Hi,
We have a forest with three domain.
We would like enable recycle bin only on 2 domain.
How we can perform this target settings?
↧
Enable recycle bin in a domain
↧
Moving RoDC connected Domain Controller from one site to another Site without affecting the connection
We were having the below site infrastructure ..
Site infrastructure
Location : A
Site1: All subnets authenticating through this site
DC1
Site1-Win2K8: no subnet authenticated (Not sure if previous Owner explicitly defined it somewhere in the registry - it was required in the past to have separate site when the upgrade from Windows Server 2003 to Windows Server 2008 was done)
DC2
Site1-DMZ : DMZ subnets authenticated to this site
RoDC
which have a connection to DC2
I want to get red of Site-Win2K8 and move DC2 to Site 1 but I am not sure if it will affect the connection with DMZ .. Please help I need to confidently move DC2 without affecting the connection between DC2 and RoDC
↧
↧
DFS replication question
In my lab, i got 2 fileservers, both with DFS namespace and replication role installed.
When creating a replciation group, i select the shared folder i want to be replicated to the other server. the other server has no folders besides the default Windows folders.
I need to choose a local path of folders to be replicated, will that be the location at my second server where the folders with files will be replicated to?
Second, whill the sharename and the user/grouprights also be replicated to the second server?
Also, when i want to provided the namcespace to my users through a policy, how should i do that and where can i find the name i need to use for sharing purposes?↧
Homefolders in a dfs-environment
In my dfs lab, i crat4d a folder for homefolders. I mapped this folder through the drivemappingfolder with the following path: \\namespace\homefolders\%username%
But this doesnt work, the jomefolder isnt created. It works fine when i add the path manually to the profile of an account. The drkpemapping policy works also fine, a different drive to the namespace is mapped.
Anyone who can explain to me what i am doing wrong/missing?
↧
Rename Active Directory
Hi,
I have the following problem.
For now, in speak general in the company I was hired in, someone in the Active Directory Domain implemented a one-member name"company" instead of, for example,„company.local”. Such configuration in some situations will create difficulties, for example in the implementation of PKI.
I would like to change the name of this domain to company.local. Next, I would connect clients (workstations) and servers to the new domain.
I still have the hardest part to configure - Microsoft Exchange 2013 to the new Active Directory name.
Can anyone give me a hint?
Thank you in advance for your help :)
Microsoft Tech Net
↧
↧
AD FS Server 2012 R2 Question
Hi
I have setup ADFS on 2012R2 with a Web Application Proxy Server (WAP). I have published 2 apps.
1. Claims based app - works fine
2. Non-claims app - Kerberos in IIS to a standard website
On the non claims aware app It authenticates fine but just shows a blank page. The URL shows as the web page followed by /?authToken=eyJ0eX........
I have set the WAP to be domain joined as per MS documentation but just can't seem to get the site to work through ADFS.
Am I missing something basic?
Thanks
↧
Active Directory clean up/ restructure
Hi I need some advice here.
Background: I worked for a MSP and now work as in house IT for one of the clients I did work for and both parties are happy about this.
Active directory users & computers is a mess and on top of it most users having local admin privileges to their machines which is preventing me from turning on PS remoting out of concern.
The business owns 3 different companies (company.com, othercompany.com, onlinecompany.com) who are all under the One domain tree using the same OU which has their own nested OU to separate them, each holding their own OU for groups, computers, and users.
The MSP installed and used server essentials dashboard which I want to disable and use AAD Connect, during my prep to make the change I started to think about the structure and what I should do with it.
Any thoughts on what I should do, leave it, create a domain for each company, trash it all and start fresh with server nano?
If there is a better place to ask this question let me know.
↧
NTFRS 13552/13555 on a single DC.
Inherited a bit of a mess here.... I have one DC that has been in this condition for as far back as the logs go, which is 10/17/2015. I found the following article:
Since I have another DC with a clean ntfrs, I assume I would just want to perform steps 6 - 10 on the problematic DC? Is it really necessary to delete all those files manually, or can I just stop ntfrs, set burflag D2, and start ntfrs to recover from this?
Thanks!
↧
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server AD1
Hello,
First thing this morning, I started experiencing issues with a few of my non PDC AD servers. Running DCDiag revealed a number of errors on the secondary DCs.
