the new domain. 

what will be my best approach? Migrate using ADMT? Rename DomainA and merge DomainB with it? I don’t mind keeping the NetBIOS names as is. I just want the end result to be 1 domain which is a sub domain of our public domain AD.public.ca

O365 Integration

November 29, 2018, 7:41 pm
$
0
0

Hi,

Please find the below scenario,

Client A - AD Domain name is A.COM and Email domain is A1.com

Client B - AD Domain Name is A.COM and Email domain is B1.com

In this situation can both client utilize O365 as email solutions, if so what is complexity?

Thanks in advance. 

Viewing all 31638 articles
Browse latest View live
Search