Hi,
We having an issue with adding a new PC to the domain. We can can't add machines to the AD.
We tried both NetBIOS name and FQDN both with the same result.
Any suggestion?
↧
issue with Domain
↧
web application connecting to DC via ldap
We have a web application in the internet and we want to use our active directory controller on-premise for authentication via ldap when logging in to the application. Can it be done? Or we need a third party software to interface between our web app and active directory since the web app is public and the DC is private?
↧
↧
ADAMSync and two Domains
Hello
I've got a working AD LDS instance on Server 2019. I should now sync two different domains, which works if I do this on the cmd.
For each domain I have a special user to sync the data. What I did not master yet, how can I automatize the synchronization, if the two usernames of the two domains are different. It seems that every time I use one of the two /install commands:
ADAMSync /install localhost:50000 c:\windows\ADAM\MS-AdamSyncConf_domainB_v2.xml /passprompt
ADAMSync /install localhost:50000 c:\windows\ADAM\MS-AdamSyncConf_domainA_v2.xml /passprompt
it will overwrite/delete the password of the user configured in the xml file. Is this correct?
All the manuals I've seen, talk about using a Batch file and run it as a scheduled task for synchronization, that would mean that I've to enter a (nearly) domain admin credential into a text file, something I don't really like. Do I miss something in the documentation here?
Thanks for help
Patrick
↧
Windows Server 2019 failing DCDIAG with Unable to start a DCOM server...
I have two Windows Server 2019 and one Windows Server 2008 R2 server in the AD. One of the 2019 servers is throwing this error when I run DCDIAG.
An error event occurred. EventID: 0x00002710
Time Generated: 06/08/2020 10:02:09
Event String: Unable to start a DCOM Server: {9C38ED61-D565-4728-AEEE-C80952F0ECDE}. The error:
......................... AQUAPDC3 failed test SystemLog
The event log has:
Unable to start a DCOM Server: {9C38ED61-D565-4728-AEEE-C80952F0ECDE}. The error:"0"
Happened while starting this command:
C:\Windows\System32\vdsldr.exe -Embedding
Event ID: 10000
The date and time of the event match with the running of DCDIAG....
I have searched for solutions, but many of the posts I find don't really match what I am getting.
The domain appears to be functioning fine, but this error message is concerning.
Any leads most helpful.
Newark IT Guy...
↧
How to export Member of list from Active directory group
How to export csv Member of list from Active directory group.
↧
↧
GC authentication for un
Hi folks,
I have question about GC. If there are AD accounts with the same sAMAccountName (for example johndoe" but in different child domains ( for example, the forest root is company.com and the 2 domains are hr.company.com and it.company.com), what will happen when johndoe is authenticated? Will GC only allow a unique sAMAccountName in forest or successfully find the user in proper domain?
Thanks in advance.
↧
Why is AD replicating user objetcs, but not some COMPUTER objetcs?
I´ts possible for AD, to replicate correctly "user" objetcts, but not "computer objects"?
A HelpDesk user told me thta he´s suspecting a problem at AD replication
So i tried to check using repadmin /showobjmeta to check the version of certain attributes for some users and everything was fine, severals users are replicating with no problem, it looked like a case closed
But i noticed that for COMPUTER objects, it seams to be a problem:
here, the details:
In a particular object, the changes has been made locally on that site, but the change has not been replicated
Object was changed today, on DC3, a simple "description" entry, but nothing it seams to be replicated to other DCs
The weird part, is that other computer objects and some users i checked, are not affected, replicating normally
repadmin /showobjmeta DC3
1765457 DC3\BRAMS-SRV0005 1765457 2020-06-08 12:24:50 1037 description
repadmin /showobjmeta DC1
7150700 DC3\BRAMS-SRV0005 1509159 2020-05-10 14:18:45 1007 description
repadmin /showobjmeta DC2
93243789 DC3\BRAMS-SRV0005 1509159 2020-05-10 14:18:45 1007 description
↧
Unable to Demote one of the Domain controller - FSMO roles are transferred getting the following error
Hi,
i am unable to demote the windows 2008 R2 server getting the below error after running the dcpromo.
Please help, any ideas what could be the issue.
Thanks
Pavan.
pavan ch
↧
AD FS ESL on update password page
Hello,
I trued to configure ADFS ESL
but I test it with password update page
I set logs only mode and there is no event like Id=1203,1210. Only this one
Windows 2016
Config:
And of course my test account locked only with AD but not with ESL. So intruder can lock any account in domain with brute force.
How can I protect AD account, with locking attempts before AD account will be locked?
Thank you!
↧
↧
How to cluster Web Application Proxy?
Hi,
I'm trying to figure out how to cluster WAP? Where to start? What would be the steps?How to make WAP highly available?
Thank you!
↧
ADCS Installing CA Certificate
Just created a new, off-line root CA, and signed the SubCA request generated. All are on the same WS2016 Datacenter
Now I attempt to install this certificate and I receive an error about Invalid Data. The error is instructing me to re-run the wizard which would require I uninstall the role and start over. Then perform another root key ceremony to sign the SubCA request. The error also indicates that there was a subsequent .req file created, when there wasn't.
What are is the real cause of this error? Is there debug logging I can enable to learn more? I really do not know if this is a problem accessing the private key or not.
