Hi,

I have a Server 2008 R2 Certificate Authority (CA Root) server in my Windows domain. I have a Server 2008 R2 standalone server in a Workgroup with AD LDS installed (I want to keep it in the workgroup so it is isolated from the domain). I need to connect to LDS instance using SSL (basically LDAPS). So far my research tells me that I need a SSL certificate from my CA Root server for LDS server.

My Questions are:

1. How do I generate an SSL certificate for my AD LDS server that is not a domain member?

2. How to install/add this certificate in AD LDS server?

3. How to test for successful connectivity over LDAPS using ADSIEdit?

i have 4 sites:

Site A: MD

Server 1 - 1 DC server 2003r2

Site B: FL 3 DC servers (2 running server 2003 r2, 1 server 2012 r2)

Server 1 - Server 2003 (DC1)

Server 2 - Server 2003 (FS2)

Server 3 - Server 2012 (DCSRV)

Site C:FL 2

Server 1 - 1 DC server 2003r2

Site D: Cn

Server 1 - 1 DC server 2008r2

Site B is our HQ site with 1 of the server 2003's holding FMSO roles

Site B & C are in the FL, Site A is Maryland, Site D is in China

Autogenerated Connection Layout that i see in ADSS>NTDS settings for each site

Site A (only 1 server): Has AutoGen to Server 2 in Site B

Site B: Server 1 - Autogen for server 1 in site D, autogen for server2 in site B, autogen for server 1 in site C, server 3 in site B

           Server 2 - Autogen for server 1 in site A, Autogen for server 1 in site B, Autogen for server 3 in site B

           Server 3 - Autogen for server 1 in site B, Autogen for server 2 in site B

Site C: Server 1 - No Autogenerated connections, only a manually created one

Site D: Server 1 - No Autogenerated connections, only a manually created one

Intersite Transports:

Default: Which has Site A, B, C in this site link

Link 1: Which has Site B, D in this site link

i have right clicked the NTDS Settings>All Tasks>Check Replication Topology from my server 2012R2 but it does not autogenerate.

 I have run DCDIAG and repadmin and everything passed successfully. How can i get them all to be autogenerated so i can remove the manually created ones? Should i be concerned that not all servers are showing an autogenerated connection under each NTDS setting?  For the China office that is in under the Link 1 so i know i wont see Site A & C autogenerated servers in there but shouldn't i see all three DC's in Site B and vice versa, or at the very least one of my Site B servers in Site D and vice versa.

History:  I migrated a 2003 domain to 2012 R2 (2 DCs), now native.  All was ok until my 1st reboot of the 2nd DC.  It lost its ability to communicate w/the domain.  I've demoted/removed it and am now on 1 DC until I can do some more testing.  DNS is now clean and dcdiag give a clean bill.  This has been running without issues for several weeks.

This AM I get a call and users cannot log into the terminal server.  I reboot it, but the problem persists.  I then try to log onto the DC.  I get a login error, the DC doesn't recognize administrator or the regular domain admin account I typically use.  I'm forced to do a power button shutdown and restart.  After restart I can log in and everything appears to be good.

A review of the event logs show that @ 4:30PM yesterday the scheduled backup (Win Backup) occurred successfully.  Then shortly after 5PM the system logs event 5823 (NETLOGON  The system successfully changed its password on the domain controller .  This event is logged when the password for the computer account is changed by the system. It is logged on the computer that changed the password. ). 

The nothing until ~ 2 1/2 hours later I start getting a bunch of event 4 (kerberos KRB_AP_ERR_MODIFIED)  and 1006 (Group Policy processing failed) errors every couple minutes until I reboot.

Can anyone shed some light on what possibly happened?  Did the automatic change of the system password break AD because I only have 1 DC?

Hello,

Let me know if there is a better place to post this question...

I have a new install of ADFS that isn't working.  I've been using the technet article labled "Checklist: Use AD FS to implement and manage single sign-on"as a guideline.  I have gotten to the point where I have dual federation servers with the roles installed on dedicated servers, and NLB installed on each as well.  As well, I'm using a wild card cert for my domain.

