Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

AD single-value custom attribute returning as multi-valued in powershell

$
0
0

I have created several custom attributes in a test AD environment. Each is a single-valued unicode string that I have added to the user class. The first attribute I created works as expected. When I use get-ADuser -property CusAttribute1 I get back an object with type string. Every other custom attribute I have created I get back an object with type Microsoft.ActiveDirectory.Management.ADPropertyValueCollection.

Domain functional level 2008R2. I am able to extract the array to a string value in the select statement, but I don't understand why two attributes that were created in the same way are performing differently, and I don't want to have to extract the value from the array if I don't have to.

Get-ADuser someUser -Properties cusAttribute1,cusAttribute2 |gm

The expected result would be that cusAttribute 1 and 2 would have a type of String, but instead cusAttribute1 has a type of String and cusAttribute2 has a type of Microsoft.ActiveDirectory.Management.ADPropertyValueCollection and is an array with one value in it.


LAPS Implementation Issue

$
0
0

Good day, 

For almost 2 weeks I've been trying to implement LAPS in my company's small infrastructure. 
I've gone through the steps in the following tutorial:

https://blog.thesysadmins.co.uk/deploying-microsoft-laps-part-1.html
https://blog.thesysadmins.co.uk/deploying-microsoft-laps-part-2.html

I'm using 2 computers for testing purposes, one is a virtual machine running Windows 10 and the other a laptop running Windows 7. Here's what I've done so far:

- I extended the computer objects' schema to include the fields needed by LAPS; I then inspected the computer objects corresponding to my 2 tests subjects and verified that these attributed were indeed created.

- I delegated the necessary permissions to the computers through the Set-AdmPwdComputerSelfPermission cmdlet; I then checked the 2 computers' ACE list and verified that write permissions for AdmPwd and write/read permissions for AdmPwdExpirationTime were granted to the SELF trustee. 

- I delegated the permissions to read and reset passwords to the domain admins through the Set-AdmPwdReadPasswordPermission and Set-AdmPwdResetPasswordPermission cmdlets; I then verified these permissions through the 2 computers' permission entry lists. (I think this step is unnecessary since domain admins should have these permissions by default)

- I deployed LAPS.msi through GPO and verified that "Local Administrator Password Solution" was present in the 2 computer's Apps and Features list. I also verified that AdmPwd.dll was in the Program Files folder for both computers. 

LAPS doesn't seem to work, however. I, as domain administrator, get an empty field whenever I query a computer's password through the UI or through Powershell, and the password's attribute field in the computer objects remain empty. I've read many related posts here in this forum but have not been able to solve this issue.

The DC is running Windows Server 2012 R2 and the domain functional level is 2012 R2.

Do you have any idea on what could be going wrong?

Regards

Change Active Directory UID start number

$
0
0

Hello,  I accidentally add a few accounts with their uid numbers in the 500M when it should have been 50M.  Of course this has created a few headaches with some linux clients which I managed to change their UID numbers.  Now whenever I add a new account the UID sequence to the next number in the 500M range,  is there an option in Active Directory which will allow me to change the UID start number to the 50M range?

Any help is appreciated.

LouB

Software installation permission in all domain client machines

$
0
0

Hi team, 

In my organization every users need to install software's and application in day to day activities. Every time server administrator should involve this task. we need to give that only the software installation permission to one particular user but he wont access any other activities and modification in the Active Directory domain level. 

Is there any Group policies or any other solutions to overcome the issue. 

Thanks, 

Lee

No SYSVOL_DFSR on newly added Domain Controller

$
0
0

Dear Everyone!!

Please let's me ask some question relate to Sysvol DFSR on my domain.

Correctly my company have 3 DCs. DC1,DC2 is Head office and DC3 locate at DR office. we have setup new DC4 at DR office.

and i notices that DC4 no SYSVOL_DFSR. so what the issue on my DC4?

Noted: 

currently we are separate the role 

Schema master               DC-1.domain.com.kh
Domain naming master      DC-1.domain.com.kh
PDC                             DC-2.domian.com.kh
RID pool manager             DC-2.domian.com.kh
Infrastructure master        DC-2.domian.com.kh

Disabling SMBv1 on windows 2012R2 Domain controller

$
0
0

Hi,

I am having two Win2012R2 Domain controller and nine RODC in remote area. I have noticed that SMBv1 is enable (which is default settings) and as per our security team recommendations i want to disable the SMBv1 from our Domain Controllers. And our DCs are also running DNS service. My question is, will there be any impact on our domain if we disable SMBv1. 

