Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Active directory user policy

July 10, 2013, 3:32 am
$
0
0

Hello there,

once we create new user, its getting automatically own network share. This is to give them backuped space on a networ to save their work etc... The problem is, that once the user leaves (account us removed), the network share remains. There is no automated process to remove the share after the acount in AD is deleted. How can i design this process? I though about a scheduled script, which would compare the users names in AD against the users names on a disk, but im not sure if this would be the best way.. Can you please let me know how to deal with this..?

Thank you.

Search

No SYSVOL_DFSR on newly added Domain Controller

January 4, 2013, 2:26 am
$
0
0

Hi,

Have a W2012 Domain in which sysvol replication has been migrated to SYSVOL DFSR replication a long time ago (in W2008-R2) and worked well.

I now added a new domain controller (W2012) and there is no SYSVOL_DFSR folder but a SYSVOL folder on this new DC. The new DC tries to replicate using NTFRS and tried to access the SYSVOL folder on other DC's (which do not exist). DFSRMIG.exe reports correctly being in "eliminated (3)" state.

Every other AD partition replicate fine (AFAIK).

Is there something to do about this? Is this normal behavior?

Thanks.

Thomas.

Getting Error code 31 when trying to restore Users from the Deleted Objects Container in Active Directory. (Server 2008 R2)

July 10, 2013, 3:02 am
$
0
0

Getting Error code 31 when trying to restore Users from the Deleted Objects Container in Active Directory. (Server 2008 R2)

Where can i find the Reason for this error code



DCpromo win server 2008 r2 64

July 10, 2013, 5:30 am
$
0
0

Hi Anyone

I installed my domain services and registered my domain name with dcpromo, after the restart i have to logon with my admin account, and i forgot my password to my admin account, after doing dcpromo it deletes the other users on the server that was created, now i cant log in, any suggestions to sort out this litttle problem?

i tried safe mode, still need the admin password and same goes to repairing the computer, cant even log onto safe mode with command prompt as it keeps on asking me for the admin password.

please help as this is very urgent 

pwdLastSet timestamp changing with every "net user /domain" command.

June 14, 2013, 1:00 am
$
0
0
For an account in active directory every time i run Net User command, it shows current date and time of my system although password was changed long ago. what is wrong with the account..?

Netlog Error 5774 - no DNS server information actually listed.

July 9, 2013, 2:02 pm
$
0
0

I am receiving the typical Event 5774, however the part where the DNS server with the problem is supposed to be listed I have nothing:

The dynamic registration of the DNS record '_kpasswd._udp.mydomain.com. 600 IN SRV 0 100 464 SLS-2K8DC1.mydomain.com.' failed on the following DNS server:  

DNS server IP address: :: <--????????? What server?
Returned Response Code (RCODE): 0 
Returned Status Code: 0  

For computers and users to locate this domain controller, this record must be registered in DNS.  

USER ACTION  
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. 
  Or, you can manually add this record to DNS, but it is not recommended.  

ADDITIONAL DATA 
Error Value: Bad DNS packet.

Not even sure how to start on this one.

The box indicating that this domain controller is the last controller for the domain is unchecked. However, no other Active Directory domain controllers for that domain can be contacted

July 9, 2013, 1:41 pm
$
0
0

I have 2 domain controllers running 2003 server, server1 and server2. I ran dcpromo on server1 and removed AD and removed him from the domain and disconnected from network. I then added a 2012 server with the same name and IP address server1 with no problem. Replication from sites and services work fine on both controllers.
The new 2012 server1 is GC. I transferred all FSMO roles to server1. Again no problem and replicating using sites and services. AD on server1 is populated correctly.

Now what I had intended on doing was a dcpromo to remove server2 from the domain so I can then add another 2012 server. That is when I get the: "The box indicating that this domain controller is the last controller for the domain is unchecked. However, no other Active Directory domain controllers for that domain can be contacted.

I have DNS installed on both servers and both look good with replicating there. Strange thing is when on the 2012 server within DNS if I right click and connect to another DNS server I can add server2 just fine but from server2 adding server1 it tells me it is not available.

