Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Single forest child domain installation on multiple root domains issue

$
0
0

I am trying to replicate a scenario where an organization will have multiple child domains associated to multiple root domains in the same forest. 

The child domain installation under the first root domain went fine because, it is the first domain installed in the forest and it has the enterprise admins group permissions under active directory users and computers.  

The problem occurs when I try to create a child domain under the second root domain because it doesnt have the enterprise admins group permissions. And it says the child domain creation fails. 

Is there a way to install child domains under multiple root domains in the same forest? 

Please let me know if you have answers 


Delete unknown PC from domain

$
0
0

Below PC can be ping under my company ".hk" domain, but I couldn't find it in all ".hk" DC.

Is there any problem ??

How to fix it ??

Thanks


Demote 2003 server in new 2012 R2 domain

$
0
0

We recently added a Windows 2012 R2 server as a DC in an existing 2003 domain. We have transferred all the FSMO roles to the new 2012 server. We are trying to demote the 2003 server with DCPROMO but get the error "A domain controller could nt be contacted for the domain xxxxxxxxx that contained an account for this computer. "The specified domain either does not exist or could not be contacted."

How do I demote and remove the old 2003 server/DC???

Windows is not starting

$
0
0

Hi

I'm having problems starting windows. What happened was, as I was installing a iso cloning program, it didn't installed correctly so I've decided to restart the PC and do the installation again. However, when I reached "Starting Windows" with the beautiful breathing logo, it hangs up there.

I tried repairing it, it didn't solve the problem. I've tried system restore, no restoration points found. I've inserted a Windows CD with the correct version and bit then tried to repair, still it didn't solve it.

I couldn't start booting it in "Safe Mode", pressed f8 couple of times but due to myencrypted system (truecrypt) I'm having a hard time getting in to the options of f8.

I don't want to lose my files please help!

Chocnut

Metadata cleanup - Windows 2012 GUI - Naming information cannot be located - Active Directory inaccessible

$
0
0

Context: practicing various options for metadata cleanup, including...

- ntdsutil, command line, step by step

- ntdsutil, command line, single command

- GUI - right-click on domain controller in domain controller OU of Active Directory Users and Computers (ADUC).

OS: Windows Server 2012 (*not* R2)

Yes, I am running the commands / performing the operation on this server (domain controller). The "defunct" domain controller was a Windows 2008 R2 machine. It is offline (a virtual guest that I have simply not turned on). 

+++++++++++++++++++

Seizing the FSMO roles was successful - no problem here.

The "traditional" ntdsutil - metadata cleanup option works fine. I know this because I can go into DNS, ADUC and ADSS to verify the absence of references to the defunct domain controller.

As this is (now) a single domain controller in a test environment (VMware Workstation 9.0.1) , I took a snapshot after seizing the FSMO roles and revert back to this snapshot after testing the various metadata cleanup options.

When I attempted the "GUI option" - in ADUC - as described here:

http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx#bkmk_graphical

The operation seems to complete successfully but...

I can no longer access either Active Directory Users and Computers or Sites and Services. I'll post some of the screenshots...

 

If I insist on opening ADUC, this is what I see:

*

*

I have to believe I have the proper credentials since the operation works at the ntdsutil command line.

For example, the command in the hyperlink above works just fine. It's the GUI option that.... apparently messes up something.

I'm going to try once more (after reverting to the previous snapshot) and see if I encounter the same problem.

I realize this is on a practice server (DC) in a virtual VMware Workstation environment but I obviously cannot experiment with this at work.

Can anyone reproduce this? Or think of a reason why this works with the "good ole" ntdsutil method but not with the GUI?


Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

Delete Domain Controller - Access is denied

$
0
0

I know that this has been asked before but I can't seem to get it to work.  I need to delete a DC from the domain and I tried it from ADUC, ADSIEdit and NTDSUtil as outlined in "http://support.microsoft.com/kb/216498" but nothing has worked. I keep getting an "Access is denied" error message.  What else can I do to remove this DC?  This DC has no FSMO roles.

Thanks

Bert

Getting user account with empty Office attribute with PowerShell

$
0
0

Hi,

We would like to get all users UserPrincipalNames from "comp.local" domain with empty Office attribute in user's property using PowerShell

Thanks


display the users middle initial or middle name in active directory and it shows in outlook 2010 as well.

$
0
0
I would like for the users middle initial or middle name to show in outlook 2010. I can set it in the header meaning I see the middle initial when the email comes in but its not in the signature. I read a post about the middle name attribute has to be set in a/d? if that is the case please provide some feed back on how to accomplish that? server 2008, a/d 2008

powershell command to get AD groups without memebers using get-adgroup in Domain

$
0
0

powershell command to get AD group without memebers

help me to get Security group without members using Get-Adgroup


How to recreate Certificate Authority Object from ADSI

$
0
0

Hello,

maybe someone could help me resolve this issue,

I'm implementing PKI in my company, I have 2 tier adcs hierarchy with offline root and 2 subordinate enterpirise CA's working in failover cluster, first implementation gone wrong and I uninstalled all roles from all 3 servers in order to reconfigure everything once again, I think i didn't clean the servers enough, especially in configuration, because after reconfiguration I had entries from old root CA certificate authority object in cn=certification authorities, cn=public key services, cn=services, cn=configuration..."

Does someone know how to recreate this object? Creator is asking me for octet string values for crl and so on, I have no idea how to find it.

