dear. can any one help to join Linux machine in windows domain. I need help. I searched in google, all documents not clear at all.
↧
Linux machine join in domain
↧
Log on GPO
We are is process of migrate 15000 computers from one domain to another using Quest migration tool. everyday we are planning X number of users in remote sites. based on our email the user logoff the computer for migration .Our challenge is that post migration, many times users waiting for our confirmation and not logon to the comupter. We are willing to display a logon screen prior the user press Ctrl+Alt+Delete that we have to show the users that the system has migrated to new domain and they can logon to the system.
Can it be possible using GPO?
Thanks and Regards,
Hariharan
↧
↧
tobmstone Life cycle
Hi,
I am Yogesh Rai. Can you explain about tombstone life cycle for each Windows Server from beginning to Server 2019?
↧
How to make Secondary domain controller to Primary domain controller?
Dear Team,
I have Primary domain controller 2003 and Secondary domain controller is 2008 R2.
Need your help to make 2008 R2 secondary AD to primary and removed the 2003.
Please help me to proceed further.
SUNIL PATEL SYSTEM ADMINISTRATOR
↧
Group MSA DNS host name
Group Managed Service Accounts have been implemented in the domain. The gMSAs are running various SQL services on a number of servers but these are not in a SQL farm or cluster. This is OK but on closer investigation, the gMSAs have been given a DNS Host name of the domain controller which hold all roles. (This is a very small shop, only 40 servers)
Is this a security hole? I've done a lot with AD in the past and domain controllers were to be protected at all costs but this seems bad to me.
Any detailed explanations gratefully accepted.
Christopher
↧
↧
Active Directory Server performance monitors
Hello,
We have setup up a DC monitoring software from ManageEngine & would like to set AD performance monitoring parameters & their threshold values, is there a link from Microsoft which gives the default threshold values of the counters?
the monitors we have are trying to find the defaults
LDAP Active Threads
LDAP Bind Time
LDAP Client Sessions
CPU Utilization
Disk Utilization
Memory Utilization
OS Processor Queue Length
Replication Objects Applied
Replication Objects Remaining
LSASS Process
LSASS CPU Usage
LSASS Handle Count
LSASS Process File Reads
LSASS Process File Writes
LSASS Process Memory
DS Client Binds
DS Server Binds
Directory Reads
Directory Writes
Kerberos Authentications
LDAP Searches
LDAP UDP operations
LDAP Writes
NTLM Authentications
Replication (Total) Objects In
Replication (Total) Objects Out
Replication Traffic In
Replication Traffic Out
↧
HOW do you assign these permissions to an account using group policy?
Hi,
An active directory account needs the permissions below applying via group policy but they are NOT in the list of permissions under user rights assignment - so HOW do you assign these permissions below via Group Policy?
These are not under user rights assignment:
- Permission to start SQL Writer
- Permission to read the Event Log service
- Permission to read the Remote Procedure Call service
↧
Hide child domains
I'm building a setup with a root forest with child domains. Every child domain will be a seperate customer domain. Is it possible that when a users searches for example printers they only see their own child domain? Now when
I click on search for printers in active directory I see the whole root domain and all the child domains. I want to hide this so people don't see the names of the other child domains.
↧
How to open a case to Microsoft for DFRS issie?
I am trying to select the right category in selecting the DFSR issue but seems like there is no category for DFSR.
↧
↧
Active directory reports
Hi
i need free full funciton AD reporting tool i am using 30days trial ADManger plus
any one knows any microsoft tool are available for detailed reporting
I used CSVDE it's giving more details i dont know how to filter that and whencrated, whendeleted timings also not showing properly
kindly help me
Thanks
↧
Active directory report generation
Hi all,
if we do any modification on active directory objects report should be generated .is there any script to do this task.
↧
VM DC with PDC role. Clients time is delayed 4minutes.
Hi all,
Requesting assistance on my current setup.i have implented a vm domain controller and i am having problems on the time syncing of my clients.they are 4 minutes delayed and upon checking my ad time dource is the hyper v host.any idea what is the best setup to folloe time.windows,also if you can help me step by step
Thank you!
↧
Outlook Encrypt Error (CA change?)
So there is a lot here. Let me start with my direct current issue; My user is in Outlook 2016 using O365 in the cloud (mixed mode) and when he selects the options>encrypt>>then SEND he receives the following error;
Error: "Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities."
