Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Missing SYSVOL and Netlogon share after server bare-metal restore

August 26, 2013, 6:11 am
$
0
0

Hello!

I am dealing with a problem on Server 2008 SP2 x86. After bare metal restore, i have lost SYSVOL and NETLOGON shares.

When i checked Windows SYSVOL folder it has: domain/Policies and domain/scripts folders.

The error messages i get are:

"The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol.  The following error occurred:
The system cannot find the file specified."

"The File Replication Service cannot replicate c:\windows\sysvol\domain because the pathname of the customer designated staging directory:    c:\windows\sysvol\staging\domain
 is not the fully qualified pathname of an existing, accessible local directory."

"The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\bbe.local\SCRIPTS.  The following error occurred: The system cannot find the path specified."

The processing of Group Policy failed. Windows attempted to read the file \\mydomin.name\sysvol\mydomainname\Policies\{xxxx-xxxx}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

I have tried restarting services, but it doesnt help. My DC is the only one in the network.

I found this link: http://support.microsoft.com/kb/316790/en-us

Does it apply and also what mean this step: "Move data out of the PreExisting folder."?

Search

remote desktop users group.

August 26, 2013, 2:52 am
$
0
0

I have a questionAbout permissions and Features the  "remote desktop users" group.

Chinese Characters in Netlogon.log

August 26, 2013, 3:26 pm
$
0
0

Hello,

I have enabled netlogon logging, and am noticing a few things that I am unable to diagnose after further research. My main concern is with a critical error that seems to occur every ten minutes. Occasionally the Chinese characters change but always translate to roughly the same message. Searching google for information about "I_NetlogonLdapLookup" has provided no helpful information either. Does anybody know what could cause this? We have 3 DCs (Server 2008R2, 2012) and this shows up in all three netlogon logs.

08/26 17:55:40 [CRITICAL] I_NetlogonLdapLookup: unrecognized parameter 湄䡳獯乴浡ѥ䠗偙剅㍖渮

All client computers are Windows 7 Pro x64. Any help is appreciated, thanks.

Alex Tester Information Technology Assistant National Automotive Experts

Windows 2008 Server R2 (Std) SP1 - Authentication issues on Windows 2003 Domain - Event ID: 5719

April 18, 2011, 12:22 pm
$
0
0

Log Name:      System
Source:        NETLOGON
Date:          4/18/2011 2:34:27 PM
Event ID:      5719
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      x.x.com
Description:
This computer was not able to set up a secure session with a domain controller in domain [...]  due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. 

This is a new system added to the network. OEM OS, coming with a DELL Server system.

Tried solutions proposed here: http://social.technet.microsoft.com/Forums/en/windowsserver2008r2general/thread/044e57eb-47a4-4988-92b5-faa68ad58025

except disabling the Spanning Tree Algorithm feature of the Ethernet switch. This is a feature needed  on the network and only this system is having issues.

I cannot believe Microsoft is consideringSpanning Tree as not necessary, on a corporate network....

 


Event ID 2105 MSExchange ADAccess

January 23, 2013, 3:50 am
$
0
0

Hello all,

I've originally posted this in the Exchange 2007 forum and it was suggest I post here instead:

Recently strted with these event ID 2105's on my front end exchange 2007 servers in an NLB cluster.  Any ideas?

Process MSEXCHANGEOWAAPPPOOL.CONFIG" -W "" -M 1 (PID=4496). Exchange Active Directory Provider failed to obtain DNS records for domain domain.co.uk. DNS Priority and Weight for the Domain Controllers in this domain will be set to the default values 0 (priority) and 100 (weight).

Exchange is working fine so I'm not sure what's happened.  The error suggests DNS but I can't see any issues there.

Any ideas?

    

Cheers, Andy andrewDOTstoryATjameswalkerDOTbiz

DC 2008 32 bit and DC 2008 R2 64 bit difference

August 26, 2013, 5:24 pm
$
0
0

Hi

I have 10 dcs in my domain where all DCs are on windows 2008 R2 but only PDC and infra DCs are on 2008 32 bit OS.

I need to know is this make any difference in AD infra..

Also can i install patch of 2k8 R2 on server 2008?

