Hi.
I need restructure Active Directory from one domain to two unrelated domains in different forests.
Now i have 2 domain controller on Windows Server 2012.
I want to use new domain in functional level forest Windows 2012R2 or high. Maybe forest level Windows 2019.
How i can migrate all object from current domain to new domain using ADMT, given my need??
Which operating system should I use for the domain controller of the new domain with functional forest level Windows 2019?
Hi,
I have one domain admin account that was created long time ago for some specific task...
No one doesn't remember what it served for. Sure I can disable it and wait what will pop up...
But may be there is a script that can help to find where the account was logged in last time.
Thx.
--- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis
Hello Folks,
Is event ID 1119 which says a domain controller is now a Global Catalog after promoting the server to domain controller in 2K8R2, is this event replaced by any other event in Windows 2016,I couldn't see it under directory service after promoting the server to DC in 2K16 whereas i could see the server is Global Catalog Ready and there is event 1394.
Regards,
Aatif
Regards, Aatif Kungle
Server 2016
output of typeperf -qx NTDS produces
Error:
The specified object was not found on the computer.
ran through this article..
All the commands seem to be successful, our monitoring (datadog) can see drive, network info.. but cannot see Active Directory counters on one server.
Any suggestions beyond this article for AD performance counters specifically?
hi all ,
currently we are trying to bring new active directory , the situation is this
we three active servers ( two windows 2012 and one windows 2008 ) the primary server that have all the roles is the 2012 server now . we have issue with this primary one the sysvol file got a virus and re recover the from the backup .
now when trying to add new AD to our environment we are facing the below error :
Verification of prerequisites for Active Directory preparation failed. Unable to connect to the replication source domain controller ad03.domain.com..
Exception: A directory service error has occurred
Verification of prerequisites for Domain Controller promotion failed. Failed to examine the Active Directory forest. The error was: The operation cannot continue because LDAP connect/bind operation failed: error: 1326 (The user name or password is incorrect.).
any suggestion ?
dears,
i have 2 dcs running 2016.
i upgraded on of them to 2019, demoted one dc 2016. And switched the ips of the 2016 demoted one to the newly created 2019.
and registered the dns. i also cleaned the old dns records poiting to the demoted old dc
im receiving the event id 2087 on my new domain controller:
Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups group policy users and computers and their passwords will be inconsistent between domain controllers until this error is resolved potentially affecting logon authentication and access to network resources.
any idea why is this happening?
Hi,
Following on from my thread here: https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_domains-mso_o365b/locked-for-editing-by-a-generic-username-not-the/b71cf68d-1bbf-47e5-a3c2-e6d449c965b2?messageId=674853fc-ae11-4b2a-adeb-dc2d1ac2a2e1
It was suggested that I post in here as it could be an AD issue.
Essentially we have a scenario where we have Users who are unable to see who is locked to a file that is being used on a network share. The file is locked for editing by 'Staff/Research Student' rather than the specific Username of the person.
The department used to have Windows 7 and Office 2010, which was never an issue - when the file was open, it would identify by username who it was locked too.
They have since been updated to Windows 10 and Office365 and now they're presented with the above, more generic option.
I am wondering if anyone has seen this prior and whether anyone may have any advice.
Thanks.
Hello,
I am learning about AD DS and I have a following question.
I understand that:
AD DS has these partitions:
a) Schema, b) configuration, c) domain, d) application (e.g. DNS)
Only DC which holds Schema FSMO role has RW copy of Schema partition, other DCs have RO copy of Schema partition
every DC in the forest has RW copy of configuration partition
every DC from the concrete domain has RW copy of domain partition
application partition can be set up with different scope (domain, forest)
Do I understand it right?
Then my question is about replication If:
I have two domains in the forest: domain1 and domain2
I have four sites in the forest: Site1, Site2, Site3, Site4
In the Site1 there are two DCs (DC1 and DC2) from domain1
In the Site2 there are two DCs (DC3 and DC4) from domain1
In the Site3 there are two DCs (DC5 and DC6) from domain2
In the Site4 there are two DCs (DC7 and DC8) from domain2
In AD Sites and services replication between Site1 and Site2 will be:
Site1 - Intrasite replication between DC1 and DC2 is set up automatically
Site1 - There will be automatically chosen Bridgehead server
Site2 - Intrasite replication between DC3 and DC4 is set up automatically
Site2- There will be automatically chosen Bridgehead server
Then I will create Site link between Site 1 and Site 2 (I know that I also have to configure subnets for sites)
In AD Sites and services replication between Site3 and Site4 will be:
Site3 - Intrasite replication between DC5 and DC6 is set up automatically
Site3 - There will be automatically chosen Bridgehead server
Site4 - Intrasite replication between DC7 and DC8 is set up automatically
Site4- There will be automatically chosen Bridgehead server
Then I will create Site link between Site 3 and Site 4 (I know that I also have to configure subnets for sites)
Finally my question is: Do I have to set up replication (site link) between Site1, Site2 where are DCs from domain1 and Site3 and Site4 where are Dcs from domain2 If there are domain controllers from different domains?From my understanding I do not have to do that in order to make sure that other partitions (schema, configuration and application) will be replicated to DCs in different domain, am I right?