Thanks.

[Windows 2016] SYSVOL - DFSR replication - backlog

$
0
0

Hey,

I have noticed that one of my servers is no longer replicating SYSVOL directory. I found the following warning in logs:

The DFS Replication service has detected an unexpected shutdown on volume D:. This can occur if the service terminated abnormally (due to a power loss, for example) or an error occurred on the volume. The service has automatically initiated a recovery process. The service will rebuild the database if it determines it cannot reliably recover. No user action is required. 

Additional Information: 
Volume: D: 
GUID: BAC2E4F2-0000-0000-0000-100000000000

The recovery seems to be completed but some folders are still not replicating and I see the following entries in DFSR debug logs. Any ideas how to fix that ?

20190704 20:21:39.630 26680 MEET  4567 Meet::GetParent -> WAIT Parent has not been validated from dirty shutdown recovery. parentUid:{E187213F-F72B-4CF4-BB3A-3BEA73C6346F}-v2854 updateName:Cadm uid:{E187213F-F72B-4CF4-BB3A-3BEA73C6346F}-v7431 gvsn:{7D83AF93-0ABE-4B30-9B1D-E54847EBFABB}-v49583793 connId:{614B1729-F0C1-4077-B2D7-EDCFD5D654B8} csName:SYSVOL Share csId:{07C7C576-0268-4F6A-9A25-7ECCB24442D2}
20190704 20:21:39.632 49692 MEET  4273 Meet::ProcessUid Uid related found uidRelatedGvsn:{B934E547-8525-466C-BD81-0AC4FAF433C4}-v3680 updateName:{C4446AE9-6CCA-4C42-A372-280F6549BBF9} uid:{7D83AF93-0ABE-4B30-9B1D-E54847EBFABB}-v1410067 gvsn:{7D83AF93-0ABE-4B30-9B1D-E54847EBFABB}-v49586589 connId:{614B1729-F0C1-4077-B2D7-EDCFD5D654B8} csName:SYSVOL Share
20190704 20:21:39.632 49692 MEET  6357 Meet::LocalDominates Remote version dominates localgvsn:{B934E547-8525-466C-BD81-0AC4FAF433C4}-v3680 updateName:{C4446AE9-6CCA-4C42-A372-280F6549BBF9} uid:{7D83AF93-0ABE-4B30-9B1D-E54847EBFABB}-v1410067 gvsn:{7D83AF93-0ABE-4B30-9B1D-E54847EBFABB}-v49586589 connId:{614B1729-F0C1-4077-B2D7-EDCFD5D654B8} csName:SYSVOL Share
20190704 20:21:39.632 49692 MEET  4567 Meet::GetParent -> WAIT Parent has not been validated from dirty shutdown recovery. parentUid:{1DAC483F-9C22-49CF-9BD5-84C787723F91}-v7353 updateName:{C4446AE9-6CCA-4C42-A372-280F6549BBF9} uid:{7D83AF93-0ABE-4B30-9B1D-E54847EBFABB}-v1410067 gvsn:{7D83AF93-0ABE-4B30-9B1D-E54847EBFABB}-v49586589 connId:{614B1729-F0C1-4077-B2D7-EDCFD5D654B8} csName:SYSVOL Share csId:{07C7C576-0268-4F6A-9A25-7ECCB24442D2}

Do you want to be acknowledged as the next Windows Server Directory Services Guru? Submit your work to July 2019 competition!

$
0
0


What is TechNet Guru Competition?

Each month Microsoft TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published inMicrosoft Wiki Ninjas blog, a tweet fromMicrosoft Wiki Ninjas Twitter account, links will be published atMicrosoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in July 2019 and must be in English. However, the original blog or forum content can be from beforeJuly 2019.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!


Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.


How can you win?

  1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
  2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
  3. (Optional but Recommended) Add a link to your article at the TechNetWiki group on Facebook to get feedback and tips from the council members and from the community. The group is very active and people love to help. You can even get direct improvements to your article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.

PS: Above top banner came from James van den Berg.


