Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

AD repliation failing

September 7, 2019, 12:23 pm
$
0
0

Hi,

I have two locations connected through ipsec vpn. I installed one main DC in HO and another in BO, then i added a 3rd DC in BO and demoted the 2nd DC in BO. Now the replication between HO DC and BO DC is not working.

The below results are from BO DC.

C:\>repadmin /replsum
Replication Summary Start Time: 2019-09-07 22:21:05

Beginning data collection for replication summary, this may take awhile:
  .....


Source DSA          largest delta    fails/total %%   error
 HO-DC            04d.19h:23m:51s    5 /   5  100  (1726) The remote procedure
call failed.


Destination DSA     largest delta    fails/total %%   error
 BO-DC2           04d.19h:24m:11s    5 /   5  100  (1726) The remote procedure
call failed.


Experienced the following operational errors trying to retrieve replication info
rmation:
          58 - ho-dc.domain.local

Search

Can i have Multiple Domains in a Server 2012 R2

January 7, 2017, 8:40 am
$
0
0

Hi,

I need to know can i have Multiple Domain Name in a Single Active Directory Server.

Or Can i create multiple Forest in a Single Domain Controller.

For Eg : Technet.com,Technet.in,Windows.com & Windows.in.

Thanks & Regards,

D.Nithyananthan.

Monitor the DNS Logs

September 8, 2019, 4:07 am
$
0
0

Our Domain Controllers were used as the DNS servers also. Recently infoblox was implemented in our environment. we are changing member servers to be pointing to infoblox . we have to monitor from which servers the DNS servers are getting query. Please help me how to monitor and cut over the DNS servers.

Thanks and Regards,

Hariharan

 

dcdiag fails on dfsr

September 5, 2019, 4:16 am
$
0
0

dears,

i have 3 sites and 2 domain controllers configured on each site ( 2012r2) in total 6.

i realized the following when running dcdiag on the 6 dcs: 

in each site, i have on DC that fails with the dfsr test with the following error :

   Starting test: DFSREvent


         There are warning or error events within the last 24 hours after the


         SYSVOL has been shared.  Failing SYSVOL replication problems may cause


         Group Policy problems. 
         ......................... *** failed test DFSREvent

but using repadim shows no error on these 3 servers.

noting that the remaining 3 servers shows no errors on dfsr dcdiag and repadmin.

can you advise about that ?

regards

Windows server 2008 standard R2 unable to boot to Windows with error STOP: c00002e2 Directory Services could not start because of the following error

September 3, 2019, 8:25 pm
$
0
0

Windows server 2008 standard r2 cannot boot into Windows.

Error:
STOP: c00002e2 Directory Services could not start because of the following error: The system cannot find the file specified.

Error Status: 0xc000000f

Please shutdown this system and reboot into Directory Services Restore mode. Check event log for more detailed information

Troubleshooting steps:

1. Able to boot into Directory Services Restore Mode and Check that all volume is Online and status is healthy

2. Try to do a repair of the boot file by booting up with Windows Server 2008 R2 DVD and selected command prompt > DiskPart. Can see the partitions and volumes.

However Volume C (Windows) Fs (File System) did not indicate NTFS. I have other volume in the raid config and it all shows NTFS under Fs (File System).

Continue to access Volume C and it says Access Denied.

Stuck on C drive Access Denied.

Could someone advise please?

Thank you


AD Replication Status Tool

September 5, 2019, 10:12 am
$
0
0

Good Afternoon, 

    Is there anyway for me to see what objects were replicated during the last cycle using ADRST 1.0 or would anyone know of an app that will do that? 

Best Practice in Setting up Active Directory in a shipping company

September 5, 2019, 2:42 am
$
0
0

Hi Guys,

Would anybody know what is the best way to setup Active Directory in a shipping company. The scenario is that each ship must have its own domain controller.

What would be the best approach for this?

