Hi,
We have a forest with three domain.
We would like enable recycle bin only on 2 domain.
How we can perform this target settings?
↧
Enable recycle bin in a domain
↧
Active Directory Users
We have two different AD DS in our company. First for the Domain client user login(abc.com) and second for theExchange mail service(xyz.com). We currently have approximately 500 users in our company. We have created users in both the domain for their specific purpose. Now we want to remove first domain(abc.com) from our company permanently
and use a single domain(xyz.com) We have exchange mail user in our second domain already created.
Now can I use same user created in xyz.com for mail services and domain user login also? or Do I need to create all the users for client login again?
If no then, do it effect in mail service after using the same user for logging on to the client computer?
What about the groups for assigning security since I have created only distribution groups for the mail services in the second domain(xyz.com)?
Can you please help me?
Thank You
↧
↧
DFS replication question
In my lab, i got 2 fileservers, both with DFS namespace and replication role installed.
When creating a replciation group, i select the shared folder i want to be replicated to the other server. the other server has no folders besides the default Windows folders.
I need to choose a local path of folders to be replicated, will that be the location at my second server where the folders with files will be replicated to?
Second, whill the sharename and the user/grouprights also be replicated to the second server?
Also, when i want to provided the namcespace to my users through a policy, how should i do that and where can i find the name i need to use for sharing purposes?↧
Migrated old 2008R2 to 2016 AD but cannot access DC when old server is turned off
I migrated an old 2008R2 server to a 2016 server. Moved the FSMO roles, added the 2016 server to be a global catalog, moved DNS, pointed the new server to itself and had all the computers DNS pointed to the new server. I did a fsmo query to make sure the new server had all the roles, I also did a nslookup to make sure the new server was answering DNS calls. I turned off the old server to test everything out before I uninstall exchange and demote the server. However, when I turn off the old DC and restart a workstation computer. They can log in, but they can't access the file share with an error message saying it cannot contact the domain controller. This smells like DNS to me, but I am not sure what I am missing (I thought I was relatively thorough) Can anyone help out? Anything you guys think I might have missed?
Thank you in advance.
↧
Server with DirSync Crashed after a power failure
good morning
Current setting
Server1 with Ad DS
Server2 with DirSync
After a power failure disk array of server2 failed. this server does not have backup so it will be eliminated. can use the Server1 to install Dirsync or ADConnect to restore sync between AD and O365. what would be the procedure?
↧
↧
Write in Machine's Description Field of Windows Active Directory from a MacBook Machine
Hi All,
I will need to write a script to modify the "description" attribute of the Macbook computer account in the Windows Active Directory with the values like username, serial number of the MacBooks, time of last login.
I had managed to write same script like this requirement for Windows machines, and
the script is workingwell (VBS Code).I have give permissions in the Active Directoryso the "description" attributes of a account could be modified from external sources.
Is this requirement is feasible to be done, if yes - could
anybody guide me on how writing the required script.
Thank you very much for your help.
↧
While Removing a computer from a domain does not deletes the computer object from active directory
Hello,
While Removing a computer from a domain does not deletes the computer object from active directory. Please help me in this regards.
Thanks,
Venkat.
+91 9989361116
↧
Collapse Domain from two separate domains, and forests to a single domain and forest
Hi,
I have two domains, in two separate forests: Domain A and Domain B
Both Windows 2016 domains
Two way trust between both domains today
I want to remove Domain B and the trust that is currently set up between them, and have users in domain B be a a part of domain Domain A
Simple setup, no Exchange, just files.
Domain B contains about 8 users
What is the least impactful and simplest way to collapse Domain B into Domain A and just have a single domain (Domain A)?
Thanks
↧
Issue in GP
I am facing a issue in Group Policy.
I have five sites and only on two sites group policy is successfully applied while on three sites i am facing issue.
Please see below screen shots of affected sites.
Site 02
Site 03
And the site in which polices is successfully applied.
↧
↧
Can't authenticate to PC in another Domain
Hello all, I need some assistance with authentication.
I just recently established and validated a Trust to another Domain. For some reason my domain (ABC ) users cannot authenticate to XYZ domain. We get hit with bad user name or password BUT XYZ can authenticate to pc's at ABC!
Event viewer shows successful - event ID 4672 and 4624, so I'm at a loss! Can someone please assist on what could be happening?
↧
Migrating Single Domain Controller
We recently were testing the use of Domain on our internal network. Till recently the benefits were not really there to make the change worthwhile. A few of us are on the Domain and have been using it to test and hammer out some functions. This was during an evaluation period.
I am now hitting some critical issues such as being unable to activate my version of 2019 essentials. I have a brand new key that should have no issues.
If this was just another PC, I would just do a reinstall without worry. But considering if I lose the domain, then my user basically becomes locked out...
I am trying to find the correct solution to repair any issues. Is there a way to backup my AD config and Domain settings, so I can import them on a fresh install? I would prefer to start from scratch but the few of us cant risk losing access to our files. If i was to do some form of reinstall, is there a way to make sure everything stays? and that the PC's can reconnect to the repaired Domain after without and loss?
Any advice would be greatly appreciated. Thank you!