Please, If you think your question has been answered click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.


W2K16 Accidentally installed AD on Dynamic IP

$
0
0

I accidentally installed AD on W2K16 prior to changing to a static IP. Is there anything broken that I will need to fix? I changed the DNS records for the server but don't know if there is anything else I will need to change or fix once I move it to the correct IP.

TIA!

Can't access external website from local domain (variant)

$
0
0
Hi guys,

Wondering how you address this issue which is a vairant of the "can't access external website from local domain" issue.

Our internal AD domain is called company.com
Our external website is called company.com
We are not going to rename our internal domain name to company.com.local etc
Internal users can't access the external company.com website (as it resolves in DNS to the local Domain name/AD etc)
For various reasons, we can't setup www.company.com and add an A record to the internal DNS that points to the external website in the normal way
We could add an entry to the local hosts file to overide where company.com points too, but this is messy solution

Is there any solution to this issue or is there no way around it?

Cheers

PT

password expiry

$
0
0

Hi Experts

we have  standard group policy for password expiry for 3 months, but i have seen few users get password expiry prompt before 3 Months. i have checked for one user from adsiedit and i can see his last password was changed one month back and GPO is 3 months and he got password expiry prompt, experts guide me on this.

Restrict Privileged Domain Groups

$
0
0

Hi Support,

I want to customize below Domain Groups permission. like if i have assigned backup operator to any one of the admin after that they can only manage backup part and Restrict to do any thing related to active directory users, groups, computer, group polices etc.

2nd i have assign RDP access after that admin can't be make any changes on active directory or any other services. 

  • Enterprise Admins
  • Domain Admins
  • Schema Admin
  • BUILTIN\Administrators
  • Account Operators
  • Backup Operators
  • Print Operators
  • Server Operators
  • Domain Controllers
  • Read-only Domain Controllers
  • Group Policy Creators Owners
  • Cryptographic Operators

Unix Attributes not synchronized with other DCs

$
0
0

Hello Everyone,

I have a windows 2003 server with Identity Management for UNIX role (unix attributes), Now i have enabled Identity Management for UNIX in another 2012 server. However, for the users who have unix attribute enabled from 2003 server is not updated in new 2012 server. Only users accounts having this issue and groups GID are synced from old server. 

Anything i need to do to sync between these 2 servers ? or how can i fix this ?

Log on from a computer in a different domain

$
0
0

Hi there,

We have a domain a.com that is not trusted by domain b.com i.e.,

a.com trusts b.com

b.com does not trust a.com

I have run into a problem where a user in a.com fails to logon from a computer in b.com wanting to access resources in a.com. The user was able to log on before and I don't know what may have changed.

We have a trust setup in 2012r2 which is the a.com domain but due to lack of network visibility I am unable to confirm what kind of trust it really is. Once I get visibility back I can check that out but in the meantime could I get some advise on what I need to check.

Many thanks,

Tony

Copy AD users from a child domain to a parent domain

$
0
0
Is it possible to copy users from a child domain into a specific OU in the parent domain and retain the user's password using AD 2008. 

Adding a replica domain controller failed (Additional Domain Controller)

$
0
0

Good morning, since many days ago I am trying to add an additional Domain Controller (Replica) to my customers AD infrastructure. Unfortunately, when wizard is trying to add the AD, appear an error: The wizard cannot gain access to the list of domains in the forest. Domain functional level is Windows 2012 (All servers in the domain are W 2012 R2). I checked about sharing files and printers option to be enabled (it is), also i checked on the DCs about DNS registers and some more things about resolution but I don't know why appears the error. I have read the dcpromoui.log and here is a piece of this, can someone help me?