What is working... I can visit these pages locally on each server:

https://localhost/federationmetadata/2007-06/federationmetadata.xml
https://localhost/adfs/ls/idpinitiatedsignon.htm

But, I cannot visit the same URL using the FQDN of my NLB cluster name (it is pingable):

https://adfs.myDomain.com/adfs/ls/idpinitiatedsignon.htm

I know my NLB is working properly, for example, I can RDP to each federation server (say "FED01.myDomain.com" and "FED02.myDomain.com").  And I can RDP to "ADFS.myDomain.com" - I get redirected to the primary.  If in NLB I stop the primary, when I RDP to ADFS.myDomain.com again I get directed to the 2nd server.  So thats good.

When I do I a packet capture from my PC to ADFS.myDomain.com (in the LAN), I see the HTTPS traffic going back and forth, but ultimately ending in a reset (I don't know how to full understand the communication shown in a packet capture)

16806 8.649136 10.26.151.150 10.26.100.106 TCP 54 https > 49632 [RST, ACK] Seq=1 Ack=127 Win=0 Len=0

(server = 10.26.151.150, PC 10.26.100.106)

Any tips on troubleshooting?

This is a test Lab for Windows Server 2012. I am using XenServer 6.2 and the domain controller is installed on one of the VM. I created another VM and tried joining it to the domain and I could not join. I have my Xenserver Host IP as 10.0.0.61 and I assigned the gateway as 10.0.0.60. My Windows Server 12 Domain Controller has an IP address of 10.0.0.70 and my member server IP Address is .65. Not sure whether something needs to be done for Xenserver VMs in how to get to the gateway. Cause I cannot ping also. And I get the following error message:

An active directory domain controller (AD DC) for the domain "Domain Name' could not be contacted.

Ensure that the domain name is typed correctly. If the name is correct, click Details for troubleshooting information. I am attaching the information.

Note:This information is intended for network administrators. If you are not network.....

The following error occurred when DNS was queried for the service location (SRV) resource.

The error was: "This operation returned because the timeout period expired" (error code 0X0XXXXX5B4 ERROR_TIMEOUT)

The query was for the SRV record for _ldap._tcp.dc._msdcs.......

AA2913

Hi.
We have main office with 2008 R2 infrastructure. ~100 users.
Also we have branch office without Windows infrastructure. ~15 users
Offices connected via VPN. Some users travels between two offices.
Also we are using Wi-Fi with RADIUS authentication. Branch users authenticate over VPN.
Some Windows PC with domain users authenticate over VPN too.

Now we want to deploy File server in Branch office. And i think about DFS namespaces which includes two shares both offices.
Also i want to delegate permissions to one Person for manage users passwords.

I am planning to use on Branch office Windows Server 2012 R2: one VM as AD DS, second VM as File server.

What will be better for AD DS: RODC or RWDC in our case?
Branch will grow. end of the year is planned up to 50 people.
Thank you!

Hi Guys,

we have an active directory domain in 2 sites. each user has a home folder as well. I want to disable all sharings between sites and don't like the users to see their home folders when they travel from one site to another.

would you please help me about it?

Thanks and regards,

Bahman

Hello,

Ive searched the web forever on this and can not figure out what is wrong. and I keep getting this error and can not join the domain.

The following error occurred attempting to join the domain "TTMS-MI.local":

An attempt to resolve the DNS name of a domain controller in the domain being joined has failed. Please verify this client is configured to reach a DNS server that can resolve DNS names in the target domain.

I am running windows server 2012 R2 trying to connect with a windows 7 computer.
I have already set the DNS in my computer to the Server running DNS Server (same as DC server)
I can ping the server domain name and IP, i can nslookup the FQDN aswell with no problems.

Ive literally tried every option provided in other posts and to no avail. nothing works. Ive set up my DNS forward look up zone and a reverse look up zone too.

This is what i get from ipcongif, nslookup and pinging the server.

