When i tried to join a domain in window 8.1(not pro) it's not working, i need to know how to join the domain
↧
Domain Joining
↧
nslookup timeout
hi there
I have a SBS Windows Server 2011 with 10 Workstation (Windows 7)
on the Server WINS, DHCP and DNS is running
DNS1 Points to the local Server
DNS2 Points to the Router / provider
if i do a nslookup to for example www.telecom.de ,
all Workstations are able to resolve the domainname to the IP adress
that Looks then like this:
Server:
server1.rayit.local Address: 192.168.0.5 (local Server)
not authorized answer: Name:www.telecom.de Address: 46.29.100.77
if i do the same nslookup on the Server... the WAN ip of the Domains can not be resolved
even the DNS1 and DNS2 configuration is the same as it is on the workstations
ist sais then
Server:
server1.rayit.local Address: 192.168.0.5 (local Server)
DNS request timed out. timeout was 2 seconds
***Request do Server1.rayit.local timed-out<o:p></o:p>
i just dont understand that
thanks for any ideas
Raymond, switzerland<o:p></o:p>
raymond reininger
↧
↧
Promoting a Member Server of a Child Domain in AD to Read Only Domain Controller
I need to know if a member of the Enterprise Administrator's parent Domain Group can do DCPROMO on a member server of a Child Domain? There seems to be a lot of discussion about groups, but shouldn't the Enterprise Administrator's group membership be able to do this?
Charlie
↧
Removing a DNS Server
Hello everyone,
I have a single forest withmultiple domains .
We have five Domain Controllers,some of them are Server 2008 R2 and others Server 2012 R2(On all installed DNS server)
I recently started to upgrade the DC 2008 R2 to 2012 R 2 and now i would like to remove the DNS server from DC 2008 R2.
All the zones in all DNS servers are Active Directory - Integrated zone.
I found this article : http://technet.microsoft.com/en-us/library/cc794727(v=ws.10).aspx ,
but do not really understand the first two items.
How I remove the DNS server from the forest?
Thanks in advance,
↧
AD and DNS
Dear,
i have one domain called ( ABC.com) and 2 child domain called (A.ABC.COM) and (B.ABC.COM), so i need when i create a user in (A.ABC.COM) it appear like A.COM can anyone help me please,
↧
↧
Active Directoy Event ID 2092 after forced demotion
I had 4 DCs, one was tumbstoned but had NOFSMO roles on it. After forcefully removing (dcpromo /forceremoval) the tumbstoned DC and cleaning all the metadata I'm getting the following error on the DC thathas all the FSMO roles.
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Schema,CN=Configuration,DC=ptats,DC=local
Running repadmin /showrepl comes up clean:
Default-First-Site-Name\PTDC05
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 0a37fd84-6332-43b6-a268-13e9e5b5b4a1
DSA invocationID: 2b42ae35-0c7c-45b1-bf79-697ade9972f1
==== INBOUND NEIGHBORS ======================================
DC=ptats,DC=local
Default-First-Site-Name\PTDC03 via RPC
DSA object GUID: 1dc60848-eeb3-4502-be2d-1f85df7d6c6d
Last attempt @ 2014-11-16 11:50:53 was successful.
Default-First-Site-Name\PTDC06 via RPC
DSA object GUID: 603fc0c0-1ca8-4751-bf40-18ca6c87c44e
Last attempt @ 2014-11-16 11:50:54 was successful.
CN=Configuration,DC=ptats,DC=local
Default-First-Site-Name\PTDC06 via RPC
DSA object GUID: 603fc0c0-1ca8-4751-bf40-18ca6c87c44e
Last attempt @ 2014-11-16 11:50:53 was successful.
Default-First-Site-Name\PTDC03 via RPC
DSA object GUID: 1dc60848-eeb3-4502-be2d-1f85df7d6c6d
Last attempt @ 2014-11-16 11:50:53 was successful.
CN=Schema,CN=Configuration,DC=ptats,DC=local
Default-First-Site-Name\PTDC03 via RPC
DSA object GUID: 1dc60848-eeb3-4502-be2d-1f85df7d6c6d
Last attempt @ 2014-11-16 11:50:54 was successful.
Default-First-Site-Name\PTDC06 via RPC
DSA object GUID: 603fc0c0-1ca8-4751-bf40-18ca6c87c44e
Last attempt @ 2014-11-16 11:50:54 was successful.
DC=DomainDnsZones,DC=ptats,DC=local
Default-First-Site-Name\PTDC06 via RPC
DSA object GUID: 603fc0c0-1ca8-4751-bf40-18ca6c87c44e
Last attempt @ 2014-11-16 11:50:54 was successful.
