Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Not abe to search specific AD user

February 15, 2019, 1:51 am
$
0
0

Hi There,


We have been facing strange problem with our Active Directory. We do have Server 2012 as an Active Directory. One of our admin has created a user with logon name 1483 (usually we do have employee ID as a logon name). Now we are not able to find that user in our Active Directory as well not able to create a new user with 1483 logon name. when we try to find user, it says doesn't exist. and when we try to create a new one, it says already exist. Below is the snap.




Request for your help on how we can sort out this issue.





Cheers,
Aerrow
Blog:pdhewaju.com.np
Please remember to mark the replies as answers.

Search

Migrate AD CS from Serve 2012 R2 to Server 2016

February 13, 2019, 11:08 am
$
0
0

Following the steps here to migrate AD CS to a new machine, but when I run the "certutil -catemplates" command I get a bunch of "access is denied" messages in the results. Anyone know why? I'm logged in as Domain Admin...


Shaun

강남오피 *www닷uuhaja7,com* 룸싸롱후기

February 24, 2019, 7:26 pm

Active Directory - How do you generate a DirSync cookie without crawling to completion?

February 24, 2019, 7:37 pm
$
0
0

I have used an Ldap query to fetch all objectClass=group and objectClass=user from Active Directory.

Now I want to use DirSync to get all changes since then.

DirSync is described at https://support.microsoft.com/en-us/help/891995/how-to-poll-for-object-attribute-changes-in-active-directory-on-window

But the problem is I can only really figure out how to generate a cookie after doing an entire crawl of the entire contents. And that includes deletes which is like 5,000,000 items in my case. Takes some time to get the initial cookie.

Is there a way to generate a token for "now" in a faster way?

{uuhaja7.com } 전주오피 풀사롱후기

February 24, 2019, 7:38 pm

광주오피 〈uuhaja7.com 〉 건마 전립선

February 24, 2019, 7:40 pm

천안오피 (uuhaja7.com ) 유흥후기

February 24, 2019, 7:41 pm

Error joining DC as a child to Forest DC | The specified argument 'ChildName' was not recognized

February 22, 2019, 12:27 pm
$
0
0

Hi,

I have the following scripts running.

Basically both scripts create files at runtime, and then the servers restart and run the newly created files, however there is an error when the child DC joins the forest, even though it joins successfully.

Scripts uploaded in the links below as the forum wouldn't allow characters more than60000 (mine is ~6095)

Forest DC

Child DC

Error (Even though the child DC joins Forest successfully)

At C:\Users\Administrator\Desktop\JoinForest.ps1:9 char:1+ Install-ADDSDomain -credential $cred -CreateDnsDelegation:$true -Data ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo          : NotSpecified: (:) [Install-ADDSDomain], TestFailedException+ FullyQualifiedErrorId : Test.VerifyDcPromoCore.DCPromo.General.77,Microsoft.DirectoryServices.Deployment.PowerShell.Commands.InstallADDSDomainCommand

Message        : Verification of prerequisites for Domain Controller promotion failed. The specified argument 'ChildName' was not recognized.

Context        : Test.VerifyDcPromoCore.DCPromo.General.77
RebootRequired : False
Status         : Error
Thank You

Search

Windows Lockout issue

February 10, 2019, 10:49 pm
$
0
0

I am facing domain account lockout the issue and I am stuck in troubleshooting.

According to below link, I am able to find our problematic domain controller but unable to find event id 4625 on the caller computer name

https://activedirectorypro.com/account-lockout-tool/

change username in hybrid environment

February 24, 2019, 6:45 pm
$
0
0

Hi

I'd like to ask what are the steps for changing a username in a hybrid environment

How to improve query speed when checking whenCreated or whenChanged for new changes?

February 19, 2019, 10:05 am
$
0
0

Dear technet community:

I need to fetch active directory accounts that have changed since a certain time.

In doing so, I run queries against whenCreated and whenChanged such as:

(whenCreated>=20190219174130.0Z)
or here would be a Get-ADUser command:
Get-ADUser -Filter * -Properties whenCreated | Where-Object {$_.whenCreated -ge ((Get-Date).AddDays(1)).Date}
On my test server, this was fine worked great.

My production active directory has about 210,000 users in it, about 80,000 groups.

Now this query hangs very badly. It seems like it's doing a linear pass through the entire AD.

Shouldn't active directory has an index created on this value so it can be queried very quickly? Is there some trick to making this indexed better?



Adding a vm to domain

February 22, 2019, 1:40 pm
$
0
0

Why do i always uncheck ip v6 to add a vm to domain ( window 2016) 

Powershell Command to Set Logon Hours Status to Denied

February 24, 2019, 10:34 pm
$
0
0

Hello Team,

I would need help with the powershell command to set a particular user's logon hours status to denied.