Can someone please help me and tell me what i am doing wrong

Nick

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\nroman>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : TTMS-MI-CATIA2
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : A0-B3-CC-F7-3D-89
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.48.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.48.254
   DNS Servers . . . . . . . . . . . : 192.168.48.11
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{E124AB20-6806-43D8-9628-9592752F4809}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3431:1258:3f57:cff5(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::3431:1258:3f57:cff5%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Users\nroman>ping ttms-mi.local

Pinging ttms-mi.local [192.168.48.11] with 32 bytes of data:
Reply from 192.168.48.11: bytes=32 time<1ms TTL=128
Reply from 192.168.48.11: bytes=32 time<1ms TTL=128
Reply from 192.168.48.11: bytes=32 time<1ms TTL=128
Reply from 192.168.48.11: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.48.11:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\nroman>ping 192.168.48.11

Pinging 192.168.48.11 with 32 bytes of data:
Reply from 192.168.48.11: bytes=32 time<1ms TTL=128
Reply from 192.168.48.11: bytes=32 time<1ms TTL=128
Reply from 192.168.48.11: bytes=32 time<1ms TTL=128
Reply from 192.168.48.11: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.48.11:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\nroman>nslookup
Default Server:  ttms-mi.local
Address:  192.168.48.11

Hi.

I am a begginer in windows server configuration. I installed windows server 2008 R2 64 bits. After that I installed Active directory Rol and then executed DCPROM. I installed DNS with this domain controller. This is going to be a single server in a small LAN. I have read and done twice the steps I wrote before and keep having problems with the appropiate DNS configuration. After running Best Practice analyzer I found this errors:

The DNS server 192.168.1.2 on Local Area Connection did not successfully resolve the name _ldap._tcp.gc._msdcs.zenithcss.com.

The DNS server 192.168.1.2 on Local Area Connection did not successfully resolve the name _kerberos._tcp.zenithcss.com.

The DNS server 192.168.1.2 on Local Area Connection did not successfully resolve the name for the start of authority (SOA) record of the zone hosting the computer's forest root domain name

What can I do?

I haven't done anything else but the normal wizard procedures. This is my config:

Windows IP Configuration

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : cantv.net
   Link-local IPv6 Address . . . . . : fe80::9099:8cdc:ee24:b090%10
   IPv4 Address. . . . . . . . . . . : 190.201.78.68
   Subnet Mask . . . . . . . . . . . : 255.255.224.0
   Default Gateway . . . . . . . . . : 192.168.1.2
                                       190.201.64.1

Tunnel adapter 6TO4 Adapter:

   Connection-specific DNS Suffix  . : cantv.net
   IPv6 Address. . . . . . . . . . . : 2002:bec9:4e44::bec9:4e44
   Default Gateway . . . . . . . . . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.cantv.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : cantv.net
'all' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Administrator.SERVIDOR>Ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Servidor
   Primary Dns Suffix  . . . . . . . : zenithcss.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : zenithcss.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-18-8B-24-05-79
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9099:8cdc:ee24:b090%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234887307
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-1C-A4-55-00-18-8B-24-05-79

   DNS Servers . . . . . . . . . . . : ::1
                                       192.168.1.2
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{541990BC-D998-4279-8847-403D96B01165}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Regards, Joe

José

I have been trying for days to join a Windows Server 2012 server to a domain I've created. I continually get the "forcibly closed" error:

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "OLSONPOC.COM".

The error was: "An existing connection was forcibly closed by the remote host."
(error code 0x00002746 WSAECONNRESET)

The query was for the SRV record for _ldap._tcp.dc._msdcs.OLSONPOC.COM

These are the results of the IPCONFIG /ALL of the server I'm trying to add to the domain:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : OLSONSQL
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : OLSONSQL.b4.internal.cloudapp.net

Ethernet adapter Ethernet 4:

   Connection-specific DNS Suffix  . : OLSONSQL.b4.internal.cloudapp.net
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #4
   Physical Address. . . . . . . . . : 00-15-5D-43-79-B4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.0.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Lease Obtained. . . . . . . . . . : Saturday, April 26, 2014 7:42:36 AM
   Lease Expires . . . . . . . . . . : Tuesday, June 2, 2150 3:15:20 PM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 168.63.129.16
   DNS Servers . . . . . . . . . . . : 10.0.0.4
                                       10.0.0.5
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.OLSONSQL.b4.internal.cloudapp.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : OLSONSQL.b4.internal.cloudapp.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Here are the results of IPCONFIG /ALL from the domain controller:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : OLSONAD
   Primary Dns Suffix  . . . . . . . : OLSONPOC.COM
   Node Type . . . . . . . . . . . . : Peer-Peer
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : OLSONPOC.COM
                                       OLSONAD.b1.internal.cloudapp.net

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . : OLSONAD.b1.internal.cloudapp.net
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #2
   Physical Address. . . . . . . . . : 00-15-5D-43-64-EA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.0.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Lease Obtained. . . . . . . . . . : Saturday, April 26, 2014 12:41:54 PM
   Lease Expires . . . . . . . . . . : Tuesday, June 2, 2150 8:18:23 PM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 168.63.129.16
   DNS Servers . . . . . . . . . . . : 10.0.0.5
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.OLSONAD.b1.internal.cloudapp.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : OLSONAD.b1.internal.cloudapp.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

I have Windows firewall turned off on both servers...

I have no idea what the issue could be! 

ANY help would be greatly appreciated!!!

A. M. Robinson

Using this script (http://gallery.technet.microsoft.com/scriptcenter/Enumerate-Domain-Trusts-25ecb802) to enumerate domain trusts and when looking at my trusts in adsiedit, I find I have four different trusts (some one-way, some two-way) that return0x0 as their trustAttributes value. I have seen this chart (http://msdn.microsoft.com/en-us/library/cc223779) for the values, but cannot find what the value 0x0 would mean. I mostly find information similar to this:

0x00000001 - The trust is Non-Transitive
0x00000002 - The trust is valid only for Windows 2000 (and newer) computers
0x00000008 - Forest Trust
0x00000010 - Trust is to a domain or forest that is not part of the organization
0x00000020 - Trusted domain is within the same forest
0x00000040 - External Trust

I have also googled quite a bit and found many instances of the value being returned as part of Event Logs capturing trust related records (though the value is not part of the error itself) so I don't believe it is uncommon... just not documented where I can find it?

Any help would be greatly appreciated!

Sample of my script returns with zero:

Two-way:

Trust Description:

Trust Created: 04/14/2010 15:54:02

Trust Modified: 11/20/2013 02:53:56

Trust Direction: Bidirectional (two-way trust)

Trust Type: Uplevel (Active Directory domain - parent-child, root domain, shortcut, external, or forest

Trust Attributes: 0

One-way:

Trust Description:

Trust Created: 10/09/2008 10:05:27

Trust Modified: 12/03/2013 14:37:24

Trust Direction: Inbound (TrustING domain)

Trust Type: Uplevel (Active Directory domain - parent-child, root domain, shortcut, external, or forest

Trust Attributes: 0

Hi,

We have setup a test AD domain with the master domain controller in our main site.

In each site (country) we have an additional domain controller.

In those sites there are multiple people which will travel to other sites. The login will not be a problem because the sysvol folder which is replicated by default.

But what about the home directories? I saw something about replicating the home directories to each site. This means the servers will have lots of data? On our current linux servers only one site has 1 TB on data.... this seems to be undo able for us if we need to replicate all of it.... Some users travel a lot between sites, some only 2 times a year...

Could somebody clear this out for me how i should manage this.

Thanks in advance.

Kr,

Joeri

I have a remote site connected to the internet with a satellite WAN connection which has a high latency (ping=750ms). Because of this high latency I can't replicate the AD trough RCP. Therefore I decided to create a child domain for that site in order to use SMTP for AD replication. I demoted the remote site domain controller and now I'm trying to promote it again as a child domain but I'm also having problems to get the initial replication done as it also uses RCP. While promoting to domain controller is stops at "Replicating the schema directory partition". On the Event Viewer I see errors 1125 and 1962 both saying "The RPC server is unavailable".

