I am upgrading all of my companies remaining Windows 7 machines to Windows 10 and I keep getting the error when trying to join the new machines to the domain that smbv1 is not enabled. From my understanding this feature was turned off in the
Windows 10 1709 update for security reasons. Why is AD requiring this to join the domain? Also, is there a way to prevent my network/AD from requiring smbv1 being enabled to join the domain?
↧
Joining Domain Failing
↧
AD
Hi All,
We are in the process of server 2008 sunset. One of our Active Directory servers is on W2008. We are the main site for Europe and we have 4 AD servers. We have additional AD servers scattered around our European sites mostly one per site.
I need information on what is the best process to deal with this w2008 box. Would it be just a case of decommissioning the server and creating another depending on what roles are on the server or do I need to carry out any additional work?
Any information would be grateful.
Regards.
↧
↧
Replication complains
I have 10 DC and they are in different sites and all part of the same domain.
A user changes password but cannot login to an application as he/she has to wait for 15 minutes for the replication to complete on all DC's before they can login to a website that uses there domain credentials.
I get tons of complains everyday. What is the best way to have near real-time replication between the DC's.
How to you handle these situations in your company.
John
↧
Password change
Hi,
We have 1 PDC and 2 Backup domain server
if i change domain administrator password where it will effect to all domain
Lakhan
↧
File Replication Service Disabled from the Active Directory 2012 r2
Hi Microsoft Technet,
I noticed from our Active Directory server, the File Replication Service status is set automatic, but we were unable to start the service and shows this kind of error. https://imgur.com/wTTdnDD
"Windows could not start the File Replication service on Local."
is firewall port 139 use by the file replication service?
do we also need to open port 49156 for the LSSAS service?
Best Regards,
AJ
↧
↧
DNS replication server
Hello ,
we are using 3 domain server. there if hit repadmin /showrepl command
everything status will success but SYSVOL policy folder can not replicate properly
please suggest
thank you in advance
Lakhan Sawant
↧
DNS Delegation, authoritative zones
Hi,
I am promoting a new W2019 to a DC and getting warning messages in the images below. Could you suggest what shall I do about those?
MK
↧
Server 2016 - Domain names and Forest names question.
Good evening.
I am currently in the process of doing an assignment which requires the use of Server 2016. I have done a few of the MOC courses, however I have come across as issue where I am not sure if I am doing something wrong, or I am correct.
The task is to create a forest, say, x.com, and then make another domain in that forest such as a1.x.com.
This is on a fresh installation of Server 2016 DataCenter (Desktop Experience). I have been looking at this for a while and as far as I know, the only way to do this would be to create a second server in order to promote the Domain Controller to create the
second domain (a1.x.com).
The assignment says only one server computer is to be used.
Am I doing something wrong?
↧
Computer SID
Hi All,
I have 3 domains in my environment (1 root and 2 sub). In every domain there are 5 Domain controllers running and when i just checked the SID of each domain controllers in the same domain i could see that SID is same for all 5 domain controllers in the same domain. Is it a usual behavior or any issue with that.
↧
↧
Login is from an untrusted domain
Hi
I have searched all over the internet for an answer so hopefully someone here can help.
I have an SQL 2017 server set to use Windows or SQL authentication.
The DB's that are on it work fine using either authentication method on the LAN.
My issue is that when a user tries to connect over our VPN it will fail with the above error message about its login is from an untrusted domain.
However, if I use an SQL credential (SA) it connects no issues.
Both server and PC are on the same domain and the PC is regularly connected to the LAN during the day, its just when they go home and use the VPN that it doesn't work and I get this untrusted domain error. This happens for all users over VPN.
↧
certificate's role in ldaps for windows and linux clients
Hi,
I would like to know how certificates work in both windows and Linux clients.
Here is my setup. We have a windows internal CA, we have windows domain controllers that serve as our ldap server. We have in dns Host A record ldap-dc.domain.com point to two ip address of our domain controllers. We did this so that they will use the FQDN in ldaps connection string for failover.
1. Will windows based applications that connect via ldaps require a certificate? If so, where did that certificate should come from? Should it come from our Domain controller which its certificate is issued by our internal CA?
2. The certificate of our domain controllers did it came automatically from our CA since I don't recall requesting for certificate when setting up domain controller? How will windows client machines make use of this certificate? Do they receive it automatically?
3. How about for apps based on Linux that will use ldaps? Where should it's certificate come from? Does it need to request for certificate or will it use the domain controller's certificate by importing it on the Linux machine?
Thanks!
↧
How to convert Local Profiles to Roaming Profiles?
Hi,
Older user Profiles on our domain were set up as local profiles. Any new user accounts are now being set up as roaming profiles.
Is there a way to convert the older local user profiles to roaming profiles?
