What is a namespace and whats the difference between internal and external?<o:p></o:p>
hi,
I am new to azure and also to Dirsync, Can anyone provide Steps needed to use "DirSync" to synch on premises AD.
Regards
Migrating SBS 2008 to Windows Server 2012 R2 (no virtualization) I ran into problems.
(1) there is no SYSVOL/NETLOGON share
(2) NTFRS error 13508 w/o 13509
(3) NETLOGON error 5781
I do have FRSDiag logs.
Fulco
We are currently using RSA Authentication Agent 7.0.2 and Windows 7 Enterprise. We would like to allow login to Windows with only the RSA tokencode, similar to smart card authentication.
RSA Authentication Agent provides a "Windows Password Integration" feature that allows for a single prompting of the Windows password, then the agent will store and pass it to Windows on the user's behalf. However, this doesn't actually solve the problem, we want to never enter a password. If a user's password expires in 90 days but they haven't used it since the first day, how are they going to possibly remember it when it is time to change. This would result in the user having to contact the help desk to have the password reset.
Any input from others who have encountered a similar problem and found a solution/workaround would be greatly appreciated.
Thank you.
Hi all,
i have just decommissioned an old Windows 2003 R2 server, then i ran dcdiag on the last DC remaining in the site.
All seems OK, but a strange thing is the record "Preferred Time Server Name": it reports a DC on a branch office, on a different AD site, instead of itself or the PDC emulator (it's in a different AD site).
"Time Server Name" line reports the server itself, it's correct.
Doubt: what happens if i shutdown the DC referred in "Preferred Time Server Name" line?
Thanks in advance
Hello,
We have users in Active Directory, some with domain e-mail accounts through Exchange. However, some of our users prefer to be contacted at a different account (e.g., one furnished by their employer or ISP). Is there a way to set up distribution lists to utilize the e-mail address that's in the e-mail address field, or to otherwise allow for external e-mail addresses to be specified for some users?
Thanks!
I need to run an LDAP query against a Domain controller (windows 2008 r2) to see how many logons have autheticated against it. We have turned on Successful login in Audits and seem to have issues with Lsass.exe due to this. If someone can provide guidance on the Specific LDAP query to run so I can get this information.
I would like to know how to query what type of authentication, i.e. NTLM, Kerberos in the query besides how many users are authenticating to that Domain controller.
Thanks
Hello Forum,
2 x Windows 2008 R2 GC as RWDC "Domain funktion Level 2008 R2"
1 x Windows 2012 RODC on Branch Office
Hi, I'm facing a strange issue, we have on the Domain some old machines (production) with DOS system.
The machine maps a network-share with an domain service-user. That all works fine in the "Standard AD-Site" with an RWDC.
Now we have setup an MS 2012 Standard RODC in the Branch Office all windows clients can authenticate to the RODC
only the machine account on DOS is not working.
Policys to allow the "DOS User" is deposited on the RODC
In the eventlog i have this error:
Event-ID 4625 monitoring failed
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4625
it means the Password is not right!
But what i do not understand is why it works on the RWDC and not on the RODC ?
Do the RODC not use the group policys from the RWDC domain?
i have no idears
greets Sven
Afternoon,
Is there a way to create a back-up A record in order to provide redundancy?
I'm currently in the middle of setting up a DR site and looking to find a way to have a set of DNS record pointing at existing servers host name but with different IP addresses so in the event that we require to bring a replicated server up at the DR site the DNS record would automatic switch over after the TTL has expired on the primary link.
our DNS service runs on a windows server 2012 environment in a cluster of 3 servers for redundancy.
Thanks
Hello Experts
We have Source AD 2003 from where we are replicating the user accounts, sync passwords, SID history migration to 2008 AD domain controller.
All was working fine till couple of months back, the issue now we are facing is while we migrate AD account by selecting the Migrate passwords option with SID history we are getting the error message as below.
Could not verify auditing and TCPipClientSupport on domains. Will not be able to migrate Sid's. The specific domain either does not exist or could not be contacted.
All I checked below are configured correctly
1. Password export server service is running on source 2003 DC (not running on target 2008 DC)
2. source DC abc$$$ is domain local group and no members in it.
3. On the source DC registry key "Allow Password export" is configured with the value 1 (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA )
4. The TcpipClientSupport option in regsitry is set 1 on both the source and target DC's (though its not in my case as we are migrating from a domain with domain controllers that run Windows Server 2003 or later to another domain with domain controllers that run Windows Server 2003 or later)
5. The only thing which I see is not in place on 2008 DC is Auditing. Withing the default domain group policy > within Audit Policy nothing is configured including the "Audit directory service access", please let me know if this setting is mandatory on 2008 DC ?
Referring to error which I am getting is also leading my questions to DNS ?
Please advise, let us know if you need any more details or if am not made it clear on any of the above.