Help please!

how can i get list of workstations from last 2 weeks in ad

July 10, 2013, 5:57 am
$
0
0
how can i get list of workstations from last 2 weeks in ad
Search

DFS site shows unknown

September 23, 2012, 10:50 am
$
0
0

Hi

In DFS site shows unknown why it shows unknown  the same is happening in  sending and receiving site.

Possible error with Active directory with BIND DNS

July 10, 2013, 7:44 am
$
0
0

We recently in the process of upgrading our Domain Controllers from 2008 to 2008r2. I haven't had any errors in event view but in "Best Practices Analyzer" I receive the error:

"Issue:

The Domain Name System (DNS) host resource records for this domain controller's fully qualified domain name currently map to the IP addresses that do not belong to this domain controller. The invalid IP addresses (IP address of DNS server).

Impact:
Other member computers and domain controllers in the domain or forest might not be able to locate this domain controller. This domain controller will not be able to provide a full suite of services.

Resolution:
Ensure that the DNS Client service on this domain controller is configured and able to register valid host resource records with an authoritative DNS server for the domain."

I am aware there are problems with 2008r2 working with older versions of Bind 9.2.2 (we are running bind-9.5.0-26.b3). Everything seems to be working on the dns side. 

With no specific event error in event viewer, I'm not sure the of the next step.

Any ideas?

Performance Monitor's Active Directory Data Collector Set Not running on WIndows 2008 R2 Server Std SP1 - LSASS.exe Max CPU

July 10, 2013, 4:53 am
$
0
0

Hi Folks,

I currently have two Domain Controllers maxing the CPU out with the LSASS.exe and system process.

Trying to run Performance Monitor's Active Directory Data Collector Set..I click on start and nothing happens..Both start\stop go greyed out and no report starts! :-(

If i try run from the cmd line I get

C:\>logman start "system\Active Directory Diagnostics" -ets
Argument 'Directory' is unknown.
Argument 'Diagnostics"' is unknown.

Error:
The parameter is incorrect.

Any ideas why it will not run? :-)

Thanks All

Ryan

Managed Service Account Error 1297

July 9, 2013, 1:09 pm
$
0
0

I am testing Managed Service Accounts in Server 2008 R2.  I followed the TechNet step-by-step article to created the account, assign it to a computer, and installed it on the local server. I verified it is created in AD.

The MSA was automatically granted the log on as a service right. When I try to start a service, like Disk Defragmenter or any other I get this error:

Error 1297:  A privilege that the service requires to function properly does not exist in the service account configuration.

The only link I can find is this:

http://social.technet.microsoft.com/Forums/en-US/419ba006-4413-4036-8c49-252b08593131/service-fails-to-start-error-1297-and-7000

What am I missing?

AD LDS Setup and Sync

July 10, 2013, 1:43 am
$
0
0

We are trying to create a standalone instance of AD LDS on a member server, and any help/advice you could give us would be appreciated.

I have followed the instructions as per the Microsoft Technet site and everything seems to work correctly up to the point of running the following command:-

Ldifde –I –f solutions4it.ldf –c –DC=X DC=******,DC=****,DC=****,DC=***,DC=uk –j c:\windows\adam

This returns the following error log file:-

Connecting to "****-***.****.****.****.uk"

Logging in as current user using SSPI

Importing directory from file "solutions4it.ldf"

Loading entries

1: cn=Account-Name-History,cn=Schema,cn=Configuration,DC=******,DC=****,DC=****,DC=***,DC=**

Entry DN: cn=Account-Name-History,cn=Schema,cn=Configuration,DC=******,DC=****,DC=****,DC=***,DC=**

changetype: add

Attribute 0) objectClass:attributeSchema

Attribute 1) attributeId:1.2.840.113556.1.4.1307

Attribute 2) ldapDisplayName:accountNameHistory

Attribute 3) attributeSyntax:2.5.5.12

Attribute 4) adminDescription:Account-Name-History

Attribute 5) adminDisplayName:Account-Name-History

Attribute 6) schemaIDGUID: UNPRINTABLE BINARY(16)

Attribute 7) oMSyntax:64

Attribute 8) systemFlags:16

Attribute 9) systemOnly:FALSE

Add error on entry starting on line 15: No Such Object

The server side error is: 0x208d Directory object not found.

