RSAT not showing under Windows features

March 13, 2018, 8:45 am

≫ Next: how to Migrate AD LDS (ADAM) from 2008 R2 to 2006

≪ Previous: serivces won't start after promotion

Hello

I have a colleague who is experiencing problems with getting the Remote Server Administration Tools in his windows features. We have followed the installation proccess for RSAT windows 10, and everything goes smoothly. However, after the required restart, active directory does not show up when searching for it. When trying to enable RSAT in Windows features, there is no "Remote Server Administration Tools". When searching for a solution, it was suggested to delete the english language package and reinstall it. This did not solve the issue. Active directory isessential for some work tasks, so we really need to solve it.

Kind regards

Hakan

↧

how to Migrate AD LDS (ADAM) from 2008 R2 to 2006

March 5, 2019, 10:20 am

≫ Next: unable to browse 2008 sysvol from 2019 DC

≪ Previous: RSAT not showing under Windows features

Hi,

I am trying to migrate AD LDS from 2008 R2 server to 2016 server. When i tried to install ADLDS on 2016 server from 2008 R2 server I am receiving below error

Active Directory Lightweight Directory Services could not enable the optional features that are enabled on the remote AD LDS instance.
Error code: 0x800720ee
The directory service encountered an internal failure.

Can somebody know what could be the issue?Are there any guidelines for 2008 to 2016 migration for ADLDS

Thanks,Venky

↧

unable to browse 2008 sysvol from 2019 DC

April 17, 2019, 7:10 am

≫ Next: bulk import / create users

≪ Previous: how to Migrate AD LDS (ADAM) from 2008 R2 to 2006

I am getting an login prompt and "Access is denied." message when trying to browse \\2008DC\sysvol from a newly built 2019DC.

We have an old test environment with 2008 DC (single DC and not R2 version).
The forest level was increased to 2008 and FRS migrated to DFS-R.
New 2019 box promoted to DC with no issues.

Any idea what may be causing the prompts?

↧

bulk import / create users

April 15, 2019, 11:42 am

≫ Next: How to use AD password policy to restrict some characters of login password

≪ Previous: unable to browse 2008 sysvol from 2019 DC

hello ,

i'm looking for a very basic power shell script to create some users in bulk .

i found a script but i'm getting some errors , i just want to confirm i'm using the correct syntax.,

i already have all my users in a CSV file.

↧

How to use AD password policy to restrict some characters of login password

April 17, 2019, 8:51 am

≫ Next: Delegate Control

≪ Previous: bulk import / create users

Dear Support,

Could we use AD password policy to restrict the users using some pattern of characters as the login password (e.g. Company Name)?

Thanks!

Best Regards,

Daniel

↧

Delegate Control

April 17, 2019, 10:39 am

≫ Next: Chrome Single Sign on not working correctly.

≪ Previous: How to use AD password policy to restrict some characters of login password

Hi All

I want to delegate rights to a user who can modify user attributes in AD i.e
(For example FirstName Last Name, Display Name, OFfice, Job Title, Dept, Manager,Employee id)
Apart from these user can enable or disable the account, reset password, create and delete user account.
Experts guide me on this.

↧

Chrome Single Sign on not working correctly.

April 17, 2019, 3:16 am

≫ Next: Group Policy Object is being applied but I cannot find it in SYSVOL\DOMAIN.edu\Policies

≪ Previous: Delegate Control

Hi Everyone

I have an odd one for you all.

we migrated to O365 for SharePoint and Outook however the new core Corporate system was designed for Chrome so this has become the default browser for most users.

This has lead to the following issue

when users on the corporate network try to sign into the corporate sharepoint for there are prompted to select there user name from the list it then signs them as expected.

Are getting a lot of complaints about this as we have moved our corporate intranet to sharepoint and this opens when chrome opens so users are getting prompted 2 or3 times a day.

we thought adding Chrome to WIA would work but this hasn't resolved the issue.

(worth noting we have found a work around if I sign the user in on an external network they get the "do you want to reduce the number of times you sign in" prompt if you click yes this caches the token and they no longer get prompted externally or on the corporate network. for is it's ideal as I have 2,500 desktop users with no access to an external network)

so I need a method of either fixing chrome of forcing the reduce sign-ins prompt for all users.

Thanks in Advance

↧

Group Policy Object is being applied but I cannot find it in SYSVOL\DOMAIN.edu\Policies

April 17, 2019, 11:40 am

≫ Next: ADFS V3.0 Error 503 with urls

≪ Previous: Chrome Single Sign on not working correctly.

Hello Experts, please see event log error below. I am seeing this GPO applying to our desktop PC's with a warning, but I cannot find it in the sysvol\domain\Policies folder. Any idea where it is coming from? We also don't have Folder Redirection enabled so how is this being applied?

↧

ADFS V3.0 Error 503 with urls

February 23, 2015, 8:42 am

≫ Next: Microsoft network client: Digitally sign communications (always) set to Enabled

≪ Previous: Group Policy Object is being applied but I cannot find it in SYSVOL\DOMAIN.edu\Policies

We are setting up and testing adfs version 3.0 on windows 2012 r2.