dcpromoui 1340.13AC 0000 11:49:26.537 opening log file C:\Windows\debug\dcpromoui.log
dcpromoui 1340.13AC 0001 11:49:26.537 C:\Windows\system32\wsmprovhost.exe
dcpromoui 1340.13AC 0002 11:49:26.538 file timestamp 11/21/2014 21:44:53.032
dcpromoui 1340.13AC 0003 11:49:26.538 C:\Windows\system32\dcpromocmd.dll
dcpromoui 1340.13AC 0004 11:49:26.538 file timestamp 05/23/2019 17:44:47.985
dcpromoui 1340.13AC 0005 11:49:26.538 local time 06/22/2019 11:49:26.538
dcpromoui 1340.13AC 0006 11:49:26.538 running Windows NT 6.3 build 9600  (BuildLab:9600.winblue_ltsb_escrow.190505-1600) amd64
dcpromoui 1340.13AC 0007 11:49:26.538 logging flags 0001007C
dcpromoui 1340.13AC 0008 11:49:26.538 Enter CbsGetUpdateInstallState
dcpromoui 1340.13AC 0009 11:49:26.538   The category is 0
dcpromoui 1340.13AC 000A 11:49:26.538   Enter FindRoleInfo
dcpromoui 1340.13AC 000B 11:49:26.538     Enter CheckIsServerCore
dcpromoui 1340.13AC 000C 11:49:26.538       It is not on server foundation
dcpromoui 1340.13AC 000D 11:49:26.538       HRESULT = 0x00000000
dcpromoui 1340.13AC 000E 11:49:26.538   Enter GetUpdateName
dcpromoui 1340.13AC 000F 11:49:26.538   Enter GetPackageName
dcpromoui 1340.13AC 0010 11:49:26.774     Package name for Microsoft-Windows-ServerCore-Package is Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~6.3.9600.16384
dcpromoui 1340.13AC 0011 11:49:26.783   Enter CbsGetUpdateInstallState
dcpromoui 1340.13AC 0012 11:49:26.783     package name is Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~6.3.9600.16384 and update name is DirectoryServices-DomainController
dcpromoui 1340.13AC 0013 11:49:27.453   HRESULT = 0x00000000
dcpromoui 1340.13AC 0014 11:49:27.454 Enter CbsIsRebootRequired
dcpromoui 1340.1294 0015 11:49:27.588 Enter GetProductTypeFromRegistry
dcpromoui 1340.1294 0016 11:49:27.590   Enter RegistryKey::Open System\CurrentControlSet\Control\ProductOptions
dcpromoui 1340.1294 0017 11:49:27.590   Enter RegistryKey::GetValue-String ProductType
dcpromoui 1340.1294 0018 11:49:27.590   ServerNT
dcpromoui 1340.1294 0019 11:49:27.590   prodtype : 0x3
dcpromoui 1340.1374 001A 11:49:32.758 Enter GetExistingAccountForComputerInReplicaDomain
dcpromoui 1340.1374 001B 11:49:32.758   START TEST: GetExistingAccountForComputerInReplicaDomain
dcpromoui 1340.1374 001C 11:49:32.763   Enter Computer::RemoveLeadingBackslashes 
dcpromoui 1340.1374 001D 11:49:32.765   Using empty constructor
dcpromoui 1340.1374 001E 11:49:32.765   Enter Computer::Refresh
dcpromoui 1340.1374 001F 11:49:32.765     Enter IsLocalComputer
dcpromoui 1340.1374 0020 11:49:32.765     Enter RefreshLocalInformation
dcpromoui 1340.1374 0021 11:49:32.765     Enter GetProductTypeFromRegistry
dcpromoui 1340.1374 0022 11:49:32.765       Enter RegistryKey::Open System\CurrentControlSet\Control\ProductOptions
dcpromoui 1340.1374 0023 11:49:32.765       Enter RegistryKey::GetValue-String ProductType
dcpromoui 1340.1374 0024 11:49:32.765       ServerNT
dcpromoui 1340.1374 0025 11:49:32.765       prodtype : 0x3
dcpromoui 1340.1374 0026 11:49:32.765     Enter GetSafebootOption
dcpromoui 1340.1374 0027 11:49:32.765       Enter RegistryKey::Open System\CurrentControlSet\Control\SafeBoot\Option
dcpromoui 1340.1374 0028 11:49:32.765       HRESULT = 0x80070002
dcpromoui 1340.1374 0029 11:49:32.765       returning : 0x0
dcpromoui 1340.1374 002A 11:49:32.765     Enter DetermineRoleAndMembership
dcpromoui 1340.1374 002B 11:49:32.766       Enter MyDsRoleGetPrimaryDomainInformation
dcpromoui 1340.1374 002C 11:49:32.766         Enter MyDsRoleGetPrimaryDomainInformationHelper
dcpromoui 1340.1374 002D 11:49:32.766           Calling DsRoleGetPrimaryDomainInformation
dcpromoui 1340.1374 002E 11:49:32.766           lpServer  : (null)
dcpromoui 1340.1374 002F 11:49:32.766           InfoLevel : 0x1 (DsRolePrimaryDomainInfoBasic)
dcpromoui 1340.1374 0030 11:49:32.766           HRESULT = 0x00000000
