Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

RSAT not showing under Windows features

$
0
0

Hello

I have a colleague who is experiencing problems with getting the  Remote Server Administration Tools in his windows features. We have followed the installation proccess for RSAT windows 10, and everything goes smoothly. However, after the required restart, active directory does not show up when searching for it.  When trying to enable RSAT in Windows features, there is no "Remote Server Administration Tools". When searching for a solution, it was suggested to delete the english language package and reinstall it. This did not solve the issue. Active directory isessential for some work tasks, so we really need to solve it.

Kind regards

Hakan


how to Migrate AD LDS (ADAM) from 2008 R2 to 2006

$
0
0

Hi,

I am trying to migrate AD LDS from 2008 R2 server to 2016 server. When i tried to install ADLDS on 2016 server from 2008 R2 server I am receiving below error

Active Directory Lightweight Directory Services could not enable the optional features that are enabled on the remote AD LDS instance.
Error code: 0x800720ee
The directory service encountered an internal failure.

Can somebody know what could be the issue?Are there any guidelines for 2008 to 2016 migration for ADLDS

Thanks,Venky



unable to browse 2008 sysvol from 2019 DC

$
0
0

I am getting an login prompt and "Access is denied." message when trying to browse \\2008DC\sysvol from a newly built 2019DC.

  1. We have an old test environment with 2008 DC (single DC and not R2 version).
  2. The forest level was increased to 2008 and FRS migrated to DFS-R.
  3. New 2019 box promoted to DC with no issues.

Any idea what may be causing the prompts?

bulk import / create users

$
0
0

hello , 

i'm looking for a very basic power shell script to create some users in bulk . 

i found a script but i'm getting some errors , i just want to confirm i'm using the correct syntax., 

i already have all my users in a CSV file. 

How to use AD password policy to restrict some characters of login password

$
0
0

Dear Support, 

Could we use AD password policy to restrict the users using some pattern of characters as the login password (e.g. Company Name)?

Thanks!

Best Regards, 

Daniel

Delegate Control

$
0
0

Hi All

I want to delegate rights to a user who can modify user attributes in AD i.e
(For example FirstName Last Name, Display Name, OFfice, Job Title, Dept, Manager,Employee id) 
Apart from these user can enable or disable the account, reset password, create and delete user account.
Experts guide me on this.

Chrome Single Sign on not working correctly.

$
0
0

Hi Everyone 

I have an odd one for you all. 

we migrated to O365 for SharePoint and Outook however the new core Corporate  system was designed for Chrome so this has become the default browser for most users.

This has lead to the following issue

when users on the corporate network try to sign into the corporate sharepoint for there are prompted to select there user name from the list it then signs them as expected.

Are getting a lot of complaints about this as we have moved our corporate intranet to sharepoint and this opens when chrome opens so users are getting prompted 2 or3 times a day.

we thought adding Chrome to WIA would work but this hasn't resolved the issue.

(worth noting we have found a work around if I sign the user in on an external network they get the "do you want to reduce the number of times you sign in" prompt if you click yes this caches the token and they no longer get prompted externally or on the corporate network. for is it's ideal as I have 2,500 desktop users with no access to an external network) 

so I need a method of either fixing chrome of forcing the reduce sign-ins prompt for all users. 

Thanks in Advance 

 

Group Policy Object is being applied but I cannot find it in SYSVOL\DOMAIN.edu\Policies

$
0
0

Hello Experts, please see event log error below. I am seeing this GPO applying to our desktop PC's with a warning, but I cannot find it in the sysvol\domain\Policies folder. Any idea where it is coming from? We also don't have Folder Redirection enabled so how is this being applied?


ADFS V3.0 Error 503 with urls

$
0
0

We are setting up and testing adfs version 3.0 on windows 2012 r2.

If I goto the following url's it works

https://adfs.domain.com/adfs/ls/idpinitiatedsignon.htm

https://adfs.domain.com/federationmetadata/2007-06/federationmetadata.xml

https://adfs.domain.com/adfs/services/trust/mex

But if I goto

https://adfs.domain.com/adfs/adfs/services/trust

https://adfs.domain.com/adfs/adfs/ls

https://adfs.domain.com/adfs/adfs/ls/federationserverservice.asmx

I keep getting error 503 errors. with event log entries for 364

Microsoft.IdentityServer.RequestFailedException: MSIS7065: There are no registered protocol handlers on path /adfs/ls to process the incoming request.
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

Forgot to say this is from the internal and external network I get this error

Microsoft network client: Digitally sign communications (always) set to Enabled

$
0
0

Hi

We are in the process of hardening Windows 2016 Domain Controllers. What are the precautions that we need to take before applying the setting Microsoft network client: Digitally sign communications (always)' is set to Enabled. Do we need to configure server side as well if we enable the client settings : -Microsoft network server: Digitally sign communications (always) is set to Enabled.

