Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

AD Replication not working between all DC

April 9, 2020, 1:25 am
$
0
0

Hello Expers,

We have issue with AD replication that All DC can not replicate and also sysvol and netlogon folder is not created in other DC

Sysvol and netlogon is only created to DC where FSMO roles are resides

But in this Good DC there are events of with event id :13568

The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.

 

 Replica set name is   : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"

 Replica root path is  : "c:\windows\sysvol\domain"

 Replica root volume is : "\\.\C:"

 A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.

 

And on the BAD DC where it sysvol folder is not created there are event of13508

The File Replication Service is having trouble enabling replication from CONWHOCDC01 to CONCLOPDC01 for c:\windows\sysvol\domain using the DNS name CONWHOCDC01.mydomain.com. FRS will keep retrying.

After googling it suggest that to change the registry , but I am not sure it will resolve this error and sysvol folder will be created as we have only one working good DC in enrvironemt and others have replication issues.

Please suggest and help to resolve this replication issue between DC.

Thanks

Thanks , Prakash ,Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

Search

New field in Active Directory

April 8, 2020, 10:05 am
$
0
0

Hi All,

I want add new field in users properties under

Organization tab. 

Attribute name : division

This division attribute already available attribute editor but 

I want add as division field under organization tab.

Please help.

Naming information cannot be located

April 7, 2020, 2:45 am
$
0
0

Hi TEam,

Im getting atatched error "naming information cannot be located......." in my Additional Domain controller while accessing"Active Directory users and computers".

AD Delegation Not Working

April 5, 2020, 2:32 am
$
0
0

Hello all,

I want to delegate a group of users to manage active directory users ( create users\ groups + reset password), i created a group then i delegate these permissions " through delegation wizard on OU " on OU level, but its not working. I tried to grant these permissions by right click on the required OU ten advanced then add required AD group and then i select required permissions, but still not working. So i did give these permissions on a user not group and it did work " i delegated a test user through delegation wizard and it worked, but i need to delegate these tasks to a group then i can add users to it rather than individual user(s).

Any idea why its not working for AD group.

Thank you

Active directory based activation?

April 17, 2020, 7:47 am
$
0
0
Is there any way of getting a report of how many activated devices from active directory based activation?

Jason

Delete ip subnet

April 16, 2020, 4:39 am
$
0
0

Hi,

While a go beside dfsn we have added new test site and therefore we had to configure ip subnet for both test and dfsn site. 

Now we want to delete test site and its ip subnet and i dont think there is any problem with that.

My question is: Am i going to get some problem with deleting ip subnet from dfsn? It is the only site we had from start and was working fine so we just want to go back as we had.

Regards,




Sysvol folder on domain controller does not exist

April 6, 2020, 8:57 am
$
0
0

I have few domain controllers, i just installed a new 2016 dc . When I navigate from other dc's to the new dc \\DCXX there is no folders like sysvol etc...

here is the dcdiag /q output from the new server:


How to link my active directory forest root domain to my purchased domain ?

April 8, 2020, 1:02 am
$
0
0
suppose I have a domain named  mycompany.com. and I deployed a active directory in windows server 2012 R2  whose forest root domain is  AD.mycompany.com so how can I link to my domain. I have searched so much on the web but not able to find much. Can anyone please help me with this ?

Search

Windows Server 2012 - Replication Event on Secondary Domain Controller

March 29, 2020, 12:14 pm
$
0
0
We are looking for a way to track when a user account was created/delete/changed on the secondary domain controller. When we make the change on the primary, I can see the event in the event log but we want to see that replication event on the secondary domain controller. I'm not sure what I'm looking for and we have so many logon/logoff events that the event log only holds 2-3 minutes of data before filling up. Since it takes time to replicate, I can't catch the event.


I've gone into the group policy settings for the domain controllers and turned on advanced audit for the replication service but it's really only showing me that it was able to talk to the other domain controller, not what was actually replicated.


I'm hoping there is a way that we can track the change, even if it is as simple as something like a change was made. It doesn't have to be in great detail. If maybe someone knows what event id is that I need to look for then I can filter through and find it.


Maybe I'm looking in the wrong place all together? Any help would be greatly appreciated.

Account Lockout Policy

April 27, 2020, 11:24 am
$
0
0

Current settings :-

Account Lockout Duration - 0 minutes
Account Lockout Threshold - 5 invalid login attempts
Reset account lockout counter after - 60 minutes

I understand with above settings the user will never get unlocked automatically but admins will have to unlock the account.

I'm just confused with the below statement from Reset account lockout counter after settings:-

"If Account lockout threshold is set to a number greater than zero, thisreset time must be less than or equal to the value of Account lockout duration"

As you see the reset time(60 minutes) in my settings is not less that or equal to the value of account lockout duration(0 minutes).Is that wrong or what will be the impact ?

Thanks



How simultaneity work on-premises Active Directory and Hybrid Azure AD Authentication framework for the endpoint ( Workstation login) ?