↧
Verification of Directory Paths Failed - Does Not Point To Physical Drive
Hello,
I have installed Windows Server 2012 R2 on a temporary server because we are retiring old servers and have to have a Temporary Domain Controller. The server has an SSD installed. When installed AD DS on the server, I can not install because an error appears:"Verification of directory paths failed. The path does not point to a valid hard disk." I know many companies can run Windows Server on an SSD but I do not have a hard disk drive installed on the server. I have even tried plugging in an external HDD and pointing to it to store the directory files, but it will not accept that. Any ideas on why the server is being so stubborn?
Thanks,
Connor
↧
Identify potential domain joined computers.
Hello,
We need to deploy a very important group policy and we need to make sure every computer in the domain has a "healthy" connection to Active Directory and will get the GPO.
Is there a way to identify computers which are not connecting properly, secured channel is broken and so on?
Please advise.
Many thanks.
We need to deploy a very important group policy and we need to make sure every computer in the domain has a "healthy" connection to Active Directory and will get the GPO.
Is there a way to identify computers which are not connecting properly, secured channel is broken and so on?
Please advise.
Many thanks.
↧
↧
DNS not replicating - Server 2008 R2
For now, I am having to manually enter our DNS server into the ipv4 properties. If I don't I see our ISPs DNS listed using nslookup and other functions such as remote desktop and simply logging in are not working if those options aren't set.
When I logged into our DNS and ran a scan of the DNS role, I saw the error below. Would someone be able to give me advice on where to start looking for a solution?
Title:This domain controller must register a DNS SRV resource record, which is required for replication to function correctly
Severity:
Error
Date:
3/18/2019 3:13:54 PM
Category:
Configuration
Issue:
The "DcByGuid" DNS service (SRV) resource record that advertises this server as an available domain controller in the domain and ensures correct replication is not registered. All domain controllers (but not RODCs) in the domain must register this record.
Impact:
Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller. This domain controller will not be able to provide a full suite of services.
Resolution:
Ensure that "DcByGuid" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_ldap._tcp.cfd4b2cd-fced-4639-8bb2-8bf87a6873d0.domains._msdcs.westeastdesign.com", pointing to the local domain controller "GuadiSer2.westeastdesign.com", is registered in DNS.
More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126968
↧
DFSR replication with one hub and two spokes
Hi
I have a few questions about DFSR replication.
I have inherited a dfs setup with a windows server 2008 r2 as a hub server and two windows 2012 servers as spokes.
They are in 3 different locations.
What happens if dfs replication service is disabled on the hub server.
So the server is still online
It appears the two spoke servers are still replicating to each other.
Will this delete data or will it try and force the two servers to be the same.
Say if a folder is on one server but not on another will it delete it.
WHat happens when i bring the service back online on the hub server.
Need to turn it off to perform a backup
thanks
Jimi
↧
Clean up DFSR folder after replication group reconfiguration
Hi guys,
DFSR replication group(s) were reconfigured and now almost 500GB of iles left under E:\System Volume Information\DFSR folder.
The System Volume Information is not visible and I only can see it in TreeSize Free software.
Please advise if it is safe to delete files and and which folders I should delete.
Regards
↧
DFS and roaming profiles and home folders
Guys,
When in a DFS environment, how should i create roaming profiles and home folders ? Anyone who has a decent tutorial for that?
I dont think it would be wise to let the profiles be synced. The homefolders could be synced by DFS, i guess.
thanks in advance.
↧
↧
New domain trust - not receiving all options
Hi There,
We are trying to set up a new trust with one of our partners however we are not getting any of the options we are normally expecting, we want to set this up with a shared trust password instead of setting up user accounts in the other domain.
We have set up the necessary DNS zones as per this article - https://www.interfacett.com/blogs/how-to-configure-forest-level-trust-in-windows-server/
However when setting up the trust we are put straight onto this screen after entering the domain name (removed for privacy) and none of the options before it.
Any ideas?
Thanks
↧
How much RAM does each 'secure channel connection' to a Windows Server (Domain Controller) require
Hello :)
I am trying to obtain a more accurate way of working out the RAM for a domain controller, I know RAM is relatively cheap and I could therefore just add more RAM ant not think about it too much. However I do want to understand certain aspects of the OS to determine the RAM in a more granular fashion.
Question
If I have two sites, where one site has a domain controller with say 300 users connecting to the domain controller (Server 2019), and another site where 6000 users are connecting to the domain controller. It would seem logical on the surface the latter server
may require more RAM.
For example does each connection to the domain controller by a client (secure channel so the client can download group policies etc.) require a small amount of RAM? (possible the LSASS.exe require some extra RAM for each incoming connection it has to deal with/maintain)?
Also, once a user has connected to a domain controller, authenticated (TGT, TGS) and download their computer/user groups policies from the DC, does the client connection remain open? e.g. TCP/Secure pipes connection still active and therefore may require memory to maintain the connection (as asked above), or is the connection torn down and re-established when the client needs to go back to the DC to another TGS or to renew the TGT for example ?
Is there perhaps a performance counter in Windows that shows he amount of RAM taken up by each connection to the Server ?
Any help and advise, most welcome
CXMelga
↧
ad / sysvol version mismatch although all AD and SYSVOL GP versions correct
Hi
I am suddenly getting "ad / sysvol version mismatch" error on few group policies when doing gpresult. I have checked all the GPOs versions in AD and SYSVOL on all 3 DCs and they are correct, Sysvol sync runs fine with no errors, so I just dont know what else to check.
Any idea?
Thanks
↧