Hello ,
did you know how can generate a certificate for a paloalto firewall from my AD CS 2012 R2 ?
Regards
↧
Generate a certificate for paloalto firewall
↧
User profile migration on new domain server - same domain name
Hi,
Due to a recent ransomware attack, my ADDS domain server has been compromised recently. So I am recreating a new ADDS server with domain controller and DNS role. On the new server, the domain/forest/netbios name all are same as the old one. Then I created the user with exactly same full name and same password assigned.
Now, when I try to login to the domain user on another computer, it creates a new user profile instead of going to the existing profile. Example is the previous user profile was like manjurul.NPOLY, but instead of going to the existing profile on the existing desktop machine (I had to rejoin on the new domain by leaving out of domain to workgroup then again joining the new domain, because it was giving a trust relationship failure issue). So a profile was created named manjurul.NPOLY.000 with completely new desktop, new browser profile everything new.
So what i did was, I used the tool ForensiT ProfWiz tool to merge both the old and new profile, then I get back to the required old profile on Windows 10 desktop. there were no data loss, however I had to sign in again on all the services and all the website on Edge/Chrome sites like gmail, facebook, etc.
For one to few machine it looks okay, ProfWiz does the tricks, however I have several 100 of machines which I need to bring to new domain server, and recreating or merging profile on each of them looks a tedious tasks. Is there any option to migrate automatically or any option so that a new profile does not get created instead goes directly to the old existing profile?
Note that, the server is a Windows Server 2008 R2, all users are using Windows 10 pro, and no roaming profile is configured.
Regards,
Abdullah
↧
↧
IP of old Domain Controller showing in nslookup
Appologies in advance as I know there are already a lot of threads on this topic, however I have followed everything I can find and I'm still having an issue.
Basically, if I do nslookup mydomain.com I get back a list of IP address, one of which is a domain controller I have recently (last few months) decommisioned. This DC was 'cleanly' DCPROMO'd and removed from the Domain. Since then I have looked in and removed/checked from the following:
- Removed it everywhere from Active Directory Sites and Services
- Deleted the computer object from ADUC
- Removed any A, CNAME, NS entry from the mydomain.com
- Removed any entry to it from _msdcs.mydomain.com - every and all subcontainers have been checked, no entry.
- Removed any entry of it in mydomain.com\_msdcs
- Went through every single reverse lookup zone and removed it from the NS records
- Running DCDIAG /v shows to trace of the DC
- repadmin shows no record of the DC.
Any pointers would be most appreciated.
↧
logs of power shell activity on active directory
Hi, i want to know how we can log the power shell and command prompt activity of an user on AD.
example: If a user fires a command on power shell or on command prompt. related logs will generate in the Event Viewer of that machine, but i need the related log for that activity on AD.
where can i find those logs on AD and can we dump them to any location on the AD.
Thanks in advance.
Regards
Rajesh
↧
Non-Transitive trusts
Can I setup a non-transitive trust between root domains within the same forest?
I have 5 domains within a forest. They are not child domains. All root domains.
I want to create a two way trust between:
Domain A and Domain B
Domain A and Domain C
Domain A and Domain D
Domain A and Domain E
I don't want Domains B, C, D or E to have any trusts between them though.
Is that possible?
↧
↧
Multi-Forest Domains and DNS Lookup
I am literally beating my head against a wall right now.
I have two forest domains with a cross forest trust. The issue is if Server A belongs to Domain A and tries to do a lookup on an IP in Domain B it will not resolve. So I put in conditional forwarders
for two servers in Domain B, still not fixed.
How are people doing this? Am I going to have to make manual records in reverse lookup conditional forwarders for this to work?
↧
nslookup returns incorrect non-authoritative server
Hi Gang,
We were setting up for an ADMT migration and have noticed in the target domain that executing nslookups for external domains return the incorrect non-authoritative server. It is entirely random, at times the server returns the correct non-authoritative but
99% of the time it does not.
