Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Missing GPO Settings in RSOP - Folder Redirection

October 10, 2019, 10:39 am
$
0
0

I'm scratching my head on this. I have a GPO that configures folder redirection as well as a logon/logoff script. I have a security filter on the GPO based on a user's group membership. When a user logs into a machine for the first time, they get all of the settings from the GPO except for the folder redirection. When I run a gpresult /h I don't see the folder redirection policies but I see all of the other settings from the policy in the RSOP. Now the kicker is this is only on some machines that this problem occurs. On other machines the folder redirection policies are present in RSOP.

Any idea? I don't get it.. See picture below from RSOP output:


Search

Get User Reporting Manager Details from User objects in Active Directory

April 2, 2018, 5:21 am
$
0
0
My today Post is about to get the user manager details from user object in Active Directory using PowerShell  (this was one requirement from my management for auditing purpose J)

Below powershell command will give you the list of user accounts and manager names which are associated with those user accounts.

Get-ADUser -Filter * -SearchBase 'Distinguish Path of the OU' -Properties manager | Export-CSV "ADUsers.csv"

EX : Get-ADUser -Filter * -SearchBase 'OU=Active users,OU=Test Users,DC=Test,DC=com' -Properties manager | Export-CSV "ADUsers.csv" 

Enjoy !!!

event id 2087

October 15, 2019, 3:45 am
$
0
0

dears,

i have 2 dcs running 2016.

i upgraded on of them to 2019, demoted one dc 2016. And switched the ips of the 2016 demoted one to the newly created 2019.

and registered the dns. i also cleaned the old dns records poiting to the demoted old dc

im receiving the event id 2087 on my new domain controller:

Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups group policy users and computers and their passwords will be inconsistent between domain controllers until this error is resolved potentially affecting logon authentication and access to network resources.

any idea why is this happening?

Duplicate SPN....which one do I remove?

October 9, 2019, 1:24 pm
$
0
0

I have the following KDC Event 11 error on my DC:

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is MSSQLSvc/vffsql1.mydomain.com:1433 (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occuring remove the duplicate entries for MSSQLSvc/vffsql1.mydomain.com:1433 in Active Directory.

If I run setspn -x from the command prompt, I receive the following result:

C:\Windows\system32>setspn -x
Checking domain DC=mydomain,DC=com
Processing entry 2
MSSQLSvc/vff175.mydomain.com is registered on these accounts:
        CN=Emerald Cube Consulting2,CN=Users,DC=mydomain,DC=com
        CN=Administrator,CN=Users,DC=mydomain,DC=com

MSSQLSvc/VFFSQL1.mydomain.com is registered on these accounts:
        CN=Administrator,CN=Users,DC=mydomain,DC=com
        CN=VFFSQL1,CN=Computers,DC=mydomain,DC=com

MSSQLSvc/VFFSQL1.mydomain.com:1433 is registered on these accounts:
        CN=Administrator,CN=Users,DC=mydomain,DC=com
        CN=VFFSQL1,CN=Computers,DC=mydomain,DC=com

found 3 groups of duplicate SPNs.

Which one should be removed?  The SPN on the user account, or the SPN on the computer account?

Thanks in advance for any help!

CA migration and its computer certificate

October 15, 2019, 7:47 am
$
0
0

Hello everyone,

I'm continuing to upgrade old 2008 R2 servers to Windows Server 2019 and I have a question about CA server (Enterprise Root CA).

Basically, I prepared a Windows Server 2019 VM, gave it the same name than the old production CA. Then I imported its configuration that I exported from the old one. Removed old server; added new server to the domain and installed the CA role. I basically followed that procedure in detailed: https://kevinstreet.co.uk/2017/07/26/migrating-your-microsoft-pki-infrastructure-to-windows-server-2016-part-2/

I worked on a lab for doing that. Everything seems to be fine except that when I compare production CA server with the lab CA server after the upgrade to Server 2019, I can notice one difference: the old CA server has 1 certificate in its "Certificates (Local Computer) > Personal > Certificates" that is not on the new one in the lab (the one in yellow on the attached image).

The missing certificate has the FQDN name (hostname.domain.com).

Does anyone know if this is something we can ignore and then apply our actions in production or if there's anything to do to recreate that on the new server ?

I tried to export that certificate but I can't export the private key with it so it is useless.
I also noticed that this certificate appears in the certificate manager.

