Hi all,
Is there a way to get all AD users passwords? I want to verify that users are not using a certain password.
Thanks.
↧
Get AD users passwords
↧
Checking Computers and Users not active in Active Directory
Guys,
I was wondering if there is a way where we can check if a user or computer account in AD which has not been used for 90 days and remote it automatically?
Is there any tool from Microsoft or any 3rd party tool?
Your replies will be very much appreciated.
Thanks and Regards!
↧
↧
stop server 2008 r2 from ad athenticaiton attempt
I have an off directory machine 2008 r2 that I am looking to stop its attempts to authenticate on the AD. Might be a silly question as some of the most basic can escape us all. What service will stop its attempts and only allow its local user
login?
↧
Cross Forest Group security Scope
Hello,
I need a confirmation about this documentation on windows 2008R2 server:
Group scope
http://technet.microsoft.com/en-us/library/cc755692(WS.10).aspx
I can't find a related document in windows 2008R2 server.
I need an official answer to give to my customer and an article on W2003 server is not enough.
Could someone help me?
Thanks in advance.
Hervé.
↧
Ports to update DNS Info
Hi!
I need to assign permissions to my SSL VPN users to update their DNS and DHCP records on the domain controller whenever they connect through ssl vpn client. What ports are needed for this and is it secure?
Thanks.
↧
↧
2012 schema upgrade
Hi,
I have ran adrep /forestprep and adrep /domainprep in our 2008R2 function level domain to
allow for windows 2012 domain controllers, but do I need to run adrep /gpprep
as well?<o:p></o:p>
↧
Some issues with my servers syncing to the correct NTP servers?
I'm having some issues with NTP. I've got 3 DC's DC0,DC1, DC2.
Currently all computers in the domain are syncing to DC1. DC1 however does not correctly Sync to internet time servers. I've been setting this manually every now any then.
DC1 and DC2 are windows 2003 servers and DC0 is windows 2k8 r2. I've updated our time sync GPO to sync to DC0. I've set DC0 to sync with pool.ntp.org. What is interesting is that even though DC0 is configured to sync with pool.ntp.org I see an entry in the event log that says it synced to DC1 still?
What could be going on here?
Thank you.
↧
Tool to run health check for my active directory 2003
I want to make a health check for AD 2003, the main reason is we want install a second Domain controller to dristribuite the AD roles. Now with tools or command with its sintaxis, must i have to use for this procedure?
Regards
F
↧
Active Directory User Object Property "User cannot change password" uncheck itself
I have the situation that need to set "User cannot change password" to all users, I check this option on User Properties, so past about 30 minutes uncheck itself, this occour to all users on domain, old and new users.
The users who are member of Domain Users (only) or participate to others, had same problem.
What I was done:
- I change the GPO "Default Domain Policy" to disable Password Policy
- I change permissions to all security groups to deny "Change Password" on one user object
- Change option from Windows Command Line: wmic useraccount where name='username' set passwordchangeable=false
But all tests had same results, about 30 minutes the option "User cannot change password" uncheck itself.
My domain controllers was in Windows Server 2008 R2 SP1, Forest and Domain funcional level was Windows Server 2008 R2.
Detail was that this domain was upgrade from 2000 to 2003 and to 2008 R2 SP1.
Have any one passed from this problem?
Tibiriçá Rosa Cibils, Gestor de T.I. MCITP, MCTS, MCT, MCSA +M, STS, SSE
↧
↧
Computers objects suddenly just disappeared from AD and no where to be found.
Hi
We are just beginning to rollout Windows 7 and if you have read my previous posts I had all sorts of AD issues when joining the company, it was a complete mess!
AD is slightly in better shape than what it was, but still am encountering issues with Sysvol not replicating properly (this is a Separate post).
On a separate note I had an issue with AD that I don't understand why it happened...Basically I was doing a bit of re-arranging of AD. I did this by creating a new OU and then adding further OU's which defined a office site. We have 4 sites.
My aim was the new laptops being built on Windows 7 I was going to create a new OU structure as the long term plan is to deploy certain GPOs based on site location. By default as you may know they go to computers OU.
So the Computers objects could be seen in AD and a few weeks ago (before I did the OU change) I temporarily put the objects in a certain OU just so I knew these objects were the Windows 7 laptops, Once I created the other site OUs I then moved the computer objects to their respective Site OU.
A couple of days/week later a few users got in touch to say they could not login to their laptops on the domain, they would receive a message:
"The security database on the server does not have a computer account for this workstation trust relationship.".
When I went back into AD, I was horrified to find out that all the computers I moved to various OU's had all disappeared. If I tried to search for them, they were no where to be found, it like they just disappeared.
I am an experienced AD user and I know for sure I didn't delete the objects. So am struggling to understand what happened.
I was able to resolve but it meant I needed to go to each client and take the machine of the domain and rejoin it. They then reappeared in AD and I was able to move them back to their respective OUs and it's OK now but I struggling to understand why this happened
Currently I do have sysvol replication issues. Could this be a likely cause of why I saw this issue? Is it something else.
Any advice would be greatly appreciated.
Thanks
↧
Repliction issues. Creating policy on 1 DC, not seen on another DCs.
Hi
I have inherited a very unhealthly AD environment comprising of 5 DCs with 1 2008 DC and 4 DC on 2003 R2 (2 are in a DMZ environment for our hosted Exchange 2007 setup)
Whilst it works, there are certains I can see one of these is I had problems editing policies on 1 2003 DC. It came up with the message:
windows can not find 'gpedit.msc'. Make sure you typed the name correctly, and then try again. to search for a file, click the start button, and click Search. Details: The system cannot find the file specified. I read on another forum that if I copy the gpedit.msc file
|
↧
Is possible to convert a RODC to writable DC without demoting the RODC?