Thanks in advance


LMS

Bginfo and active directory attributes

$
0
0

Hello,

As you know the "Bginfo" use to set the computer and user information on the workstations standalone or domain users desktop's background wallpaper.

i'm thinking if i can add some of the user AD attributes on the user desktops like their "employeeID".

how can i let the Bginfo sync that attributes with the user AD?

hope you can help me.


Unable to load the specified offline registry hive when rejoining the domain

$
0
0

I have a Windows Server 2008 R2 Ent member server that we needed to clone. So we removed it from the domain, cloned it, and when we went back to join it to the domain it we get a error:  

The Following error occurred attempting to join the domain:   Unable to load the specified offline registry hive. Please ensure you have access to the specified path location and permissions to modify its contents. Running as an elevated administrator may be required.

There is nothing in event viewer and no other error message then this. I can look at my domain controller and i do see a computer object is created but its like the member server either never gets the message that its done or it can't write to the registry.

I've disabled the firewall. I've tried to verify permission in regedit, to the best i know, and i still get this error.

We have also tried multiple local user accounts, multiple domain admin accounts, renamed the server, changed the workgroup its in. even ran a few registry cleaners.

Nothing works.  I need help since this server has to be online 6am Monday morning.

Group policy not able to applied on clients system

$
0
0

Dear Support,

We are unable to applied group policy on clients system so please help us to resolve the same.

Regards,

Itsupport

Expire a certificate on a single computer

$
0
0

Hello,

We have enrolled a certificate to a group of computers. Now we want to expire the same certificate on a computer to test an application functionality. How can I expire the certificate?

Thank you

Need LDIF file for the following information - Need to create attribute "NTLMID" in existing user class

$
0
0

Please help me to get  LDIF file with the following details

Class : user  ( Existing Class)

Attribute name I want to create is : NTLMID ( This is new attribute )

Domain Details :

dn: CN=NTLMID,CN=Schema,CN=Configuration,DC=infra,DC=jivehosted,DC=com


Thanks, Ram Ch


AD Upgrade VS Consolidate

$
0
0

Hello,

We are looking forward to Consolidate as well as upgrade our active directory. Below is the scenario region wise:

a. 1 root domain, 2 child domains-- 2008R2

b. 1 domain - 2008R2 - separate forest with no trust relationship with a.

c. 1 domain - 2008r2, 1 domain - 2016, both separate forests no trusts b/w themselves or any other regions forest.

What should be our approach? 

1. Upgrade all DC in every domain and then migrate to root domain in region a.

2. Migrate all AD objects to root domain in region a and then upgrade DC to 2016.

3. Create a new greenfield AD with 2016 and migrate everything over there

4. any other approach that we do not know of?

ADMT migration

$
0
0

Hi Experts,

Currently, we are using ADMT to migrate computers from source forest to destination forest.

However, we have 100 Mac joined to the source domain also and200 surfaces which in workgroup status. Does any one know how can i migrate these Mac and Surfaces as well to the destination domain. How would i solve this kind of situation

Regards,

Sky

Active Directory users and SAS Application

$
0
0

Hello ,

we are preparing to integrate our Active Directory into our SAS application for authetication .the authetication done by a SSO application but i'm worry about active directory users synchronization .im' worry if i change the name for user in active directory then when he is autneticated to do application may be he will lost the history data because the name changed .So the question , how can  do even i change the name of user i can keeped the history , witch attribute can not changed even we change the name ?

Regards

Problem with promote windows server 2016 to be a domain controller

$
0
0

Hi,

I've got an error while I was trying to promote windows server 2016 as a domain controller. Here it is:

I've tried this command :

net user Administrator /passwordreq:yes
and set a complex password on the local administrator account it didn't solve this error. How can I get rid of this error?

Thanks for your efforts and time.

Best Regards





OU delegation permissions

$
0
0

Hi, 

I am looking for OU default delegation permissions, which is created during domain creation/OU creation.

Any MS article related that default permission.

Thanks in advance.

Viewing all 31638 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>