So you know how it currently looks:
Source domain
Domain domain.co.uk
Additional primary zone = mydomain.com > delegated zone = corp (name servers are the three DC/DNS servers in corp.mydomain.com).
Conditional Forwarders (contains the three DC/DNS servers of corp.mydomain.com)
Target Domain
Domain corp.mydomain.com
Conditional forwarder (contains the DNS servers for domain.co.uk)
A nslookup in one of the three domain controllers in corp.mydomain.com returns the wrong non-authoritative zone. I need to append a period to enforce a route search e.g.
Nslookup from corp.mydomain.com domain for www.google.com returns incorrect non-authoritative dns server:
C:\Users\admt>nslookup Default Server: ukdsqdc01.corp.mydomain.com Address: 10.1.11.20 > www.google.com Server: ukdsqdc01.corp.mydomain.com Address: 10.1.11.20 Non-authoritative answer: Name: www.google.com.mydomain.com Address: 52.17.129.89
If I append a period, the nslookup now returns the correct non-authoritative server:
> www.google.com.
Server: ukdsqdc01.corp.mydomain.com
Address: 10.1.11.20
Non-authoritative answer:
Name: www.google.com
Addresses: 2a00:1450:4009:80f::2004
216.58.213.100I have tried unchecking:
Append parent suffixes of the primary DNS suffixes
And added the following DNS suffixes but no luck there:
. Corp.mydomain.com
In the primary zone of mydomain, there is an A record named www which points to 52.17.129.89. This is returned as the non-authoritative server or at least, I think it is if I do not append a period after the FQDN of the external domain/DNS name.
All DC/DNS servers in the target domain point to each other, then themselves and finally a loopback. This is not an issue in the source domain.
Do you guys have any advice?
Big thanks for reading my post!
Daniel
↧
emp id
Hi All i have excel sheet in the below format,where i have Samaccount Name and employee id. i want to import the csv file and update the employee ids for all the users. experts guide me on this
SamaccountName Employee id
user101
user202
user303
2. If i need to update the employee id for a single user plz help me with the powershell syntax
SamaccountName Employee id
user101
user202
user303
2. If i need to update the employee id for a single user plz help me with the powershell syntax
↧
DCdiag DNS Forw Failures
I'm working on replacing some legacy Windows Server 2003 R2 and Windows Server 2008 DCs with some new Windows Server 2016 DCs. Prior to adding or removing the DCs, I'm working to confirm AD health with basic testing. Repadmin /showrepl and repadmin /replsummary both run fine with no errors. Also, manual replication tests like simply changing AD user settings replicate fine across my single domain setup consisting of multiple AD sites and subnets. However, when I run specific DCdiag test for DNS, I'm getting inconsistencies in the tests. If I run dcdiag /test:DNS /DNSALL /e /v on a newly installed Windows Server 2016 DC, all tests complete fine for Auth Basc Forw Del Dyn RReg and Ext. But when I run this same test on a Windows Server 2003 R2 or 2008 DC, I get FAIL on Forw and WARN on Basc and RReg.
My question is why does DCdiag return healthy results when running on Server 2016 DCs but failures and warnings on Windows 2003 and 2008 DCs for DNS? And are Forw and RReg tests critical failures that will likely block the promotion of new DCs?
Here's the results of the tests:
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: wellspring.local houdc01 PASS WARN FAIL PASS PASS WARN PASS
atldc1 PASS WARN PASS PASS PASS WARN PASS
atldc01 PASS WARN PASS PASS PASS WARN PASS
arldc02 PASS WARN PASS PASS PASS WARN PASS
......................... wellspring.local failed test DNS
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: wellspring.local houdc01 PASS PASS PASS PASS PASS PASS PASS
atldc1 PASS PASS PASS PASS PASS PASS PASS
atldc01 PASS PASS PASS PASS PASS PASS PASS
arldc02 PASS PASS PASS PASS PASS PASS PASS
......................... wellspring.local passed test DNS
↧
↧
Windows Active Directory migrate from 2003 to 2016
We are migrating AD account of organization from Windows server 2003 to 2016 along with Outlook Email Exchange. Post that we have to perform UAT, OAT, Load Testing. Can anyone help us to collect the testing points, what should we test as part of UAT, OAT and post few bullet points about the generic test cases of AD migration. thanks.