↧
Capacity plan for Active directory 2019
Hi All,
please suggest me for a capacity plan for Active Directory 2019( (Virtual and Physical) for 500 Users
Which RAID is recommended?
What type of HDD is recommended(Thick or thin)
How much size is required?
How much VCPU IS REcommended?
please suggest me for a capacity plan for Active Directory 2019( (Virtual and Physical) for 500 Users
Which RAID is recommended?
What type of HDD is recommended(Thick or thin)
How much size is required?
How much VCPU IS REcommended?
↧
How to get my active directory users and computers to log in when they are connected at home using their personal Internet access. /
Hola. en tiempos de trabajo remoto... ideas para que los usuarios que están en trabajo remoto y utilizando la internet del hogar; inicien sesión y actualicen sus claves kerberos ???
↧
↧
DSQUERY.EXE and VPN users.
Hi everyone!
We are running W2K8 DCs and the following command...
%SystemRoot%\System32\dsquery.exe user "DC=mydomain,DC=local" -inactive 8 -s localhost -limit 1000
... but it seens DSQUERY.EXE counts users who connect to work using VPN too. It is a false positive. Is it the expect behavior? In other words, it only updates the last logon attribute if user connects interactively?
Doria
↧
large no of Events 5858 from WMI-Activity are appearing in the Microsoft-Windows-WMI-Activity/Operational log.
OS: Server 2012 R2 (Domain Controllers)
Same kind of events are appearing in all domain controllers
Servers are physical, Virtual and also in Azure
All domain controllers are replicating properly. No issue for updating group policies.
Simlar questions are asked here
https://community.spiceworks.com/topic/418993-wmi-activity-5858-errors-on-windows-2012-server
https://social.technet.microsoft.com/Forums/windowsserver/en-US/84d42b34-6941-4b60-9908-450ef8305813/event-5858-from-wmiactivity?forum=winserver8gen
https://social.technet.microsoft.com/Forums/en-US/f912470e-7f59-49f0-896d-e9833ba98b0b/domain-controllers-do-not-sync-policies?forum=winserverGP
Is this a bug?
Event 5858, WMI-Activity ()
Id = {7D2F77DC-AF83-4741-87D0-8E17D958E58D}; ClientMachine = Hostname; User = ; ClientProcessId = 1680; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{B087BE9D-ED37-454f-AF9C-04291E351182}";
ResultCode = 0x80041002; PossibleCause = Unknown
Process id 1680 is pointing to svchost.exe(netsvcs)
Regards
DoFast
↧
Try to promote a DC on win srv 2019 since win SRV 2012
Hi, i'm a debutant, (first time to try this)
I got 2 errors i think when try to promote the DC, the server reboot and now i think i'm in this state.
first 8524, since like the DNS i put on the network card was ( 127.0.0.1 second 192.168.1.11 and add on suffixe 192.168.1.10 (dns of win srv 2012). now i Got a bad DNS Serveur role.
second error on windows srv 2008, he tells " service DFS is stopped" i'm looking on the net and i found this i must to do this on 2 servers, i think " wmic.exe /namespace:\\root\microsoftdfs path DfsrMachineConfig set MaxOfflineTimeInDays=120 "
please help
↧
Event Log 4738 Missing From Event Viewer
Hey,
I am trying to monitor user account changes using event log 4738.
I am seeing changes to some user account attributes, but not all of them.
In windows own docs it is mentioned that not all changes invoke an event log, which I assume is the reason why the logs are missing.
Is there a way to enable log creation for all user account attributes?
Thanks!
(Relevant Doc - https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4738
"Some changes do not invoke a 4738 event.")
I am trying to monitor user account changes using event log 4738.
I am seeing changes to some user account attributes, but not all of them.
In windows own docs it is mentioned that not all changes invoke an event log, which I assume is the reason why the logs are missing.
Is there a way to enable log creation for all user account attributes?
Thanks!
(Relevant Doc - https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4738
"Some changes do not invoke a 4738 event.")
↧
↧
Schema datatypes.
Hi everyone!
May someone help me to find more information about those schema datatypes?
Doria
↧
Some users have a value for "LastLogonTimeStamp" even though they have never logged on
Hi All,
I am trying to track down some weirdness with some test accounts in our domain.
These accounts were created years ago and have never logged on, yet they have a date in the replicated "Lastlogontimestamp" attribute. This date seems to change regularly and is always showing as being within the last week.
In order to determine the last time an account has logged on, I have a script which checks every Domain Controller on our domain for the "lastlogon" attribute, compares the values from each Domain Controller, and then takes the most recent value as the true last logon time. When I run this script against these test accounts, they show as never having logged in which is what I expect.
However when I issue "get-aduser <user> -Properties LastLogonDate" (Which queries the "lastlogontimestamp" attribute), I get a date within the last week. Even thought these accounts have no value for "lastlogon" on any of our domain controllers, and have a cumulative "logoncount" of zero, they do for some reason have a value in the "lastlogontimestamp" attribute.
This does not make any sense to me and I was wondering if there is something I am not getting about this attribute.
Any insights to this behavior would be appreciated.
Thank you,
John.
↧
How to Track User Logon and Logoff reports in Active Directory (Server 2016)
Hi Team,
I want to track users logon and logoff report in Active Directory (Server 2016), please share the documents url, if possible take process and CSV file.
Regards
Parvez
↧