Seeing client time drift within domain

August 26, 2013, 8:57 am
$
0
0

I manage a network of 700 POS Win xp machines, located across the state.  These machines are all joined to a domain, with 2 DC's located at my corporate HQ.  

This domain is a child domain of our production, corporate domain.  

I know that by default, client machines sync time with the DC that holds the PDC Emulator role, and I have it set up to do this.

Recently, I have been noticing multiple POS terminals that are seeing some time drift. Some 8, 10, 13 minutes off.  What could be the cause of this?

Thanks in advance!

sb


The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

August 7, 2013, 2:18 am
$
0
0

Hi,

I keep getting the below event logged when a DC's Dns services are restarted.

The DNS server was unable to create a resource record for 899494f1-fac0-4405-8bf4-d3d2326d0449._msdcs.domain.local. in zone domain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

The server was demoted and promoted and the server received a new GUID but the server is still trying to register the 899494f1-fac0-4405-8bf4-d3d2326d0449._msdcs.domain.local entry. The entry does not exist in the domain.

I used the below article before we demoted the server and it however did not resolve the problem:

http://technet.microsoft.com/en-us/library/cc735667(v=ws.10).aspx

Does anyone have any ideas?

Thanks

Don

Kind Regards Don

Search

Active Directory Integration With Remedy ..

August 25, 2013, 5:34 am
$
0
0
Hello every body ...
I hope you doing fine :)
This is Ahmad Aloiynin from Saudi Arabia and I work as System Admin at SBM.
Actually, we have an issue with integrate Active Directory with BMC Remedy solution which is viewing the "division" attribute in Remedy. In other meaning, the Remedy team can't read/locate the "Division" attribute even when the attribute value has been set.
We gave Remedy user Admin privilege to read all attributes but still can't read the Division value.  

Full of hope that you can help me on this matter. 
Thank you very much.

Ahmad Aloiynin

Resource migration between two AD

August 27, 2013, 2:27 am
$
0
0

Hi,

I have one Exchange server 2010 and two active directory 2008.

I configured the second AD with "dcpromo" and it works perfectly i.e. when create/modify/delete the user i see the changes on both server, then the two AD are spoken correctly.

But if the first AD is turned off, i'm not able to login in outlook by client or not login in outlook webapp.

Can you help me?

Many thanks in advance.

Daniel


Updating AD proxyaddress field with Powershell, without associated Exchange mailbox

April 16, 2013, 6:56 am
$
0
0

Writing a Poweshell script to generate a gui interface for updating AD fields, which are replicated to Office365, using DirectorySync. 

We have local AD accounts which have Office365 mailboxes, but no local Exchange mailboxes.  When a user changes their email  address, we allow them to keep the old and new address active for receiving email.   Need to update proxyaddress attribute with old email address for sync to Office365.

How can i use Powershell to update the proxyaddress attribute?  Get/Set-Aduser and Get/Set-User do not have access to the proxyaddress attribute, and set-mailbox command does not work because there is no locally associated mailbox.

Suggestions?

Jim Schortinghouse

Mercer University IT

schortingh_j@Mercer.edu

Delegate rights to AD security group to Add UNIX Attributes

May 7, 2013, 8:47 am
$
0
0
  

Hi All

This has been asked before but not sufficiently answered, the previous threads have been locked so I can't ask there.

We have several Linux servers that are AD integrated, all our DC's are Server 2008R2 running at 2003 DFL and FFL with MSSFU installed. I wish to delegate the population of the UNIX Attributes tab to an AD group for our Service Desk. I have delegated read, write and read all, write all permissions for all msSFU objects. 

When testing the permissions I open Users & Computers, open a user and switch to the UNIX Attributes tab. I then select the domain from the drop down which auto populates the rest of the fields, no problem. When I click apply I get the below errors, but if I check the attributes themselves in Attribute editor they have populated and I can use the user in Linux.

Unable to modify the object property values.

Check your credentials.

There could be a network problem.

Active Directory Domain Services could be down.

Contact your system administrator.

I do not want to give the group "Full Control" of the OU's as per other threads, this is not an adequate answer, I do not wish to give the group this much control. I should point out that the setup works perfectly as a domain admin for obvious reasons.

