I would like to know what the process is to change the service account (change the account completely - not just reset the password) on an AD FS Server running on Windows 2012 R2 (AD FS 3.0)?
Is there a powershell command that takes care of this? In my deployment I am using the Windows Internal Database, and we have also deployed the Web Application Proxy.
Thanks,
MLG.
Dear,
I have multiple 2008 R2 Active directory domains (6 DC with respective ADC) in a forest, User range on each domain is between 500 to 5000. please guide me the RAM requirement with consideration of replication and dns load, I have quad core servers and all domain controller have integrated DNS
Only Antivirus will be installed on them.
thanks
Wajahat
I have several RODCs on my side of a VPN Tunnel. I have 4 RWDCs on my side of the IPSEC tunnel, 2 RWDCs that are on the other side of IPSEC VPN tunnel. The DC's on the other side of the tunnel are used for authenticating users to a sql webapp.
I am wondering
1. Should I put my RODC's in the tunnel for replications from the RWDC's?
2. If not then how do I remove the 2 RWDCs from trying to replicate to my RODC's.
Jason
Hello,
we would like to start using ADWS. is there any WSDL page where to found information regarding ADWS?
Thank you
Hi All,
I have installed an Offline Standalone Root CA with Enterprise SubCA. I got success in publishing the CDP and AIA files manually but when I am trying to issue certificates through Web Enrollment I get the error "No Template Found". I added a new app pool and still it is giving me the same error. (http://msunleashed.wordpress.com/2011/11/21/no-certificate-templates-could-be-found-on-certsrv/ ). I did check for the path in the DNS hostname for the Certification Authority and it is same as the certdat.inc file in the "%systemroot%\system32\certsrv" folder on the Certification Authority ( http://support.microsoft.com/kb/811418 ). I do see an error in the CDP location when I open the PKI view and I did change the User Authentication and rebooted the IIS but of no use.
Another thing is that each time I request for certificates I see Error 66 in the AD Server Manger
Kindly do assist.
Thanks
Aj
Good Morning,
I would like to understand if the behavior I am seeing is correct or incorrect. If I have a machine that is created on an internal network that has access to a RWDC, but then is migrated to a perimeter network where it only has access to an RODC, should
the DynamicSiteAssignment update automatically? I have cached the computer account in the password replication policy for the RODC but the computer does not know who it should update its site assignment from. The computer which has moved from an internal
network to a perimeter has updated its DNS to use the RODC.
The RODC is also a DNS server.
This also occurs on an offline domain join.
Any help would be appreciated!
Thank you,
Franz
I have a windows 2008 R2 sp1 domain controller on which the Windows Time service goes missing after reboot. It is a physical server and am not able to trace how this service is being deleted or unregistered from the server.
I also saw similar post on guest VMs running hyper-v host https://social.technet.microsoft.com/Forums/windowsserver/en-US/cd10a6f2-4274-4f17-af3d-75dc6004a92e/windows-time-service-and-hyperv-integration-services-problem?forum=winserverhyperv
however this post is not having a solution for this issue.
Is MS aware of this issue and anyone knows why this service gets deleted?
Sincerely, Asifkhan -- Please mark my post helpful if it was really helpful to you.
How do I get a list of names from the Distribution Group with the following attributes? For example, I want to get a list of names from the Sales Distribution Group that includes SamAccountName, phone number, email address, date account created, date account expires. Thanks.
Diane
Hi Cooper,
If i enable this script in my environment where everything is maintained as per compliance. If i will install Quest modules then there should not be any non-compliance issue. Means my security team should not raise concern about unlicensed software installed in MS environment.
Pls confirm so that i can make a decision about this.
Could a personal (not root) SSL certificate be generated by IP address (on Windows Server 2003 Standalone CA) so it can be used for LDAPS queries? I need confirmation that not only FQDN could be used while generating such certificate.
Thank you in advance for your help.
Regards,
Stoyan
Hi,
We have one DC and one ADC at one site. With following OU-
Computer, Users, Desktops, Laptops, Virtual Machines, Mumbai Users,
Now we are going to deploy RODC at other site Name- USARODC which replicate from first sites
Is it possible during replicate, following OU should not replicate and not show in USARODC at other site- Mumbai Users, Desktops, Virtual Machines.