Here is my dcdiag output on the AD3 DC:
Doing initial required tests
Testing server: Site\AD3
Starting test: Connectivity
......................... AD3 passed test Connectivity
Doing primary tests
Testing server: Site\AD3
Starting test: Advertising
......................... AD3 passed test Advertising
Starting test: FrsEvent
......................... AD3 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... AD3 failed test DFSREvent
Starting test: SysVolCheck
......................... AD3 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x8000061E
Time Generated: 03/18/2019 11:42:10
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
An error event occurred. EventID: 0xC000051F
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 03/18/2019 11:42:10
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
An error event occurred. EventID: 0xC000051F
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 03/18/2019 11:42:10
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
An error event occurred. EventID: 0xC000051F
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
A warning event occurred. EventID: 0x8000061E
Time Generated: 03/18/2019 11:42:10
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
An error event occurred. EventID: 0xC000051F
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
An error event occurred. EventID: 0xC000051F
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/18/2019 11:42:10
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
A warning event occurred. EventID: 0x80000785
Time Generated: 03/18/2019 11:42:10
Event String:
The attempt to establish a replication link for the following writable directory partition failed.
A warning event occurred. EventID: 0x80000785
Time Generated: 03/18/2019 11:42:10
Event String:
The attempt to establish a replication link for the following writable directory partition failed.
A warning event occurred. EventID: 0x80000785
Time Generated: 03/18/2019 11:42:10
Event String:
The attempt to establish a replication link for the following writable directory partition failed.
A warning event occurred. EventID: 0x80000785
Time Generated: 03/18/2019 11:42:10
Event String:
The attempt to establish a replication link for the following writable directory partition failed.
A warning event occurred. EventID: 0x80000785
Time Generated: 03/18/2019 11:42:10
Event String:
The attempt to establish a replication link for the following writable directory partition failed.
......................... AD3 failed test KccEvent
Starting test: KnowsOfRoleHolders
[AD1] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
Warning: AD1 is the Schema Owner, but is not responding to DS RPC Bind.
[AD1] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: AD1 is the Schema Owner, but is not responding to LDAP Bind.
Warning: AD1 is the Domain Owner, but is not responding to DS RPC Bind.
Warning: AD1 is the Domain Owner, but is not responding to LDAP Bind.
Warning: AD1 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: AD1 is the PDC Owner, but is not responding to LDAP Bind.
Warning: AD1 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: AD1 is the Rid Owner, but is not responding to LDAP Bind.
Warning: AD1 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: AD1 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... AD3 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... AD3 passed test MachineAccount
Starting test: NCSecDesc
......................... AD3 passed test NCSecDesc
Starting test: NetLogons
......................... AD3 passed test NetLogons
Starting test: ObjectsReplicated
......................... AD3 passed test ObjectsReplicated
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
AD3: Current time is 2019-03-18 11:42:45.
DC=ForestDnsZones,DC=ad,DC=domain,DC=com
Last replication received from AD2 at
2019-02-27 21:37:33
Last replication received from AD1 at
2019-02-27 21:38:13
DC=DomainDnsZones,DC=ad,DC=domain,DC=com
Last replication received from AD2 at
2019-02-27 21:37:33
Last replication received from AD1 at
2019-02-27 21:38:21
CN=Schema,CN=Configuration,DC=ad,DC=domain,DC=com
Last replication received from AD2 at
2019-02-27 21:37:33
Last replication received from AD1 at
2019-02-27 21:38:13
CN=Configuration,DC=ad,DC=domain,DC=com
Last replication received from AD2 at
2019-02-27 21:37:33
Last replication received from AD1 at
2019-02-27 21:38:13
DC=ad,DC=domain,DC=com
Last replication received from AD2 at
2019-02-27 21:37:33
Last replication received from AD1 at
2019-02-27 21:42:28
......................... AD3 passed test Replications
Starting test: RidManager
......................... AD3 failed test RidManager
Starting test: Services
......................... AD3 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x40000004
Time Generated: 03/18/2019 11:08:39
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ad1$. The target name used was ldap/AD1.ad.domain.com. This indicates that the target server failed to decrypt the ticket
provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can
also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the
server name is not fully qualified, and the target domain (AD.DOMAIN.COM) is different from the client domain (AD.DOMAIN.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 03/18/2019 11:12:10
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ad1$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/98e808a5-c419-48fa-b5b1-c64f03eb83df/ad.domain.com@ad.domain.com.
This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN
is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server
and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (AD.DOMAIN.COM) is different from the client domain (AD.DOMAIN.COM), check if there are identically named server accounts in these two
domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 03/18/2019 11:22:57
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ad1$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/98E808A5-C419-48FA-B5B1-C64F03EB83DF/ad.domain.com@ad.domain.com.