Pulling Roles and Features from 2003 Servers

October 15, 2019, 1:36 am
$
0
0

Hello Guys,

We are in a plan to get rid of all our 2003 Domain Controllers.

For that we are trying to pull all the roles and scheduled jobs in the 2003 servers.

Any way to get the information?

I tried the below command and had no luck.

Get-WindowsFeature | where {$_.installed -eq $true} | select displayname, name, installed

Thank you very much in advance.

Regards, Prasad



After DC migration can't create new GPOs (2008 R2 -> 2019)

September 23, 2019, 7:50 am
$
0
0

I just completed migrating our old Windows 2008 R2 DCs to Windows 2019 DCs following the various guides online.

  • We had 2 Win 2008 R2 DCs
  • We installed and added two new Windows 2019 servers we promoted to be additional DCs
  • All 4 systems have DoD STIG GPOs applied for compliance
  • Let them coexist for a month to make sure everything was happy validating services were working as expected (DNS, sysvol replication, making and editing GPOs)
  • Moved the first FSMO roles from oldAD2 to newAD1 (PDC)
  • Moved the next 2 FSMO roles from oldAD1 to newAD1 (RID, Infrastructure)
  • Moved the next 2 FSMO roles from oldAD1 to newAD1 (Schema and Domain Naming) 
  • Demoted oldAD2
  • Discovered I could no longer make new GPOs with the domain running on newAD1, I also cannot restore a GPO either.  Edits to GPOs are possible and replicated
  • All other domain functionality is working as expected

When I try to make a new GPO from the GPM tool I get the error of "The specified server cannot perform the requested operations." 

When I try the PS command New-GPO I get the error "The specified server cannot perform the requested operation. (Exception from HRESULT: 0x8007003A)."

When I try to restore a GPO I do get a semi more useful error but when .

[Error] The task cannot be completed. There was an error with extension [Registry]. 
The file [\\newAD1.MyDomain\sysvol\MyDomain\Policies\{038D524D-076D-4323-B0D4-BF3E3D0DCA4B}\Machine\registry.pol] cannot be accessed. 
The following error occurred:The specified server cannot perform the requested operation.

I went looking trying to find any logs explaining why but so far I've found nothing.

  • Windows Event Logs show no warnings or errors after each attempt (Application, System, DFS Replication, Directory Service, DNS Server, Windows->GroupPolicy)
  • repadmin /showrepl shows all replication is successful
  • DCDIAG /V /C /D /E /s:newAD1 (& newAD2) show everything passed with no fails
  • Process Monitor looking for Access Denied but nothing relevant
  • sysvol share exists and can be accessed from each DC and systems in the domain

I've tried the following to resolve this with no success.

  • Made sure all ADMX files were up to date
  • GPM -> Group Policy Objects -> Delegation -> add my DA account

I did try the following and I feel like it might be related but I'm not sure how to resolve it.  I UNCd to \\newAD1.MyDomain\sysvol\MyDomain\Policies from newAD1 like the backup command was trying to do and attempted to make a new folder but was denied.  I checked the permissions on the C:\Windows\SYSVOL\sysvol share.

  • Everyone (read)
  • Authenticated Users (Full)
  • Administrators (Full)

So I then checked the ACLs on the C:\Windows\SYSVOL\sysvol folder.

  • Creator Owner (Special)
  • Authenticated Users (Read)
  • System (Full)
  • Administrators (Special = Everything but Delete)
  • Server Operators (Read)

I then went to C:\Windows\SYSVOL\domain and looked at the ACLs on the Policies folder.

  • Creator Owner (Special)
  • Authenticated Users (Read)
  • System (Full)
  • Domain Admins (Read + Write)
  • Group Policy Creator Owners (Read + Write)
  • Administrators (Full)
  • Server Operators (Read)

I then went to a specific GPO that when I try to restore it I get denied.  C:\Windows\SYSVOL\domain\Policies\{35B12A72-F28D-49E9-8B51-90C72F654790}

  • Creator Owner (Special)
  • Authenticated Users (Read)
  • System (Full)
  • Domain Admins (Full)
  • Enterprise Admins (Full)
  • ENTERPRISE DOMAIN CONTROLLERS (Read)

I ran Process Monitor looking for ACCESS DENIED but if it's doing them over the network to itself I don't think network denies show in it.  The date on the folder of the GPO gets updated to that time I try to edit but the restore itself errors.

Systems Administrator Senior - University of Central Florida


How can we clear user’s Manager field in Active directory through attributes?

