Hello All,
we are unable to demote 2012 R2 domain controller , after selecting remove feature ADDS we get error Validation Result
the validation process found problems on the server from which you want to remove features. The selected features cannot be removed from the selected server
and at below
Path cannot be the empty string or all whitespace.
regards
Aamir
NA
Hello All,
We are upgrading our environment (abc.com) to win2019 Domain controller so which mean SMBv1 will no longer will supported and we have external & forest trust relationship with few other Domain as well. will this upgrade have impact on all the trust relationship domain users as well?
abc.com = our environment
xyz.com - forest trust
nmz.com = external trust
Please advise
regards
AAmir Masthan
w
NA
Hi,
I want to add a security group to the privilege groups, so they have rights to add members. I am trying to remove all users from the domain admins group but still want
an ability to add users back into the group when needed. My idea was to have a group that was only allowed to add members to the privilege groups controlled by AdminSDHolders. The problem I am facing is when I add the group to the security tab of AdminSDHolders
it doesn’t have the option to write members unless I change it to group permissions, when this is applied to AdminSDHolders it removes that permission. The only way I can get it to work is by giving it full control over AdminSDHolders.
Does anyone have any ideas?
I am trying to follow the least privilege model and currently don`t have the time to implement a Red Forest. I am looking for a simple process that follows the ideals of bastion domains. This was the closest I came upto. All Security groups would be monitors and alerted with in 30 mins of change. The purpose is to reduce the attack surface of well know groups and users.
Please let me know if this makes sense or if I need to go into more details. I would like to know people’s thoughts, ideas or solution to this.
Thanks
One of my clients has an existing data folder with a layout similar to this:
Part 1
-Drawings
-Specifications
-Inspection
-Notes
Part 2
-Drawings
-Specifications
-Inspection
-Notes
through a few hundred parts.
They want to have new rights implemented that would give certain groups rights over the Drawings subfolder in every part, different rights to every Specifications subfolder, and so on. When new parts are created, the Subfolder and Rights structures would then be in place moving forward.
Is this possible without 'touching' every single folder and subfolder?
Hi All,
The below mentioned error is throwing while create a OU under child domain, but there is no OU in that name but still getting the error. Is there any where we can check it?
Error:
Windows cannot create the object "name" because:
An attempt was made to add an object to the directory with a name that is already in use.
Hi,
Older user Profiles on our domain were set up as local profiles. Any new user accounts are now being set up as roaming profiles.
Is there a way to convert the older local user profiles to roaming profiles?
Thanks
D
I have a domain controller that is no longer the PDC. I have a new 2016 PDC.
The two new 2016 domain controllers show the WT32Time Parameter Type as NT5DS but the old 2012 domain controller shows this as NTP.
I am assuming that I want it to be NT5DS since server 2016 has made so many improvements in the Time Service.
Should I set the Registry Key of the 2012 DC to also be NT5DS?
Hi
We have DELL T410 Server with windows server 2008 r2 Std edition and we updated all patches and install Active directory and some time when open Active Directory Users & Computer
"Naming information cannot be located for the following reason The server is not operational" and we need to restart server and somme time is open , what is the issue with AD installation or OS Installation.
Any help and comment will highly appreciate.
Arvind
Hi All,
We are in the process of server 2008 sunset. One of our Active Directory servers is on W2008. We are the main site for Europe and we have 4 AD servers. We have additional AD servers scattered around our European sites mostly one per site.
I need information on what is the best process to deal with this w2008 box. Would it be just a case of decommissioning the server and creating another depending on what roles are on the server or do I need to carry out any additional work?
Any information would be grateful.
Regards.
Hi Microsoft Technet,
I noticed from our Active Directory server, the File Replication Service status is set automatic, but we were unable to start the service and shows this kind of error. https://imgur.com/wTTdnDD
"Windows could not start the File Replication service on Local."
is firewall port 139 use by the file replication service?
do we also need to open port 49156 for the LSSAS service?
Best Regards,
AJ
I am working on a project where we grab all useful user data from the AD/all OUs. We are doing this in order to move a user if they are in the wrong OU. For this we want to ignore all sub-OU in every OU, we also want to do this with out hard coding in a bunch of -nolike statements as we have many sub-OU. From my time researching this it looks like the only way to do this is through hard coding. Is there a way of, when searching through AD, ignoring ALL sub-ou and just searching all OU.
Thanks for any help,
Nicholas
We currently have a Windows 2003 Domain / forest functional level and are looking to increase this to 2008R2 as we are going to add some Windows 2016 servers (still have a lot of 2008R2 servers at present) are there any caveats I should be aware of before doing this.
As mentioned we still have a lot of 2008 servers which we are gradually phasing out. We are pretty certain they are all R2 however if one is still a 2008 non R2 I presume if I try to upgrade the functional level to R2 it will come up with an warning if there are any non R2 DC's
Hello,
We are getting below error while promoting the new ADC in different site.
Verification of outbound replication failed, unable to locate replication source domain controller mydomain.XXX.com. the remote procedure call failed.
required ports has been opened in Bi-directional from Root DC to ADC and vice versa.
Server OS: 2012
APK
I need to add a new attribute to an OU. Say each OU represents a departement, so I'd like to maintain some value on the OU instead on each user in this OU.
I had add a new attribute to oranizational unit follow https://social.technet.microsoft.com/wiki/contents/articles/51121.active-directory-how-to-add-custom-attribute-to-schema.aspx . I have restart my single domain controller many time . But that custom attribute not display in organizational unit attribute editer tab。
can you help me? thanks.
...
Hi,
I am having two Win2012R2 Domain controller and nine RODC in remote area. I have noticed that SMBv1 is enable (which is default settings) and as per our security team recommendations i want to disable the SMBv1 from our Domain Controllers. And our DCs are also running DNS service. My question is, will there be any impact on our domain if we disable SMBv1.
Thanks.
hi there,
since some policys, some services accounts need to change the passoword every 180 days, and then we need to go over all the server to change the "saved services account credential " on service.msc
I wanna know if there have any way or tools can support auto update the password when the password is changed??
thanks
Hi,
I have some application that points to mydomain.com to lookup the domains available.
the problem is it returns all the domains in both sites.
is it possible if I ask for domain controlers it will only show me the DC's in Site 1 not Site 1 and Site 2?
Site 2 the application doesn't have access to that DC network rules are blocked.
I believe DNS is not site aware? what are my options? create separate dns records for Site A called ldap.mydomain.com and point the applications to that dns record instead?
What is the difference between Set-SmbServerConfiguration -EnableSMB1Protocol $false and Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
Is disabling SMBv1 just as good as removing? Do both CMDlets require a reboot to take effect?