April 27, 2020, 2:20 pm
$
0
0

Hello,

I need information if Is it possible to work simultaneity on-premises Active Directory and Hybrid Azure AD Authentication framework for the endpoint ( Workstation login) ?

What are the Authentication framework for the endpoint will work e.g. Hybrid AD with Azure AD with Duo / MFA  ? 

My requirement is to achieve , When System/Laptop is trying to login for corporate network then it should use local AD DC authentication while when same device try to login from outside network then it should authenticate with hybrid Azure AD. + MFA.


You can still upgrade from Windows 7 to Windows 10 for free

April 27, 2020, 4:20 pm

Domain controller back to online after a month of data center maintenance

April 27, 2020, 9:40 pm
$
0
0

Hi,

I have a small data center due to building maintenance I power off the domain controller for 40 days.

After 40 days, I am going to bring the domain controller online. let me know what type of validation is required to be performed.

We have additional DC for authentication in other data center so there is no authentication failure at the moment.

RODC in DMZ - User Accounts can authenticate - Computer Accounts can not

April 21, 2020, 6:30 am
$
0
0

Hi everyone,

i am having a RODC in a DMZ. Useraccount Authentication works fine (IIS and RDS Gateway) - but computer authentication does not.

Our RDS Gateway works with non domain joined computers. But when i try to connect from a domain joined - it fails.

Our Software Deployment Webserver can be accessed by browser with username and password but fails with the computer account.

Is the setup just not right for this purpose or did i miss something?

I removed the global catalog from the RODC because "some applications may not work right" but this did not fix it.

Anyone can help me out?

Best regards

Stephan

<h3>Regards Stephan</h3>

Configure LDAPS TLS

April 28, 2020, 2:27 am
$
0
0

Hello,

I run into a strange scenario where an AD server requests a client certificate whenever one initiate a TLS session to reach the LDAP server.

We use hardware tokens which are pin protected. People using a specific application will get prompted for the pincode by their windows workstation each time a TLS session to the LDAP server is initiated. This looks like a normal behaviour - the server request an optional certificate, and the client uses a valid pkcs11 driver to pull a potential certificate from a token. However the users are prompted for the pincode every other minutes and it's starting to become a problem.

Is there a way to configure the LDAP server, or maybe the Schannel library responsible for this, to NOT request a client certificate?

The DCs are Windows 2012r2 servers.

Search

The import failed because the store was read only, the store was full or the store did not open

April 28, 2020, 2:43 am
$
0
0

If I am trying to import PFX or CER certificate in PERSONAL folder then I am getting error " The import failed because the store was read only, the store was full or the store did not open"

Arif

ADCS Web Server Certificates Subject Field Order

April 28, 2020, 7:46 am
$
0
0

Can someone please identify what it is in a certificate template, specifically Web Server that calls out what order the fields it the subject will appear? I am finding that my hand-crafted csr's have the E field appear first and the CN appears second. None of these certificates work, in that Chrome consistently throws an error that the Common Name does not match. As a work-around, we add the common name value to the SAN as a DNS name, but this should not be a requirement.

Thanks in advance for any assistance offerred.

Record Domain Logon Events

April 28, 2020, 8:02 am
$
0
0

Hello

I am trying to setup security event logging for our domain, specifically account logon time and from where.  I have enabled auditing of logon/logoff of a Windows 10 client and the Servers but am wondering if I missed something

I have the events for the for local logon but what about a record on the DC that "<domain account> was used to authenticate from <client machine>".

Is there such an event or do I only rely on event forwarding with auditing for local logon/logoff and other account related events? 

THanks,

Jason

Jason Munsterteiger

active directory change IP address

April 10, 2020, 1:34 pm
$
0
0

hello team , 

currently we have two domain controller  one 2008R2 ( Primary) and 2012(secondary ) and we are planning to migrate the the 2008R2 domain controller to 2012 , this primary domain has some applications that depend on it as IP address . how can we migrate this domain to new server and keep the same ip ?

appreciate your advice on such issue 

PS Script to import AD computer objects attributes from CSV to AD?

April 24, 2020, 12:29 pm
$
0
0

Hi there, I have used the following script to export AD attributes to CSV. Once I fill CSV with necessary attributes value, which script should i use to export the CSV data back to AD? Is it same with Get replaced with Set? thanks 

$Objects = Get-ADComputer -Server "1234" -SearchBase "OU=Servers,OU=xvy,DC=pqr,DC=123" -Filter * -Properties Name, company, department, managedBy, division, Description
$Results = @()
ForEach ($Object In $Objects)
{
    $Results += New-Object -Type PSObject -Property @{
        "Name" = $Object.Name
        "Company" = $Object.company
        "Department" = $Object.department
        "Division" = $Object.division
        "ManagedBy" = $Object.managedBy
"Description" = $Object.Description
    }
}
$Results | Export-Csv -Path C:\Temp\test.csv -NoTypeInformation


Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>