And we'll create one OU name - USA Users in DC for USA users at first sites and only this OU should replicate at USARODC other site.
Please let us know the steps to do the same.
Waiting for your reply.
Thanks
Sumit
When i was trying to login I am not able to see the domain page where we can manage the mail ids .But it was showing the inbox where we can send or receive the mails.
Hi All,
Here is my scenario
-Need to set up exchange server 2013 (it keeps on failing when it tries to prepare the schema), checked forums and pointed that issue could be on the DC
"There was an error while running ‘ldifde.exe’ to import the schema file ‘C:\Windows\Temp\ExchangeSetup\Setup\Data\PostExchange2003_schema0.ldf’. The error code is: 8224."
-AD server is an existing one (win 2012) / Old AD Windows 2003 and 2008 were decommisioned
-Run query for FSMO ,all pointing to the current and new AD(win 2012)
schema master
domain naming master
PDC
RID pool manager
Infrastructure master
-tried to delete old DC using metadata cleanup and AD services GUI: error access denied
-user accounts used are both members of doman and enterprise admins
-removed old dc/ad server from DNS and checked ADSIedit, it does not show there anymore
-tried to remove old DC from domain controller still access denied
-checked that "protect object from accidental deletion" on the object tab for the old dc is not checked
-when i try to run dcpromo, i get a prompt that says ""The active directory domain services installation wizard is relocated in the server manager" funny thing is domain services is already installed when I checked
Anything im missing here to check?
Thanks in advance for you help.
Hi.
I have applications that crash very soon, we working on it... But there is another question.
Windows exception handler WerFault.exe sometimes suspends crashed application for a long time and it totally locks. Even after sign out of user, suspended process remains. Windows Error Reporting Service disabled.
Is there way to totally disable WerFault.exe?
Hi,
Our enviroment includes a parent domain and a child domain. Both are still in the 2003 functional level.
We're planning to raise it to 2012 R2. We must adprep the florest from a 2012 R2 server, correct? And then?
Must we prepare both domains? And if so, should we begin with the parent or the child domain? What can we do to minimize the risks?
I read about keeping a DC offline during the process, but it doesn't striking me as a good idea to do so...
Should a good backup sufice? What are the best pratices do do this process?
We're thinking about adding new dcs in 2012 R2, then demoting the 2003 dcs, until there only 2012 r2 dcs... The raise the level...
Any help is more then welcomed...
Thanks in advance
With the best regards,
dmsousa
Hi All,
A few years ago we changed the DFS path to the "home" directory, from\\domain\dfsroot\PRIVATE DATA to \\domain\dfsroot\Home for a variety of reasons, including removing the space.
All accounts in AD were updated.
The problem is than (even on a newly imaged system). I see the value of HOMESHARE set to the old path for some accounts.
Where does this value come from? I have checked:
Does anyone have a good explanation of how this value is set?
I think I have problems with my DNS on our server.
Sometimes we loose connection to sql databases. This happens mostly for one user.
Internet connection is ok. I can also reach files on the server form this user.
Good afternoon. We currently have 3 older Dell floor unit servers running Windows Server 2008 R2. All of them have the exact same server roles (AD, File Server, DHCP and DNS). This year we bought 3 brand new Dell rack mount servers we would like to use to replace these older ones. The new servers are running Windows Server 2012 R2. I want the new servers to have the exact same name and IP address as the old servers when its all said and done. I'm looking for an article or some pointers on how to approach this. Here is what I was thinking:
-Copy files for File Server role from 2008 server to 2012 server using something like robocopy (or any other utility someone may suggest)
-Demote current 2008 AD server and reboot
-Rename demoted 2008 AD server and change the IP address and then reboot
-Rename the new 2012 AD server and change the IP to match the old server and reboot
-Promote new 2012 AD server as new DC
Does anyone see anything wrong with this or have any input on what I should do? Any help is appreciated. Thanks