Default-First-Site-Name\PTDC03 via RPC
DSA object GUID: 1dc60848-eeb3-4502-be2d-1f85df7d6c6d
Last attempt @ 2014-11-16 11:50:54 was successful.
DC=ForestDnsZones,DC=ptats,DC=local
Default-First-Site-Name\PTDC03 via RPC
DSA object GUID: 1dc60848-eeb3-4502-be2d-1f85df7d6c6d
Last attempt @ 2014-11-16 11:50:54 was successful.
Default-First-Site-Name\PTDC06 via RPC
DSA object GUID: 603fc0c0-1ca8-4751-bf40-18ca6c87c44e
Last attempt @ 2014-11-16 11:50:54 was successful.
Don't know what else to do to find the problem, appreciate the help.
↧
NS record
HI !
ALL.
our AD is used of windows server 2008 R2,andBefore we use a temporary IP to DCPROMO,After we use the new IP for DC,but now we reolve my domain name still can found thesetemporary IP ,i have looked at my DNS server's NS records,but can't found that.who can help me .thank you !
↧
Migrate existing Domain OU into its own Child Domain
Migrate existing Domain OU into its own Child Domain
Hi There, I have a customer of which their branch is a single OU inside a large international Forest/Domain configuration.
Due to Exchange/Sharepoint/GPO reasons they wish to break away into their own Child Domain, so still inside the main company forest but a child domain.
Question:
Is there a preferred route or a 'best practice' method of achieving the above in terms of the user/computer/object migration?
Do you foresee and significant roadblocks that I could be missing?
Any help would be greatly appreciated.
Many thanks
Jon
↧
Windows2012 system state restore on window2008 server
Hi,
this might sound far fetched but here it goes, my boss likes to ask if its possible to export or backup the system state of a windows2012 active directory, and import it to a 2008 active directory. For purpose of backup and restore procedures.
↧
↧
Export to Excel issue after upgrading to IE11
Hi All,
Our organization recently upgraded our Internet Explorer browser from 8 to 11 on Win7, still in pilot phase.
One of the issues that we are currently experiencing is that after the upgrade the Export to Microsoft Excel is no longer functioning as expected. This was working fine on IE8.
What happens now on IE11 is that when you select a table on a web-page and do an Export to Excel, a new window pops up and the address bar stays blank with just http:/// and "Page cannot be displayed" error. What's seems to be happening is that for some reason, it is not populating the address bar with the URL.
Anyone experienced similar issues and got a fix? Much appreciated.
Regards,
Ochen
Our organization recently upgraded our Internet Explorer browser from 8 to 11 on Win7, still in pilot phase.
One of the issues that we are currently experiencing is that after the upgrade the Export to Microsoft Excel is no longer functioning as expected. This was working fine on IE8.
What happens now on IE11 is that when you select a table on a web-page and do an Export to Excel, a new window pops up and the address bar stays blank with just http:/// and "Page cannot be displayed" error. What's seems to be happening is that for some reason, it is not populating the address bar with the URL.
Anyone experienced similar issues and got a fix? Much appreciated.
Regards,
Ochen
↧
Domain Local Groups In Token
The scenario is like this: 1 forest with 2 domains. FFL=DFL=2008R2. Initial state is one client - client.one.com - and one file server - FS.one.com. Both machines are domain-joined to one.com. A Domain Local group - ONE\DomainLocal1 - is used to grant write access against a file share on FS.one.com. The file share specifies only read-access for the rest of the users (Authenticated Users). A user that is a member of this group - ONE\Joe - tests access by logging on to client.one.com, accessing the share and making sure it can modify a text file.
Next the FS.one.com gets migrated to domain two.com using ADMT. No security translation is ran afterwards. The file server reboots following ADMT's agent completing its run. Joe reboots client.one.com (as to avoid any caching issues that might affect the results), logs on to this workstation, and tries accessing the file share again. Joe discovers he no longer has write access.
Before going further, I know the domain local group should be converted to universal before the migration. Also, permissions cannot be granted to a domain local group on a resource located in a different domain, because the domain local group can only exist in his original naming context (thus not replicating to any other DC except those handling that naming context). However, I've tried analyzing what goes on, and something doesn't match.
Following the migration of FS, the file share still contains the DomainLocal1 ACE. Checking this using the UI actually resolves the name of group. So we know the SID of DomainLocal1 is still there, with the right permissions assigned (write). Now what could prevent this permission from working when Joe accesses the share is either (1) Joe's token no longer contains the SID of DomainLocal1 or (2, highly unlikely) FS has additional logic when granting access, denying access to DomainLocal1.