October 15, 2019, 11:53 pm
$
0
0

hi team,

I am not able to clear the user’s manager field in Active Directory, is there any attribute for that?

Thanks in Advance…!

Search

AD LDS Clone

October 16, 2019, 1:04 am
$
0
0

Hello,

We have a LDS partition replicated between 8 servers based on Windows 2008 R2 to support an application.

Now, we need to upgrade that application and we want to build a test environment with real data. For that purpose, we think an approach would be clone the original partition into a new server.

We've followed the backup / restore procedure and works fine but the servers, sites and replication configuration was also copied so now is trying to locate the original 8 servers.

There is an option to remove metadata information for those servers:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732014(v=ws.10)?redirectedfrom=MSDN

But not sure if this will impact at some point the original servers.

What would be the best approach to set up and independent clone of the production instance? Or would it be better to export / import data with LDIFDE?

Thanks,

Regards.

Unable to delete an user object.

October 9, 2019, 11:23 am
$
0
0

Hello, 

I am trying to delete an user object in AD and I get this error

After some investigation, I see there are Active Sync sub objects being associated to the user object I want to delete. 

Please advise if I go ahead to click YES to delete the object, will that cause any problem?

Thanks. 


Create a GPO and bind powershell script to it

October 11, 2019, 7:05 am
$
0
0

Hi Team,

Recently we had an virus attack on one of the server in the domain. We had to turn off the machine and disable the network. It was a Domain Controller. Now the security team wants us to run a powershell script through GPO on the domain to check whether the malware is present on any workstations, computers or servers in the domain. I tried creating a GPO by running scheduled tasks under computer preferences and mapping to the server OU but no result.

Script is stored in the shared location and output to be stored at same place.

Could any one please suggest a way to create a GPO with the required settings to run on all the machines to look out for the file? 

Upgrade from AD DS 2008 to 2016, forest and domain level impact

October 11, 2019, 12:48 pm
$
0
0

I'm upgrading the current Active Directory from 2008 R2 to 2016.

The current Forest and domain level is 2008 R2.

As soon I will have all the Domain Controller at 2016, having still some 2003 and 2008 R2 member server, which will be the appropriate Forest and Domain level that I should Raise?

Can I move directly to Forest and domain level 2016, or will be better to keep a more conscious approach just more to 2012 R2 at least at the beginning.

Kind regards

Andrea

Change Domain user's password from outside the domain

October 16, 2019, 2:03 am
$
0
0

Hi,

I am looking for a solution for the following use case:

A person has remote access to a domain (VPN), but his PC has not joined any domains at all. The person should be able to change his own domain user's password. Normally, this can be done usinc Ctrl+Alt+Delete and then changing the Domain\User first to the user whose password should be changed. Acces to a domain Controller can be provided via the VPN.

But, the user does not have a Change password option on his computer. I googled it, it seems that this depends on the type of user used for login. On Windows 10 (only), when logged in using a Microsoft account, the option is never available Independent of how the group policy is set.

I did not find any other way how this user can change his password in the "foreign" domain. Everything seems to only work in the own Domain (when you are already logged in to Windows using a domain user, which is not the case), local users or the user you are logged in with. None of these applies.

So, is there some other way for this user to change his password I missed? Or some way to get the Change password Option back without changing the way the user logs in to his own Computer?

Thank you,

Felix Alter, SOLUTIONS GmbH

Botched migration from FRS - DFRS

October 13, 2019, 9:38 am
$
0
0

Server 2012 r2 standard ADDS Only DC had a vm dc, but it got hosed from a cluster failure. (another story)

The process hung. I waited over night. Still hung. Re ran adds cleanup, and found an old dc that was hunting me. deleted it.

Tried again same result. Since it was the only dc ( I read the warning about no turning back.) I pushed throuh the eliminated state.

Result: The SYSVOL_DFSR was created, but nothing in it. Looking at ADSIEdit the DC is still pointing to the original SYSVOL folder. When the login problems started, I found the DFSR services was running, and the FRS service was disabled. I reversed this and authentication started working again.

What a pickle I brought up two new DC's and the are both Windows 2016 OS. The information in AD DS is being replicated to the two new servers, but in spite of moving all of the roles to what was supposed to be the new PDC if the old PDC is not on line AD DS breaks. If I add a new user, change a password on any DC it takes effect on all 3. I did notice however I cannot edit a GPO on the other DC's, not even the new PDC.

