Interactive logon: Message text for users attempting to log on
I´m tryingo to create a multi-line warning as a disclaimer
So, i´m using a "point" or a "line" as "blank line"
Recently i tried to use ALT+255 as a substiture, but things got weird! All lines were gone! vanished and the policy was empty after the first ALT255 symbol.
So..
What can i Do to avoid this? How can i have blank lines in the disclaimer, insted "placeholders"?
Appologies in advance as I know there are already a lot of threads on this topic, however I have followed everything I can find and I'm still having an issue.
Basically, if I do nslookup mydomain.com I get back a list of IP address, one of which is a domain controller I have recently (last few months) decommisioned. This DC was 'cleanly' DCPROMO'd and removed from the Domain. Since then I have looked in and removed/checked from the following:
Any pointers would be most appreciated.
Hi ,
We have one way trust between forest A and B.
A trust B
When users from B log on to A ,user policy from both the domain are not getting applied.
Enabled below settings in Forest A :
Loopbakc processing : Merge
Allow cross domain policy processing and roaming profile
Still no luck.
Please help me
Hello Team,
Currently I am monitoring directory service health for multiple DC at my prod environment. Through PowerShell I got the list of 166 counters (from Win 2016 server)that can be monitored. But unfortunately I am not aware about the safe / considerable value for each counter. Could you please help me by guiding which counters I should monitor and the safe value for them. I hope you already have the counter list, so I'm not mentioning those here, if required I can share it, please let me know.
Also for memory and disk performance if you can suggest me some counters with safe value, it will also be very much helpful for me.
Regards,
Roy.
i would like to know if there is any updates on split a domain controller in to two different domains and split the users to be two different entities.
the reason is our company split in to two companies and i want to half of users to the new one and i want to retain the same services .
Hello Experts,
Assuming I have two sites i.e. Site A and Site B...Site A has the primary domain controller with the all the FSMO roles while Site B has a domain Controller that replicates from the Site A domain Controller.
Eventually, I want to make Site B DC the primary DC and move all the FSMO roles across to it. Do need I update the replication settings and make Site A DC to replicate from Site B DC or no modification to the replication settings is required?
Hi I'm planning to upgrade some servers in our client's IT environment. They got few domain controllers across the network sitting on different sites and they are configured to replicate. Some of the servers run Server 2008R2 and some run 2012 OS. I need to now what is the recommended method to upgrade those servers. All servers virtualized and run on VMware hosts.
My 2 options as follows:
or is there any other suggestion ?
Please let me know if you got any questions.
Thanks in advance.
Janindu
Janindu Nanayakkara
Hello :)
I am trying to obtain a more accurate way of working out the RAM for a domain controller, I know RAM is relatively cheap and I could therefore just add more RAM ant not think about it too much. However I do want to understand certain aspects of the OS to determine the RAM in a more granular fashion.
Question
If I have two sites, where one site has a domain controller with say 300 users connecting to the domain controller (Server 2019), and another site where 6000 users are connecting to the domain controller. It would seem logical on the surface the latter server
may require more RAM.
For example does each connection to the domain controller by a client (secure channel so the client can download group policies etc.) require a small amount of RAM? (possible the LSASS.exe require some extra RAM for each incoming connection it has to deal with/maintain)?
Also, once a user has connected to a domain controller, authenticated (TGT, TGS) and download their computer/user groups policies from the DC, does the client connection remain open? e.g. TCP/Secure pipes connection still active and therefore may require memory to maintain the connection (as asked above), or is the connection torn down and re-established when the client needs to go back to the DC to another TGS or to renew the TGT for example ?
Is there perhaps a performance counter in Windows that shows he amount of RAM taken up by each connection to the Server ?
Any help and advise, most welcome
CXMelga
We replicate a number of vital PROD servers to our DR site and are having a major issue. In the DR site, there is a domain controller (not the PDC) which syncs with the domain controllers in the PROD site so it is always up-to-date.
I our tests we failed over our PROD servers to the DR site and found that the domain controller in the DR site, when rebooted, takes around 90 minutes to boot up and gets stuck at the "Applying Group Policy" screen.
Looking at the logs, I can see EVENTID 3096, "The primary domain controller for this domain could not be located" and I feel that this is the reason the DR domain controller is taking so long to boot.
Is there a fix for this - where we can stop the DR domain controller from looking for the PDC??
The DR domain controller is Windows 2008 R2. Thanks.
EDIT:
I just found out that the domain controller is set to DHCP for an IP and it does not look like it found a DHCP server!.
| +-- JDMils |
We are migrating AD account of organization from Windows server 2003 to 2016 along with Outlook Email Exchange. Post that we have to perform UAT, OAT, Load Testing. Can anyone help us to collect the testing points, what should we test as part of UAT, OAT and post few bullet points about the generic test cases of AD migration. thanks.
Hallo,
we have an offline Root CA and two subordinate CAs. I renewed the SubCA certificates but made a mistake. I renewed the CA certificates once more with the right parameters. Now the "wrong" SubCA certificates are still in configured in the SubCAs. The new CAs are used for issuing new client certificates but the "wrong" certs are still published to the AD, at least inthe AIA information. I revoked the "wrong" SubCA certs in the root and issued a new revocation list. Looking at the options of the SubCA, the revoked certificates do not show as revoked. There are other previous SubCA certificates which are shown as revoked but are not in the revokation list!?
