Problems deleting computer objects-because of their subordinate objects

September 4, 2014, 5:08 am

≫ Next: Attribute value not appearing results from PowerShell script

≪ Previous: Find Computer name during PXE

We are running a 2008 R2 domain. We have recently removed our techs out of Account Operators because we have read that is best practice. Our techs now have problems deleting computer account objects that have the msmq active directory objects beneath the computer object. Even if I give the techs full control permissions on those computer objects, they cannot delete them because they cannot delete the msmq subordinate AD objects. The msmq objects are not showing a security tab, like other subordinate objects do. If I delete the msmq objects with a Domain Admin account, then the techs can delete the computer objects. Any ideas of how I can fix it so they can delete the msmq objects, without being Account Operators?

Thanks,

Dan Heim

↧

Attribute value not appearing results from PowerShell script

September 3, 2014, 1:34 pm

≫ Next: dcpromo /test:dcpromo fails with "The specified argument 'test' was not recognized"

≪ Previous: Problems deleting computer objects-because of their subordinate objects

Hello,

I have an attributed in AD named "HireDate", but it does not appear in the results when I run this PowerShell script:

Get-ADUser -Filter {enabled -eq "true" -and title -like "*"} -SearchBase "DC=domain, DC=com" -Properties hiredate

Can you tell me what is going on and what I need to do to make the HireDate attribute and its value get returned? There are dates in this field.

Paul

↧

dcpromo /test:dcpromo fails with "The specified argument 'test' was not recognized"

September 3, 2014, 1:19 pm

≫ Next: Event ID 4015 Won't Stop!!!!!

≪ Previous: Attribute value not appearing results from PowerShell script

Hi folks

I have some servers that are outsourced in a hosting facility

I want to promote one. I'm working on the site to site VPN tunnel through TMG to make sure I have the right networking rules setup.

So, I run

dcpromo /test:dcpromo

which is supposed to run tests to see if DNS, etc. are all setup right.

Instead, I get a popup that says "The specified argument 'test' was not recognized". The window title is "Active Directory Domain Services Installation Wiz..."

The DC is Server 2012R2, in a separate site with a Site to site VPN setup. I have changed the functional and Forrest domain levels to 2008.

Any ideas? If I try to do the actual DCPromo it fails due to some DNS issue, thus the reason for doing the tests!

== John ==

↧

Event ID 4015 Won't Stop!!!!!

September 4, 2014, 11:22 am

≫ Next: Offline computer last logon info

≪ Previous: dcpromo /test:dcpromo fails with "The specified argument 'test' was not recognized"

Hi everyone

This is my problem :

**IN my Server 2012 R2 DC event id 4015 DNS wont stop and i have replication problem,But whenever i restart the server the event will stop logging and replication works perfectly just for 6 or 7 hours, after that the event comes back and replication fails*******

This is my scenario :

I have four DC's

DC1 : 172.16.3.3-192.168.10.1 ( FSMO holder ) (Server 2008 R2)
DC2 :172.16.3.4 (Server 2008 R2)
DC3 : 172.16.25.2 (Server 2012 R2)
DC4: 172.16.42.2 (Server 2008 R2)

DC1 and DC2 are in a same site

Except DC3 replication works perfectly without error between all other DC's

on DC3 :

Dcdiag /v /q reports :

[DC1] DsBindWithSpnEx() failed with error 1727,

The remote procedure call failed and did not execute..
Warning: DC1 is the Schema Owner, but is not responding to DS RPC

Bind.

[DC1] LDAP bind failed with error 55,

The specified network resource or device is no longer available..
Warning: DC1 is the Schema Owner, but is not responding to LDAP Bind.

Warning: DC1 is the Domain Owner, but is not responding to DS RPC

Bind.

Warning: DC1 is the Domain Owner, but is not responding to LDAP Bind.

Warning: DC1 is the PDC Owner, but is not responding to DS RPC Bind.

Warning: DC1 is the PDC Owner, but is not responding to LDAP Bind.

Warning: DC1 is the Rid Owner, but is not responding to DS RPC Bind.

Warning: DC1 is the Rid Owner, but is not responding to LDAP Bind.

Warning: DC1 is the Infrastructure Update Owner, but is not responding

to DS RPC Bind.

Warning: DC1 is the Infrastructure Update Owner, but is not responding

Dciag /test:dns reports : (summary )

Doing initial required tests

Testing server: SavinTehran\DC1

Starting test: Connectivity

* Active Directory LDAP Services Check
Got error while checking LDAP and RPC connectivity. Please check your

firewall settings.