I am just learning and trying to understand AD replication topology, I will be glad for explanation.
Thank you.
Dear Team,
I want to do ad replication on daily bases and generate the report for audit prospective.
Domain controller not getting populated in site and services.
I just built a new Domain controller, but this is not getting populated in site and services - please can someone let me know how to fix this or can be added manually ?
if i add it manually then NTDS settings are not visible.
Paramesh KA
Hi All,
I have created a script which runs DCDIAG and Repadmin which produces output from all Domain Controllers on the Domain. However, I have a few failures on some DC's which I have not troubleshot before.
The failures I have are MachineAccount, Netlogons, Replications, Services, System Log. I know the issue with the MachineAccount which is the fact that the Domain Controllers are not in the built in OU in AD but live outside.
The question is are there any trouble shooting tools which I can use give the failures above?
Any help or guidance would be appreciated.
Regards.
Hi all
I need to find all the computers based on sites. Is there any way to do that using sites and services for example..?
Thanks
Hello,
I have adopted a Sever 2003 AD environment at work which every now and then has Trust relationship issues when logging on.
Normally i would remove the server from the domain, restart and add back to the domain.
When i try to do this i get the error Logon Failure : the target name is incorrect.
When i look at the event viewer on the the primary DC (DC001) it shows Event ID 2042 It has been too long since this machine last replicated with the named source machine.
I am told that this machine died a while ago and was some how brought back to life after several days and re-added to
the domain which seems to be when the
replication issues started.
My plan was to seize the FSMO to the secondary DC (DC002) and demote the primary DC (DC001) the only issue is when i look in sites and services we only
have 1 Global Catalog (DC001) can i make the secondary DC a global Catalog even though the original GC is having problems.
Any help would be greatly appreciated!!
I posted this question in File Services and Storage and i was advised to post it here aswell.
I have a weird issue where i can't copy files or folders to shared folders on our Windows Server 2019 DC from my Windows 10 1903 workstation.
When i try to copy files or folders into the shared folder on the 2019 DC it just hangs until i get a message about missing network connection to the shared folder.
I have also noticed that File Explorer takes some time to show the drives on the DC locally while the copying job is active
However, when i copy something from our other servers (2008r2 and 2012r2) to the 2019 DC there is no problem at all. Also when i copy from the W10 workstation to the other servers there are no issues...
I have tried making new test-shares with full read/write access for everyone and also for my user specifically.
I also tried making a shared folder directly on the Hyper-V host and i get the same problem.
The 2019 DC is a VM in Hyper-V with failover cluster.
The physical machine is a Lenovo SR530 with Server 2019.
Seems to me that something is up with the communication when it comes to W10 and Server 2019...
Any help would be greatly appreciated!
Hi all,
We have 2 servers in one "sites and services site" at the core and 48 services in their own "Sites and services site" at distributed sites. If a user authenticates at the remote site, does that server send information to all the other server? Specifically the 2 that we have in the core? If it does roll up, is it instant or does it happen with AD sync?
Example, a user logs in at site 3 on DC3. Does that kerberos authentication get share with CoreDC1 and CoreDC2?
Trying to see if the servers at the core have a record of all authentication or if we need to query all the other server also.
Thank you
Charles
Hi Sir,
We would like to prevent domain admin users’ credentials being abused on the devices where they log in. We are thinking of using Protected Users security group. However, there have some restrictions when put domain admin user under Protected Users security group.
Or anyone have better idea how to protect domain admin users?
Regards,
Shiro
Hello,
We've recently purchased 2 new servers with WS 2019 Standard. We need to migrate the data, and directories from our current servers (WS 2008) to these new ones. Our current servers are only used for Active Directory & DNS.
Does Microsoft offer a migration service like this or are there other options?
Thanks for any help.
Hi
I need to migrate 2003 server(DC) to 2019 server what is the best practice to do the same.
Thanks