Hi,

There are two domain controllers in our environment: Server-AD01 (at SiteA) & Server-AD02 (at SiteB); we would like to verify that the AD Sites & Services settings have been set correctly. Both are Global Catalog servers & Server-AD01 holds all the Operational Master roles.

> SiteA
    > Servers
        > Server-AD01  [NTDS Settings > Connection is set to 'Replicate from: Server-AD02' ; 'Replicate To: Server-AD02']
        > Server-AD02 (there is no NTDS Settings)

> SiteB
   > Servers
      > Server-AD02 [NTDS Settings > Connection is set to ''Replicate from: Server-AD01' ; 'Replicate To: Server-AD01']

Have a feeling that the NTDS settings are wrong but can not be sure. Advice is appreciated. Thanks

Hi,

I have just extended an 2008 based active directory schema in a lab environment with a single domain controller.

the goal was to add a new dynamically linked auxiliary class and assign it to specific users in the domain.

I did every thing by the book including allowing updates to the schema using the registry key, creating new auxiliary class under the top level, and create new attribute and associate it with the newly created class.

all went fine without any errors (I restart AD services as well as the DC itself), I then opened ADUC and added the new class to specific AD user, again without any erros. however, when I closed ADUC and reopen it , displayed the properties for the user and clicked the attribute editor tab to see the new attribute, the table screen is empty (it was fully populated with all the default attributes before the change).

when I create a new user everything is in order , but I experience the same behavior each time I add the class to the objectclass attribute?

any deas?

Thank you,

Gad

What is the best way to deploy Distributed File System (DFS)  to a large enterprise where you want user folders created for all domain accounts?  Is there a script or powershell script to create the namespace subfolders? or is this part of the setup possibly?

For example:

\\domain.contoso.com\user\john

\\domain.contoso.com\user\beth

\\domain.contoso.com\user\bob

thanks!

Also, is there a way to change there documents folder to point to the \\domain.contoso.com\user\ with possibly a login script or home directory?

Hi

When we are running a script  find inactive users, it shows below out put which is confusing can you please let us know how can the lastlogon value be greater than passwordlastset attribute.

Thanks

Hi Experts,

we have single domain and we do have 5 sites. in 5 sites we have 5 additional domain controller and our primary domain controller is located in one of sites. now we facing dns issue like . in particurar site user couldnt resolve the host name. but people able to ping the ip address of the host name. when flush and register in works for few days and few hours. again wddie are facing the same issue.

My findings are:

i found the follwing event in DNS logs : Event ID 7050.

Please suggest me how to overcome this issue

Thanks, Venkatesh. "Hardwork Never Fails"

Hello,

I'm working on rolling out a new infrastructure, but i have some unique requirements...

I have two networks, one is an "airgap" the other is an internet connected network. I would like to manage users from one central server, so i've setup a "root" DC that is connected to both networks.

My question is, how can I configure the DCs on the internet and airgap networks to load a DIFFERENT roaming profile depending on the domain controller authenticated against?

IE, if Joe logs in on an internet computer, he would receive his internet desktop and settings, but if Joe logs in on the airgap network, he receives his airgap desktop and settings.

Please correct me if I'm looking at this the wrong way, but it's the best I can come up with to appease this "airgap" situation. I'm also open to suggestions andconstructive criticism...

Thanks!

I saw the same AD user object in different DCs and those USN are different.

I heard DC use USN to judge which AD object changes are latest and distriute latest update to other DCs.

But how does it work though USN are different in each DCs ?

Hi All,

I am in search of script to create Multiple Organisation Units in Windows Server 2008 Active Directory.

As a requirement i need to create 250 + OUs as part of AD restructuring, which take a lenghty time to create manually one by one.

Would appreciate, if i get the script for this.

Regards

Damodar

J D Tech Guy........

Hello Everyone,

I am a software developer using Microsoft products with a BS in Computer Science, so I have a decent background.  I am capable, but relatively new to server management.  Let me say thank you in advance for any input.

I have a physical Server 2008 R2 Domain Controller that I have set up over a year ago, and with the occasional hiccup, it has been running fine.  It also provides DHCP and DNS services.  Lately it has been flaking out a little (internet connection drops on all of my computers, assuming that it is not providing DNS for some reason) and requires a restart to start working again.  I am not trying to troubleshoot this right now.