What can I do to straighten this out. I can redo the two new DC's, but if I bring them down how can I get the old dc to move to DSFR? How might I get any one of the DC's to function as the PDC? I'm trying to do this without having to completely rebuild Active Directory from scratch.

Kerry M. Guillory

Distribution of FSMO Roles

October 13, 2019, 8:45 pm
$
0
0

Hi All,

I would like to seek for your expertise regarding our FSMO Roles. What would be the best setup and who will be the holder/s of this FSMO roles considering our below current setup.

 - We have 2 physical office sites ( Site A and Site B)

 - We have 2 domain controller each site ( DC1, DC2 on Site A and DC3, DC4 on Site B)

 - Currently all FSMO roles are assigned to DC1 

 - Both sites are operational and has workstations

Search

Operate Child Domain Independently for Sustained Periods

October 7, 2019, 12:41 pm
$
0
0

Network/telecom engineer here, barely fluent in AD.

Our customer's environment features a domain with 20+ sites.  My team is integrating three mobile datacenters that can be moved around on a truck, similar to those used in police, disaster recovery, or energy exploration applications.  Each mobile datacenter, which I'll call MD, includes a domain controller (Server 2016), an Exchange Server 2016, and an array of application servers, and end-user devices.

The MDs are connected to the parent network via microwave or SATCOM links.  Since link availability is often subject to terrain and other factors, AD and Exchange will be required to function within the site when there is no link available.  This means when the link is down, MD users must still be able to log into clients, send emails to other users, and utilize NTFS-based file sharing.  When the link to the network is re-established, AD should replicate, and Exchange should send any queued messages.

Presently, each MD is in its own child domain.  Everything is working correctly when the link to the parent domain is up.  When the link goes down, all MD site assets are still able to communicate with each other - as expected.

The problem scenario is when the servers in the MCs are booted up from a cold start, as they would be after transport, AD presents the following of error and warning events:

<domain controller>5719ErrorNETLOGONSystem10/7/2019 7:14:41 PM
<domain controller>1129ErrorMicrosoft-Windows-GroupPolicySystem10/7/2019 7:14:12 PM
<domain controller>10154WarningMicrosoft-Windows-Windows Remote ManagementSystem10/7/2019 7:14:10 PM
<domain controller>7039WarningMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:13:59 PM
<domain controller>1014WarningMicrosoft-Windows-DNS Client EventsSystem10/7/2019 7:13:42 PM
<domain controller>1014WarningMicrosoft-Windows-DNS Client EventsSystem10/7/2019 7:13:42 PM
<domain controller>10016ErrorMicrosoft-Windows-DistributedCOMSystem10/7/2019 7:12:15 PM
<domain controller>1008ErrorMicrosoft-Windows-PerflibApplication10/7/2019 3:32:24 PM
<domain controller>5ErrorMicrosoft-Windows-Security-KerberosSystem10/7/2019 1:02:36 PM

DCDIAG.exe output is below:

C:\Users\user>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = <server>
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: <domain\server>
      Starting test: Connectivity
         An error that is usually temporary occurred during DNS host lookup. Please try again later.
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... <server> failed test Connectivity

Doing primary tests

   Testing server: <domain\server>
      Skipping all tests, because server <server> is not responding to directory service requests.


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : <domain>
      Starting test: CheckSDRefDom
         ......................... <domain> passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... <domain> passed test CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running enterprise tests on : <domain>
      Starting test: LocatorCheck
         ......................... <domain> passed test LocatorCheck
      Starting test: Intersite
         ......................... <domain> passed test Intersite


The Exchange server has 14 services that will not start, and also has a list of warning/error events:

<Exchange Server>1015ErrorMSExchangeDiagnosticsApplication10/7/2019 7:23:30 PM
<Exchange Server>10010ErrorMicrosoft-Windows-DistributedCOMSystem10/7/2019 7:22:23 PM
<Exchange Server>2142ErrorMSExchangeADTopologyApplication10/7/2019 7:22:22 PM
<Exchange Server>4999ErrorMSExchange CommonApplication10/7/2019 7:22:12 PM
<Exchange Server>4999ErrorMSExchange CommonApplication10/7/2019 7:21:57 PM
<Exchange Server>4999ErrorMSExchange CommonApplication10/7/2019 7:21:57 PM
<Exchange Server>1693WarningMSExchange Unified MessagingApplication10/7/2019 7:21:57 PM
<Exchange Server>4999ErrorMSExchange CommonApplication10/7/2019 7:21:57 PM
<Exchange Server>4999ErrorMSExchange CommonApplication10/7/2019 7:21:57 PM
<Exchange Server>1031ErrorMSExchangeSubmissionApplication10/7/2019 7:21:57 PM
<Exchange Server>4999ErrorMSExchange CommonApplication10/7/2019 7:21:57 PM
<Exchange Server>4999ErrorMSExchange CommonApplication10/7/2019 7:21:57 PM
<Exchange Server>4096ErrorMSExchangeReplApplication10/7/2019 7:21:39 PM
<Exchange Server>2155ErrorMSExchangeReplApplication10/7/2019 7:21:39 PM
<Exchange Server>7023ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:20:59 PM
<Exchange Server>1023ErrorMSExchangeISApplication10/7/2019 7:20:59 PM
<Exchange Server>7005ErrorMSExchangeTransportLogSearchApplication10/7/2019 7:20:59 PM
<Exchange Server>2001ErrorFiltering ADConnectorApplication10/7/2019 7:20:59 PM
<Exchange Server>10007ErrorMSExchange Mid-Tier StorageApplication10/7/2019 7:20:59 PM
<Exchange Server>16019WarningMSExchangeTransportDeliveryApplication10/7/2019 7:20:59 PM
<Exchange Server>16019WarningMSExchangeTransportSearchApplication10/7/2019 7:20:59 PM
<Exchange Server>16019WarningMSExchangeFrontEndTransportApplication10/7/2019 7:20:59 PM
<Exchange Server>1045WarningMSExchange EdgeSyncApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>1070ErrorMSExchange EdgeSyncApplication10/7/2019 7:20:59 PM
<Exchange Server>4127ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>2031ErrorFiltering ADConnectorApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>2060ErrorFiltering ADConnectorApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>2142ErrorMSExchangeADTopologyApplication10/7/2019 7:20:59 PM
<Exchange Server>2120ErrorMSExchange ADAccessApplication10/7/2019 7:20:59 PM
<Exchange Server>6027ErrorMicrosoft-Filtering-FIPFSApplication10/7/2019 7:20:23 PM
<Exchange Server>10010ErrorMicrosoft-Windows-DistributedCOMSystem10/7/2019 7:20:23 PM
<Exchange Server>2104ErrorMSExchangeADTopologyApplication10/7/2019 7:19:59 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:19:22 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:19:22 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:19:22 PM
<Exchange Server>4027ErrorMSExchange ADAccessApplication10/7/2019 7:19:22 PM
<Exchange Server>2501ErrorMSExchange ADAccessApplication10/7/2019 7:18:58 PM
<Exchange Server>4999ErrorMSExchange CommonApplication10/7/2019 7:18:57 PM
<Exchange Server>1028ErrorMSExchangeRPCApplication10/7/2019 7:18:57 PM
<Exchange Server>24WarningMicrosoft-Windows-Time-ServiceSystem10/7/2019 7:18:30 PM
<Exchange Server>10010ErrorMicrosoft-Windows-DistributedCOMSystem10/7/2019 7:18:23 PM
<Exchange Server>1015ErrorMSExchangeDiagnosticsApplication10/7/2019 7:18:18 PM
<Exchange Server>10154WarningMicrosoft-Windows-Windows Remote ManagementSystem10/7/2019 7:18:08 PM
<Exchange Server>1032ErrorMSExchangeDiagnosticsApplication10/7/2019 7:18:06 PM
<Exchange Server>1015ErrorMSExchangeDiagnosticsApplication10/7/2019 7:18:06 PM
<Exchange Server>1015ErrorMSExchangeDiagnosticsApplication10/7/2019 7:18:06 PM
<Exchange Server>1012ErrorMSExchangeDiagnosticsApplication10/7/2019 7:17:43 PM
<Exchange Server>1002ErrorMSExchangeThrottlingApplication10/7/2019 7:17:27 PM
<Exchange Server>7000ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:17:26 PM
<Exchange Server>7009ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:17:26 PM
<Exchange Server>2142ErrorMSExchangeADTopologyApplication10/7/2019 7:17:22 PM
<Exchange Server>7010WarningMSExchangeFrontEndTransportApplication10/7/2019 7:17:13 PM
<Exchange Server>7010WarningMSExchangeTransportDeliveryApplication10/7/2019 7:17:13 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>7022ErrorMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:16:56 PM
<Exchange Server>10010ErrorMicrosoft-Windows-DistributedCOMSystem10/7/2019 7:16:23 PM
<Exchange Server>134WarningMicrosoft-Windows-Time-ServiceSystem10/7/2019 7:14:46 PM
<Exchange Server>134WarningMicrosoft-Windows-Time-ServiceSystem10/7/2019 7:14:46 PM
<Exchange Server>134WarningMicrosoft-Windows-Time-ServiceSystem10/7/2019 7:14:42 PM
<Exchange Server>1014WarningMicrosoft-Windows-DNS Client EventsSystem10/7/2019 7:14:41 PM
<Exchange Server>8016WarningMicrosoft-Windows-DNS Client EventsSystem10/7/2019 7:14:34 PM
<Exchange Server>1129ErrorMicrosoft-Windows-GroupPolicySystem10/7/2019 7:14:33 PM
<Exchange Server>129WarningMicrosoft-Windows-Time-ServiceSystem10/7/2019 7:14:33 PM
<Exchange Server>5719ErrorNETLOGONSystem10/7/2019 7:14:33 PM
<Exchange Server>1014WarningMicrosoft-Windows-DNS Client EventsSystem10/7/2019 7:14:32 PM
<Exchange Server>7039WarningMicrosoft-Windows-Service Control ManagerSystem10/7/2019 7:14:21 PM
<Exchange Server>10149WarningMicrosoft-Windows-Windows Remote ManagementSystem10/7/2019 7:13:01 PM
<Exchange Server>6003ErrorMSExchange SACL WatcherApplication10/7/2019 7:13:00 PM
<Exchange Server>10016ErrorMicrosoft-Windows-DistributedCOMSystem10/7/2019 7:13:00 PM
<Exchange Server>5719ErrorNETLOGONSystem10/7/2019 7:12:51 PM
<Exchange Server>1015ErrorMSExchangeDiagnosticsApplication10/7/2019 7:12:06 PM