We have 2 Windows 2008 R2 servers, with all current windows updates applied. However, it seems that sometimes the AD replication just stops working . When you try to replicate manually you get told the RPC server is unavailable.
I have tried running dcdiag on both machines and each says that it is ok and the other is not available. Event viewer says there is an error 1308.
If I reboot my DC2 then the replication starts working again.
Any idea's? Or would you need the reports from those Dcdiag or some other log I can generate?
When I bound the wild card cert in ISS for our new (first) ADFS server, I gave the hostname the public FQDN. E.g., server.domain.com <-- this will be presented publicly.
You can see the blank Host name in the pic from the guide here:
(Well, it will not me paste the image as my account isn't verified :/
Basically, the menu in IIS7 where I input the public FQDN has these words/fields:
-----
Add Site Binding
Type: https - Ip address: All Unassigned - Port: 443
Hostname: [Blank in the guide, but I gave it the public FQDN]
SSL certificate: *.domain.com [View button]
-----
In the guide I am using, I am afraid I should have left that blank, so that it would have then populated ADFS FederationMetadata.xml with instead the FQND the server is known by in AD. E.g., [hostname].subdomain.domain.com.
Does this matter? Now the path to the entityID in FederationMetadata.xml is:
http://server.domain.com/adfs/services/trust <-- what will be public.
Instead of:
http://[hostname].subdomain.domain.com.
Will this cause any problems? It is a VM and I took a snapshot, so I can start over, or is that an issue too? I.e., are there now AD changes made that cannot be undone?
I know I sound like a raging noob here. That's because I am with ADFS.
-lcb
Hi,
We have Windows Active Directory services. There are lot of applications which are integrated with AD and use authentication. These applications are .net applications, SharePoint, Some Devices like Proxy(Non Microsoft) etc. I am having some confusions regarding the AD authentication and need some clarification. Please help
Firstly whether these applications use LDAP or Kerberos authentication. As per my understanding if the Server or Device is joined to Domain then it uses Kerberos and the servers outside Domain use LDAP.
Secondly We get complains many times that the application is not able to authenticate with AD or not able to retrieve ID's from AD. We try to take network trace and see as to what might be the issue. We use tools like LDP.exe to bind and check the connectivity. But these don't give us complete visibility whether it is something to do with AD or application.
Please suggest
Hi,
I would like to ask a question please. I have followed the Microsoft guidelines (info on its website) and named my internal domain corp.mycompany.com (rather than mycompany.local)
Now the issue is I am getting the NetBIOS name 'corp". Again I had a look on Microsoft website and it seems to suggest using "corp" as the NetBIOS name. However, I found an article when one ran into a problem when he tried to "merge" 2 different domain where both had 'corp" as their netBIOS name.
Please if possible, would somebody explain/refer me to a link where it explains the pros/cons of using "corp" as the NetBIOS name vs "mycompany" where corp.mycompany.com is used for the internal DNS.
Also how would that effect the Exchange Server?
I look forward to hearing from you.
Two domains name are different . Like. X.COM & Y.Net. Need to copy all users , Groups, OU structure & GPO from X.COM to Y.NET.
What are the options for that?
Thanks in advance.
AliahMurfy
Unknown 0 TCP 1373 172.18.13.38 445 microsoft-ds 172.18.65.2 covlibdc2.ccclib.net Time Wait N/A 12/09/2014 12:53:08
Unknown 0 TCP 1365 172.18.13.38 445 microsoft-ds 172.18.65.8 covlibdc1.ccclib.net Time Wait N/A 12/09/2014 12:53:08
is there any one from microsoft access this computer from microsoft us
i have put the data of the hacking computer at the top of this note
Hi
I've run a repadmin check on ad replication, for an AD with 4 Domain Controllers all in the same site.
The check comes back clean, but shows the 'largest replication delta' of up to 50 minutes for all 4 DCs. Now my question is; is this normal for a single site setup? As all DCs are in the same site, I would expect change notification to be replicating most changes almost instantaneously, so am I misreading what the 'largest delta' column is telling me?
Thanks
Alan
Hi all,until now when creating New user in AD we copy an existing one so it gets same permission and other Fields.When then just modify name, alias and other minor details.
We then create a mailbox for this user from ECP (Exchange 2013).So far it has been working fine,but now we are using Exchange Online and this is causing issue.
When copy AD Object it also add the following attributes:
msExchDumpsterQuota :xxxx value
msExchDumpsterWarning: xxx value
msExchHomeserver : Out and mail server name
msExchuseraccount: 0
So when we run Enable-RemoteMailbox "alias" –remoteroutingaddress Firstname.Lastname@domain.mail.onmicrosoft.com we get an error that says ExchangeGuid is mandatory on user mailbox.This is because of the above attribute is added when we copy existing user.
Plan was to post this in Exchange forum and Office365 forum but i find it best here,since its related to AD Object.
Any way we can avoid this,is it a bug or just by design?
thanks!
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work