The domain admin password got expired , I realized this when I am attempting to login, now I cannot login to the AD server with domain admin credentials, so I had to login with local credentials but when I login with login credentials it does not have privileges to change the password for domain admin account,

Below are the relevant screenshots of this issue :

1. When I try to change password using local admin account with PowerShell.

Because of which I can not login to the any server and getting below error when I tried to attempt to login.

Reference link :https://www.top-password.com/knowledge/reset-domain-administrator-password-in-windows-server-2012.html

Thanks, Ram Ch

↧

Old Backup Domain controllers

December 22, 2018, 10:53 am

≫ Next: Check Last logon more than 90 Days for all Active user only

≪ Previous: Domain Admin Password issue - Windows Server 2016

Can we use a domain controllers backup on Windows 2008 R2 to restore a domain controllers on Windows 2016?

↧

Check Last logon more than 90 Days for all Active user only

December 25, 2018, 2:02 am

≫ Next: Enforce password history not apply while changing password through Active Directory Users and Computers Console

≪ Previous: Old Backup Domain controllers

Hello Member

How can I Check Last logon more than 90 Days for all Active user only but specific OU and domain ? Please help to guide me .

I try this below but show inactive user also. I dont' need inactive user

Search-ADAccount -UsersOnly -SearchBase "ou=Users,ou=BUO,dc=Ggggg,dc=com" -AccountIna  -TimeSpan 90

↧

Enforce password history not apply while changing password through Active Directory Users and Computers Console

December 22, 2018, 10:20 pm

≫ Next: The trust relationship between this workstation and the primary domain failed

≪ Previous: Check Last logon more than 90 Days for all Active user only

We are looking for a way to enforce password history when changing password through dsa (Active Directory Users and Computers Console), is there a way available to achieve this?

Thanks in advance

LMS

↧

The trust relationship between this workstation and the primary domain failed

December 25, 2018, 3:26 am

≫ Next: Active Directory Web Services has resumed checking if the computer is a global catalog error

≪ Previous: Enforce password history not apply while changing password through Active Directory Users and Computers Console

The trust relationship between this workstation and the primary domain failed

What should I do exept rejoining because I don't want to reboot the computer

Please help me

↧

Active Directory Web Services has resumed checking if the computer is a global catalog error

December 5, 2018, 6:29 am

≫ Next: Reconnect child domain to parent AD forest without demoting child domain controllers

≪ Previous: The trust relationship between this workstation and the primary domain failed

HI,

I have two Domain Controller server 2016 that the second one is an additional DC. I'm getting the following error in additional dc :

Active Directory Web Services has resumed checking if the computer is a global catalog server.

Note that I'm not getting this error on primary domain controller and replication is occurring between domain controllers. Any help would be appreciated. Thanks

↧

Reconnect child domain to parent AD forest without demoting child domain controllers

December 15, 2018, 8:50 am

≫ Next: Status report or logs for clients joined to domain

≪ Previous: Active Directory Web Services has resumed checking if the computer is a global catalog error

Hi all,

At my parent AD forest with 2 domain controllers, I cannot see both my child domain controlers in AD Sites and Services. Repadmin status is all "0" which is good but it is only replicating between both parent domain controllers. DCdiag shows KCC event errors below.

"The partition DC=child,DC=parent,DC=gov,DC=sg should be hosted at site CN=HQ,CN=Sites,CN=Configuration,DC=parent,DC=gov,DC=sg, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition."

At my disconnected child domain, in AD Sites and Services, I can see both parent domain DCs and child domain DCs. DCdiag shows KCC errors below.

"The event log Directory Service on server dc.parent.gov.sg could not be queried, error 0x6ba "The RPC server is unavailable."

"The event log Directory Service on server dc.parent.gov.sg could not be queried, error 0x5 "Access is denied."

How can I create the replication pairs in the parent domain? As the child domain controller is missing, I cannot manually create a NTDS connection. I tried running repadmin /kcc but it did not help. I have also verified that there is no lingering objects in Active Directory. Domain and trust ports between parent and child are allowed as well.

Regards,
Chiew Sheng

↧

Status report or logs for clients joined to domain

December 18, 2018, 10:25 pm

≫ Next: FGP Policy for a Server

≪ Previous: Reconnect child domain to parent AD forest without demoting child domain controllers

Hi,

I have Win2012 r2 Domain, how i can know the status of all the clients which are joined to the domain (online or offline). And also how i can check if there is any client who is not updating the group policy ?

Thanks.

↧

FGP Policy for a Server

December 18, 2018, 8:40 am

≫ Next: Outlook prompt for credentials

≪ Previous: Status report or logs for clients joined to domain

Is it possible to create an FGP Policy for a server rather than a user? I have software that authenticates against an SQL server in which the SQL server gets its Password policy from the Default domain Policy. However I need the SQL server to issue a different Password policy. Can this be done with FGP?