dcpromoui 1340.1374 0031 11:49:32.766         MachineRole      : 0x3
dcpromoui 1340.1374 0032 11:49:32.766         Flags            : 0x1000000
dcpromoui 1340.1374 0033 11:49:32.766         DomainNameFlat   : FARMACIACHAVEZ
dcpromoui 1340.1374 0034 11:49:32.766         DomainNameDns    : farmaciachavez.local
dcpromoui 1340.1374 0035 11:49:32.766         DomainForestName : farmaciachavez.local
dcpromoui 1340.1374 0036 11:49:32.766       Enter IsDcInRepairMode
dcpromoui 1340.1374 0037 11:49:32.766   HRESULT = 0x00000000
dcpromoui 1340.1374 0038 11:49:32.766   Enter State::DetermineRunContext
dcpromoui 1340.1374 0039 11:49:32.767     Enter DS::GetPriorServerRole
dcpromoui 1340.1374 003A 11:49:32.767       Enter MyDsRoleGetPrimaryDomainInformation
dcpromoui 1340.1374 003B 11:49:32.767         Enter MyDsRoleGetPrimaryDomainInformationHelper
dcpromoui 1340.1374 003C 11:49:32.767           Calling DsRoleGetPrimaryDomainInformation
dcpromoui 1340.1374 003D 11:49:32.767           lpServer  : (null)
dcpromoui 1340.1374 003E 11:49:32.767           InfoLevel : 0x2 (DsRoleUpgradeStatus)
dcpromoui 1340.1374 003F 11:49:32.767           HRESULT = 0x00000000
dcpromoui 1340.1374 0040 11:49:32.767         OperationState      : 0
dcpromoui 1340.1374 0041 11:49:32.767         PreviousServerState : 0
dcpromoui 1340.1374 0042 11:49:32.767     Enter Computer::GetNetbiosName
dcpromoui 1340.1374 0043 11:49:32.767       SVRSCZDCFCH
dcpromoui 1340.1374 0044 11:49:32.767     Enter Computer::GetRole SVRSCZDCFCH
dcpromoui 1340.1374 0045 11:49:32.767       role: 3
dcpromoui 1340.1374 0046 11:49:32.767     NT5_MEMBER_SERVER
dcpromoui 1340.1374 0047 11:49:32.767   Enter State::GetRunContext NT5_MEMBER_SERVER
dcpromoui 1340.1374 0048 11:49:32.767   Enter FS::GetPathSyntax C:\Windows\system32
dcpromoui 1340.1374 0049 11:49:32.767   HRESULT = 0x00000000
dcpromoui 1340.1374 004A 11:49:32.767   Enter State::SetMode STAGETWO
dcpromoui 1340.1374 004B 11:49:32.767   Enter State::SetOperation REPLICA
dcpromoui 1340.1374 004C 11:49:32.767   Enter GetCredentialsFunctInternal
dcpromoui 1340.1374 004D 11:49:32.767     Enter ShouldSkipCredentialsPage
dcpromoui 1340.1374 004E 11:49:32.767       Enter State::GetOperation REPLICA
dcpromoui 1340.1374 004F 11:49:32.767     using empty user domain name
dcpromoui 1340.1374 0050 11:49:32.767     Enter State::GetOperation REPLICA
dcpromoui 1340.1374 0051 11:49:32.771     Enter GetForestName farmaciachavez.local
dcpromoui 1340.1374 0052 11:49:32.771       Enter MyDsGetDcName
dcpromoui 1340.1374 0053 11:49:32.771         Enter MyDsGetDcName2
dcpromoui 1340.1374 0054 11:49:32.771           Calling DsGetDcName
dcpromoui 1340.1374 0055 11:49:32.771           ComputerName : (null)
dcpromoui 1340.1374 0056 11:49:32.771           DomainName   : farmaciachavez.local
dcpromoui 1340.1374 0057 11:49:32.771           DomainGuid   : (null)
dcpromoui 1340.1374 0058 11:49:32.771           SiteName     : (null)
dcpromoui 1340.1374 0059 11:49:32.771           Flags        : 0x40000000
dcpromoui 1340.1374 005A 11:49:32.772           HRESULT = 0x00000000
dcpromoui 1340.1374 005B 11:49:32.772           DomainControllerName    : \\PDCSVRFCH.farmaciachavez.local
dcpromoui 1340.1374 005C 11:49:32.772           DomainControllerAddress : \\192.168.0.16
dcpromoui 1340.1374 005D 11:49:32.772           DomainGuid              : {7861FD9E-4A7E-4B4C-9A40-79EE5406035C}
dcpromoui 1340.1374 005E 11:49:32.772           DomainName              : farmaciachavez.local
dcpromoui 1340.1374 005F 11:49:32.772           DnsForestName           : farmaciachavez.local
dcpromoui 1340.1374 0060 11:49:32.772           Flags                   : 0xE000F3FD:
dcpromoui 1340.1374 0061 11:49:32.772           DcSiteName              : Default-First-Site-Name
dcpromoui 1340.1374 0062 11:49:32.772           ClientSiteName          : Default-First-Site-Name
