Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Dcdiag test failed on VerifyEnterpriseReferences

November 16, 2008, 9:16 am
$
0
0
I just upgrade 2003 Active Directory to 2008 version.
My 2008 Active Directory environment is just a single domain controller
Every thing seems to be fine.
After I execute dcdiag testing.
There is a failed test on VerifyEnterpriseReferences.
Follow is the error description :

[1] Problem: Missing Expected Value
Base Object: CN=AD2008,OU=Domain Controllers,DC=abc,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: msDFSR-ComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: Please See Knowledge Base Article Q312862
LDAP Error 0x20 (32) - No Such Object
....................... ......AD2008 failed test VerifyEnterpriseReferences


Does any one know what this problem is and how to solve ?

Thanks!!
 



Search

Enable Remote Desktop access for Domain user

May 15, 2019, 9:05 pm
$
0
0

On a newly setup Windows 2019 Server Essentials domain, a user requires to RDP into their workstation.

I have added the user to the Builtin Remote Desktop Users group but they are still unable to RDP into either the server or their workstation.

If I add them to the Builtin Administrators group they can RDP into the server, but not their workstation.

Any suggestions please?

LDAP connection on Domain Controller

May 15, 2019, 3:41 am
$
0
0

Hi,

Is there any tool/method to find the incoming LDAP connection for the specific Domain Controller. Also confirm is it possible to extract these data from logs rather than real time?

Thanks in advance.

Domain Controller shows SID with its Name

May 16, 2019, 5:39 pm
$
0
0

I recently migrated all the domain controllers in a multi site environment to Server 2016. In one of the sites one domain controller shows its name with some kind of a code (I believe its SID). Now it doesn't allow me to transfer fsmo roles to new server using the new server name (STWN-AD03), See attached. In sits and services and /replsummary also shows the server name with same name. 

I hope you can help me find what caused it. Like I mentioned this domain has 3 sites and changes replicated throughout all sites.

I was thinking replication delays might have caused it while I'm upgrading, because after upgrading Site A, I didn't check all changes are replicated to other 2 sites before moving on to Site B. Any thoughts? 

How can I fix this? I there any way without going for a fresh server? (because we already migrated a payroll application to the new server)

 

Janindu Nanayakkara

LDAP VIP name configuration

May 19, 2019, 6:11 am
$
0
0

Hi,

I have 3 sites UK,US,Germany each AD site contains 3 domain controllers so totally 9 domain controllers.

I want to create LDAP virtual name using 3 domain controller this should be done according to GEO region.

Three LDAP VIP name required to create LDAPUK.domain.com etc.,

So the application team can hardcode the nearest LDAP  VIP name for authentication and redundancy purpose.

If one LDAP server goes offline another LDAP server will respond the query help me to create VIP name in DNS

please assist with your answer.

ADMT account migration, proxy address?

May 18, 2019, 7:59 am
$
0
0

Hi Team,

I am migrating the account from one forest to another forest using ADMT tool. However , the ADMT tool can't migrate the proxy address. Does anyone know how to resolve it in this situation?

Thanks,

Jianggai

AD Schema update from 2012 to 2019

May 20, 2019, 7:19 am
$
0
0

HI All,

We are planning to update the AD schema from 2012 to 2019. Our environment still has domain controller 2012, exchange 2010. May I know if there is any impact if we just update the AD schema to 2019? Thanks

Replication access denied

May 12, 2019, 6:11 am
$
0
0

Hi Support,

We have two Windows 2012 Standard DCs.

We did not make any recent changes.

When checked replication today we have seen the below error

Repadmin: running command /showrepl against full DC localhost

Default-First-Site-Name\AD1

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 653b6bb0-39bc-4610-a4a7-b08248b940d6

DSA invocationID: 86a9e6b9-5f25-47f9-9147-3d8a13a108f1



DsBindWithCred to localhost failed with status 5 (0x5):

    Access is denied.

The other DC, AD2 is fine. That dc is having inbound replication from the problematic DC. AD2 is the primary DC.

Please let me know how do I troubleshoot this.

Search

AD Delegation

May 14, 2019, 2:15 am
$
0
0

Dear All,

I did delegate a user to reset domain user passwords and modified their properties, he can do his tasks on majority of domain users but not for others. I did check those users and they'r member of a security group " technical support" which has the privileges to do remote desktop on domain computers and also member of domain computers. All members of that group are having admincount 1, and as my understanding even i remove this value it well added back after an hour. I did add that user to same group" technical support" and he's admincount 1 but still he can't reset any member of that group. Enable inheritance is disabled for those users as well, i did enable it but it disabled again. Is there is any way to let that user to reset all members on that group.

Thank You

Logon issues when pending reboot/shutdown on domain controllers

May 14, 2019, 12:43 am
$
0
0

Is it safe to stop the Netlogon service before shutdown on domain controllers? We are experiencing logon issues with some applications (mostly BizTalk) when automatically patching our DCs using Windows Update.

Event 6913 can be seen in the BizTalk Server log.