......................... DC1 failed test Connectivity

Testing server: SavinTehran\DC2

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... DC2 passed test Connectivity

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: savin.local

DC1 FAIL FAIL n/a n/a n/a n/a n/a
DC2 PASS PASS PASS PASS PASS PASS n/a
DC4 PASS PASS PASS PASS PASS PASS n/a
DC3 PASS PASS PASS PASS PASS PASS n/a

Repadmin /replsum on DC3 shows :

Source DSA largest delta fails/total %% error

DC1 19m:01s 0 / 5 0

DC2 22m:31s 0 / 10 0

DC4 19m:01s 0 / 5 0

DC3 01d.00h:19m:57s 1 / 5 20 (1726) The remote procedure call failed.

Destination DSA largest delta fails/total %% error

DC2 01d.00h:20m:19s 1 / 15 6 (1726) The remote procedure call failed.

DC4 15m:29s 0 / 5 0

DC3 23m:02s 0 / 5 0

Experienced the following operational errors trying to retrieve replication information:

55 - DC1.savin.local

Also I did the following jobs :

Check firewall setting on DC's (Firewall services is disable on all of them )
Use PortqryUI to verify port listening between DC's ( No problem was found )
Check DNS client setting on all DC's base on Microsoft Best practice on this link :http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest

Every time i restart the server 2012 R2 (DC3) everything will alright but just for near about 6 hours!!!!

Dear Experts please Help me !

↧

Offline computer last logon info

September 4, 2014, 6:15 am

≫ Next: Admins sporadically getting "You do not have sufficient privileges to delete " but they have sufficient permissions to delete the object

≪ Previous: Event ID 4015 Won't Stop!!!!!

I am looking to get the last logon user name for a laptop from remote location. It is offline and cannot ping. It is not showing up in SCCM 2012. The account is still active in AD. Is there a way to get the last logon user name by any chance? Thanks

↧

Admins sporadically getting "You do not have sufficient privileges to delete " but they have sufficient permissions to delete the object

August 7, 2012, 7:07 am

≫ Next: Manual AD restore

≪ Previous: Offline computer last logon info

We've been getting a handful of calls lately from our Network Admins complaining that they can't delete computer accounts.

The get an Active Directory dialog box that states that they are a loser..."You do not have sufficient privileges to delete XXXXXX".

When it occurs, it affects all of the Adminis for the particular problem object in question.

As a domain admin and enterprise admin, I am able to delete the object without a problem.

The Admins are able to delete other comptuers accounts as well as create new computer accounts with in the same OU. The security and ownership is identical for both problem objects and non-problem objects.

I'm stumped and I couldn't get any relavant hits on TechNet or the web.

David W. King

Techical Architect - Systems, Information Technology
(919) 784-3889 david.king@rexhealth.com

REX Healthcare, 4420 Lake Boone Trail, Raleigh, NC 27607

David W King

↧

Manual AD restore

September 4, 2014, 11:36 am

≫ Next: WDS Unattended Mode - unable to join domain with errors shown in UnattendedJoinDCLocator.etl

≪ Previous: Admins sporadically getting "You do not have sufficient privileges to delete " but they have sufficient permissions to delete the object

Greeting folks,

So here is my situation. I had a single DC running as a hyper-v VM which started blue screening beyond recovery (long story). I needed to build a new VM and wished to restore the system state to get AD functioning, but i've hit a software limitation (ibackup). The backup software (ibackup) only allows to perform the system state restore to the original box.

Im really only concerned with AD, i've got to get AD working. My question is, since i have all the system state data (including the NTDS and Sysvol folders), can i manually restore this and get AD functioning? I have the registry files too (part of the system state backup).

Are there any out-of the-box-thinking methods to get this working? What if i DCPromo this new VM (new forest/domain) using the original AD domain and then overwrite the NDTS folder with the original one? Just thinking out loud...

↧

WDS Unattended Mode - unable to join domain with errors shown in UnattendedJoinDCLocator.etl

September 5, 2014, 12:01 am

≫ Next: MFA (Certificate) Authentication Failing from Extranet

≪ Previous: Manual AD restore

Scenario

XP Client machine rebuild to Window 7 from PXE Boot image with unattended XML File (Verified Unattended XML is GOOD). From the UnattendedJoinDCLocator.etl indicate some errors. So far tried 4 machine with same error message.