dcpromoui 1340.1374 0063 11:49:32.772     using forest name farmaciachavez.local
dcpromoui 1340.1374 0064 11:49:32.772     Enter State::GetOperation REPLICA
dcpromoui 1340.1374 0065 11:49:32.772     Enter State::SetForestName farmaciachavez.local
dcpromoui 1340.1374 0066 11:49:32.773     Enter State::SetTargetDomainName farmaciachavez.local
dcpromoui 1340.1374 0067 11:49:32.773     Enter CheckUserIsLocal
dcpromoui 1340.1374 0068 11:49:32.773     Enter State::GetOperation REPLICA
dcpromoui 1340.1374 0069 11:49:32.773     Enter State::ReadDomains
dcpromoui 1340.1374 006A 11:49:32.773       Enter State::GetTargetDomainName
dcpromoui 1340.1374 006B 11:49:32.773         Enter State::GetOperation REPLICA
dcpromoui 1340.1374 006C 11:49:32.773         target domain name: farmaciachavez.local
dcpromoui 1340.1374 006D 11:49:32.773       Enter CDomains::ReadDomains
dcpromoui 1340.1374 006E 11:49:32.773         Enter MyDsEnumerateDomainTrusts
dcpromoui 1340.1374 006F 11:49:32.773           Enter GetDcName
dcpromoui 1340.1374 0070 11:49:32.773             Enter GetDcName2
dcpromoui 1340.1374 0071 11:49:32.773               Enter MyDsGetDcName2
dcpromoui 1340.1374 0072 11:49:32.773                 Calling DsGetDcName
dcpromoui 1340.1374 0073 11:49:32.773                 ComputerName : (null)
dcpromoui 1340.1374 0074 11:49:32.773                 DomainName   : farmaciachavez.local
dcpromoui 1340.1374 0075 11:49:32.773                 DomainGuid   : (null)
dcpromoui 1340.1374 0076 11:49:32.773                 SiteName     : (null)
dcpromoui 1340.1374 0077 11:49:32.773                 Flags        : 0x40000011
dcpromoui 1340.1374 0078 11:49:32.879                 HRESULT = 0x00000000
dcpromoui 1340.1374 0079 11:49:32.879                 DomainControllerName    : \\SVRCBBDCFCH.farmaciachavez.local
dcpromoui 1340.1374 007A 11:49:32.879                 DomainControllerAddress : \\192.168.19.35
dcpromoui 1340.1374 007B 11:49:32.879                 DomainGuid              : {7861FD9E-4A7E-4B4C-9A40-79EE5406035C}
dcpromoui 1340.1374 007C 11:49:32.879                 DomainName              : farmaciachavez.local
dcpromoui 1340.1374 007D 11:49:32.879                 DnsForestName           : farmaciachavez.local
dcpromoui 1340.1374 007E 11:49:32.879                 Flags                   : 0xE000F1FC:
dcpromoui 1340.1374 007F 11:49:32.879                 DcSiteName              : Default-First-Site-Name
dcpromoui 1340.1374 0080 11:49:32.879                 ClientSiteName          : Default-First-Site-Name
dcpromoui 1340.1374 0081 11:49:32.879               Enter Computer::RemoveLeadingBackslashes \\SVRCBBDCFCH.farmaciachavez.local
dcpromoui 1340.1374 0082 11:49:32.879               SVRCBBDCFCH.farmaciachavez.local
dcpromoui 1340.1374 0083 11:49:32.879           Enter AutoWNetConnection::Init
dcpromoui 1340.1374 0084 11:49:32.879             Enter AutoWNetConnection::CloseExistingConnection
dcpromoui 1340.1374 0085 11:49:32.879             The current user security context is being used therefore there is no need to establish a connection.
dcpromoui 1340.1374 0086 11:49:32.879             HRESULT = 0x00000000
dcpromoui 1340.1374 0087 11:49:54.894           NetStatus = 1722
dcpromoui 1340.1374 0088 11:49:54.894           Enter AutoWNetConnection::CloseExistingConnection
dcpromoui 1340.1374 0089 11:49:54.894           HRESULT = 0x800706BA
dcpromoui 1340.1374 008A 11:49:54.894         HRESULT = 0x800706BA
dcpromoui 1340.1374 008B 11:49:54.894         HRESULT = 0x800706BA
dcpromoui 1340.1374 008C 11:49:54.894     failed trying to read domains, returned 0x800706BA
dcpromoui 1340.1374 008D 11:49:54.897     Enter GetErrorMessage 800706BA
dcpromoui 1340.1374 008E 11:49:54.897   GetExistingAccountForComputerInReplicaDomain error message: The wizard cannot gain access to the list of domains in the forest.