Thanks
D
↧
How can I set up complicated rights on existing directories
One of my clients has an existing data folder with a layout similar to this:
Part 1
-Drawings
-Specifications
-Inspection
-Notes
Part 2
-Drawings
-Specifications
-Inspection
-Notes
through a few hundred parts.
They want to have new rights implemented that would give certain groups rights over the Drawings subfolder in every part, different rights to every Specifications subfolder, and so on. When new parts are created, the Subfolder and Rights structures would then be in place moving forward.
Is this possible without 'touching' every single folder and subfolder?
↧
↧
Can not access to Active direcory domain service
Hi guys,
Today All my Domain Controller Server could not connect to Active Directory domain service.
It show:
Naming information cannot be located because:
The specified domain either does not exist or could not be contacted.
Contact your system administrator to verify that your domain is properly configured and is currently online.
But DNS Service is running property.
I have tried many ways to fix it but no luck.
Please help me to resolve this issue.
Thanks you.
↧
Add a manages tab to Active Directory
Hello there
So for a while now we have been using the "managed by" tab in Active Directory to keep track of who owns what computer.
Now the problem is that if we know which pc we want to find the user for its easy, but the other way around(User->pc) we have been using powershell to find, this is a bit of a hurdle and would be nice to just integrate in AD. So my question is: is there a way to add a tab on a user that has a list of pc's owned by that user (some have multiple pc's). In the same way the "member of" tab works.
Thanks in advance
Albert
↧
Single sign-on and UPN and domain trust
Our internet domain is contoso.com.
Our e-mail addresses are like first_name.last_name@contoso.com
Our Active Directory FQDN (UPN suffix) is local.contoso.com (created due to split-brain DNS problems).
We have been in process of migration from old Active Directory domain contoso.com to newlocal.contoso.com.
This process is going to take another 3-6 months from now.
Our management has just decided to migrate our (non-Exchange) infrastructure into Office365 within 2 months.
We would like to utilize SSO mainly for OneDrive.
How to do it?
I am worried about conflicts with old domain if I change UPN from local.contoso.com tocontoso.com.
Our e-mail addresses are like first_name.last_name@contoso.com
Our Active Directory FQDN (UPN suffix) is local.contoso.com (created due to split-brain DNS problems).
We have been in process of migration from old Active Directory domain contoso.com to newlocal.contoso.com.
This process is going to take another 3-6 months from now.
Our management has just decided to migrate our (non-Exchange) infrastructure into Office365 within 2 months.
We would like to utilize SSO mainly for OneDrive.
How to do it?
I am worried about conflicts with old domain if I change UPN from local.contoso.com tocontoso.com.
↧
14017 error
Hello everybody,
Does anyone met with error 14017 on AD/DNS server?
I have configured domain authentication on third party appliance and it work fine till adding ip addresses of DNS servers to it's configuration.
After adding DNS IP's i get 14017 error and I'm not able to login with domain credentials. After removing DNS IP i can once again authenticate.
AD and DNS are located on the same server and IP address.
Any advise will be appreciated.
Below description isn't really helpful:
ERROR_SXS_INVALID_ASSEMBLY_IDENTITY_ATTRIBUTE
14017 (0x36C1)
The manifest contains an attribute for the assembly identity which is not valid.
↧
↧
Windows cannot create the object error while create a OU
Hi All,
The below mentioned error is throwing while create a OU under child domain, but there is no OU in that name but still getting the error. Is there any where we can check it?
Error:
Windows cannot create the object "name" because:
An attempt was made to add an object to the directory with a name that is already in use.
↧
2003 Server DC Promo
Hi All
I'm current trying to retire my 2003 SBS Server, it was the only domain controller but I now have a 2016 DC will all roles migrated over to it. Issue is when I run DC promo to demote the 2003 server I get an error as it thinks its the only DC in the domain.
The box indicating that this domain controller is the last controller for the domain domain.local is unchecked. However, no other Active Directory domain controllers for that domain can be contacted.
Do you wish to proceed anyway? If you click Yes, any Active Directory changes that have been made on this domain controller will be lost.
Also when the 2003 server is shut down, it still shows as the logon server for clients and users have issues accessing shares on the file server.Any help would be greatly appreciated.
Thanks
↧
Windows Server 2016 error 1864.. How to fix it?
Hello Microsoft Community,
I had this error before and after performing D2/D4 to recreate Sysvol and Netlogon folders.
I managed to recreate the folders but unfortunately the 1864 error kept accuring every 24hrs
Also I tried:
It did not help me..
List of tests that I was advised to do:
https://1drv.ms/u/s!AmqLiXvrm2MTggokH1Zpc7CFtoEe?e=v7WoDx
I don't really know what to do, so if anyone may give me any directions it will be awesome.
↧