Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Active Directory Merge and rename. Best approach rename or migrate

November 29, 2018, 8:06 pm
$
0
0

I have 2 2016 domains. DomainA.local and domainB.corp. Separate forests. DoainA has our ERP software and related servers. Mainly an SQL server and an application which is accessed by a terminal server in that same domain. DomainB hosts all other servers and workstations. We don’t have Exchange. Using office 365 with our public domain name. I want to join the 2 domains into one domain name which is a sub of our public domain for example AD.public.ca

my goals are

-not to disrupt existing security settings for ERP and SQL in domainA

- to keep permissions on the file server folders in DomainB

- for users in DomainB to keep their local user profiles after joining the new domain. 

what will be my best approach? Migrate using ADMT? Rename DomainA and merge DomainB with it? I don’t mind keeping the NetBIOS names as is. I just want the end result to be 1 domain which is a sub domain of our public domain AD.public.ca

Search

Pwdlasset attribute changed after setting user account as password never expires

December 4, 2018, 10:45 pm
$
0
0

Hi Team,

Pwdlasset attribute changed after setting user account as password never expires.

Please help to understand why it is changed.

Regards,
Mahadev Nitture

Regards, Mahadev

Server 2016 DC

December 5, 2018, 6:36 pm
$
0
0

Hi all,

I have a minor query regarding server 2016.

In my current environment I have two domain controllers one is server 2008 R2 and other is server 2012.

FPL/DFL is server 2008 R2.

We have a new site and I would like have domain controller at the new site with DNS and DHCP role.

I want the new server to run on server 2016.

Is there any schema update or ADPREP before I dcpromo the new server.

Also do I need to purchase new CALs?

DFS Replicate group with 3 server

December 4, 2018, 10:50 pm
$
0
0

Dear Forum,

i am crazy with our DFS servers, currently we have DFS with 3 Server(DFS01,DFS02,DFS03), i noted that sometime it active the primary server on DFS01 sometime on DFS02 and sometime on DFS03, 

i would like to ask that , how we can set the permanent to DFS02 is primary ?

Thanks you!

Delegation tab is missing for user account in AD

December 5, 2018, 4:13 am
$
0
0

Hi All,

I have one of the service account in that delegation tab is missing. I've checked and found that SPN needs to be enabled for that account to get delegation features, but this account is not associated with SQL service and is it possible to create SPN for this account without specifying any service in that?

Thanks in advance.

vicky

AD Remove lingering object with multiple child domain

November 19, 2018, 5:32 am
$
0
0

this is probably been answered somewhere else, but I can't find any recommendations on how to start

we have a single forest with multiple domains that have replication issues all over the domain, there are child domains with only single dc that has failed replication to another child domain for years but have just recently failed replication with the parent domain dc, we have a child domain that looks to be missing for a long time to the parent domain (DNS delegation not set on the parent DC dns) that has recently been recognized after creating the correct dns delegation

Most DCs have tombstoned and I'm not sure how to start fixing the issue

I need to do lingering object removal process and I wanted to use the Lingering Object Liquidator tool but it doesn't support Windows 2003 DC which we still have, and I have no idea which DC to use as the authoritative source to use for repadmin /removelingeringobject to run with,

In a parent child DC, which DC should I use as the authoritative source if there is only 1 DC in the child domain that I'm not sure have been replicating to the parent ?

for additional info the child domain is working for it's own domain, should I use the child domain DC as source for the objects in the root partition of the child domain ?

should I start removing lingering objects from child domain partition first then continue on to parent domain partition ? or is it the other way around ?

The retry counts and timeout value of authentication in Active Directory

December 5, 2018, 12:21 am
$
0
0
Hello everyone,

I have a question about the login authentication in AD.

My colleague's PC has a network problem(Cisco ISE issue), the OS can't retrieve the IP address after PC starts(through the wired network), when he login the OS, it takes about 2 minutes to show the desktop.

During the two minutes, the PC attempts to connect to DC.

How many times does PC retries authenticate?

How long is the timeout value of authentication?

Is there has a document states this knowledge on Microsoft website?

Thanks in advance.

Password policy for users without PC

December 4, 2018, 7:31 am
$
0
0

currently we are using Active directory authentication for our wifi, however every user needs to change their password every 90 days but they only have their own smartphone as an device. Is there a solution for this problem?

Resetting 200 passwords by out IT department every 90 days is no option.

Search

Active Directory Report

May 14, 2014, 6:32 am
$
0
0
how to extracta reportofmachines thatdo not communicate withactive directoryto more than90 days,inwindows server2003 R2.anyscript?

Creating New Custom attributes in Active Directory

December 6, 2018, 4:29 am
$
0
0

Hi All,

This is regarding Adding Custom Attributes in AD so it can be listed against User profile. This is just to meet the requirement of third party application which will pull this information from AD

Example: wish to have additional fields for user below;

-employeeID

-employeeType

And these fields should be visible, So HelpDesk person can edit whenever there is a change.

Also,

On Internet many has suggested not go ahead with creating custom attributes, because extending AD schema changes is not reversible.

-To meet the third party applications requirement how meaning this change will be?

-What will be consequences of this changes in future?

Please suggest.