This condition may be caused by a DNS lookup problem. For information about troubleshooting common DNS lookup problems, please see the following Microsoft Web site: http://go.microsoft.com/fwlink/?LinkId=5171

The error is:
The RPC server is unavailable.

dcpromoui 1340.1374 008F 11:49:54.898   Test Failed
dcpromoui 1340.1374 0090 11:49:54.898   GetExistingAccountForComputerInReplicaDomain returns exit code: 26
dcpromoui 1340.1374 0091 11:49:54.898   END TEST: GetExistingAccountForComputerInReplicaDomain
dcpromoui 1340.1374 0092 11:49:54.898   Enter State::UnbindFromReplicationPartnetDC

Thanks in advance


Multi-Site Environment : Clients randomly grabbing wrong LOGONSERVER and causing major issues

$
0
0

Good morning,

First off let me fill you in on my environment.  I manage the windows environment for Pre-K through 12th grade public education.  For some reason some of our clients are getting the wrong logonserver which when this happens always ends up being the Pre-K domain server.  All of our other DCs/Sites are connected across town by 10gig fiber backbone, yet this one is connected through a 1 to 1 nat slow internet connection...yet the few times this happens and the LOGONSERVER is incorrectly selected it's ALWAYS this site.

I'll show you our site links / costs / replication Intervals if that helps...but I'm at a loss from staring at this too long and sure I'm overlooking something obvious.

Any Input/Suggestions are greatly appreciated!

Thank you!

Creation of Domain Trust with servers having same names on different domains.

$
0
0

I need to create a domain trust across two different domains, the issue is that I have servers with the same names on the two domains that I need to trust. I'll explain. Domain A with server name CARS and Domain B with server name CARS. However these servers have different IPs and belong to different networks connected via a VPN link? My questions:

Possible problems?

Is it feasible without having to rename the servers? To many users and shares to redo 

Any advise will be appreciated. 

Change Active Directory UID start number

$
0
0

Hello,  I accidentally add a few accounts with their uid numbers in the 500M when it should have been 50M.  Of course this has created a few headaches with some linux clients which I managed to change their UID numbers.  Now whenever I add a new account the UID sequence to the next number in the 500M range,  is there an option in Active Directory which will allow me to change the UID start number to the 50M range?

Any help is appreciated.

LouB

Unlocking Windows 10 PC takes too long

$
0
0
Hi we have an strange issue. we have 2 2012 r2 Dc and one 2019 DC , FSMO roles are on 2019 DC. We configure that 10 minutes after no input pcs are locked out. The clients report that when they wanna unlock their pc it wait welcome screen almost 1 minute and then unlocks pc. 
Viewing all 31638 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>