Any idea how to get the Certs to revoked?
Thanx
__Leo
Hello all, I apologize if this has been answered somewhere, but after searching through the internet for half a day yesterday I've been unable to find anything for a few questions I've had. I would appreciate if anyone can help me out! I'm fairly new to this and currently trying to understand RSAT. I'm currently using it on Windows Server 2003 R2, but likely to test it on other systems in future.
1.) After installing RSAT, where is its file path? I have tried C:/Program Files/Microsoft but it is not there.
2.) What registries are affected and/or modified if I install RSAT on a Windows Server? (Currently testing on Windows Server 2003 R2)
3.) Are there any documentations on RSAT? The one I found on the Microsoft Docs website has not been very helpful. I've already have it installed but I would like to know understand the tool.
Thank you for taking the time to read this.
Hello,
The active directory replication between our RODC sites are suddenly stopped with below error codes.
Error Code: 1256
Message: Replication error 1256 The remote system is not available
Error Code: 1396
Message: Replication error 1396 Logon Failure The target account name is incorrect
But in AD configurations we have not done any changes recently. The writable DCs are replicating without any issues. Please help me to fix this issue.
And below is the error throwing when seeing the properties of server in AD sites and services.
Thanks,
Prabu
Hello everybody,
I have windows server 2012 domain controller, and I have another server will be function as as RODC.
I promoted the server to be RODC server, the promotion was successfull and first i can see in domain controller by using repadmin /replsum. After several time, i checked it again by using repadmin /replsum and i cannot see my new RODC.
my domain controller and RODC are in same segment IP address.
I have tried to reinstall but still same problem.
Please help us to solve it.
Thank you.
Dodi.
Hello
We map disc not like letter (D:\ etc), but use Mount to NTFS folder. When I create DFS namespace at this disc (for example c:\storage\DISC1\test_DFS) and perform restart of service DFS (or restart server), we could observe new folder with strange symbol in name (겱Test01).
And new folders coming in every next service restart. We are sure it is bug in DFS namespace.
Preview of this issue below.
Is there a chance to resolve this problem?
Zdenek
Zdenek Mozis
Hello Everyone!
I am in the process of progressively life-cycling my domain controllers that are also DNS servers with active integrated zones.
During the life-cycle process we demote the original DC and DNS, and then promote a new DC and DNS with the same name and IP. This for the most part avoids many changes like firewall rules, configuration changes to DHCP scopes and other stuff.
However, as my workstations and servers are currently configured with the DNS of the original domain controllers I will be life-cycling, I want to know if during the DC promotion process (we install DNS at the same time), will DNS start responding to clients (before full replication is completed) with an empty database or incomplete zone replication? If so, this could cause some downtime issues!
Does anyone know if this is an issue?
Best regards
Ernie Prescott
Ernie Prescott
Hi there,
I faced an issue while trying to detect legacy user accounts in MS AD environment. I used PS tool to load all active users with "LastLogonDate" property and found out that only few users have this feald filled in, most of the users have it empty. Further I looked at all properties of the accounts with empty "LastLogonDate" and saw that they lack any timestamps (created, modified, lastbadpassword, etc.). No time information at all!
I have one-forest-one-domain infrastructure with two DC's. Forest level is 2008, domain level is 2012. DC are under Win2k16. I requested all DC's and the response is the same.
Could anybody advice where to dig in further. Thanks in advance.
Hello,
I have users in domain MSB, but computers (where users log in) are in different domain MSA. I cannot change that, it by design.
I needed to setup profile redirect, drive mappings, etc. These settings are part of user policy, so I had to enable loopback processing. This works fine as expected.
How can I disable policy (e.g. profile redirect) processing for local users only? I need to have local user on these computers since they are portable.
Can you recommend me possible solutions? I have an idea to run logon script where some settings can be changed for local user, but I am not sure whether this is proper solution.
Thanks in advance!!
Hello All,
We have one domain with default domain controller policy and other custom GPO. Both have certain common settings, Custom GPO is above the DDC policy in link order.
Any common settings between DDC policy and custom GPO, Custom GPO should take the precedence as per the link order.
Currently it is applying the settings as per the link order precedence, However, we are getting a red mark in RSOP with the below errors details.
The Policy engine did not attempt to configure the settings. For more information, see %Windir%\security\logs\winlogon.log on the target machine
Kindly Suggest
Hello,
We are looking at deploying a fleet of laptops.
Currently our desktop users have Folder Redirection and DFS.
We would like to utilize this for our laptops, but with the added feature of offline files for when they are not connect to the network.
I have created a group policy and enabled offline files, and when logging into the network on a laptop I can see that this looks like it works.
While offline, if I create a new file and connect back to the network the file disappears.
If I modify a file that was created online, the changes sync fine.
Does anyone have any experience with this kind of setup? Is there something/somewhere I can look to see where these files are going and what is causing this? I suspect it is DFS - I think I must be missing something.....
thanks.