TheAtulA

ServiceTrusted for delegation

December 6, 2018, 4:13 am
$
0
0

Hello,

I have an application that want to use a specific protocol for authentication and I want to know the risk of using (Trust this user for delegation services to specified services only” and “Use any authentication protocol) with CSS service!




And if we have chosen (Trust this user for delegation services to specified services only” and “Use any authentication protocol) is that mean that all of the protocols will be allowed to use or just the ones that I have chosen in the services table?

Last Login User Information Required

December 6, 2018, 5:27 am
$
0
0

HI,

I want to trace out one computer which is offline from past one month as trace <g class="gr_ gr_157 gr-alert gr_tiny gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="157" id="157">i</g> want to know who was the last login on the system (LAST LOGIN) on the lost system.

I have found one PowerShell script but unable to generate its output.

https://gallery.technet.microsoft.com/scriptcenter/Get-LastLogon-Determining-283f98ae/view/Discussions/2


Enable option for user account in AD

December 4, 2018, 6:00 am
$
0
0

Hi All,

What needs to be checked before and after for enable below option in Domain admin account properties.

"Account is sensitive and cannot be delegated"

Thanks in advance.

vicky

Restrict local user login through group policy

December 2, 2018, 11:11 am
$
0
0

Dear Folks,

As I am working on one Important project  due to this I need to disable all local user login of all domain PC.

My problem is that I do not have local user list which is created on workstation. Please suggest any GPO or batch file to achieve my goal.

all client computer are created multiple local user and user's login with local credential I want to stop this behavior of user to di this need to restrict all local user login and enable only domain user login .

Yogesh 

Compare AD Migration - Intra Forest and Inter Forest

December 6, 2018, 8:09 am
$
0
0

Hi All,

I am trying to compare pros and cons of doing an AD migration for Intra Forest and Inter Forest. I want to know compare factors like ease of operations, cost, timing, application migration, permissions etc. 

P.S. We have not decided the tool yet. So the comparison can be tool neutral

Appreciate any help/pointers!

Search

Home Folder - User Move to Another Server

November 30, 2018, 10:57 am
$
0
0

Greetings.  For our AD users, we have the home folder path set to the data server user share (ex.\\dataserver\username$).  As a school district, each school has it's own data server.  Users (teachers/students) often move locations which moves them to a new data server but everything is routed together as a WAN. <o:p></o:p>

The issue is when a user moves to a new school, often they log in there before their data share is moved to the new server and then the local profile is still looking to the old server.  The only way we've found to fix this is to remove the local profile which then will then pull the new account location.  We are not doing roaming profiles and are using folder redirection that points to the home folder drive (H:).<o:p></o:p>

Is there a way to have this home directory information renewed at each login?  <o:p></o:p>

Thank you for your help.

Ryan

Weird case about Lingering Objects

November 17, 2018, 1:48 am
$
0
0

Hello Everyone

This is my case:

I have a root domain and nine child domains which are also GC, a lot of the child domains say some servers from the root domain have lingering objects but when you go to those servers showed as source of lingering objects they are clean.

I have used ldap to try to find the object that is supposed to be the lingering object, I have also used lingering object liquidator but again unable to find those lingering objects in the server that is showed as the source

Any advice on what else I could do? any other way to try to find them to clean team?

Thanks in advance, regards

Joaquin Camarero Muñoz

How to set password expiration notification for user launching directly RemoteApp

December 6, 2018, 11:49 am
$
0
0

Hello,

I want to know how to set the expiry notification for the users who launch the RemoteApp directly from user's desktop. Users are accessing RemoteApps through "RemoteApp and Desktop Connection" tool from their Workstation. If the user's password expires in 14 days they usually get the notification if they directly connect to the terminal server but since they only connect to RemoteApp from their desktops. how can they get expiry notification and is there a way to setup link to change the password while launching RemoteApp? 

Please let me know your thoughts

Shekar-Technet


LDAP add failed with CONSTRAINT_VIOLATION

December 6, 2018, 11:53 am
$
0
0

I have a network trace wherein Computer account add in an OU failed with CONSTRAINT VIOLATION error, but I am unable to figure out the constraint it's failing for

LDAPMessage addRequest(3) "cn=PHYSICSLAB934,OU=Other,OU=Lab,DC=HICCUPS,DC=COM"

#Attributes list
name: PHYSICSLAB934
sAMAccountName: PHYSICSLAB934$
userAccountControl: 4098
objectClass: top
objectClass: organizationalPerson
objectclass: user
objectClass: computer

The operation failed with error

LDAPMessage addResponse(3) constraintViolation (0000207C: AtrErr: DSID-031530E5, #1:	0: 0000207C: DSID-031530E5, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90001 (name))

I no longer have access the AD server so have to figure out what went wrong at that time. And wish to recreate the error on my test bed.

Where may I find the constraints for 'name' attribute ? And more details about the error codes ?

Any pointers/suggestions ?



How do I change the Domain Admin Password complexity requirement

December 4, 2018, 4:07 am
$
0
0
I'm looking for the GPO that controls the Domain Admin Password complexity in Windows Server 2008 R2. Can anyone help me locate this setting?
Viewing all 31638 articles
Browse latest View live
Search