I am setting up a development environment on my home network, to get into some more of the advanced deployment scenarios that I am researching for work.  As a side note, this will be revolving around SQL, Sharepoint, numerous application ideas that I want to test, TFS, and TFS's Automated Build/Deploy (Most important to me).  I am doing this at home, because security at work is preventing me from exploring all avenues, and it like waging a war getting things to change there.  I can do it quicker at home, and that is perfectly acceptable for my research.  I just need to provide an informed assesment of the technology to my managers.

I have added a Windows Server 2012 virtual Domain Controller to my network and set it up to share the Active Directory, DHCP, and DNS roles.  My network is now working with these in tandem, and everything is fine as long as one or the other is running. 

On to my question. 

I would like to upgrade my Server 2008 R2 to Server 2012.  I know that this is not necessary, but I may end up looking into one of the new features that is available in the 2012 functional forest level, and I cannot raise the forest to that level as long as it contains a 2008 R2 server, if I understand correctly.  Since the 2008 R2 server was there first, and the domain was set up using that server, are there any considerations that I must look into before I upgrade the 2008 R2 server?  It appears that it is possible to do an in place upgrade from 2008 R2 to 2012.  Will that destroy the domain on that server? Do I need to "transfer" anything to the 2012 server before I do the upgrade?

Thanks in advance for any help.

Hi!

May i know which is the number one software to manage Active Directory? Is it Manage Engine AD manager or some other?

Secondly, which is the best tool to send messages to domain users. Winxp and win7 Computers.

Thanks.

I had domain controllers on server 2012 and they were working great.  I had some isses with DC01 and ended up forcing it to demote and then seized the roles to DC02.

I am promoted dc01 back and it is running good.  I since then added 2 more DC's to see if they have the same issue that I am seeing in the DCdiag tool

Basically, the netlogon and sysvol folders are not shared on any of the other Domain Controllers.  DC02 has the folders and the group policy's.  I found a registry post that opens up sharing for the sysvol folder, but that doesn't help this.  Is this normal?  Should the contents reside in all the folders on each of the domain controllers.

Thank you

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = NSO-DC01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\NSO-DC01
      Starting test: Connectivity
         ......................... NSO-DC01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\NSO-DC01
      Starting test: Advertising
         ......................... NSO-DC01 passed test Advertising
      Starting test: FrsEvent
         ......................... NSO-DC01 passed test FrsEvent
      Starting test: DFSREvent
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL
         replication problems may cause Group Policy problems.
         ......................... NSO-DC01 failed test DFSREvent
      Starting test: SysVolCheck
         ......................... NSO-DC01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... NSO-DC01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... NSO-DC01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... NSO-DC01 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... NSO-DC01 passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\NSO-DC01\netlogon)
         [NSO-DC01] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
         ......................... NSO-DC01 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... NSO-DC01 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,NSO-DC01] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105
         "Replication access was denied."
         ......................... NSO-DC01 failed test Replications
      Starting test: RidManager
         ......................... NSO-DC01 passed test RidManager
      Starting test: Services
         ......................... NSO-DC01 passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   17:31:55
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   17:36:55
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   17:41:56
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   17:46:57
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   17:51:58
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   17:56:59
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   18:02:00
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   18:07:01
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   18:08:56
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         An error event occurred.  EventID: 0x00000457
            Time Generated: 07/26/2013   18:08:58
            Event String:
            Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the
 administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 07/26/2013   18:08:59
            Event String:
            Driver PDF Complete Converter required for printer PDF Complete is unknown. Contact the administrator to ins
tall the driver before you log in again.
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   18:12:02
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   18:17:03
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   18:22:03
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 07/26/2013   18:27:04
            Event String:
            The processing of Group Policy failed. Windows attempted to read the file\\Norfolk-Sheriff.com\sysvol\Norfo
lk-Sheriff.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused b
y one or more of the following:
         ......................... NSO-DC01 failed test SystemLog
      Starting test: VerifyReferences
         ......................... NSO-DC01 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : Norfolk-Sheriff
      Starting test: CheckSDRefDom
         ......................... Norfolk-Sheriff passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Norfolk-Sheriff passed test CrossRefValidation

   Running enterprise tests on : Norfolk-Sheriff.com
      Starting test: LocatorCheck
         ......................... Norfolk-Sheriff.com passed test LocatorCheck
      Starting test: Intersite
         ......................... Norfolk-Sheriff.com passed test Intersite

Hello Friends

Please tell me how to configure DHCP Server On Win 2008, How To Block Website Through DHCP.