Hello to all, I have some RODCs and would like to convert them to writable DCs on the same domain. Is possible to convert the RODC to writable DC without demoting the RODC (I have DHCP and WINS on these servers) and promoting them again?
Best regards, EEOC.
↧
Creation of trust fails: cannot continue
I have two different forest with 2 different domains . 1st one called mango.net and 2nd called cherry.net,there is no shared root DNS server and the root DNS servers for each forest DNS namespace are running Windows Server 2008 R2 so i configured DNS conditional
forwarders in each DNS namespace to route queries for names in the other namespace.
As you can see our DNS and Netbios names are not the same and I have verified that both domains have the different SIDs too (I have verified it by using the tool PSGetSID).
I am trying to create trusts between 2 domains. At the end of the Trust wizard, I received the following error in the New Trust Wizard:
The operation failed. The error is: cannot create a file when that file already exists.
Image may be NSFW.
Clik here to view.
Both forest and domain functional level are windows 2008 R2
Nothing appears under the event log
Anyone have any ideas about that. Please let me know.
↧
↧
Windows 7 Roaming Profiles take a LONG time after first logon
I'm having a VERY bizarre case of long logon times for a new branch office running Windows 7 64-bit professional, domain environment, 2008R2 local server (gigabit connectivity). Here's the symptoms:
1. User with no pre-created roaming profile logs in the first time...works great!
2. User then logs off the PC (start - logoff), screen hangs at "please wait for user profile service" for 2-3 minutes before completing logoff.
3. All subsequent attempts to log on / off take 2-3 minutes hanging at the "please wait for user profile service" screen.
The network connections are all very fast...grabbed a packet capture of a good logon (#1 above) and a bad log off (#2 above). It appears as though it's just writing nonsense for a LONG time. The profile size is 6 MB...
I'm attaching a screencap of the packet capture. This is 18,127 packets of this type of information just from this single user. Log off time went to 166 seconds for this capture.
Image may be NSFW.
Clik here to view.
Please help!
↧
Extra DNS entry in RODC site
Hello,
We have a site named Plymouth that contains only an RODC. When I look under DNS - Forward Lookup Zones - Sites, Plymouth lists ldap and kerberos records for the RODC and a writeable DC. This is occurring across all sites with only an RODC.
Any idea why this is occurring?
Thanks
↧
query AD for a list of all Exchange enabled account on an especific exchange server
Dear all,
I need to produce a list off all users emails that reside on my exchange01 server that has an enable account and expot it to a txt file.
Could you please help me?
Thansk in advance
↧
Domain Controler order network
Hello everybody, I need help
I have only one domain with two domain controllers, I wonder how is the order in DNS servers that are domain controllers, both in primary and in secondary:
Today I left it this way:
DC Principal
IP: 192.168.0.1
Mask: 255.255.255.0
Gateway: 192.168.0.4
Primary DNS: 192.168.0.2
Secondary DNS: 192.168.0.1
________________________________
Secondary DC
IP: 192.168.0.2
Mask: 255.255.255.0
Gateway: 192.168.0.4
Primary DNS: 192.168.0.1
Secondary DNS: 192.168.0.2
I'm following the practices of MBSA, however there is a discução around it saying it should be another setting ie, each DC pointing to your own IP Primary DNS field.
I understand that if the DC Principal fall, he will point to the secondary and vice versa,
However I wonder if my thinking is correct?
thank you
MCP
↧
↧
Migrating Active DIrectory objects to another Domain Controller
I support an environment with multiple locations that have no inter-connectivity. I'm responsible to set up a domain in each new location that is identical to the other locations (as far as Active Directory settings). Is there a way for me to export all of the Organisational Units, Policy Settings, Groups and Users from one server to the next?
I'd like to set up a new server running 2008 r2, deploy active directory and then import the base settings I mentioned above.
Is ADMT the correct tool for this?
↧
How to create Subdomain in windows 2008
hi friends
i have been given task to create a new sub domain in our existence domain in "Windows 2008 R2"which is as exampletest.com and and i want the new sub domain to be like branch.test.com and also there is plan of a email server for that sub domain which i want it like mail@brand.test.com
kindly let me know what is exactly is required and what are the steps to accomplish my project in our local DNS server and what is important to be pointed out in public DNS since i have plan of email server as well.
Note: i have a registered domain at moment and everything is working.
thanks
greenman.
↧
Windows Time Parameter Question
I'm going to move my PDC emulator role off of a W2K3 server to a 2K8 R2 server, so I started looking into Windows time and looking at how our Time is currently setup, and I'm confused.
My current PDC emulator is setup to pull time from an external source and we have rules in our firewalls that allow for this. In the registry, under HKLM\System\CurrentControlSet\Services\W32Time\Parameters\NtpServer is set to an external address.
But, when I look at any other server I see the same registry key set to time.windows.com,0x1, if the server is 2003 and time.windows.com,0x9, if it's a 2K8 R2 server. I did a NSLOOKUP on time.windows.com and come up with 65.55.21.21. That address is no where in our firewalls and we don't use DNS names in our firewalls.
So, does the Type REG_SZ of NT5DS force my other DCs and member servers to look to my PDC Emulator instead of what is listed in the NtpServer field? I've been trying to find this answer for a little while now, but I haven't found anything definitive.
↧