Support analyst

↧

Outlook prompt for credentials

December 18, 2018, 10:13 am

≫ Next: Check Last logon more than 90 Days for all enable user only

≪ Previous: FGP Policy for a Server

Hi Experts for one of my user outlook is always prompting for credentials after changing password. how to check in AD the user is getting locked. how to troubleshoot this issue, cleared windows cred mgr, reconfigured profile but no luck

↧

Check Last logon more than 90 Days for all enable user only

December 25, 2018, 2:02 am

≫ Next: Can we set AD replication of certain OU ?

≪ Previous: Outlook prompt for credentials

Hello Member

How can I Check Last logon more than 90 Days for all enable user only but specific OU and domain ? Please help to guide me .

I try this below but show inactive user also. I dont' need inactive user

Search-ADAccount -UsersOnly -SearchBase "ou=Users,ou=BUO,dc=Ggggg,dc=com" -AccountIna  -TimeSpan 90

↧

Can we set AD replication of certain OU ?

December 20, 2018, 6:10 pm

≫ Next: trust relationship issue

≪ Previous: Check Last logon more than 90 Days for all enable user only

Hi,

Sorry for my novice question, we have 3 DCs which are DC01, DC02 & DC03. DC01 & DC03 are in the same location which is Company HQ , DC2 is in the site location which is far away from HQ so they have their own DC

In the AD, we have 2 primary OU , Site A OU and Site B OU, Site A OU is replicated to DC01, DC02 and DC03. Currently Site B OU also replicated to all DCs.

The question is whether it is possible for Site B OU not to replicate to DC02 ? since the users / resource does not really need to have the access to site location which hosted by DC02.

Apologize if the question is not clear enough.

Thanks

↧

trust relationship issue

December 19, 2018, 10:31 pm

≫ Next: Connection Logger tool used for Logging DNS Traffic.

≪ Previous: Can we set AD replication of certain OU ?

Hi,

if more than 100 machines are out of domain, means if we are facing trust relationship issue on them then what could be the cause. please help me with resolution.

↧

Connection Logger tool used for Logging DNS Traffic.

December 24, 2018, 4:13 am

≫ Next: 2008 R2 domain group policy not works on 2016 server

≪ Previous: trust relationship issue

Hi All,

I have a environment were we have 10 Windows server 2008 Domain controller we are upgrading the DC to Windows server 2016 using the side by side approach. Before doing this we are capturing the DNS traffic from the old server using connection logger tool. After capturing the traffic these servers will be decommissioned. Currently the ports we are monitoring using the tools are -

TCPPorts=53,88,139,389,3269

UDPPorts=53,88,389

We expect that after decommissioning the server, we should not be getting any traffic on LDAP ports (389 & 3269) as DNS service is not in the server to establish a connection on this port but we are still seeing entries in connection logger logs for Port 389 & 3269.

The question that i have is -

1. IS my understanding right about the way the decommissioning process mentioned above.

2. Does Connection Logger tool only logs the established DNS connections(when server is a domain controller) or it will also log the unestablished connection (after decommissioning the server).

Thanks,

Pranay.

↧

2008 R2 domain group policy not works on 2016 server

December 23, 2018, 5:21 pm

≫ Next: Restrict administrators through GPO

≪ Previous: Connection Logger tool used for Logging DNS Traffic.

2 x 2008 R2 servers as domain controller. Found that the group policies are not apply on my newly added 2016 servers. Is this the product design?

↧

Restrict administrators through GPO

December 22, 2018, 11:09 pm

≫ Next: how to change password with Domain controller not available anymore : configuration information could not be read from the domain controller, either because the machine is unavailable, or because access is denied

≪ Previous: 2008 R2 domain group policy not works on 2016 server

We have a few computers managing by application team. There are two common accounts which are part of all these servers, but there are individual accounts for each of the servers which should be part of local administrators group. In this scenario how can we achieve / restrict local administrator group membership through GPO

Thanks in advance

LMS

↧

how to change password with Domain controller not available anymore : configuration information could not be read from the domain controller, either because the machine is unavailable, or because access is denied

December 20, 2018, 6:50 pm

≫ Next: Serve 2012 - New User access to other servers

≪ Previous: Restrict administrators through GPO

I have a Machine with windows 7 x64 pro which was connected to a domain controller that is dead and not available anymore.

I want to continue to use this computer standalone and keep all the software and configurations already installed, however i need to change my pass and i am not able to do it getting this msg : configuration information could not be read from the domain controller, either because the machine is unavailable, or because access is denied.

How can i solve this (change the pass or copy all the user settings to local) without the domain controller server?

thank you

vitor

↧

Serve 2012 - New User access to other servers

December 20, 2018, 3:20 pm

≫ Next: Audit user actions

≪ Previous: how to change password with Domain controller not available anymore : configuration information could not be read from the domain controller, either because the machine is unavailable, or because access is denied

I have a server 2012 environment with a DC. The domain includes 3 server 2012 vm machines for rdp/terminal services.

I added a user to a domain. I expected the newly added user would be able to log onto the rdp/terminal services vm's.

Since the other rdp/terminal services vm servers are part of the domain, I thought the new

user would be able to log onto those servers. But they cannot.

How can this be accomplished?

↧