This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN
is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server
and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (AD.DOMAIN.COM) is different from the client domain (AD.DOMAIN.COM), check if there are identically named server accounts in these two
domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 03/18/2019 11:27:10
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ad1$. The target name used was LDAP/98e808a5-c419-48fa-b5b1-c64f03eb83df._msdcs.ad.domain.com. This indicates that the
target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the
account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured
to use the same password. If the server name is not fully qualified, and the target domain (AD.DOMAIN.COM) is different from the client domain (AD.DOMAIN.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified
name to identify the server.
......................... AD3 failed test SystemLog
Starting test: VerifyReferences
......................... AD3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ad
Starting test: CheckSDRefDom
......................... ad passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ad passed test CrossRefValidation
Running enterprise tests on : ad.domain.com
Starting test: LocatorCheck
......................... ad.domain.com passed test LocatorCheck
Starting test: Intersite
......................... ad.domain.com passed test Intersite
So I checked on the PDC and found the following:
Doing initial required tests
Testing server: Site\AD1
Starting test: Connectivity
......................... AD1 passed test Connectivity
Doing primary tests
Testing server: Site\AD1
Starting test: Advertising
......................... AD1 passed test Advertising
Starting test: FrsEvent
......................... AD1 passed test FrsEvent
Starting test: DFSREvent
......................... AD1 passed test DFSREvent
Starting test: SysVolCheck
......................... AD1 passed test SysVolCheck
Starting test: KccEvent
An error event occurred. EventID: 0xC000051F
Time Generated: 03/18/2019 11:45:07
Event String: The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/18/2019 11:45:07
Event String: The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local
site.
An error event occurred. EventID: 0xC000051F
Time Generated: 03/18/2019 11:45:07
Event String: The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/18/2019 11:45:07
Event String: The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local
site.
An error event occurred. EventID: 0xC000051F
Time Generated: 03/18/2019 11:45:07
Event String: The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/18/2019 11:45:07
Event String: The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local
site.
An error event occurred. EventID: 0xC000051F
Time Generated: 03/18/2019 11:45:07
Event String: The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/18/2019 11:45:07
Event String: The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local
site.
......................... AD1 failed test KccEvent
Starting test: KnowsOfRoleHolders
......................... AD1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... AD1 passed test MachineAccount
Starting test: NCSecDesc
......................... AD1 passed test NCSecDesc
Starting test: NetLogons
......................... AD1 passed test NetLogons
Starting test: ObjectsReplicated
......................... AD1 passed test ObjectsReplicated
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
AD1: Current time is 2019-03-18 11:50:47.
CN=Schema,CN=Configuration,DC=ad,DC=domain,DC=com
Last replication received from AD4 at
2019-02-27 15:00:11
CN=Configuration,DC=ad,DC=domain,DC=com
Last replication received from AD4 at
2019-02-27 15:00:11
DC=ad,DC=domain,DC=com
Last replication received from AD4 at
2019-02-27 15:00:12
......................... AD1 passed test Replications
Starting test: RidManager
......................... AD1 passed test RidManager
Starting test: Services
......................... AD1 passed test Services
Starting test: SystemLog
......................... AD1 passed test SystemLog
Starting test: VerifyReferences
......................... AD1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ad
Starting test: CheckSDRefDom
......................... ad passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ad passed test CrossRefValidation
Running enterprise tests on : ad.domain.com
Starting test: LocatorCheck
......................... ad.domain.com passed test LocatorCheck
Starting test: Intersite
......................... ad.domain.com passed test Intersite
If I go into sites and services, and manually force the sync between AD3 and AD1, I get the following:
The following error occurred during the attempt to synchronize naming context CN=Configuration,DC=ad,DC=domain,DC=com from Domain Controller AD1 to Domain Controller AD3: The target principal name is incorrect.
The operation will not continue.
I've looked to see if there are duplicate SPNs on the PDC (AD1) but I don't see any duplicates.
The other odd thing is the result I get when I run the following:
C:\Windows\system32>netdom verify ad3
The secure channel from AD3 to the domain DOMAIN has been verified. The connection
is with the machine \\AD1.AD.DOMAIN.COM.
I'm not sure what broke. I haven't changed any admin passwords recently. I'm stumped. Any ideas or suggestions?
Thanks!
↧
↧
Providing certificate using a CSR
Hi All,
I have received CSR files for which I need to provide the certificate, I have the access to issuing CA. Please advise what is the process for providing certificate using CSR. Thanks!!
Regards
Afsar
↧
AD to external DNS
Dear Sir,
There is a network that contain zywall usg-100 router(192.168.1.5), AD 2008r2 with dhcp (192.168.1.17), Client PC win7 pro(192.168.1.120)....
in fact, there are some win7 pro also get this problem...total about 60-70 client.
I keep AD server gateway blank as I don't allow the AD Server access internet....