Thanks,

Lawrence

Lawrence

Migration from Windows Server 2012 to Windows Server 2019 Failures

August 31, 2019, 6:51 pm
$
0
0

I'm migrating Domain from Windows server 2012 (Not R2) to Windows server 2019. This only has one DC (Server 2012) in the domain.  We followed Microsoft documentation and 

https://techcommunity.microsoft.com/t5/ITOps-Talk-Blog/How-to-Migrate-Active-Directory-from-Windows-Server-2012-R2-to/ba-p/329861

When trying to decommission windows server 2012 DC the following error occurs: 

Uninstall-ADDSDomainController : Verification of prerequisites for Domain Controller promotion failed. You indicated
that this Active Directory domain controller is not the last domain controller for the domain.

Also old DC seemed to be set as preferred time server, GC, KDC, and ldap. But when running Netdom query fsmo everything shows as the new dc. 

Any ideas?

Thanks!

Search

Error "the account must added to the allowed list for this RODC" while pre-populating users data to RODC

August 23, 2019, 5:58 pm
$
0
0

Hi All,

I am using server 2012r2 for both primary DC and RODC.  I am getting below error (the account must added to the allowed list for this RODC) while pre-populating user created on the primary DC to RODC.  I have already added these new users in the "Allowed RODC password replication group" and ran gpupdate /force command on both DC, but I am still not able to login with new users on RODC server.   

Also, I would like to understand if my understanding is correct or not.  Once the new created user's password on the primary DC are pre-populated, I will be able to login those users in presence of  RODC while primary DC is not in working state.  Is this correct behavior?  

I am facing this issue for some time now.



Powershell or Other to find domain\name information multidomain

September 5, 2019, 2:27 am
$
0
0

hi 

I am trying to retrieve the login name (in the form Domain \ firtsname.lastname) from all users, members of an AD group, from several different domains

This script is probably not optimized and sends back info from the domain only for those who are in the domain where the script is played.

$domains =(Get-ADForest).domainsforeach($domain in $domains){
    $GroupAD =Get-ADGroup-Filter{Name-eq $groupName }-Server $domain
	$Members = $GroupAD |Get-ADGroupMember-Recursive-Server $domain |Get-ADUser-Property*|Select-Object@{Name="Domain";Expression={Get-ADDomain($_.DistinguishedName.Substring($_.DistinguishedName.IndexOf("DC")))|Select-Object-ExpandPropertyNetBiosName}},@{Name="Group";Expression={$GroupAD.Name}},Name,DisplayName,UserPrincipalName,SamAccountNameif($Members.Count-gt 0){
		$hMembers +=  $Members  	}}
$hMembers |Export-csv -path $pathfileFolder -NoTypeInformation

Thanks for your helps.

Stef

What is the main difference between SYSVOL shared and SYSVOL replication?

September 8, 2019, 11:01 am
$
0
0

Hello,

I am giving a presentation on AD, so I need to know all the basics to define that.

So please anyone can clarify that doubt but only in technical details.

Clients picking the wrong domain controller

September 8, 2019, 9:28 pm
$
0
0

Apologies if this is the wrong forum, wasn't sure if I should put this here or in the DNS forum.

At one of our sites it seems that some clients pick a domain controller for authentication that isn't part of that site. I think I have narrowed down the cause but I just wanted some verification.

We are in the process of merging 4 domains into one, and the I.T. manager, who set most of this up left suddenly, so I can't ask him why things are like they are. In the DNS tree, under forward lookup zones\domainname\sites\sitename\_tcp one of the sites has _ldap, _Kerberos and _gc pointing to a DC that is in another site. Actually it has many DCs that are not in that site. I don't know whether this was done because that site uses a hosted Skype service, but I was just wanting someone to tell me what are likely to be any adverse consequences of just deleting these (presumably) incorrect records.


Adding a subordinate certification authority to an existing infrastructure

September 2, 2019, 8:59 pm
$
0
0
I have a valid root certification authority based on windows server 2003.
I want to add a slave server to Windows Server 2012 and redirect all requests to it. And disable the root (enable only to reissue the main certificate).
Tell me how to properly configure a subordinate center and transfer all requests to it? (smart cards, user authorization, mail).
That there would be revoked certificates and issued
There is very little information on the Internet that has helped me.

