dear sir,,,,
how can I protect or no other enterprise admin can reset my administrator password(the boss) if I have more than 2 enterprise admin so no body can reset or play with my administrator password in server 2003?? you know if some one have enterprise admin in active directory he can reset my administrator (the boss) password and you will lose to login.
Simon Weel
Hello All,
We are planning to upgrade DFL from 2003 to 2012R2
We are single forest and single domain, all our DC are 2012 R2.
Could any one tell us what precautions we need to take care off pro actively
we have lots of applicaiton which are authenticating using our Domain controller.
regards
Aamir Masthan
NA
Hello Everyone,
I have a windows 2003 server with Identity Management for UNIX role (unix attributes), Now i have enabled Identity Management for UNIX in another 2012 server. However, for the users who have unix attribute enabled from 2003 server is not updated in new 2012
server. Only users accounts having this issue and groups GID are synced from old server.
Anything i need to do to sync between these 2 servers ? or how can i fix this ?
Dear all,
Anyone know how to create a self signed certificate with Windows Server 2008 R2 AD CA that meet the requirement for Chrome, it kept reporting Subject Alternative Name missing.
Hi,
Is there any other way we can give RDP access to Domain Controllers? Since, when i promote a server as domain controller unable to login to those servers. When i looked the GPO's applied to the domain controller OU, nothing related to that access permission. Is there any other way we can check the policy or some other settings related to this?
Thanks in advance.
Hello Team,
Please help me we our some system in our network face trust relation ship error frequently randomly systems are facing trust relation ship error and user able to change password but not able to login on own desktop.
Hi!
We have two companies in our building, Company A and Company B. Company A has 50 client computers and one brand new DC (Win 2012 R2 Std). Company B has 5 clients and one established DC (Win 2008 R2 Foundation).
I work for Company A and I have the job of connecting all 50 clients to the new DC. Up until last week we had a workgroup set up and it has been my task to migrate our clients onto the domain. I have done 10 migrations of Win 7 machines so far, but three others seem to be unable to connect with the error: The specified network name is no longer available.
I have connected these successfully to Company B Domain Controller successfully so this seems to point towards Company A DC being wrong somewhere, but doesn't make sense as to why 10 other clients have connected fine.
Here are the troubleshooting steps I have taken so far:
I am in the Domain Admin group on Company A Active Directory
Computer Browser Service is running on server and affected client
Workstation Service is running on server and affected client
Server Service is running on server and affected client
To connect to the domain I have tried using the NetBIOS and the FQDN, I get the same error message.
NETLOGON service is enabled tried restarting - no difference
Windows Firewall is off
No AV installed at the moment. I have Sophos waiting to go on once the machine is hooked onto the domain.
DNS Reverse lookup manually created as it wasn't there
Tried ipconfig /flushdns /release /renew
NSLookup sucessful, can ping NETBIOS, FQDN of server and both client and server IP both directions
Affectted clients are configured with one network card.
I've been pulling my hair out for a few days on this one. Anyone have a possible solution for this.
Many thanks,
Matt
Background:
I inherited a W2k16 AD environment with 2 locations, and each location has 2 domain controllers( call them server1 and server2). In AD Sites and Services, there was only one site setup with all 4 dc's in it.
From what I can tell, the process to create sites for each physical location had already been started, but never completed. Subnets were defined, etc. I went thru one of the documents I found online, and setup sites for each physical location, (call it locationA and locationB), and moved the DC's out of the one site that was defined, into their respective locations that I just defined.
Now for the question - the replication pattern has changed, and I'm not sure that it is correct/fault tolerant - specifically concerned about the replication between the physical sites:
server1 at locationB is replicating to server2 at locationA
server2 at locationA is replicating to server1 at locationB
server2 at locationA is replicating to server1 at locationA
server1 at locationA is replicating to server2 at locationA
server1 at locationB is replicating to server2 at locationB
server2 at locationB is replicating to server1 at locationB.
Not being an AD guy, I'd appreciate any feedback on how to best organize the replication.
Thanks.
Greetings,
Trust you are doing well,
I am having a challenge here with redirecting HTTP and HTTPS requests. My domain name is equivalent to my website site - for example my domain isabc.com so my website as well www.abc.com. Before, my website didn't use HTTPS, so I just added an (A) record with valuewww which points to my website IP address, but now since HTTPS was activated, thewww part is removed from URL and I am not able to reach my website.
I was thinking to create another (A) record which has no value but the IP of my website, but I don't think it is right as it may also redirect some requests which supposed to go from end-user to the domain controller and it might end up badly because the requests might be redirected to the website.
Hi All,
I need some clarifications/suggestion on the below issue.