Thanks & Regards Amit Kumar | EDP Dept.| Indus Weir Industries Limited | FF-42 | 3rd Floor | Mangal Bazar Road | Near V3S Mall | Laxmi Nagar | Delhi-92 | M +91 8010477243 E-Mail singhamit1993@hotmail.com

Hi,

I have looked at this article re fsmo role placement (http://support.microsoft.com/kb/223346). Some questions which have arised from it :

1) The article says add more replicas, but then also says, reduce the number of replication partners. Is this not contradictory?

2) If I remove the global catalog role from a server, does this in any way change replication behaviour?

3) The article mentions to have a standby role holder. Would this just a be an ordinary Windows Server and if I need to transfer roles, I promote this server to a DC and transfer the role?

Some other questions:

4) If I stop the ntds service on a DC, say for example on a PDCe DC, should I move this role to a new server? Does stopping this service take the server out of replication?

5) What's the reasoning for comparing USNs on DCs being pointless?

Sorry for the random questions!

We are having issues setting up a new domain controller and cannot get the NETLOGON and SYSVOL shares to appear.  Any advice would greatly be appreciated.

ENVIRONMENT:

Domain: mydomain.domain

DC01 (Domain Controller (existing), DNS Server, OS: Server 2003, 192.168.0.197)

DC02 (Domain Controller (new), DNS Server, OS: Server 2003, 192.168.0.202)

OUR INTENTIONS

We plan to decommission DC01.  DC02 will eventually be the only domain controller in the environment.

WHAT WE HAVE DONE:

• Setup Active      Directory on DC02.
• Transferred all      FSMO roles to DC02.
• Tried setting      the BurFlags registry value to D2 on DC02 per this article:

http://support.microsoft.com/kb/290762/en-us

I believe the start of all our problems may have been due to invalid DNS settings (both DC01 and DC02 are DNS Servers).  We use Hamachi for remote access to these servers, not sure if it caused any problems.  I ended up making the following changes the other night hoping to correct the problem (I did run ipconfig /flushdns and ipconfig/registerdns after making changes):

---DNS Settings Before----

DC01 NIC:

              Primary DNS: 127.0.0.1

              Alternate DNS: 4.2.2.1

DC01 DNS Server:

              Listening on all adapters.

DC02 NIC:

              Primary DNS: 192.168.0.202 (self)

              Alternate DNS: 4.2.2.1

DC02 DNS Server:

              Listening on all adapters.

----DNS Settings After----

DC01 NIC:

              Primary DNS: 192.168.0.197 (self)

              Alternate DNS: 4.2.2.1

DC01 DNS Server:

              Listening only on 192.168.0.197 (self)

DC02 NIC:

              Primary DNS: 192.168.0.202

              Alternate DNS: 4.2.2.1

DC02 DNS Server:

              Listening only on 192.168.0.202

WHERE WE ARE STUCK:

Now I am receiving journal wrap errors on DC01 but the\\DC01\NETLOGON and\\DC01\SYSVOL shares are still available.  I am still unable to get the\\DC02\NETLOGON and\\DC02\SYSVOL shares to come up.

Results for the following commands can be foundhere.

net share

dcdiag

ipconfig /all

dcdiag /test:dns

repadmin /showrepl

NetDOM /query FSMO

We have also been seeing the following errors/warnings in the event logs on both servers (detailed logs can be foundhere):

• Directory Service: 1126,1308,1655,1960,2087,2088
• DNS: 6702
• File Replication: 13508,13565,13566,13568

Any help will be greatly appreciated- Thank you in Advance!

-Steven

Dear Sir,

There is a requirement for moving branch domains to primary DC and then will be deployed an ADC in primary Site. What are the limitations and consideration when moving? Also if you can provide me the steps that would be highly appreciated.  

Server Operating systems are windows server 2008R2

I have attached the Diagram herewith.

http://social.technet.microsoft.com/Forums/getfile/303359

Thank you

Partner

Hello everyone,

We have one domain and in it, 3 sites.  We are in process of demoting Windows Server 2003 domain controllers.

At Site1, we have 3 domain controllers, 2 Windows Server 2008 R2s and 1 Windows Server 2003.

At Site2, 1 Windows Server 2008 R2

At Site3, 1 Windows Server 2003

We recentely removed Win2003 domain controller from Site3, and demotion was finished gracefully via Dcpromo. However, the domain controller is still showing under AD Sites & Services with replication partners under NTDS settings. 

I understand if, only server object remains then we can safely delete it, but I've nerver had a situation like this.  Is it still safe to delete the it while it is still showing replication partners?  If not, what would be the process?

Thank you!

From which DC could we verify trust relationship ?

From only DC which has some FSMO role or , any DCs are usable to validate trust relationship ?