All machine are listed trusted domain and same network subnet.

Error 1:

31: Cannot NdetpSrvNext 9003 0x232b
Cannot find A record

Error 2:

Sent out 'Sam Logon' message to \\prod.domain.com*\MAILSLOT\NET\NETLOGON on all transports
NetpDCSendPing: cannot write netlogon mailslot: prod.domain.com 0x0 53
NIBrowserSendDatagraam: returend 0x 35
NetPDCGetNameNetbios: prod.domain.com : CannotNIBrowswerSendDatagram (ALT) 53
NetDCGetName: NetDCGetnameNetbios returned 1355
NetDCGetName: prod.domain.com: IP and Netbios are both done
DsGetDCnamewithAccountW: DsLocalGetDCname returned0x54

..........................

NetpDCGetDCNext: _ldap-_tcp.dc_msdcs.prod.domain.com.: Cannot Query DNS. 9852 0x267c
NetpDcGetNameIp: prod.domain.com: IPnot configured from DnsQuery.
NetDcGetname: NetpDcGeNameIp returned 9851

.........message keep repeated.

......

↧

MFA (Certificate) Authentication Failing from Extranet

September 5, 2014, 2:04 am

≫ Next: AD Server does not Sync with another AD

≪ Previous: WDS Unattended Mode - unable to join domain with errors shown in UnattendedJoinDCLocator.etl

Hi, we have set up ADFS3 and WAP. ADFS3 configured to require MFA (Certificate) from both Intranet and Extranet. We are using our own CA and the root CA is installed on the WAP in Trusted Root CA store. The certificate port of 49443 is open from the Internet and also inward from the WAP to the ADFS3 server, as is 443.

When we test we can use MFA from the Intranet, but when we try the same from the Internet (Extranet) we get the Forms Logon page okay, enter our user details, select our user cert, and then we get a 403 error - The Website declined to show the web page.

The CRL is resolvable from the Internet, and can be reached okay...

Is there something we have missed please?

Thank you for any help.

Phil

↧

AD Server does not Sync with another AD

September 4, 2014, 11:39 pm

≫ Next: ADFS 3.0 and Authentication Provider: Customize welcome message

≪ Previous: MFA (Certificate) Authentication Failing from Extranet

My problem is as title, previously my server encounter DNS issues, but after delete all the event log and restart the event log is tested good. But some how now the AD do not sync.

Here is the DCDIAG

C:\Users\sysop>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Server-DC01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\Server-DC01
      Starting test: Connectivity
         ......................... Server-DC01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\Server-DC01
      Starting test: Advertising
         ......................... Server-DC01 passed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... Server-DC01 passed test FrsEvent
      Starting test: DFSREvent
         ......................... Server-DC01 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... Server-DC01 passed test SysVolCheck
      Starting test: KccEvent
         ......................... Server-DC01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... Server-DC01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... Server-DC01 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... Server-DC01 passed test NCSecDesc
      Starting test: NetLogons
         [Server-DC01] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... Server-DC01 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... Server-DC01 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,Replications Check] Inbound replication is
         disabled.
         To correct, run "repadmin /options Server-DC01 -DISABLE_INBOUND_REPL"
         [Replications Check,Server-DC01] Outbound replication is disabled.
         To correct, run "repadmin /options Server-DC01 -DISABLE_OUTBOUND_REPL"
         ......................... Server-DC01 failed test Replications
      Starting test: RidManager
         ......................... Server-DC01 passed test RidManager
      Starting test: Services
            Could not open NTDS Service on Server-DC01, error 0x5 "Win32 Error 5"
         ......................... Server-DC01 failed test Services
      Starting test: SystemLog
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   13:28:32
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:40
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:41
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:41
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:42
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:44
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:45
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:47
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:48
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:49
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:50
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:51
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:51
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:52
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:53
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:54
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:55
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:56
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:28:57
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   13:29:33
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   13:31:00
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   13:31:11
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:31:19
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:31:20
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:31:21
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:31:22
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:31:23
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:31:26
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 09/05/2014   13:31:27
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   13:46:02
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   13:48:14
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   13:53:15
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x40000004
            Time Generated: 09/05/2014   13:53:15
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   13:53:17
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   13:53:26
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   14:01:03
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   14:11:51
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   14:12:52
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   14:13:25
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   14:14:10
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   14:15:10
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   14:16:05
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80000003
            Time Generated: 09/05/2014   14:17:57
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         ......................... Server-DC01 failed test SystemLog
      Starting test: VerifyReferences
         ......................... Server-DC01 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : dunhambush
      Starting test: CheckSDRefDom
         ......................... dunhambush passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... dunhambush passed test CrossRefValidation