An attempt to connect to "BizTalkMgmtDb" SQL Server database on server "BIZTALKDBSERVER" failed.
 Error: "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication."


I’ve read about others experiencing the same issues here:
 
https://blogs.msdn.microsoft.com/biztalknotes/2013/08/22/biztalk-hosts-fail-when-domain-controllers-are-rebooted/
https://support.microsoft.com/de-de/help/2683606/domain-members-fail-authentication-when-domain-controller-is-shut-down

https://blogs.msdn.microsoft.com/biztalkcpr/2009/02/11/do-you-see-the-following-errors-on-your-biztalk-server-every-time-you-reboot-your-domain-controller/
 
Also, from what I can find on the matter, it has long been a problem that domain controllers stop dealing with authentication requests before reboot/shutdown. Shouldn’t this be fixed from Microsoft? Of course we can all set up scheduled tasks via GPOs, however that is no real solution to the actual problem.
 
Thank you.


Edit:

Maybe I should add some info about our environment in case anyone would actually work on this:

DCs running 2016 server

BizTalk 2013 R2 on 2012 R2 server

SQL 2014 on a 2012 R2 server

How to add Windows 2012 R2 as new domain controller in the existing Windows 2008 R2 domain.

May 14, 2019, 4:52 am
$
0
0

In our environment we had three domain controller as single forest and all the servers on windows 2008 R2, one is located at branch office in different region, two at Head Office among which one is PDC. Additional DC has crashed today ( Hardware failure), now i am planning to have Windows 2012 R2 DC on new Hardware. kindly suggest the best practice to achieve this. kindly note i had Wins and Certification authority also on the crashed server.

Domain account - Bad password count display in user display

May 14, 2019, 9:01 pm
$
0
0

Hi, 

In any option available to show the domain user login display no of attempt left to login or bad password count

Please help to update the query 

Certificate Services Migration

May 22, 2019, 12:04 am
$
0
0

Can we migrate Certificate services from one domain to new domain.

we are planning a green field hybrid AD .. and migrate all our different ADs to one New AD?

is there a migration plan available in such scenario or should we setup new ADCS role in new AD?

#adcs  #pki #CERTIFICATE #AUTHORITY

How to assign Admin Rights Only for their on Computers in Active Directory?

May 21, 2019, 5:10 am
$
0
0

Dear Team,

Here i need 2 Helps from everyone

1>How we can assign the computer to particular owner for configuring admin rights?

Example : PC-1 should be assigned to John

2> How to configure admin rights only for their particular computer by using Active Directory Group Policy?

Example : PC-1 is used by John , so john should have admin rights on his PC, if john trying to login in to PC-2 he should not have admin rights on that PC

Waiting for the response 

Regards,

Aghil


DNS

May 22, 2019, 1:39 am
$
0
0

Hi Team,

How to find the Duplicate DNS entries in DNS server . If there any script, please share the script.

Regards,

Yogesh

Search

Enable Remote Desktop access for Domain user

May 15, 2019, 9:05 pm
$
0
0

On a newly setup Windows 2019 Server Essentials domain, a user requires to RDP into their workstation.

I have added the user to the Builtin Remote Desktop Users group but they are still unable to RDP into either the server or their workstation.

If I add them to the Builtin Administrators group they can RDP into the server, but not their workstation.

Any suggestions please?

forgot outlook pst file password

March 25, 2011, 4:19 pm
$
0
0
is there a safe pst password tool/site?  i got $100,000s lost product keys and business data in older emails with forgoten password!  HELP!!!!

RSAT Active Directory Amin Center is not opening for me

April 25, 2019, 1:01 pm
$
0
0

I am running Windows 10 version 1809. 

I have ran the downloads and installed (WindowsTH-RSAT_WS_1709-x64.msu,WindowsTH-RSAT_WS_1803-x64.msu, and WindowsTH-RSAT_WS2016-x64.msu)

I have followed all the instructions in the Windows support material named "Remote Server Administration Tools (RSAT) for Windows operating systems"

When I search for and find RSAT Active Directory, I click on it, and nothing happens.

Any suggestions would be great. 

Thanks

The only way I can open the RSAT Active Directory Admin Center is with an administrator cmd prompt

May 22, 2019, 7:33 am
$
0
0

I am an administrator on my Windows 10 PC.  If I want to open RSAT Active Directory Admin Center, I have to open a cmd prompt as an administrator and type.  I found the dsac.exe executable and right-clicked and selected run as administrator and nothing happens.

How to restrict access to certain attribute in Active Directory for Global Address List ( Outlook)

May 10, 2019, 6:34 am
$
0
0

He would like to add some personal employee information in Active Directory which should be accessible by only a few users in Outlook GAL on their phones. At present all telephone numbers , mobile phones are available to everyone when you search for a user via contact list on an iPhone. Once we add employee's home address we want only a few people to have access to that info when they search for the same person/s via GAL on their mobile or desktop outlook contact list.

Richard Ojel...

Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>