Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Adding Active directory 2012 domain controller

May 13, 2013, 2:45 am
$
0
0

Hi

I am having one physical server 2008 DC, one virtual DC, one 2012 Virtual DC. All FSMO roles resides in 2012 virtual domain controller.  Planning to Decommission AD and format physical server 2008 DC with same hostname and ip address. After that installing 2012 AD in that physical server. Finally I will move all fsmo roles to that physical server.

It will save my time, there is no need to change hostname or ip address in other servers or any applications. CA server also running on that physical server, if I keep the same hostname there is no configuration required on CA.

I want to know whether I will face any problem in this planning or anything I need to verify before doing this...

Suggestions please.......

Search

Forest Trust cant grant permission to remote users

May 20, 2013, 2:33 pm
$
0
0

Hi all,

I have two forests f1 and f2. f1 has 5 subdomains.

I created a transitive two way forest trust I check on domains and trusts console on both forests: trust is successfully created.

Now I want to test my trust relationship.

I made a shared folder on f1 and I want to share it with some f2 users. on permission window I selected the traget forest and then typed the user name but the lookup fail.

I tried the other side. same issue!

any suggestion?

Inplace Domain controller upgrade from windows 2003 EE + SP1 to windows 2008 Entp

May 21, 2013, 6:25 am
$
0
0

hi,

need your inputs on domain controller upgrade pre and post tasks

my set-up has PDC and has windows 2003 EE with SP1 installed and ADC with windows 2008 Entp.
Exchange server 2003 with SP2.

so can you please give me standard guide lines or checklist so everything should happen smoothly.


Some questions about AD sites/subnets.

May 21, 2013, 12:52 pm
$
0
0

Hi,

I have two questions about ad sites:

What happen when a workstation tries to authenticate but its IP adress not listed in subnet definition in AD Sites?

What happen when a DC is put in an AD Site but his ip correspond to another Site(subnet definition)?

Thanks!

AD Replication issues - KCC errors - 1865, 1311, 1566

October 29, 2010, 6:24 am
$
0
0

We have a Single Forest, with a Domain as the Forest Root and a number of other Domains which are created as New Domain Tree’s (not Child Domains)

 

Each Domain has a DC which is a GC with the Domain FSMO roles

OS is Server 2003 SP2

 

Each DC has its own DNS Zone and using a Forwarder to the Forest root for any DNS queries outside of its zone

 

I have got quite a few issues with AD replication:

 

Errors in the EVENT logs are 1865, 1311, 1566 – these are relating to KCC unable to form spanning tree of network and insufficient site connectivity

I have two copies of this infrastrucuture – both in a Physical and Virtual environment. In both cases they are currently in the same room and so therefore there are no Physical connectivity problems

The Virtual environment has been converted using VMWare converter and brought into ESX

 

I can Ping the GUID from each Domain Controller successfully

There are times when Replication becomes “explicilty disabled” – an event shown in DCDIAG – I re-enable via:

REPADMIN  /OPTIONS <SERVERNAME> -DISABLE_OUTBOUND_REPL (and INBOUND)

This will then disable itself again sometimes – also the NTELOGON Service seems to pause

 

In Sites and Services I have let KCC work out the topology but I get some errors about security when doing a “check replication topology”

 

I cant post the DCDIAG so I will try to sumerise:

LDAP Bind erros 8341

KCC detected problems with the following directory partition: Directory Partition

Failed Test: KCCEVENT

Skipping Tests because the server *** is not responding to directory service requests

Checking for Down Bridgeheads: Warning remote bridgeheads *** is not elidgable as a bridgehead due to too many failures

The current ISTG is down in site ***

 

Has any body seen this before or got any ideas what is causing this?

Thanks

ldp.exe traffic: interpreting protocols with wireshark

May 21, 2013, 1:46 pm
$
0
0

I have a stand alone version of AD LDS and I am running wireshark.  On another server I run ldp.exe and do a connect to the LDS server and a simple bind to a user which is successful.

I am surprised that all of my traffic is interpreted by wireshark as TCP packets.  I was expecting traffic more like that in http://technet.microsoft.com/en-us/magazine/2008.12.proxy.aspx?pr=blog which is LDAP.

