Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

DC failed test Connectivity

June 9, 2019, 6:20 am
$
0
0

I have one doamin controller and an exchange 2010 

the domain controller has been shutdown unexpectedly 

running dcdiag I got the following  error 

   Testing server: Default-First-Site-Name\DC
      Starting test: Connectivity
         The host d0809978-b55d-47c4-af00-1a039773f55f._msdcs.marg.local could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... DC failed test Connectivity

******************************************************************

dcdiag /test:dns /v /s:<DCName> /DnsDynamicUpdate 

//////////////////////////////////////////////////////////////////

Running enterprise tests on : marg.local
   Starting test: DNS
      Test results for domain controllers:

         DC: DC.marg.local
         Domain: marg.local


            TEST: Basic (Basc)
               Error: No LDAP connectivity
               Error: can't read network adapter information through WMI
               Warning: The A record for this DC was not found
               Warning: The AAAA record for this DC was not found
               No host records (A or AAAA) were found for this DC

         TEST: Records registration (RReg)
            Error: Record registrations cannot be found for all the network
            adapters

      Summary of DNS test results:

                                         Auth Basc Forw Del  Dyn  RReg Ext
         _________________________________________________________________
         Domain: marg.local
            DC                           PASS FAIL n/a  n/a  n/a  FAIL n/a

      ......................... marg.local failed test DNS

what shall I do 

Search

forgot outlook pst file password

March 25, 2011, 4:19 pm
$
0
0
is there a safe pst password tool/site?  i got $100,000s lost product keys and business data in older emails with forgoten password!  HELP!!!!

Secondary DNS IP on single DC

June 10, 2019, 8:29 am
$
0
0

What’s recommended for a secondary NIC IP in an environment with a single physical domain controller? The primary is set to itself (127.0.0.1) but currently the secondary is blank.

Asking this because when I add in a public secondary IP on the domain controller NIC just in case there is a DNS problem and I’m not on site I can remote in via our RMM tool but when I do that and use let’s say 1.1.1.1 as the secondary DNS IP, when I run DCDIAG /TEST:DNS it fails the basc and rreg

                    Error:

                    Missing SRV record at DNS server 1.1.1.1:

                    _ldap._tcp.pdc._msdcs.domain.com

              Error: Record registrations cannot be found for all the network

              adapters

         Summary of test results for DNS servers used by the above domain

         controllers:

            DNS server: 1.1.1.1 (<name unavailable>)

              1 test failure on this DNS server

              Name resolution is not functional. _ldap._tcp.domain.com. fai

led on the DNS server 1.1.1.1

         Summary of DNS test results:

                                           Auth Basc Forw Del  Dyn  RReg Ext

            _________________________________________________________________

            Domain: domain.com

              DYDC1                       PASS FAIL PASS PASS PASS FAIL n/a

         ......................... domain.com failed test DNS

Domain Controller RDP Access Permissions

June 11, 2019, 5:31 am
$
0
0

Hi,

Is there any other way we can give RDP access to Domain Controllers? Since, when i promote a server as domain controller unable to login to those servers. When i looked the GPO's applied to the domain controller OU, nothing related to that access permission. Is there any other way we can check the policy or some other settings related to this?

Thanks in advance.

Unix Attributes not synchronized with other DCs

June 11, 2019, 6:58 am
$
0
0

Hello Everyone,

I have a windows 2003 server with Identity Management for UNIX role (unix attributes), Now i have enabled Identity Management for UNIX in another 2012 server. However, for the users who have unix attribute enabled from 2003 server is not updated in new 2012 server. Only users accounts having this issue and groups GID are synced from old server. 

Anything i need to do to sync between these 2 servers ? or how can i fix this ?

Advanced audit Policy Events Missing

June 6, 2019, 12:25 pm
$
0
0

A year ago I created a group policy called 'Domain Controller Audit Policies' and configured the 'Advanced Audit Policy Configuration\Audit Policies' to enable all the audit policies under DS Access for both Success and Failure. I verified that 'Audit Directory Service Changes' is enabled. This GPO is applied to my 'Domain Controllers' OU.

I was confident that I would be able to gather the event logs when a computer object in AD was created, modified, move, or undeleted.  At least until my company's security team wanted to know who deleted an important computer last night.

So I searched for Security event 5141 to find who made the change. Nothing on any of my 28 domain controllers. Horrified.

So red-faced I searched for Security events 5137, 5138, 5139, and 5141 on all my domain controllers. NOTHING.

I do see 5136 events for dnsnode changes but nothing else. No records of any other AD object changes. A medium sized company should have hundreds listed.

There must be a configuration that I am missing so we can capture events for computers, users, OU, etc.

Please advise.

Service account permission

May 28, 2019, 6:57 am
$
0
0

Hi guys,

Scenario: I have a service account that is granted permission to run a script on a server. I've noticed that when other users who are non-domain admin sometimes use the credentials for the account to run a script they get access is denied.

I come in and run the same exact script with the same service account credentials and it works. Funny part is once I run it and it works then when they try it works again till they have the issue again. The account is not locked, disabled or anything like that whenever this happens. Password is set to never expire.