I've insulated the cause of the RPC problem to the high latency of the WAN connection. I've turned off the firewall on both sides. The parent domain DC is also replicating with another site without any problem so I'm sure the RPC service is ok there. From the remote site I can access the parent domain controller with no problem, I can DNS to it, I can add and remove the remote server to the AD.

I've also considered promoting the domain controller using IFM (Install From Media) but I think it only works for domain controllers in the same domain (not for a child domain).

Remote site server is running Windows 2012 and the parent site server is running Windows 2008 R2. Parent Domain and Forest are at Windows 2003 level. The remote site is linked to the parent site using an IPsec VPN.

How can I overcome the RPC problem over an high latency network in order to promote the domain controller?

Hi,

I guess lot people asking and facing the same problem.

Recently I have a new site setup and there is VPN establised between HQ and branch office.

New DC setup at the branch office. But recently found out that there is HQ IP / PC trying connecting to branch office AD for authentication.

i checked the Site and Subnet in AD site and services...It is define correctly there...

I do not understand why this scenario happen?! Think logically if my branch office PCs connect to HQ for authentication, it means my site and service not configure properly. Now is the other way HQ PCs connect to branch office DC for authentication.

I really no idea what is happening there.

Hello,

We have the following csv file (list.csv):

Username,ADGroupName

User1,ADGroup1

User2,ADGroup1

User3,ADGroup1

We can easily add all users in csv file into ADGroup1 using PS script:

Import-csv list.csv | foreach {Add-ADGroupmember -identity "ADGroup1" -members $_.Username}

But here is my question. What if we have a little bit different csv file:

Username,ADGroupName

User1,ADGroup1

User2,ADGroup1

User2,ADGroup2

User3,ADGroup1

User3,ADGroup3

How to accomplish this task using PowerShell and add all users in specified AD groups?

Thank you!

Hello

We are trying to set up a relying partner in ADFS that needs to see the Name ID in all uppercase.  We have a claims rule to send Sam-account-name as the Name ID but it is being sent in lower case.  Is there any way to make ADFS send this information in uppercase?

ex smithj = SMITHJ

Thanks

My apologies if this is an inappropriate forum.  This involves an in-house program that works for some users but not all of them can run it successfully.  The gist of the program is to allow users to update distribution groups in which they're designated the manager.  This part works fine when the user can get past the start process.  The load section of the program gathers up the user's Windows identity then makes some requests of AD to find the groups.

It appears that some users get an exception thrown when trying to create the initial request for AD information about their own account.  Initially I got their Windows ID using WindowsPrincipal(WindowsIdentity.GetCurrent()) then using the extract the pertinent date I'd query AD for the directory entry for the user.  This would generate an error "Network path not found."  When I realized I could bypass this query by using UserPrincipal.Current the error message change to "The connection could not be established."

I'd come to think it might be related to a setting in the userAccountControl but I'm finding no correlation between the users who can and those who can't run the program successfully.  I've run tests to try to make sure it's not workstation related.  I've hard coded the user ID to make sure it's not related to the specific account being looked up.  I'm at wit's end and would appreciate any help that's available.

We are using DsReplicaGetInfoW() API to find the replication partners.

We have 2 Active directory sites A and B.One server on each site is replication partner of each other

While fetching the replication partners from Site A domain controller, DsReplicaGetInfoW() API is not showing site B domain controller as replication partner. However, When we run repadmin /showrepl , it is showing all the replication partners.

Is DsReplicaGetInfoW()  provides the replication partner of other sites also?

Sandeep Gupta

Hi Guys,

I am developing a VBScript (actually a application kind using asp) to change AD user account password. I am trying to set password using setpassword() method. But this method not checking the password history. I am able to set the same password again and again though the password history is enabled on group policy to remember last 6 passwords.

Please let know if there any ways to set password using vbscript after checking the password history of the user.

Ex: if the existing password is April#2014 should get an error message when i try to set the same password again using VBScript.

Thanks in advance.

Deva