Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

How to delete a died server 2003 R2 Domain Controler?

July 8, 2013, 1:30 am
$
0
0

Hi all,

Today is a bad Monday for me.

I have three HP Server, they all install AD integration with DNS, and DFSN + DFSR.

They named this

fs01 (Win2K3 R2 Good, FSMO, AD integration DNS, DFSN, DFSR)
fs02 (Win2K3 R2 Server Hardware Died, AD integration DNS, DFSN, DFSR)
fs03 (Win2K8 R2 Good, AD integration DNS, DFSN, DFSR)

now the fs02 is hardware died, I can't boot to it anymore.

So, on the DFSN and DFSR side, how do I safe delete this fs02 server? And what is it step on this case (since it will can't access anymore)

On AD Integration DNS side, how do I safe delete this DC on the AD record and DNS?

On my case, delelete the died fs02 DC first or del the DFSN+DFSR service first on step?

Any experience user with detail KB or suggestion as welcome.

Search

AD upgrade in-place 2008 R2 ( domain function level 2003 )

July 11, 2013, 8:18 am
$
0
0

Hi all,

We have 3 DC's, all in 2003 domain function level. Two are 2008 R2 servers, one is a 2003 server. One of the 2008 R2 servers is master (FSMO). Is it possible/safe to upgrade the 2 2008 R2 systems to AD 2008 R2 and then upgrade the 2003 server to 2008 R2 and make it a DC to join the other two?

Is it as simple as adprep ( forestprep, etc ) and then dcpromo? Am I missing something obvious?

Thanks in advance.

bdemon16

Two Domain Controllers, different sites (VPN), lose both when one fails.

July 11, 2013, 1:23 pm
$
0
0

Hi,

I have a DC at site A and a DC at site B. Both are Global Catalogues. A is Server 2008 R2 and B is Server 2003 R2. When site B went down today, site B wouldn't load Active Directory Users and Computers and no one could login. It was complaining that no DNS servers could be found. They both have themselves at Primary DNS and each other and Secondary. Why did my second DC fail when I needed it? The VPN was up through out, site B failed to lack of disk space (long storey!).

Once site B was functioning again, site A was fine. Any suggestions?

Kind regards,

create a shadow group to support fine-grained password and lockout policies

July 12, 2013, 9:45 am
$
0
0
Hi,

To apply the feature Fine-Grained password and account lockout policies there must be a shadow copy of the membership of the OU, because you can not apply the Fine-Grained policy directly to a OU.

I have read that there is no tool or even a command line to create and maintain the membership of the shadow group update.

The solution might be create a VBScript or some script. How about PowerShell script? Someone who has already done?



Thanks in advance

Netlogon and sysvol folder share error

July 12, 2013, 2:38 am
$
0
0

Hi,

We have a domain, and 3 domain controllers. and all DCs are Windows Server 2012 OS.

DC01 and DC02 are in one site and DC03 is in another site.
DC02 is a role box
on DC03 we are getting below error message while running dcdiag command


Starting test: NetLogons        
 Unable to connect to the NETLOGON share! (\\DC03\netlogon)  
 [DC03] An net use or LsaPolicy operation failed with error
 67, The network name cannot be found..  
 ......................... DC03 failed test NetLogons     

and net share result:-

Share name   Resource                        Remark

-------------------------------------------------------------------------
C$           C:\                             Default share
D$           D:\                             Default share
E$           E:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\Windows                      Remote Admin
The command completed successfully.

Please suggest..

Thanks in Advance

Abhishek

Connect windows 8 pc to a domain in W2000 server

July 8, 2013, 8:23 am
$
0
0
I want to connect my windows 8 installed pc to a windows 2000 server domain, but when I typed password & username of domain it says that I need a authorized account, my account is a admin account and win8 user name and password or server username password both are not working 

Domain admin password expiry causing repadmin and dcdiag errors?

July 9, 2013, 1:24 pm
$
0
0

Hi,

I recently had a domain admin account password expiry. However, when I looked at the two servers, I would get dcdiag and repadmin errors.

Surely a domain admin password expiry can't/shouldn't cause this issue?