This does not make sense to me because they are doing "run as" and using the same credentials I'm using.

Is there a permission that is needed from AD or maybe on the server for other users to be able to use the credentials?



Import DNS records from a .csv or .txt file

June 11, 2019, 10:38 am
$
0
0

Hi All,

Is there any way we can import the DNS records in the existing zone? I know there is a way do import it while creating the Zone from the .dns file. But want to know is there any after created the zone.

Search

AD Replication Error 1726

June 7, 2019, 8:16 am
$
0
0

Hello Experts,

While >Repadmin /replsummary the following errors appears

I have checked the port 135 on both replicating partners and it is open and there are currently no firewall rules blocking either. What other troubleshooting steps can I proceed with

Find identity of local group

June 11, 2019, 3:07 pm
$
0
0

How do I get identifying information about a Window Server local group?

Background.  We have installed Machine Learning Services for SQL Server 2017.  When you do, it creates a local group called "SQLRUserGroup".  This will create a service called LaunchPad that will spin up python or r sessions with an identify of MSSQLSERVER?? (numbered) which are members of the SQLRUserGroup.  We set up the login and permissions for the SQLRUserGroup on SQL Server and the process ran.

Getting closer to my question.  We did something (I'm not sure what, upgraded Python packages, reinstalled the Machine Learning Services).  At that point SQL Server no longer recognized the MSSQLSERVER?? logins as valid logins.

What I did to fix the problem was to drop the SQLRUserGroup login in SQL Server that we had created and recreated it.  Python worked great.

My theory is that the upgrade/reinstall created a new SQLRUserGroup local group that had a different internal id from the one that worked before the upgrade/reinstall.  I would have expected that the SQLRUserGroup would have a different internal id that would cause our loads to fail.

Here is where I am puzzled.  Before I dropped the SQLRUserGroup login, I recorded the SID that SQL Server recorded for that windows group.  After I created the SQLRUserGroup login I recorded the SID again and it was the same as it was before recreating the SQLRUserGroup login.

So, back to my question.  Is there some means (cmd line, PowerShell, gui, registry setting) that I can use to find out the actual internal identify of a Windows Local group?

Russel Loski, MCSE Data Platform/Business Intelligence Twitter: @sqlmovers; blog: www.sqlmovers.com

Problem to Deploy LAPS

June 10, 2019, 4:28 pm
$
0
0

Hello Everyone,

I'm with a problem when i try deploy LAPS in my infrastructure.

I looked for the solution here but in my case it didnt solve.

So when i use the "Update-AdmPwdADSchema" the error appears:

"Update-AdmPwdADSchema: An Operation error occurred.

At line:1 char:1

...

+CategoryInfo             : NotSpecified: (:) [Update-AdmPwdADSchema], DirectoryOperationException

+ FullyQualifiedErrorId : System.DirectoryServices.Protocols.DirectoryOperationException,AdmPwd.PS.UpdateADSchema"

I'm using the domain administrator account whitin the group Schema Admin.

I downloaded the LAPS from the official MS site and beforehand i installed and used the command "import-module admpwd.ps".

I'm using Windows Server 2016 and the firewall is disabled.

Anyone have this solution?

Thaks!!!




Please help

June 11, 2019, 4:58 pm
$
0
0
I have tried everything i cant find the hyper-v nor the rsat settings i have even tried to download the rsat i know i have hyper drive because it pops up but has no settings in the tab i have been to features and everything please help

Unable to Promote Secondary DC

June 11, 2019, 2:14 pm
$
0
0

When running the Post-deployment Configuration Wizard I am getting stuck on the following process:

"Creating the NTDS Settings object for this Active Directory Domain Controller on the remote AD DC ..."

The account that I used to Promote the Primary DC was causing an error last week and I deleted the servicePrincipalName information from attribute editor from this account by mistake. I am guessing that this may be the cause for this problem. Is there a way to either fix this account or make it possible to use another account to complete this Promotion process. 

PDC is Windows Server 2012 r2 as is the new server I am trying to promote. 

I am unable to remove domain controller manual.

June 3, 2019, 5:05 am
$
0
0

Hi Support,

I have remove the domain controller 2008 r2 and promote again but name is still showing and RODC unable to communicate with new Domain controller.

I have remove all the old domain controller from DNS and site & services and active directory pc but still when run the below command the showing old server name:

C:\Windows\system32>Repadmin /replsum
Replication Summary Start Time: 2019-06-03 17:31:11

Beginning data collection for replication summary, this may take awhile:
  .....................