   Running enterprise tests on : dunhambush.dunham-bush.com
      Starting test: LocatorCheck
         ......................... dunhambush.dunham-bush.com passed test
         LocatorCheck
      Starting test: Intersite
         ......................... dunhambush.dunham-bush.com passed test
         Intersite

Here is the IPCONFIG

C:\Users\sysop>ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection 7:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 172.16.252.1
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Default Gateway . . . . . . . . . : 172.16.252.254

Ethernet adapter Local Area Connection 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

↧

ADFS 3.0 and Authentication Provider: Customize welcome message

September 5, 2014, 12:15 am

≫ Next: PowerShell don't give out Information about -PasswordNeverExpire

≪ Previous: AD Server does not Sync with another AD

We use ADFS 3.0 on Windows Server 2012 R2. If our users sign-in with their username and password, they need to authenticate on an additional authentication provider (SMS).

On the top of this site is written "Welcome, DOMAIN\SAMACCOUNTNAME" (e.g. "Welcome, contoso\priatha"). The users use only their Userprincipalname to login, the samaccountname is unknown for the users and different to the samaccountname.

How can I modify this string to use the displayname instead of samaccountname?

E.g. "Welcome, John Dear"

Thanks for your support.

↧

PowerShell don't give out Information about -PasswordNeverExpire

September 5, 2014, 1:45 am

≫ Next: DFS-N - Problems resolving names after adding new DC

≪ Previous: ADFS 3.0 and Authentication Provider: Customize welcome message

Hello,

in tested a command for PowerShell on my VMware Windows Server 2012 R2. Its an

AD and i want to find the Accounts having the Settings on

password never expire on True.

This is my command:

Search-ADAccount -PasswordNeverExpires | sort-object Name | select-object Name, PasswordNeverExpires

I created Some testaccounts but it only shows me this:

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

PS AD:\> Search-ADAccount -passwordneverexpires | sort-object name | select-object Name, passwordneverexpires

Name passwordneverexpires
---- --------------------
Admin True
Administrator True
Gast True

PS AD:\>

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

With anouther command i see that my Users are existing:

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

PS AD:\> get-aduser -filter * -properties passwordneverexpires |ft Name, Passwordneverexpires

Name Passwordneverexpires
---- --------------------
Administrator True
Gast True
Admin True
Test 1
Test 2
Test 3
Test 4
Test 5
Test 6
Test 7

PS AD:\>

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I searched in the Internet for a while but I didn't get anything about this,

maybe i missed something?

Thanks, Alex

↧

DFS-N - Problems resolving names after adding new DC

September 5, 2014, 5:51 am

≫ Next: how to recover windows server 2012 active directory administrator password

≪ Previous: PowerShell don't give out Information about -PasswordNeverExpire

Hi there,

We use a DFS-namepace with our two local domain controllers acting as namespace-server. Now I added another DC that's installed on our azure-account (connected with a site2site vpn).

The DC has replicated and is also a dns server. But now I got the problem, that machines, that logon against the new dc can't resolve the DFS-namespace called \\ourdomain.de\dfs (for example our other member servers in azure fail to open a DFS-fileshare) ... so is it necessary to install the DFS-role also on the new azure DC and add this server as namespace-host? Seems logical, because when I ping ourdomain.de from a server that logged on against the new dc it resolves to the new azure-DC and trying to access the DFS is an attempt to open the share on \\new-azure-dc\dfs which is not there ... am I wrong?

Or did I misconfigure something?

Thanks,

Marcel

↧

how to recover windows server 2012 active directory administrator password

September 5, 2014, 5:09 am

≫ Next: Forest and a new domain tree

≪ Previous: DFS-N - Problems resolving names after adding new DC

The Active Directory 2012 Administrator password has been lost or forgotten. So, I need to recover the password.

Please give the suggestion, how can i recover the password. Thanks

↧

Forest and a new domain tree

September 5, 2014, 6:06 am

≫ Next: Group Policy Assistance

≪ Previous: how to recover windows server 2012 active directory administrator password

Hello,

We are building a new 2008R2 AD infrastructure.