Before this, he got a different error, that was solved by going to the certificate manager on his local computer, and requesting a 'user' cert.
The REAL issue is that I am almost certain this is effecting all 200+ users I have, and I DO NOT want to go around to each and every one and have them all request a new certificate.
Additional notes;
- This used to work no user actions required. I suspect the problem began when the old root CA was migrated and then turned off.
- I had to "push" the new root CA through a GPO
- The new root CA appears to be working, as if I request a cert, I get it, and it works.
BlankMonkey
↧
↧
Migrating a Certification Authority to a new server with a jailbroken Certificate and Private Key.
<form action="https://www.reddit.com/r/activedirectory/comments/dz4hf5/migrating_a_certification_authority_to_a_new/?st=k37icx9o&sh=19d9a2f0#" class="usertext warn-on-unload" id="form-t3_dz4hf5bs0" style="margin:0px;padding:0px;font-size:small;"></form>
I need to upgrade our domain controllers to Windows 2012 R2 and move the root CA. The Certification Authority is running on a Windows 2008 R2 Domain Controller. The Root CA is not exportable so running a backup on the Certification Authority is not possible. I read that a jailbreak will allow me to export the CA with the private key. The 2008R2 DC/CA is a physical machine, which I’ve made into a virtual machine. This VM I’ve kept offline. I was able to use the jailbreak on the CA and exported the Cert/Pri Key. I then deleted the Cert and imported back with the jailbroken cert and key. This then allowed me to successful run a backup on the CA. I then made a backup of the registry keys. On another test machine I was able to successful restore the CA. So it seems to have worked.
My question is can I trust my backup and restore?
I’m hoping that from here I will remove the CA role and demote the domain controller. I will then bring up a new 2012 R2 domain controller using the same name. After installing the Certification Authority role, I will run the restore. Does anyone see a problem with this? In the future I want to move to a standalone / subordinate. However we have lots of Remote Direct Access clients that use the existing certificate. They will need to be updated. I do not want to break anything before the holidays. My Immediate need is to get ride of the 2008R2 DC. This might cause my extra work in the future, but that’s OK. Any suggestions?
↧
DC have 2 IP, one IP can used to join domain but the other one cannot
Hi,
I have a Windows 2016 domain controller assigned 2 IP (A & B). We found that if client machine use IP A for the DNS server, it can join domain. If use IP B for the DNS, it cannot join domain. Both IP can resolve to the DC correctly.
Any idea?
Thanks and Regards
Chong
↧
I need Firewall blocks all IP's access
Hello, I need to connect two local networks through Windows Server, (192.168.150.xxx and 192.168.10.xxx) and I just want the clients whit IP 192.168.10.xxx send data packets to 192.168.150.xxx if I give then the permissions, I have configured the DNS and the Remote Access whit NAT but I understand this is only used when I require internet access (That is not my case) I have tried the access filter whit Firewall and created a new rule restricting all accesses, but Firewall only blocks the internet access and still allows me to connect to the local IP devices. Anyone knows what should I do to restrict the access to any IP either internet or local, regardless of whether the client is within the same domain as the Server?
ricval
↧
profile last several minutes to load using remote desktop
Hi to All,
I am doing remote desktop to a Windows 2016 server. After I successfully logon in the credentials window, my profile takes a while to load.
What troubleshooting do you recommend me to do?
Warm regards MeVs
↧
↧
ADFS 2.0 support in Windows Server 2012
We are planning upgrade active directory from 2008 to 2012. One of our application running with ADFS 2.0 at server 2008
Will there be any impact on migrating to forest level from 2008 to 2012 ?
↧
AD Migration Strategy
One of my customer has recently bought another company and plans to migrate there Domains into there own AD. The source and target has single forest multi domain AD structure. We want to take this opportunity to simplify the AD structure by reducing as much domains possible without impacting the end user experience and of course with zero downtime.
I am proposing them with with flat structure of going with single forest/single domain for ease of management, create OUs to accommodate child domains and apply password policies etc at the OU level (it is Windows Server 2008 R2).
I am reaching to larger community here, if there is any best practice document/blog available which can help me in this scenario mentioning all benefits of single forest/domain structure. or may be any best practice document for mergers and acquisitions scenario what I have mentioned above.
Thanks
↧
how to create new user ldap active directory
I am new for active directory. I am using windows server 2012 and I want create new users for ldap Active directory.
so, How to create new user in the ldap active directory. please help
↧