Source DSA          largest delta    fails/total %%   error
 TEST-LAB-DC-01    01d.21h:01m:01s   47 /  47  100  (8524) The DSA operation is unable to proceed because of a DNS lookup failure.
 LAB-TEST-ADC-01           13m:20s    0 /   5    0
 LAB-TEST-DC-01            06m:22s    0 /  10    0

 

Remove the Old server TEST-LAB-DC-01 ip address 10.0.045

 Active Directory Domain Services did not perform an authenticated re
mote procedure call (RPC) to another directory server because the desired servic
e principal name (SPN) for the destination directory server is not registered on
 the Key Distribution Center (KDC) domain controller that resolves the SPN.
         An Warning Event occurred.  EventID: 0x8000059B
            Time Generated: 06/03/2019   14:43:45
            Event String:
            The Knowledge Consistency Checker (KCC) encountered an unexpected er
ror while performing an Active Directory Domain Services operation.
         An Error Event occurred.  EventID: 0xC0000B1B
            Time Generated: 06/03/2019   14:43:45
            Event String:
            The Knowledge Consistency Checker was unable to locate a replication
 connection for the read-only local directory service.  A replication connection
 with the following option must exist in the forest for correct FRS system behai
vor.
         An Warning Event occurred.  EventID: 0x8000059B
            Time Generated: 06/03/2019   14:45:56
            Event String:
            The Knowledge Consistency Checker (KCC) encountered an unexpected er
ror while performing an Active Directory Domain Services operation.
         An Error Event occurred.  EventID: 0xC0000B1B
            Time Generated: 06/03/2019   14:45:56
            Event String:
            The Knowledge Consistency Checker was unable to locate a replication
 connection for the read-only local directory service.  A replication connection
 with the following option must exist in the forest for correct FRS system behai
vor.
         An Warning Event occurred.  EventID: 0x8000059B
            Time Generated: 06/03/2019   14:46:13
            Event String:
            The Knowledge Consistency Checker (KCC) encountered an unexpected er
ror while performing an Active Directory Domain Services operation.
         An Error Event occurred.  EventID: 0xC0000B1B
            Time Generated: 06/03/2019   14:46:13
            Event String:
            The Knowledge Consistency Checker was unable to locate a replication
 connection for the read-only local directory service.  A replication connection
 with the following option must exist in the forest for correct FRS system behaivor.

We are facing issue user able to change password through own system but user not able to login on own desktop

June 10, 2019, 10:47 pm
$
0
0

Hello Team,

Please help me we our some system in our network face trust relation ship error  frequently randomly systems are facing trust relation ship error and  user able to change password  but not able to login  on own desktop.

Search

Create certificate for Chrome

June 12, 2019, 1:01 am
$
0
0

Dear all,

Anyone  know how to create a self signed certificate with Windows Server 2008 R2 AD CA that meet the requirement for Chrome, it kept reporting Subject Alternative Name missing.

DNS Issue - Can not find external web site

June 7, 2019, 12:27 pm
$
0
0
Recently moved location of website from 1 external hosting company to another.  My internal network is not finding the website after the move.  My NSLookup from the DNS server is pointing to the correct godaddy IP address.  I am getting 'page can not be displayed on my internal network.  I have an AD environment.  Everything has been working for over 2 years until I moved the website to a different hosting company.  I believe it is a DNS issue on the AD.  If I change the DNS IP on a workstation from AD IP to google 8.8.8.8 the website comes up fine.  However for the domain, I have to have the internal AD IP in the workstation DNS or it drops off the domain.   I have triple checked that I have a www   A record pointing to correct IP in my DNS.  I have rebooted routers and severs.  Need help on what may be the issue. 

rIdSetReferences missing from DC

June 6, 2019, 7:41 am
$
0
0

Hello tech world, I ran the following command on DC01 (however DC02 passed test RidManager), both are in the same site, both can talk with the Rid Master, all DC's ports are open, i.e 389,636,53,123,88,135,137,138,139,445,464,3268,3269

DCDIAG /Test:ridmanager /v

then got the following error:

Available RID Pool for the Domain is 64878 to 1073741823

FQDN is the RID master

DsBind with RID Master was successful

Warning: attribute rIdSetReferences missing from CN=server,ou=xx,ou=domain controllers,dc=xx,dc=xx,dc=xx

Could not get Rid set Reference :failed with 8481

The search failed to retrieve attributes from the database. Server failed test RidManager

Hide Hyperlink Of drive

June 7, 2019, 12:29 am
$
0
0

Hello

I created Home User in Active Directory,

I want to hide the URL of the Netwok drive

NB :attached herewith

network Drive : (\\CONTOSO.DZ\SHARE01\ ) (R:) ........> i wante to have this results in my network drive juste (R:)

Iwante Hide  (\\CONTOSO.DZ\SHARE01\ )

Think's




Linux computer lost trusted relationship

June 2, 2019, 9:32 pm
$
0
0

Hello,

Linux administrators use ADDS for user authentication and provide roaming profiles using samba. But for some reason computer broke trust with AD (or AD broke trust with PC). Linux administrator trying to explain the pattern:

On A computer

1.User logon and authenticate in AD
2.Try get profile, go to samba server
3.Samba using user credentials ask group membership 
4.AD give group membership
5.User sync his profile

If client try logon from other computer "B". Than AD begin not trust for "A" computer if user again come back on computer "A".

Possible for A computer answer DC01 and for B computer answer DC02.

What reason could there be?
Viewing all 31638 articles
Browse latest View live
Search