Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

after promote RODC domain controller successfully but not showing in repadmin /replsum

March 20, 2019, 7:30 pm
$
0
0

Hello everybody,

I have windows server 2012 domain controller, and I have another server will be function as  as RODC.

I promoted the server to be RODC server, the promotion was successfull and first i can see in domain controller by using repadmin /replsum. After several time, i checked it again by using repadmin /replsum and i cannot see my new RODC.

my domain controller and RODC are in same segment IP address.

I have tried to reinstall but still same problem.

Please help us to solve it.

Thank you.

Dodi.

Search

Event ID 5014 ( Error: 9033 - Error: 9036 )

April 2, 2019, 3:53 am
$
0
0

Dear All, 

We did migrate our domain controller from 2012 r2 to 2016, and we did migrate from FRS to DFSR, all sys folders "policies ans scripts"are replicated fine but there is an warning message in event viewer:

5014 (  The DFS Replication service is stopping communication with partner DC3 replication group Domain System Volume due to an error. The service will retry the connection periodically) , Additional Information: Error: 9033 (The request was cancelled by a shutdown) , Additional Information: Error: 9036 (Paused for backup or restore) . 

Our DCs design:

Site1: DC1 - DC2

Site2: DC3 - DC4

DC1 having the warning id 5014, DC3 doesn't have it. I did run health check from DFS management and there is no error. I did backup AD manually "NTDSUTIL", I did check sysvol folder for all policies and scripts and they are updated and i even created a .txt file inside policies folder and replicated with the other DC "from DC1 to DC3". We are not running any backup at this time. Currently DFS management contains all DCs with their sysvol folders only, no other shared folder are created yet. I found the following link to disable TCP off loading but i didn't find that key and im not sure if i have to create a new key:

https://social.technet.microsoft.com/Forums/ie/en-US/01dc55f1-ff54-4c25-aca4-6122f0f654c5/dfs-event-id-5014?forum=winserverDS

Any advice.

Thank you

Who will be announced as the next Windows Server Directory Services Guru? Read more about April 2019 competition!!

April 2, 2019, 5:58 am
$
0
0


What is TechNet Guru Competition?

Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in April 2019 and must be in English. However, the original blog or forum content can be from beforeApril 2019.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!

Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

How can you win?

  1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
  2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
  3. (Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.


PS: Above top banner came from Ronen Ariely.

Artificial intelligence can never beat natural stupidity.

DFS namespace problem on disc mounted to NTFS folder

March 27, 2019, 4:14 am
$
0
0

Hello

We map disc not like letter (D:\ etc), but use Mount to NTFS folder. When I create DFS namespace at this disc (for example c:\storage\DISC1\test_DFS) and perform restart of service DFS (or restart server), we could observe new folder with strange symbol in name (겱Test01). 

And new folders coming in every next service restart. We are sure it is bug in DFS namespace.

Preview of this issue below.

Is there a chance to resolve this problem?

Zdenek

Zdenek Mozis

Providing certificate using a CSR

March 19, 2019, 7:41 am
$
0
0

Hi All,

I have received CSR files for which I need to provide the certificate, I have the access to issuing CA. Please advise what is the process for providing certificate using CSR. Thanks!!

Regards

Afsar

The Policy engine did not attempt to configure the settign. For more information, see %Windir%\security\logs\winlogon.log on the target machine

April 2, 2019, 7:50 am
$
0
0

Hello All,

We have one domain with default domain controller policy and other custom GPO. Both have certain common settings, Custom GPO is above the DDC policy in link order.

Any common settings between DDC policy and custom GPO,  Custom GPO should take the precedence as per the link order.

Currently it is applying the settings as per the link order precedence, However, we are getting a red mark in RSOP  with the below errors details.

The Policy engine did not attempt to configure the settings. For more information, see %Windir%\security\logs\winlogon.log on the target machine

Kindly Suggest 


Disable the option of User Must Change Password at Next Login only for a group of users while resetting the password of users in an OU

April 2, 2019, 7:37 am
$
0
0

Grayed out the option of User Must Change Password at Next Login only for a group of users like HelpDesk while resetting the password of users in an OU but by default should be enabled

Windows 2008 R2 Active Directory Domain

Using pwdLastSet we have made the option grayed out while resetting the password of users in an OU but we need to enable the option and then grayed out for selected group while resting the password of users in an OU

Any ideas on how we shall achieve the above



Desktop login against custom user store

April 2, 2019, 8:23 am
$
0
0

We have a Custom User store which has all the user details like username, password hashes, roles etc in a SQL server database. Currently user can authenticate/authorize against it using following 3 options

 1> using interfaces exposed over WCF by passing his credential.

2> over Radius protocol (using Windows NPS/IAS service with plug-ins for authentication/authorization).

3> over REST with OpenID Connect ( using IdentitiyServer3 framework).

We want to integrate this with windows Active directory and want desktop login to authenticate against custom user store and not active directory depending on whether user is member of AD or member of user store.

- we Don't want to use Custom Windows credential provider. Tried pGina also. Not Suitable for us.

- we were able to successfully integrate with ADFS (windows server 2016) using OpenIDConnect/WS-Federation. But don't know how to link Desktop login with ADFS.

We are ready for writing LDAP wrapper around our User Store if it is required.

Is it possible to make windows desktop login work for the above scenario?

Please let me know if more information required.

Thanks/-

Search

Failed to set machine SPN

March 26, 2019, 11:49 am
$
0
0

When we execute the command to join our Linux Machine (comp1) to the Windows AD server from comp1, we get the following error ->

Failed to join Domain: Failed to set Machine SPN:Operations Error

Do you have sufficient permissions to create Machine account.