Can someone please explain?

Thanks.

leo

DNS servers configuration after AD/DC replication.

May 20, 2013, 2:51 pm
$
0
0

Good day all.

I understand that this issue might have been repeated several times in the previous posts/questions but nevertheless I feel the need to explain the situation I have thoroughly in order to have the right answer.

In our company, we have a W2k3 DC that has a DNS server installed with it. All clients (who happen to have a static IP, subnet, gateway and DNS) use this DC for internal DNS resolution. The hardware on this DC is getting old and we are planning to use it to run an application that acts as a middleware between the machines that we have and our information system.

In order to achieve this goal, I suggested that we buy new hardware and perform replication of AD. According to my understanding of such a procedure, I know that we have to "upgrade" the forest that the w2k3 holds to be compatible with w2k8 and after that we can perform DCPROMO, etc.

My question is: What happens to the DNS server on the old DC after I successfully perform the replication of AD on the new hardware and demote the old DC? It seems to me that I should keep the DNS server there running in order to prevent the action of manually changing the IP settings for all clients in the network.

My other questions is: Should I create a replica for the DNS server as well ?

I appreciate the efforts made on TechNet and thank you for your time.

Nadim.

Verizon

May 21, 2013, 4:00 pm
$
0
0
I am having trouble with verizon call assistant with windows 8 on my lap top. Cannot get voice mail, and widget will not work
Search

[GC] How can I specific global catalog in a client

May 22, 2013, 7:26 am
$
0
0

Hello,

Can I specific global catalog on a client?

when environment has more than one GC.


thank you, 

From Technet

noob question about DC and DHCP/DNS

May 22, 2013, 6:41 am
$
0
0

*I'm new to domains*

On all of the tutorials online, DHCP and DNS are installed at the same time a server is promoted to DC.  

Here's my question: if the server is giving out IP addresses and also doing DNS (instead of my router), then how do the clients reach the internet?  Do I have to make sure the IP address range is the same as the router's?

Also, I'm going to promote a 2nd server to DC.  Should that DC also have DHCP and DNS roles as a failsafe?

Login to AD from outside

May 22, 2013, 1:41 am
$
0
0

Hello everybody,

I have a little problem with my AD server, I want to connect my laptop, which is already part of my domain, from the outside but still I can not. it is really possible to connect from the outside?I found asolutionthat says Ineed to configurea VPN, but I do notknow how to do. Is there any configuration to be done on the server and/or on the router ? Do I have to buy a domain name and a public IP address? Please help me I really need your ideas as soon as possible.

Thank you in advance (^_^)

 Best regards.

Ayoub

Domain controller

May 22, 2013, 9:26 am
$
0
0

i have a primary DC and additional one in uae & i need to install additional one here in egypt there is vpn connection between both sites what method should i use 

create a new child domain in an existing domain tree

create a new domain tree in an existing forest

install an additional domain controller in an existing domain

Several accounts are constantly lockout event id 644

May 16, 2013, 1:31 pm
$
0
0

Hello,

We are seeing a set of users getting locked out continuously.  They are always the same accounts.  We are on server 2003 and client machine is windows 2007.  I ran the lock out tools but can't seem to find the cause.  There is no mapped drives, no saved credentials, smartphones with AD credentials , nor exchange.  I ran scans for the conflicker and other virus as well.  Recreating the AD account doesn't solve this issue either.  

I already tried the troubleshooting steps mentioned here:


 1. Click Start, click Run, type "control userpasswords2" (without the quotation marks), and then click OK.
2. Click the Advanced tab.
3. Click the "Manage Password" button.
4. Check to see if these domain account's passwords are cached. If so, remove them.


Event ID on the server is:


User Account Locked Out:
Target Account Name:username
Target Account ID: domain\username
Caller Machine Name:computername
Caller User Name:dc servername
Caller Domain:domain
Caller Logon ID:(0x0,0x3E7)

Please help!!