We have 3 domains in our environment and one is root domain (forest) and other two's are child domain. The root domain controller (2008R2) has PDC role and it's pointed to external NTP server. Have installed new server with 2012 OS and promoted as domain controller in root domain and transferred the PDC role from 2008R2 to 2012 and demoted the 2008R2 domain controller. After 1 day we received time sync issue. Is something related to this one or any breakup in the NTP communication from the root domain to child domain PDC servers?
I have recently demoted and removed our old Domain Controller for our environment. We now have two new Domain Controllers both running Windows 2012 r2. Things seem to be working for the most part on these two DCs, but I am working through a few Event Errors.
Here is the current issue that I am trying to work through:
EventID 2974
The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=ldap/WINDC1:1089
CN=AD Service,CN=Users,DC=xxx,DC=xxx
Value=ldap/WINDC1:1089
CN=AD Service,CN=Users,DC=xxx,DC=xxx Winerror: 8647
Thanks in advance for the help on this issue.
Hello,
I have installed Windows Server 2012 R2 on a temporary server because we are retiring old servers and have to have a Temporary Domain Controller. The server has an SSD installed. When installed AD DS on the server, I can not install because an error appears:"Verification of directory paths failed. The path does not point to a valid hard disk." I know many companies can run Windows Server on an SSD but I do not have a hard disk drive installed on the server. I have even tried plugging in an external HDD and pointing to it to store the directory files, but it will not accept that. Any ideas on why the server is being so stubborn?
Thanks,
Connor
Hi,
I'm running a server 2012 R2. Single server, DNS, File share with AD DS. small business, not a lot of users 5-10. Worked on cleaning up DNS records, and recently had some AD DS errors due to not cleaning out scavenging DNS and an old DC.
I am about to seize FSMO roles from a Dead (by almost 2 years - Long story) DC. I wanted to know what impact this might have on clients in current use. I would think little, as it is a dead DC, but want to be sure. If
Also, I want to ask as to whether I do need to seize every role that netdom query fsmo returns assigned to the old DC.
E.G. seize infrastructure master, seize naming master, schema Domain, RID Pool. seize pdc? Anything I should know about post FSMO seizing as well. Would really appreciate any advice on this.
Thanks.
Since enabling two factor authentication for two of my Office 365 accounts I am noticing that hourly Event 4771 is logged on my domain controllers for these accounts. No other accounts alert with this event ID.
I know it has probably something to do with the app password that Office 365 2FA requires you to use, but I cannot figure out how to get it to stop other than disabling 2FA which I do not want to do.
Additional Information:
Ticket Options: 0x40810010
Failure Code: 0x18
Pre-Authentication Type: 2
Any suggestions
hi experts,
i want to export all AD users whose properties changepasswordatlogon is set to 1 (see the screenshot below) to an CSV. how to do this ? thansk in advance.
I have problem that is occurring randomly to my Windows 10 workstations (it might be effecting Windows 7 computers too but I don't have any). This is a Windows domain with 3 Windows 2008r2 DC's and one Windows 2016 DC.
Symptoms:
1- network drives don't show up in File Explorer
2- the local shared c:\scans folder will not allow scanned files to be sent to it from the copier/scanner
3- when going to Computer Management, Local users and groups, Groups, any group with a domain account....the account is not recognizable.
The computer user is able to login and access resources. The user doesn't know anything is wrong but starts complaining about their network drives not showing up or they can't scan to their computer.
It is like the workstation has partially lost its connection to the domain.
Resolution: to temporarily resolve the problem I have been unjoining the computer from domain and then join it back again. This corrects the problem however, it is happening randomly to my workstations. Not all workstations. It has happened
more than once to some of them. I need to determine what is causing this. Thanks for any help.
A year ago I created a group policy called 'Domain Controller Audit Policies' and configured the 'Advanced Audit Policy Configuration\Audit Policies' to enable all the audit policies under DS Access for both Success and Failure. I verified that 'Audit Directory
Service Changes' is enabled. This GPO is applied to my 'Domain Controllers' OU.
I was confident that I would be able to gather the event logs when a computer object in AD was created, modified, move, or undeleted. At least until my company's security team wanted to know who deleted an important computer last night.
So I searched for Security event 5141 to find who made the change. Nothing on any of my 28 domain controllers. Horrified.
So red-faced I searched for Security events 5137, 5138, 5139, and 5141 on all my domain controllers. NOTHING.
I do see 5136 events for dnsnode changes but nothing else. No records of any other AD object changes. A medium sized company should have hundreds listed.
There must be a configuration that I am missing so we can capture events for computers, users, OU, etc.
Please advise.
In the part where Service Account Selection:
Since I am in a domain environment is it advisable to use a domain admin account?
The problem if using a domain admin account is that it is controlled by pam and passwords
change everyday. What will happen to my lds service with this situation?