Thanks in Advance!

A.K

Active Directory Logon Hours = Logon Disabled

March 2, 2016, 11:36 am
$
0
0

Our environment does not allow us to disable accounts but under the users Logon Hours we set it to Logon Disabled.

I want to know what the attribute value would be for Logon Disabled, if I want to say:  AD Sync Connector in our O365 run a inbound sync rule.

Can anyone help me with this?

Thanks

Active Directory remote siteTopologies

February 22, 2019, 1:51 am
$
0
0

Hello ,

we are planning to rebuild our AD infrastructure .we have many remote sites in our country and other in internationnal.

our main DC is a VM in Vmware and in other Sites we have GLB DCs . in each Site there is one  DC as global catalog .

we plan to reduce the number of the DC in the Sites and to implement a new physical DC in our main office to replace the DC VM  .

for you , what are the parameters should i based on to define this Site should has a DC or Not ?

for me is the bandwith and number of ressources in the site (  users, printers ,...) but i dont have a good statistics like for example if i have the MPLS link is 30mb/s and have 30 users in the site , i can tell no need for DC ...

Regards 


Search

Netbios help! Server 2008

February 22, 2019, 2:06 pm
$
0
0

Hello All, this is my first post and it's a good one!


Netbios over TCP/IP has been disabled in my work environment. We are strictly DNS. 

I've been troubleshooting a domain trust issue with another company and was told netbios was the reason. Out of curiosity, I enabled netbios on my 4 DC's. I rebooted 2 DC's. 1 of which is a Global Catalog and the other is Primary DNS.


Once they rebooted all my users could no longer use anything that is AD integrated. I couldn't even log into the DC's because it kept telling me bad password.


My coworker was able to somehow get into the Primary DNS DC and we disabled Netbios. From there things got back to normal.


Of course I'm freaked out because I don't understand how that could have broken DNS and AD!


Can someone shed some light on what might have happened?

Forest Trust Scenario with IP Conflicts

February 22, 2019, 10:53 am
$
0
0

Company A acquired Company B.   Both companies have two primary AD sites where servers are housed.  Currently there is an 80% IP address conflict. Two new IPv4 subnets has been created at Company B, (one at each site) which won't conflict at all with any subnet at Company A.  Eventually all servers and VDIs will live in that subnet.  The re-IP project will take at least a year so both entities are looking to establish a forest trust prior to its completion.  

My question:

Can Company B add 2 new Domain Controllers at each site in the new, non-conflict IPv4 subnets, define those as the preferred bridgehead DCs and establish the forest trust to and from those with partner DCs that are also on a non-conflict subnet?  Would 

While there are still IP conflicts, servers such as Sharepoint can be NATed.  Exchange at company B is already in the non-conflict subnet.

domain user login takes long time...

February 18, 2019, 9:36 pm
$
0
0

i have use server 2012 and client machine is windows 7,8,10. but my domain user login takes long time so pl z give solution..

regard

Mohit

users effective permissions in AD

February 21, 2019, 7:46 am
$
0
0

HI, we had a user that had delegated permissions all over Active directory and i need to find out exactly where she has access.

is there an easy way to export a users effective permissions in AD or a script that i can run

thx

jason

Migrate domain controllers but keep ip addresses

February 21, 2019, 7:21 am
$
0
0

Hi all,

We want to migrate our domain controllers (server 2012R2 / DL/FL 2008R2) to server 2019 core DL/FL 2016 and keep the ip addresses but change hostnames.

Reason to keep ip addresses : many devices like printers, scanners, applications have the dns/ldap/... ip addresses manually configured to point to the domain controllers.

Current situation :

Domain controllers A and B with ip address 1 and 2 (A-1, B-2)
A and B have DHCP in failover mode (load balance), DNS, DFS, and ADDS.
C-3 and D-4 are newly installed server 2019 core domain controllers with the same roles but these domaincontrollers should have ip addresses 1 and 2 after the migration. This is our plan :

  1. migrate fsmo roles to C
  2. Create domain controllers C and D with ips 3 and 4, Server 2019 core, install all roles but dont authorize dhcp
  3. Demote B as ADDS (dhcp should not work now on B), authorize D as dhcp server, change dhcp failover replication partner on A to D (DHCP D should be synced with A now)
  4. Turn off B and remove NIC
  5. Change ip address D to 2 (old B address)
  6. Reboot D and monitor events (DHCP, DNS, ADDS, ...)
  7. Change DHCP replication partner D to C
  8. Demote A, turn off
  9. Change ip address C to 1 (old A ) + reboot
  10. check health state, monitor events, replication etc ...
  11. raise functional level to 2016 on domain,forest
  12. metadata cleanup

Any suggestions ?

kind regards

Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>