The setup has a DC (like a empty root forest - ad.test.com). We have another DC (network.test.com) created as a new domain tree in ad.test.com forest called network.test.com. Both run integrated DNS.

The DC in the forest (ad.test.com) has the zones set to replicate to all DNS servers in the forest.

The other DC in the (network.test.com) has the zones set to replicate to all DNS servers in the domain. While trying to change the DNS settings on this DC to replicate to all DNS servers in the forest, I get error "The zones cannot be replicated to all the DNS servers that are domain controllers in the AD forest because the required application directory partition doesn't exist".

Looking at ADSI edit, I see partitions for the both DC's.

So, what is to be done on the DC in the new domain tree to get this work? What setups are required for such setups?

Please advice.

Thanks in advance

TIA TP

↧

Group Policy Assistance

September 5, 2014, 7:10 am

≫ Next: Scripts folder not replicating in domain

≪ Previous: Forest and a new domain tree

Hi DS Team,

This issue is in regards with the "lock screen background" on windows 8 pro.

We have windows server 2012 standard with central store and I tried to apply the group policy " force a specific lock screen background " from the local path as well as shared path. However, the policy settings are not working. On one PC it get applied and then I tried to change the lock screen for a new wallpaper, the PC didn't recognized the new one and stuck with the old lock screen.

I tried multiple patches released for this issue but nothing seems to work.I am sure that the group policy is getting applied its just that it is not picking any new wallpaper or changes for the lock screen.

Please let me know what needs to be done in order to resolve this issue as the previous "oobe" settings were working fine with XP, vista, Windows 7. Any help will be highly appreciated.

Regards

Puneet Pandey

↧

Scripts folder not replicating in domain

September 3, 2014, 12:26 pm

≫ Next: 2008 R2 DC has two names in AD

≪ Previous: Group Policy Assistance

Several months back the building that housed two of my remote domain controllers was destroyed. Since bringing the servers back up was physically impossible, I went through Microsoft's procedure for removing them with ntdsutil. At the same time, I looked at both my dns servers and found numerous references to the "dead" controllers and removed them by hand as well.

Yesterday, I found out my remaining dc's are no longer replicating the scripts folder and have been trying to repair. Today I installed a test domain and after it came up and I verified replication, starting looking at the different zones. The zones on my test domain look different than my production dns server zones. Their is still a left over reference to one of the domain controllers that was destroyedin gc\_tcp area of the dns server .

At this point in time, I believe the AD dns zone is corrupt, but I have no idea how to rebuild?

Any suggestions would be greatly appreciated.

David Harris

Addendum... I noticed today my second dc never receives the message saying

"The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed. "

↧

2008 R2 DC has two names in AD

September 5, 2014, 11:29 am

≫ Next: Query AD for DLL's and the last accessed date‏

≪ Previous: Scripts folder not replicating in domain

Background: Server named NAxx010 in child domain was promoted to DC.

Then shipped to a site to replace old DC there. Old DC named NAxx001.

NAxx001 is demoted to member server and removed from Domain.

NAxx010 is then renamed NAxx001 and rebooted as required.

Problem: NAxx001 sees itself as wide as NAxx001 (which is correct). All the DC is the rest of the Domain (over 500 DCs) see it as NAxx010.

↧

Query AD for DLL's and the last accessed date‏

September 5, 2014, 6:09 am

≫ Next: Restricted group membership getting changed during policy update

≪ Previous: 2008 R2 DC has two names in AD

Hi,

We are trying to clean up stale DLL's that are not being used. Does anyone have a LDAP query for AD that can list all DLL's and the last date it was accessed

↧

Restricted group membership getting changed during policy update

August 25, 2014, 11:52 pm

≫ Next: Authentication needed after doing trust between two different domains.

≪ Previous: Query AD for DLL's and the last accessed date‏

HI,

We have AD domain with mix of windows 2003 & Windows 2008 domain controllers. Domain Controllers policy is also configured to restrict admin groups such as Administrators, DOmain Admins, Server Operations, etc groups with required users as members. We have been observing events from one Windows 2003 DC that certains accounts get removed from thes groups during the policy update on that DC. After replication, any other DC adds the accounts as part of the policy during the policy update. This is quite unusual and occuring 2-3 times a day and not every policy update.

Please provide some troubleshooting options to isolate the problems. Below event ids are observed in the server

Event ID: 633,637,639

Appreciate any help.

Regards,

↧