Read Only Domain Controller configuration error

September 9, 2019, 12:44 am
$
0
0

Hello team,

i am trying to promote a rodc to a remote site.

I have pre-create the rodc account through ad,i put it to the desired site and when i am running the wizard i receive an error   Error - Configuration settings indicate that this Read-only Domain Controller should be installed in site , but this site doesn't contain a site settings object. (8619).

What can be wrong to my configuration?

Thanks!

Unable to Install Lingering Object Liquidator

September 4, 2019, 1:15 am
$
0
0
I tried to install Lingering Object Liquidator in Windows Server 2008 R2, An alert box popped-up and asked to install .NET Framework 4.5.2(I already had it installed), So I downloaded and repaired the .NET Framework again. Tried reinstalling, but I still get the same popup asking me to install NET Framework. I reconfirmed the Installed .NET Framework again by checking regedit.

I also tried installing in Windows Server 2012 R2, and still facing the same issue. 

Thanks in advance.
Search

NTLM over LDAP against Active Directory

September 4, 2019, 1:05 pm
$
0
0

My Active Directory shows the following supported SASL mechs.

supportedSASLMechanisms (4): GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5; 

How can NTLM be enabled for support? 

When sending:

bindRequest(1) "NTLMSSP_AUTH" , NTLMSSP_AUTH, User: testuser

or

bindRequest(1) "NTLMSSP_AUTH" , NTLMSSP_AUTH, User: TESTDOMAIN\testuser1

I either get:

bindResponse(1) invalidCredentials (80090308: LdapErr: DSID-0C090671, comment: AcceptSecurityContext error, data 57, v23f0)

OR 

no response at all.

The cred sent in the request is the NTLM type 3 message from the client.

Does NTLM  need to be enabled in supportedSASLMechanisms? If so, how?

How can see LDAP related debug/events? 

DNS addresses

September 3, 2019, 2:26 am
$
0
0

Hi All,

I am about to decommission one of our print servers. I have a checklist to follow and have come to the point where I need to delete the DNS entry for this server.

My question is where would I delete the entry from? The server is located in Spain, and they have their own Domain Controller which is a Global Catalog. There are a further 10 DC's in the Domain. We are actually at HQ.

I assume that we delete from the HQ Domain Controller and it replicates to the rest of the Domain?

Any help with this would be greatly appreciated.

Regards.

NTDS Settings not created automatically

September 3, 2019, 1:53 am
$
0
0

Hi,

We're facing issues in AD Sites and Services as the NTDS settings are not automatically generated. As per my understanding n-1 entries should be created on each DC's NTDS settings.

We have 2 sites in a single forest and domain. 

One site contains 4 DC including the Primary
One site contains 1 DC

In total there are 5 DC 

Issue is Site 1 > DC1 is only showing NTDS entries for DC5, DC3, DC4 

Site 1 > DC2 is only showing NTDS entries for DC5, DC4

Site 1 > DC3 is only showing NTDS entries for DC1, DC3

Site 1 > DC4 is only showing NTDS entries for DC2, DC5

Site 2 > DC5 is only showing NTDS entries for DC3 only

How can i resolve this issue

Microsoft Remote Desktop unable to connect Code ox104

August 22, 2019, 6:16 am
$
0
0

Hello

I try to connect my Mac to the office with Microsoft Remote Desktop (last version) but can't do it. I receive:

We couldn't connect to the remote PC because the PC can't be found...... Error Code: ox104

I have another Mac which connect easily with the same setup.  Do you know what could be the problem ?

The correct Mac use OSX High Sierra and the one I have problems use OSX Mojave.  Thanks

User unable to change the password

August 30, 2019, 8:06 am
$
0
0

Hi,

When user trying to change the password using CTRL+ALT+DEL, getting error like "Password complexity doesn't match" but following the password complexity correctly. Is there anything need to check from user account side or policy level.


Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>