The user we are using to do the join is a Domain Admin account.

What can be a possible cause of this issue ? 

Can this be related to permissions that the user account has on AD server ?

What permissions are needed for the user account being used ? 

Any suggestions to solve this?

AD Custom field - View >> Advanced Features - Attribute Editor

March 7, 2017, 3:46 pm
$
0
0

Hi,

I created custom fields in AD and Added them to user class.

Now I'm able to see set and get this new attributes values in the  "Attribute Editor" tab ("View >> Advanced Features" Enabled) 

This only works for users I have on the "users" OU. With users I have create don other OU's the "Attribute Editor" tab is never displayed.

How can I resolve this issue? I really need to be able to read and write this new attributes

Help is really appreciated.

Thank you,

JD

DFS Replication Errors

March 29, 2019, 6:00 am
$
0
0

Hello I'm sort of new to DFS replication.

I'd like to get our DFS jobs running again.  One thing I'm worried about is replicating in the wrong direction and having our user community lose production files.  I'm also seeing this error event in the logs.  

Can you walk me through a safe process?  

Log Name:      DFS Replication
Source:        DFSR
Date:          3/29/2019 2:58:41 AM
Event ID:      4012
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ************
Description:
The DFS Replication service stopped replication on the folder with the following local path: D:\Users. This server has been disconnected from other partners for 307 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected. 
 
To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group. 
 


LDAPS and Server Name Indication (SNI) support

April 2, 2019, 1:53 pm
$
0
0

Hi,

When searching topics about Windows Server and SNI support, the results often lead to articles related to SNI support in IIS.  I have questions about SNI in Windows Server as relates specifically to LDAPS.  For example:

  1. In which server version was SNI first supported for LDAPS?
  2. For whichever version is the answer to question #1 - from that point forward - is it REQUIRED that a client use SNI extension during SSL handshake for LDAPS?
  3. If YES to question #2, is it possible to selectively turn that requirement ON/OFF?

Thank you,

DaveC

regarding to cancel the usage of old company domain

March 30, 2019, 7:58 am
$
0
0

Dear Sir,

        I am Vimal Menon from Saudi Arabia. Right now our Company division in qatar is facing a issue. The issue is one of the IT employee working in our qatar division was terminitaed due to cheating case, and right now he is not there in qatar anymore. But the think is, right now he is misusing the the company email and also his company email ID. We can't do anything, because of all the access of active directory is with that guy, including username and password. Our company don't need that domain anymore. We need to cancel or distroy that domain, so that we can make a new domain and company email id. Can you please help me to solve this problem.

Cannot install Additional DC 2016

March 29, 2019, 11:47 pm
$
0
0

Hi,

I have a windows server 2016 that ADDS role was installed on that. And I have an additional dc with windows server 2008, too. I'm going to install a windows server 2016 as a second additional domain controller but I got the below error:

The server that I want to promote it to the additional domain controller has been joined to the domain and can ping the domain controller. Any help would be appreciated.

Thanks

Constructed attribute

March 28, 2019, 10:17 am
$
0
0
Hello! Is this possible to create "Constructed attribute"?
Search

Server Performance Advisor question

March 28, 2019, 8:09 am

AD Account history change

April 2, 2019, 6:39 pm
$
0
0

Hello,

Is there a powershell command to show account histroy of ad account like "change of account expiration"?

Few Questions about RSAT

April 2, 2019, 6:45 pm
$
0
0

Hello all, I apologize if this has been answered somewhere, but after searching through the internet for half a day yesterday I've been unable to find anything for a few questions I've had. I would appreciate if anyone can help me out! I'm fairly new to this and currently trying to understand RSAT. I'm currently using it on Windows Server 2003 R2, but likely to test it on other systems in future.

1.) After installing RSAT, where is its file path? I have tried C:/Program Files/Microsoft but it is not there.

2.) What registries are affected and/or modified if I install RSAT on a Windows Server? (Currently testing on Windows Server 2003 R2)

3.) Are there any documentations on RSAT? The one I found on the Microsoft Docs website has not been very helpful. I've already have it installed but I would like to know understand the tool.

Thank you for taking the time to read this.

Long logon Outlook and TCP resets from DCs

March 26, 2019, 9:51 am
$
0
0

Hello!

We have a Terminal Server where published Outlook.

When user logon on server and use Outlook with the same user account - everything is all right. But when we use another account in Outlook (another from that we used to logon to server), it waits 20 minutes and then logons. In Wireshark traffic we see that server tries to bind with DC located in its Site on port 88, but then DC sends TCP Reset to it. After that Terminal server sends bind join request again and binds. But then goes to other DCs from different Sites, many of them are unavailable. I checked 88, 3268 and 389 ports with telnet on first DC, all they opened. All subnets linked to right Sites. Why Outlook tries all DCs in all Sites to authenticate? Or may be find Exchange Server?

Thank you.

adding new secondary domain when the secondary domain failed

April 1, 2019, 8:58 am
$
0
0

the company I work for used to have two domain controllers with server 2008 functional level. the server which holds the secondary domain has failed and I'm trying to deploy another secondary domain with server 2012 r2. when I try to promote the DC I get the following error.  "Adprep failed to verify whether schema master has completed a replication cycle after last reboot.
[Status/Consequence]
The schema is not upgraded.
[User Action]
Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20190401184827-test directory for possible cause of failure"

how can I fix this and add a secondary domain?

Viewing all 31638 articles
Browse latest View live
Search