DFL and FFL is Win 2008 R2

Maybe the quickest way would be configuring everything once again, but this time clean everything duly.

Active Directory authentication in B2B system

$
0
0

Hi all!

We need to deploy a web system that is hosted on another company and all members of our company will access it. It was determined that the authentication is using the same account (username and password) of the our AD. This system allows authentication by AD by creating an account that scan the AD, but here's the problem: we dont think secure that it reads all the attributes of the accounts. 

So, what alternatives known for this kind of situation? Its possible create an RODC with only necessary attributes avaible? Or is there any messaging or orchestrator (biztalk?) who reports to the system as if it were an AD? Anyway, I would like the opinion of you because I never had a similar situation ... 

Thank you!



Set OU Attribute via Script

$
0
0
Is it possible to set the "ou" attribute of a computer object in AD via script?  That attribute is not listed as an option in Set-ADComputer and it doesn't auto-populate based on the OU the object is in.  How can I programatically set the attribute rather than modifying each individual object manually?

PSO Settings applied?

$
0
0

Hello all, We're using PSO for configuring custom account password policies for specific users.

I can check that the intended users account got the PSO querying their account (trough ADSIEdit console or "dsget user <DN> - effectivepso" command). But this is an AD query, not a local query.

The question is: how can I check that PSO settings were effectively applied at user logon during RSOP?

GPResult doesn't help for this. I can't find a similar tool for querying which PSO setting  really applied.

thank you

Installing Additional Domain Controller in different Network

$
0
0

Hi All,

We are planning to add ADC on existing domain but before start I want to confirm that can I install ADC on different network range as follows:

Windows Server 2008 Enterprise SP2 Platform

HODOMAIN.com  IP is: 192.168.2.11

Branch network New ADC IP is: 192.168.1.11

we can ping both servers, so can I start the installation of ADC or do I need to prepare ADC on same DC network at Head Office and after installation, we can move the server to branch office and change the IP?

Thanks

Agha


How to configure Kerberos Authentication in Windows Server 2012

$
0
0

hi

I am new to windows server 2012,I want to configure kerberos authentication in server 2012 for integration with redhat linux server 6.2

how can I configure kerberos?

Its Urgent

Plzzz Help!!!!!!!!!!!


admt sql database

$
0
0

admt is used for daily account moves from domain to domain in our 9-domain forest.

over the years the moves have gotten slower and slower and slower.

i suspect there is bloat in the underlying sql database, though i am unclear what is stored there. the size of the admt.mdf is 6G.

how can i scrub this db, remove old data, reclaim whitespace and shrink the file?

Change or add a NetBIOS Domain Name

$
0
0

We have a current 2008 R2 level domain, for example example.domain.com and we need to migrate to a 2012 level example.test.com.  Currently example.test.com does not exist.  example.domain.com currently has a netbios name of example.  Is there a way to get the new domain setup to use the same 'example' for the netbios of example.test.com?  Or is it possible to setup a new domain without a netbios name or to change it at a later date?  The current example.domain.com does have Exchange 2010 on it and we would need Exchange at least 2010 on the new domain.  I've read a lot about having to rename the domain to change the netbios domain name, but I wasn't sure if that is something that could be left blank so that we could setup a netbios name to 'example' once the older domain is turned off.

To sum up.  We currently have example.domain.com that users log into using example/username and we would like to have example.test.com setup to be logged into using example/username.

Thanks for you help and let me know if any of this is clear or if you need further explanation.

 

Installing additional domain controller on remote site

$
0
0

Hi, we have two locations Mumbai and Banglore and connected both using vpn connectivity. We are able to ping each other networks. We have primary domain controller in mumbai and want to install additional domain controller in banglore. Mumbai network - 192.168.1.0/32 and banglore 192.168.2./32. Now before installation starts on banglore site i have to create new site and subnet at mumbai end for banglore server?  If yes then while installation in banglore server i need to select the default-first-site-name or need to use the correspond ip add from list 192.168.2.0/32?

Please help.

ADFS Setup ends with 'catastrophic failure'

$
0
0

I have a Windows Server 2008 SP2 Standard 32 bit which was running  ADFS Proxy server at one point but has been replaced with a newer server.  I now want to use is as an ADFS Server.  I removed the ADFS Proxy server configuration by the following steps.

  • Active Directory Federation Services 2.0 (KB974408) update under Windows Features in Add/Remove Programs in the Control Panel
  • From IIS I removed the ADFS and LS web sites and the ADFS Application pool
  • From Windows Explorer I removed the ADFS subfolder under InetPub

I patched the server from Windows Update service and then went to install the ADFS Setup program again selecting ADFS Service this time.

Using the same ADFSSetup.exe that I used when installing the ADFS Proxy the installation stops while 'Installing AD FS 2.0 components' and presents a dialog box saying "The installation of 'AD FS 2.0 components' failed.  Error:  Catastrophic failure"

I replicated this by using my an old ADFS Server that I had removed from the ADFS Server Farm earlier.  The ADFS server farm now consist of a single ADFS Server on Windows Server 2012 Standard.

I need to attempt to use one of these two servers.  I think that all the prerequisites are there since I had the services running previously on both of these servers.  Likewise I am using to correct AdfsSetup.exe since it also was used previously.

How to get the schema in a windows machine?

Viewing all 31638 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>