If I goto the following url's it works

https://adfs.domain.com/adfs/ls/idpinitiatedsignon.htm

https://adfs.domain.com/federationmetadata/2007-06/federationmetadata.xml

https://adfs.domain.com/adfs/services/trust/mex

But if I goto

https://adfs.domain.com/adfs/adfs/services/trust

https://adfs.domain.com/adfs/adfs/ls

https://adfs.domain.com/adfs/adfs/ls/federationserverservice.asmx

I keep getting error 503 errors. with event log entries for 364

Microsoft.IdentityServer.RequestFailedException: MSIS7065: There are no registered protocol handlers on path /adfs/ls to process the incoming request.
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

Forgot to say this is from the internal and external network I get this error

↧

Microsoft network client: Digitally sign communications (always) set to Enabled

April 14, 2019, 11:25 pm

≫ Next: Bginfo and active directory attributes

≪ Previous: ADFS V3.0 Error 503 with urls

We are in the process of hardening Windows 2016 Domain Controllers. What are the precautions that we need to take before applying the setting Microsoft network client: Digitally sign communications (always)' is set to Enabled. Do we need to configure server side as well if we enable the client settings : -Microsoft network server: Digitally sign communications (always) is set to Enabled.

Thanks in advance

LMS

↧

Bginfo and active directory attributes

April 11, 2019, 11:58 am

≫ Next: Unable to load the specified offline registry hive when rejoining the domain

≪ Previous: Microsoft network client: Digitally sign communications (always) set to Enabled

Hello,

As you know the "Bginfo" use to set the computer and user information on the workstations standalone or domain users desktop's background wallpaper.

i'm thinking if i can add some of the user AD attributes on the user desktops like their "employeeID".

how can i let the Bginfo sync that attributes with the user AD?

hope you can help me.

↧

Unable to load the specified offline registry hive when rejoining the domain

March 11, 2012, 12:59 am

≫ Next: Group policy not able to applied on clients system

≪ Previous: Bginfo and active directory attributes

I have a Windows Server 2008 R2 Ent member server that we needed to clone. So we removed it from the domain, cloned it, and when we went back to join it to the domain it we get a error:

The Following error occurred attempting to join the domain: Unable to load the specified offline registry hive. Please ensure you have access to the specified path location and permissions to modify its contents. Running as an elevated administrator may be required.

There is nothing in event viewer and no other error message then this. I can look at my domain controller and i do see a computer object is created but its like the member server either never gets the message that its done or it can't write to the registry.

I've disabled the firewall. I've tried to verify permission in regedit, to the best i know, and i still get this error.

We have also tried multiple local user accounts, multiple domain admin accounts, renamed the server, changed the workgroup its in. even ran a few registry cleaners.

Nothing works. I need help since this server has to be online 6am Monday morning.

↧

Group policy not able to applied on clients system

April 11, 2019, 2:20 am

≫ Next: Expire a certificate on a single computer

≪ Previous: Unable to load the specified offline registry hive when rejoining the domain

Dear Support,

We are unable to applied group policy on clients system so please help us to resolve the same.

Regards,

Itsupport

↧

Expire a certificate on a single computer

April 15, 2019, 6:34 pm

≫ Next: Need LDIF file for the following information - Need to create attribute "NTLMID" in existing user class

≪ Previous: Group policy not able to applied on clients system

Hello,

We have enrolled a certificate to a group of computers. Now we want to expire the same certificate on a computer to test an application functionality. How can I expire the certificate?

Thank you

↧

Need LDIF file for the following information - Need to create attribute "NTLMID" in existing user class

April 16, 2019, 11:45 pm

≫ Next: AD Upgrade VS Consolidate

≪ Previous: Expire a certificate on a single computer

Please help me to get LDIF file with the following details

Class : user ( Existing Class)

Attribute name I want to create is : NTLMID ( This is new attribute )

Domain Details :

dn: CN=NTLMID,CN=Schema,CN=Configuration,DC=infra,DC=jivehosted,DC=com

Thanks, Ram Ch

↧

AD Upgrade VS Consolidate

April 18, 2019, 12:54 am

≫ Next: ADMT migration

≪ Previous: Need LDIF file for the following information - Need to create attribute "NTLMID" in existing user class

Hello,

We are looking forward to Consolidate as well as upgrade our active directory. Below is the scenario region wise:

a. 1 root domain, 2 child domains-- 2008R2

b. 1 domain - 2008R2 - separate forest with no trust relationship with a.

c. 1 domain - 2008r2, 1 domain - 2016, both separate forests no trusts b/w themselves or any other regions forest.

What should be our approach?

1. Upgrade all DC in every domain and then migrate to root domain in region a.

2. Migrate all AD objects to root domain in region a and then upgrade DC to 2016.

3. Create a new greenfield AD with 2016 and migrate everything over there

4. any other approach that we do not know of?

↧

ADMT migration

April 10, 2019, 5:29 pm

≫ Next: Active Directory users and SAS Application

≪ Previous: AD Upgrade VS Consolidate

Hi Experts,

Currently, we are using ADMT to migrate computers from source forest to destination forest.

However, we have 100 Mac joined to the source domain also and200 surfaces which in workgroup status. Does any one know how can i migrate these Mac and Surfaces as well to the destination domain. How would i solve this kind of situation

Regards,

Sky

↧

Active Directory users and SAS Application

April 12, 2019, 2:27 am

≫ Next: Problem with promote windows server 2016 to be a domain controller

≪ Previous: ADMT migration

Hello ,

we are preparing to integrate our Active Directory into our SAS application for authetication .the authetication done by a SSO application but i'm worry about active directory users synchronization .im' worry if i change the name for user in active directory then when he is autneticated to do application may be he will lost the history data because the name changed .So the question , how can do even i change the name of user i can keeped the history , witch attribute can not changed even we change the name ?

Regards

↧