Thanks,

Eric




CSVDE export not as expected - some fields missing

May 22, 2013, 5:20 am
$
0
0
Hi, i am trying to export some user data from ad using this command -

csvde -f test.csv -r objectClass=user -l " givenName, sn, displayName, description, physicalDeliveryOfficeName, telephoneNumber, mail, userPrincipalName, sAMAccountName, streetAddress, l, st, postalCode, Country, homePhone, mobile, facsimileTelephoneNumber, ipPhone, title, department, company, manager, employeeID"

When i open the file in Excel I find that some of the fields/columns are missing - streetAddress, l, st, postalCode, Country, homePhone, facsimileTelephoneNumber, ipPhone, employeeID

The attribute names match so i'm not sure why the info is not exported.  Can anyone help me?, thanks

I am using Windows 2008r2 Datacentre

no ethernet connection after promoting DC

May 22, 2013, 9:40 am
$
0
0

I just promoted a server 2012 box to DC.  I had a static UP assigned using these:

192.168.1.29
255.255.255.0
192.168.1.1

DNS after promotion:

127.0.0.1

After I rebooted though there is no ethernet connection.  However, I can go to Google or Hotmail.  Actually, after going to those places on the net, the yellow ! on the ethernet icon disappears.

Something to worry about?

Search

Domain & Enterprise Admins are a member of Built-in Administrators group?

May 22, 2013, 8:32 am
$
0
0

Hi,

I just found that Built-in\Administrators is having Domain Admins and Enterprise Admins as a member of it.

Could anyone of you suggest what is the significance of doing so? Should they really be member of that group Built-in\Administrators?

If yes, why? If No, Why? Please explain all options.

Kindly reply

Thanks,

Noufal

Site link topology question

May 15, 2013, 9:37 am
$
0
0
I’m trying to decide on the best configuration of our AD site topology after some changes to our physical network.  Some of the posts on here have been very helpful but I still need some clarification on the best way to do this in our scenario.  

We have 10 sites A-J, all part of one domain.  Each site has one domain controller, nine running Server 2003 and one running 2008.  Three of them are global catalogs.  Before the change to our network, all of the sites were physically connected with each other.  There was one default site link that had all of the sites in it.

Now only three sites have physical connectivity to all of the other sites, the remaining sites cannot talk to each other:
Site A, B and C can all communicate directly with all ten sites (A-J).
Sites D-J can only communicate directly with sites A, B and C.

Of course now some of the DC’s are throwing 1311 and 1722 errors because they are not able to directly talk with all of the other sites.  We want to clean this up.

What is the best way to implement site links in this scenario?  I know we have to turn off Bridge all site links because they do not all have connectivity with each other.  We have considered the following scenarios but don’t know which one is best:

1.)Create a site link from each site to site A (hub), then create a second site link from each site to site B or C with a higher cost (in case site A goes down).
2.)Create a site link from each site to site A (hub), then create a site link bridge from each site to site B or C with a higher cost in case (in case site A goes down).  
3.)Use two hubs, site A and B, with ½ of the sites each linked to one hub and the remaining sites each linked to the other hub, with a separate site link connecting the two hubs together.

What is the best way to do this?
Any help is appreciated, we are a small rural library and a support call to MS is a luxury we can’t afford at the moment.
Thanks!

best practice for adding users to office domain

May 22, 2013, 1:45 pm
$
0
0

I have a small business where we turn on our computers in the morning and run them all day.  Several different technicians or doctors may use that computer during the day, but we never log in and out each time.

Is it ok to create a "User" for each computer on the domain instead of a real 'user'?  in other words, if my exam room 1 has a name of "exam1" and I create a user named "exam1" is that ok?  We would logi under the user "exam1" or "exam2" instead of a real user - it's more specific to each computer.

Anything wrong with that?

Query in AD the Managed by User of a Group

May 22, 2013, 10:25 am
$
0
0
Is there a way to query or get a single group's 'managed by' user in AD from cmd or powershell?

password to expire after a day

May 22, 2013, 2:12 am
$
0
0

good day

I have an account  that i would like to user for the training purposes and would like to set it to expire every day. how can i set it to expire after one day. my minimum password age policy is 1 day and is applied at domain level.

please help

Thank you

Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>