↧
Split domain controller
i would like to know if there is any updates on split a domain controller in to two different domains and split the users to be two different entities.
the reason is our company split in to two companies and i want to half of users to the new one and i want to retain the same services .
↧
The Policy engine did not attempt to configure the settign. For more information, see %Windir%\security\logs\winlogon.log on the target machine
Hello All,
We have one domain with default domain controller policy and other custom GPO. Both have certain common settings, Custom GPO is above the DDC policy in link order.
Any common settings between DDC policy and custom GPO, Custom GPO should take the precedence as per the link order.
Currently it is applying the settings as per the link order precedence, However, we are getting a red mark in RSOP with the below errors details.
The Policy engine did not attempt to configure the settings. For more information, see %Windir%\security\logs\winlogon.log on the target machine
Kindly Suggest
↧
Offline files disappear when going back online
Hello,
We are looking at deploying a fleet of laptops.
Currently our desktop users have Folder Redirection and DFS.
We would like to utilize this for our laptops, but with the added feature of offline files for when they are not connect to the network.
I have created a group policy and enabled offline files, and when logging into the network on a laptop I can see that this looks like it works.
While offline, if I create a new file and connect back to the network the file disappears.
If I modify a file that was created online, the changes sync fine.
Does anyone have any experience with this kind of setup? Is there something/somewhere I can look to see where these files are going and what is causing this? I suspect it is DFS - I think I must be missing something.....
thanks.
↧
↧
DFS installation and connectivity issues
Good day Technet Team,
I am currently setting up DFS with replication on Windows 2012 R2, the share was established between two file servers however when specifying the namespace server an error is prompting the following error "Cannot connect to the lab.*****.com domain". The two file servers are existing on the same domain and the DFS feature was installed on both application servers. Can anyone assist?
↧
Replication time and Authoritative or Non-Authoritative Restore
Hi all,
Can anybody tell me what is exact replication time frame when we talk aboutAuthoritative or Non-Authoritative Restore of Active Directory? The key issue here is exact time: "not yet replicated" vs "already replicated" thing. I saw these docs:
Performing an Authoritative Restore of Active Directory Objects
Performing a Nonauthoritative Restore of a Domain Controller
How can I know if it has already replicated if I know the deleted objects have been there for 1h? 2h? 1/2 hour? What's thedefault replication interval?
Can somebody briefly elaborate on "not yet replicated" vs "already replicated" thing when we talk AD restoration of deleted objects?
↧
question about ad lds authentication in workgroup and replicated from active directory
Hello,
I have an application which is designed to use directory services for authentication and its network is not controlled by our organization..
I would like to know if I can deploy an ad lds instance which contains only a small part of user accounts allows to use this application and should be synced periodically with the actual active directory database,
I would like to know if it is possible and if there is any online manuals for that,
Thank you
↧
DNS Forwarder
Team,
Please share me best practice link for DNS forwarder.... Currently my infra configured directly pointing to public, which is not safe.
↧
↧
O365
Recently, My environment users are migrated from exchange 2013 to O365 cloud
Issue:
Most of the users facing frequently outlook updating more than two days
Please share troubleshoot steps or link to resolve
↧
AD Attributes -Object class posixaccount and posixgroup
Hi,
Was trying to integrate an application for which object class posixaccount and posixgroup is required.
1-Was not able to trace this attributes to user or groups (searched in "attribute editor" Tab for user and groups) where to find this attribute other then the schema editor(Already exist).
2-We have also configured an user custom attribute which I do not find in user's attribute editor, How do I add it(options with out using ADSI editor)
Rgs,
Sntsh.
↧
Generate a certificate for paloalto firewall
Hello ,
did you know how can generate a certificate for a paloalto firewall from my AD CS 2012 R2 ?
Regards
↧