The extended server error is:

0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:

               'DC=****,DC=****,DC=***,DC=**'

0 entries modified successfully.

An error has occurred in the program

Thanks

Best AD 2008 R2 disaster and recovery procedures

July 10, 2013, 8:42 am
$
0
0

Hi Everyone

We are planning the installation of AD 2008 r2 and I would to get some information on backing up and restoring AD in case there is a fire or something.

Is Microsoft built-in back up tool enough? Is there anything else I should be concerned of?

Many thanks

Event 1908 Could not find the domain controller for this domain

November 5, 2012, 12:15 pm
$
0
0
Hi,

I'm trying to add new 2012 domain controller to existing Windows Server 2003 domain. 

I'm getting following error in eventlog on my 2012 server:

The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.

Domain Controller:

servername.domain.local

Additional data:

Error value:

1908 Could not find the domain controller for this domain.

I have also run dcdiag on 2003 server and it shows no errors. It's not a DNS issue either. Server 2012 can ping the domain.local and 2003 DC without any issues.

Search

Problems creating a child domain - Verification of outbound replication failed

July 11, 2013, 6:44 am
$
0
0

Hello,

I have seen other threads relating to this issue, but nothing has yet solved my problem.

All my servers are Windows Server 2012

So far, I have a DC for Domain.co.uk

I am trying to create the child domain int.Domain.co.uk

The main error that I receive when using ADDS config wizard, is:

Verification of outbound replication failed. Error reading the options property of the NTDS settings. Unknown error (0x8000500c)

Also, when on the 'Deployment Configuration' page of the wizard, when I click the Parent Domain Name 'Select...' button, and it prompts me to select a domain in the forest, the only thing that is available to select is a long string of numbers. Example - '01 363 747 838 292 28 298 363 363 767 35 536 367 67 678 687'.

So far I have attempted to turn off the firewall, have the child DC joined onto the domain, re-enabled recursion on the parent DC ...

Any help appreciated :D

Thanks

Active Directory NETBIOS name

July 11, 2013, 12:20 pm
$
0
0

Hello.

I think I should be able to ping NETBIOS name of the AD.  Should I? It does not work.

For example, full domain name is fulldomain.local.  NETBIOS name is ourdomain.

I can ping fulldomain.local, but I cannot ping ourdomain.

Can someone help?

Thank you.

Thank you. Eric.

Adding Domain Controller fails with error "ADprep execution failed --> system.componetModel.Win32Exception (0x80004005):

July 8, 2013, 12:03 am
$
0
0
i'm at a loss for this one. I just added a Server 2012 box to a network. The current environment is SBS 2003 and i'm looking to migrate away. However I have tried to raise the 2K12 box to a domain controller I am hit with this error: 

Adding Domain Controller fails with error "ADprep execution failed --> system.componetModel.Win32Exception (0x80004005): A device attached to the system is not functioning


I have tried running adprep manually in the CLI and when I do I get this error:  

Adprep encounted a win32 error. error code:0x5 error message: access is denied.


I am logged in as a user who is a enterprise admin and Schema Admin.The domain and forest functional levels are at windows 2003. DNS looks good. DCdiaq run on the server 2003 box reports no issues. A/V disabled on 2003 box. any thoughts ??

DFS - Unnable to delete "read-only" folder

July 11, 2013, 12:30 pm
$
0
0

Hi.

I had DFS configured in two servers.

Accidently, I deleted a member server (read-only) of the replicatio group.
Now I'm unnable to delete the folder of this read-only server was deleted from replication group.

I have full access oh both servers.

Any help is welcome!

Thanks!

Fernando c. Frontarolli MCP - MCTS - MCITP.SA "Temer a DEUS é o pincípio de toda sabedoria"

Mac 10.8 keeps on asking credentials when accessing a DFS Namespace

July 11, 2013, 11:25 am
$
0
0

When the Mac tries to access the share it keeps on askign it for credentials.

\\domain\Namespace\testdfs\test_dpt\users\username

So the folders have the following permissions

Namespace - Everyone read

Testdfs - User group read

test_dpt- User group read

users - user group read

username - user ID modified.

What can I be missing for the Mac to access this share?

Thanks

Judy

Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>