 When I bring the link back up, within seconds the problems resolve themselves on both servers and they begin running normally.
 
 Is there any way to cause AD/Exchange in a child domain to start up normally with no connection to parent network?

"Locked for editing..." by a generic username, not the named user

October 1, 2019, 8:14 am
$
0
0

Hi,

Following on from my thread here: https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_domains-mso_o365b/locked-for-editing-by-a-generic-username-not-the/b71cf68d-1bbf-47e5-a3c2-e6d449c965b2?messageId=674853fc-ae11-4b2a-adeb-dc2d1ac2a2e1

It was suggested that I post in here as it could be an AD issue.

Essentially we have a scenario where we have Users who are unable to see who is locked to a file that is being used on a network share. The file is locked for editing by 'Staff/Research Student' rather than the specific Username of the person.

The department used to have Windows 7 and Office 2010, which was never an issue - when the file was open, it would identify by username who it was locked too.

They have since been updated to Windows 10 and Office365 and now they're presented with the above, more generic option.

I am wondering if anyone has seen this prior and whether anyone may have any advice.

Thanks.

SID WorkArround for Folder Redirection in AD migration

October 8, 2019, 10:40 am
$
0
0

Hey Guys, Any workarround for SID Migration?  I need that users from a new domain be able to access resources such as their redirected folders that are still in the old domain file server.

Note. we are not migrating Users, they are created already in the new Domain.

Note. We cant disable SID history filtering in the target Domain since my department was just delegated an OU specificly for us but this OU doenst include Users .

Domain Controller AD

October 16, 2019, 3:03 am
$
0
0

Hi,

I recently configured domain controller.

I my previous company to join the client PC to the domain then we need to add the IP address of the server in client DNS. Then only it will connect with the server. But in some companies I have noticed, PC will join with the domain without adding the server IP address in client DNS. I come to know that we need to do DNS Role.. 

Can any one please help me?

Existing Setup..

Domain Controller IP: 192.168.100.xxx and one more server is also in that range.

Client PC IP Range: 192.168.110.xxx

Thank you



How Mobile Users can Authenticate with AD while connected to Private Internet.

October 16, 2019, 4:02 am
$
0
0

Hello, 

I am currently working on a project. Please does anyone know How Mobile Users can Authenticate with AD while connected to Private Internet. 

Kindly provide me with the solutions. 

Thank you


Iniobong Nkanga

Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>