Thanks

Help with EventID 2023 Error value: 1722 The RPC Server is Unavailable during DCPromo to remove Domain Controllers from Domain

July 13, 2013, 1:09 pm
$
0
0

Hello,

In a 2008 R2 Forest/Domain, I've tried with a few different Domain Controllers to perform a DCPromo to remove them from the Domain.  The operation fails very early while trying to transfer remaining updates from the Schema partition to another Domain Controller with a RPC Server not available error.  EventID 2023 is generated with Error value 1722.  Below is the text of the error from the DCPromo.

I've tried about 5 times each with 2 different Domain Controllers in different sites and they each contact a different Domain Controller each time I tried and the results are the same in that it fails.

Everything I read points to a replication issue.  With Domain Controllers this operation used to perform the replication, I've performed a manual replication to it successfully.  I dont see any other EventID's errors for this problem as well.

Can anyone plz point me in the right direction to get this resolved?

The operation failed because:
Active Directory Domain Services could not transfer the remaining data in directory partition CN=Schema,CN=Configuration,DC=Fly,DC=By,DC=Nite to
Active Directory Domain Controller BigMamma.Fly.By.Nite."The RPC server is unavailable."

Thanks for your help! SdeDot

Search

Apply GPO to the entire forest

July 13, 2013, 2:23 am
$
0
0

Hi,

there is any option to apply a GPO to the entire forest?

I mean to all domains in the forest.

Thanks in advance

Active Directory Maintenance tool/technique

July 13, 2013, 8:36 am
$
0
0

Hello Experts,

I'm trying to identify if there is a tool, which help to maintain particular attributes within Active Directory.

We have active directory, which is maintained by IT team. We use AD for authentication and we also created some attributed for user, which are used by our application. Every time we add a user or need to modify the values we had to ask IT to do this. Is there a tool, where IT can define for application X these are administrators, which could maintain those attributes not affecting the main structure or structure of other applications. 

Thanks in advance,

Oleg

How can I resolve DNS Event ID: 4000 and 4007 in AD 2008 R2

July 11, 2013, 8:12 pm
$
0
0

Hi there,<o:p></o:p>

I am glade to post my first topic here. I faced to a very deep and serious problem All day. Actually My DNS integrated DC server is down with event ID: 4000 & 4007. For your information My DC was the only server in our site and as the connection of our sites to the other sites and DCs has been disconnected because of VPN matters, our server didn't has any replication with the rest of DCs; In addition we have done lots of changes in our OU.<o:p></o:p>

I suppose this problem has occurred when our VPN tunnel linked up with packet loss this morning. All in all what if I go through new dc installation, I'll lose all my changes during the disconnection.    <o:p></o:p>

In this case I followed many solutions but it does not work. the problem is my DNS server is down and as I didn't have any backup so my network is complete mess. <o:p></o:p>

Any help would be appreciated.

Best Regards,

Pooyan

Finding Duplicate computer objects in Active Directory

June 8, 2011, 1:22 am
$
0
0

Hi

is their any query to find

Duplicate computer objects in Active Directory ?

Santosh Dharamsale

SID Migration issue

July 8, 2013, 11:31 am
$
0
0
I am not able to migrate the SID to the target domain using ADMT, but the user accounts get successfully migrated. In the target domain the migrated user's SID is different compared to the user's SID into the source domain.

Source Domain : test.com
Target Domain : abc.com

Source Domain and Target Domain running Windows 2008 R2
Partner

How can i understand that i upgrade domain controller correctly ?

July 14, 2013, 5:37 am
$
0
0

Hi

I upgrade domain controller 2008r2 to 2012 , and i think it is OK . 

but how can i sure my upgrade is correct ?!

i use in-place upgrade .


Recommendations for Home Folder Management

July 9, 2013, 5:19 pm
$
0
0

Hello all and thanks for your time and expertise.

I work in a school system with approximately 10000 students.  Starting with the intermediate students through seniors - I'm in really bad need of an efficient process to manage student home folders.  Please give me your best practices or tools for creating, and them upon graduation - deleting student home folders.

Here's a plan someone brought up.  Please let me know what you think and if there's a better way - Please share.  Thanks.

I work in a school system with at least 20 buildings in a metropolitan network.  We've recently upgraded the links between our buildings to a GB.   We were looking for a way to simplify management of the student home folders.  Here's a plan I've been thinking about and I would appreciate your input/recommendations:

1 - Centralize home folders for intermediate students through high school in the following format: \\server\home$\students\%username% - All of these students' home folders would be stored on our NAS server utilizing a DFS Namespace.  This way if we needed more space we could add another server to the namespace and just replicate.  Students would all be in one STUDENT home folder.