ISP provide dns
218.102.23.228
210.87.253.13
I also set 8.8.8.8 and 8.8.4.4 to DNS
It happen suddenly.
Client PC can ping server and router.but it can not access internet....
tracert and ping yahoo.com but also failed....
nslookup yahoo.com and the dns server is router(192.168.1.5)...it is scucess... but still can not ping yahoo.com
I process ipconfig /release and ipconfig /new it is OK again....
but it also happen suddenly again after 1-3 hours
please advise....
↧
Logon ID 0xf681c880
Hello, does anyone know what is this logon ID 0xf681c880 in AD??
The event ID is 4726 = a user account was deleted and that was the logon ID used.
The security ID is: Domain\ExchangeMailboxServer$
The Account Name is:ExchangeMailbox$
↧
Unable to Disjoin and Rejoin Exchange server 2019
In my sandbox environment, I'm trying to disjoin and rejoin my exchange 2019 server from/to domain, but somehow i got the error as below.
I've tried to disable the network connection, disable exchanges services, but still failed. Any idea?
Thanks.
↧
↧
after promote RODC domain controller successfully but not showing in repadmin /replsum
Hello everybody,
I have windows server 2012 domain controller, and I have another server will be function as as RODC.
I promoted the server to be RODC server, the promotion was successfull and first i can see in domain controller by using repadmin /replsum. After several time, i checked it again by using repadmin /replsum and i cannot see my new RODC.
my domain controller and RODC are in same segment IP address.
I have tried to reinstall but still same problem.
Please help us to solve it.
Thank you.
Dodi.
↧
Disable password logon as an option - but still want ability to use the Change Password feature with Ctl+Alt+Delete
Hello,
We are using H4B with PIN to logon to our desktop. We remove password login as an option so the only option is PIN. However, we still want users to be able to Change their passwords through Ctl+Alt+Delete because they do still user password for other applications and services in our organization. How that be achieved?
↧
Non-Transitive trusts
Can I setup a non-transitive trust between root domains within the same forest?
I have 5 domains within a forest. They are not child domains. All root domains.
I want to create a two way trust between:
Domain A and Domain B
Domain A and Domain C
Domain A and Domain D
Domain A and Domain E
I don't want Domains B, C, D or E to have any trusts between them though.
Is that possible?
↧
Windows domain controller taking about 60 minutes to logon when powered on in the DR environment
We replicate a number of vital PROD servers to our DR site and are having a major issue. In the DR site, there is a domain controller (not the PDC) which syncs with the domain controllers in the PROD site so it is always up-to-date.
I our tests we failed over our PROD servers to the DR site and found that the domain controller in the DR site, when rebooted, takes around 90 minutes to boot up and gets stuck at the "Applying Group Policy" screen.
Looking at the logs, I can see EVENTID 3096, "The primary domain controller for this domain could not be located" and I feel that this is the reason the DR domain controller is taking so long to boot.
Is there a fix for this - where we can stop the DR domain controller from looking for the PDC??
The DR domain controller is Windows 2008 R2. Thanks.
EDIT:
I just found out that the domain controller is set to DHCP for an IP and it does not look like it found a DHCP server!.
| +-- JDMils |
↧
↧
New domain trust - not receiving all options
Hi There,
We are trying to set up a new trust with one of our partners however we are not getting any of the options we are normally expecting, we want to set this up with a shared trust password instead of setting up user accounts in the other domain.
We have set up the necessary DNS zones as per this article - https://www.interfacett.com/blogs/how-to-configure-forest-level-trust-in-windows-server/
However when setting up the trust we are put straight onto this screen after entering the domain name (removed for privacy) and none of the options before it.
Any ideas?
Thanks
↧
ad / sysvol version mismatch although all AD and SYSVOL GP versions correct
Hi
I am suddenly getting "ad / sysvol version mismatch" error on few group policies when doing gpresult. I have checked all the GPOs versions in AD and SYSVOL on all 3 DCs and they are correct, Sysvol sync runs fine with no errors, so I just dont know what else to check.
Any idea?
Thanks
↧
Migrating from FRS to DFSR and our RODC is stuck on "Waiting on initial Sync"
Helle,
I'm trying to do an upgrade of my domain replication method from the old one (FRS) to the new one DFRS.
The idea behind it is to replace old Domain Controllers W2k8R2 with new ones W2k16.
The existing servers (domain Controllers) are 2 W2k8 R2 and one W2k16 and one RODC W2k12R2.
The prepared step is done on all DC's and RODC says "waiting for the initial sync".
On all servers there is a folder SYSVOL and SYSVOL_DFRS with the same content...
What can I do to continue with the migration .....
↧