Any help will be gratefully received. 


Cannot validate Windows 2008 R2 Forest Trust

August 23, 2013, 9:09 am
$
0
0

We have an existing two-way forest transitive trust and everything is working.  I added two new domain controllers and when I try to validate the trust I get an error message:

The Local Security Authority is unable to obtain an RPC connection to the active directory domain controller abc.com.  Please check that the name can be resolved and that the server is available.

I can ping the DC referenced in the error message.

I have checked the event logs and I am not seeing any errors.

I have run dcdiag on the new servers and everything looks ok.

Any ideas??

Thank you

How to delegate control normal user to login Domain Controller

August 26, 2013, 2:23 am
$
0
0

Dear All,

     I would like to grant 1 user to login to Domain Controller for monitor event log on DC.

     Could you please advise how to delegate that user to login and monitor event log on DC.

Thank you very much.

Can a 2012 Server Essentials domain have a one-way or two-way trust with another domain?

August 25, 2013, 5:20 pm
$
0
0
Can a 2012 Server Essentials domain have a one-way or two-way trust with another domain?
Not having any luck so far--the Server 2003 domain doesn't see the 2012se one.

Rick Hantz

Search

256 Character Limitation in Windows

August 27, 2013, 6:23 am
$
0
0

Hi,

We have Windows 2k8 server which we are using as a File Server. One of our department who is working on this server are frequently creating long path name folder. since long path name has been created, the files are in that folder are not able to open due to long file path character.

Kindly advice how to overcome this problem.

Regards 

Windows Azure Active Directory (WAAD) and Federation Services (AD FS)

August 27, 2013, 11:22 am
$
0
0

I have a client that's a candidate for cloud services with interest in both WAAD and ADFS for identity services.  The problem is mismatched internal/external domain names (mycompany.com inside/company.com outside).  We are considering a domain rename concurrent with a hardware/software refresh.  I've had enough complications with certificates.

Can anyone comment on other experiences with mismatched internal/external domain names with cloud-based services?  Are there any hard stops with WAAD or ADFS?

thx

Sync issue between 2 DC's

August 27, 2013, 7:15 am
$
0
0

Hello,

I have a problem with the replication between 2 DC's.
The directory services cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

When I check with Active Directory Sites and Services I see the following :
SERVER 1
USN's :
Current : 16548
Original : 16454

SERVER 2
USN's :
Current : 12449
Original : 5835

The last successful sync :
SERVER 1 : 27/08/2013
SERVER 2 : 14/07/2013

I suppose this happened with a power outage and the server started with a wrong time.

What's the best method to fix this issue?

Regards,
Tim Van Engeland

Time Replication when a DC is Off on Bridge

August 27, 2013, 11:24 pm
$
0
0

We have this design. KCC enable.

4 Site Links with cost 100 and replication interval 15:  (Site0 <> Site 1)  (Site1 <> Site2) (Site1 <> Site3) (Site1 <> Site4)

1 Site Links: (Site0 <> Site 1) +  (Site1 <> Site2) + (Site1 <> Site3)  + (Site1 <> Site4)

When DC on Site4 is turn off, Site0 doesn't replicate to Site1. It takes a long time....

Split AD forest into 2 copies that will never be rejoined?

August 28, 2013, 2:37 am
$
0
0

I know Microsoft do not support "graft and prune" as a migration strategy, but could it work as a short term solution if the 2 private networks are split and no longer communicate? If the splitting company takes its local Forest Root DCs, cuts communications with the parent company, and forces one of those root DCs to take on the FSMO roles, could it then remove all other child domains except its own and operate independently blissfully unaware that the other company is also running the same forest name and IDs on its own network (minus the child domain that is splitting)?

Windows 2008 R2 throughout, no Exchange servers to worry about, DNS is all run off UNIX. The child domains have always been run locally in each country, its just they have been part of the same forest. A migration to a new forest is not feasible in the near term, but will be the natural goal when resources can be decommissioned and other dependencies removed to vastly simply the task.

It doesn't matter that it is a "dirty" solution, but could it work?

Thanks in advance.

Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>