2 -   Add graduation year to the description property for their user accounts from the general tab so they can be filtered in this manner.  And you can do this by highlighting all the accounts and adding this property because the kids are currently in OUs designating their graduation year. 

3 - Create a Graduated OU.  When the current cycle ends, for example 2013 - you do a filtered search for 2013 students and move them to the Graduated OU.  Then you can delete their accounts from AD.  My issue as I type this is how do I know which folders to delete from the STUDENT folder.

Search

Resource-based constrained delegation requirements

October 8, 2012, 2:45 am
$
0
0

I need to enable kerberos constrained delegation for a front-end computer in domain A to a back-end computer in domain B, different forests.
Client accounts are also in domain B.
Domain controllers in both domains are WS 2008 R2.

According to requirements here:

http://technet.microsoft.com/en-us/library/hh831477.aspx#BKMK_kerb_const_del_domains

- is it enough to just have one additional domain controller running WS 2012 in each domain ?
- do remaining WS 2008 R2 domain controllers need this hotfix http://support.microsoft.com/kb/2665790 ?

Thanks.



Risks of installint windows 2012 domain controller, Active Directory

July 14, 2013, 7:14 pm
$
0
0

Hi Guys,

Well I have two Virtual W2K8 domain controllers and I want to upgrade to two new W2K12 AD domain controllers.  

As far as I can see there is virtual no risk to services with this upgrade. Yet I just wanted to see if anyone has knows or has reported any problems.

There are still a number of windows XP Desktop and a few Windows 2003 servers. There are communication 2005, Biz talk server or the like or SharePoint servers and we are running Exchange 2010.

So has anyone had any problem with this upgrade or point to any areas that I should check before the upgrade.

Craig

Craig

Can't unjoin workstation from domain

July 14, 2013, 6:08 pm
$
0
0

I have a Windows 7 workstation that can no longer login to the domain.  They receive the following error:

"The trust relationship between this workstation and the primary domain failed"

I logged in to the workstation as the local Administrator and tried to remove the workstation from the domain.  This produced the error:

I have tried removing the computer from Active Directory Users and Computers on the Server 2008 R2 domain controller.

Can someone please help?

Openldap meta instance search microsoft AD issue

July 15, 2013, 12:06 am
$
0
0
Hi

My issue is 

I use ldap meta to connect to multi AD.

The user acount in AD is 
e.g.  CN=Jeffrey Lee,OU=Technology,OU=LonUsers,DC=63stmarys,DC=uk,DC=westpac,DC=com,DC=au


 it works OK if in slapd.conf
rwm-suffixmassage   "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au" "OU=LonUsers,dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au"

But NOT work 
rwm-suffixmassage   "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au" "dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au"

Looks like meta ldap cannot search from root of AD?   when I set search base dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au it failed  but it start to work  when I configure one level down like
OU=LonUsers,DC=63stmarys,DC=uk,DC=westpac,DC=com,DC=au

Any comments? or please let me know what is the best place to look for the answer.


Below is my slapd.conf
database        ldap
suffix          "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au"
uri             ldaps://xxxxxxxx

idassert-bind   bindmethod=simple
                binddn="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
                credentials="xxxxxxxxxxxxxxxxx"
                mode=none
                flags=non-prescriptive
idassert-authzFrom      "dn.exact:cn=Manager,dc=wib,dc=westpac,dc=com,dc=au"

overlay rwm
rwm-suffixmassage   "ou=63stmarys.uk.westpac.com.au,dc=wib,dc=westpac,dc=com,dc=au" "OU=LonUsers,dc=63stmarys,dc=uk,dc=westpac,dc=com,dc=au"
rwm-map attribute uid userPrincipalName
rwm-map attribute * *

Regards

Jeffrey Lee

Active directory , shared folder, portal access denied

July 15, 2013, 1:43 am
$
0
0

Dear Expert,

Need ur support, we are facing issue with some account that have access to unlock/reset password on domain users, however all of sudden facing issue to access AD, Shared folder, portals and cannot perform GP update also access denied.

Its work fine if computer account move to normal OU when return to old OU same issue would you please guide where to look this in GPEDIT ?

Support@Mytechnet.me

Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>