Doing a small test - by having Joe logon to machine client2.two.com and using 'whoami /groups' shows that ONE\DomainLocal1 is not included in the returned groups. This is explained very well bythis old article, in the section "Access Tokens Processes and Interactions". Thus the system used by Joe seems to have an influence on the list of SIDs contained in his token.
Going even further, I tried reviewing the process from the Kerberos perspective - how the token is actually built. In the section "Cross-Realm Authentication: Three Domain" ofthis article (and just concentrating on the 2 domains - source and target) we found the following text:
The authorization data includes:- The SID for the user's account.
- SIDs for groups in west.tailspintoys.com that include the user.
- SIDs for universal groups that include either user or one of the user's groups in west.tailspintoys.com.
- SIDs for groups in east.tailspintoys.com that include the user, one of the user's groups in west.tailspintoys.com, or one of their universal groups.
In our example, the west.tailspintoys.com translates to one.com, thus according to the second line it would mean that EUROPE\DomainLocal1 group should have its SID included in the user's token. Assuming the article is not wrong, this can only mean that the FS doesn't simply check all the ACEs on that particular share versus the list of SIDs that the user presents in his token. Instead (based on the small workstation logon example above) it looks to be rebuilding the user's token by impersonating Joe.
So first: is it impersonation in the end being used, or it is the token presented by the user himself ? Second, why aren't domain local groups included in the the workstation test ?
↧
Windows 2008 R2 GPO for wireless access restriction to Windows 8/8.1
Dear All
We have windows 2008 R2 as domain controller with windows 7/8/8.1 client. we want to restrict wireless access by SSID and allow only company wireless.
is there any templates or gpo available?
Sunil
SUNIL PATEL SYSTEM ADMINISTRATOR
↧
Microsoft Exchange Replica Writer STATE showing FAILED
Environment
Netbackup = 7.5
Netbackup Client = 7.5.0.7
Exchange Server = 2010
Exchange Server OS = 2008R2
Exchange Policy Attributes (Database backup source) = passive copyonly
Query
I am facing NETBACKUP ERROR 130 while trigger Differential backup via NETBACKUP. Although my Full backups are running fine. I also disable the Circular Logging from Exchange Database. Furthermore see the below result: (MY QUERY IS THAT WHY THE STATE OFMicrosoft Exchange Replica WriterSHOWING FAILED)
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Administrator.COMPANY.COM>vssadmin list providers
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.
Provider name: 'Microsoft Software Shadow Copy provider 1.0'
Provider type: System
Provider Id: {b5946137-7b9f-4925-af80-51abd60b20d5}
Version: 1.0.0.7
C:\Users\Administrator.COMPANY.COM>vssadmin list shadows
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.
No items found that satisfy the query.
C:\Users\Administrator.COMPANY.COM>vssadmin list writers
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.
Waiting for responses.
These may be delayed if a shadow copy is being prepared.
Writer name: 'Task Scheduler Writer'
Writer Id: {d61d61c8-d73a-4eee-8cdd-f6f9786b7124}
Writer Instance Id: {1bddd48e-5052-49db-9b07-b96f96727e6b}
State: [1] Stable
Last error: No error
Writer name: 'VSS Metadata Store Writer'
Writer Id: {75dfb225-e2e4-4d39-9ac9-ffaff65ddf06}
Writer Instance Id: {088e7a7d-09a8-4cc6-a609-ad90e75ddc93}
State: [1] Stable
Last error: No error
Writer name: 'Performance Counters Writer'
Writer Id: {0bada1de-01a9-4625-8278-69e735f39dd2}
Writer Instance Id: {f0086dda-9efc-47c5-8eb6-a944c3d09381}
State: [1] Stable
Last error: No error
Writer name: 'Microsoft Exchange Replica Writer'
Writer Id: {76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}
Writer Instance Id: {71680e71-4b1c-489b-8da0-88f00b0272a6}
State: [7] Failed
Last error: Retryable error
Writer name: 'System Writer'
Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Instance Id: {196bccc2-6766-420a-9517-49cb75cde471}
State: [1] Stable
Last error: No error
Writer name: 'Shadow Copy Optimization Writer'
Writer Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Instance Id: {936298ca-dfb5-4621-b15b-2b1f17f4743d}
State: [1] Stable
Last error: No error
Writer name: 'ASR Writer'
Writer Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Instance Id: {92ca7d39-0ee5-40ae-bf82-6baa72f77d73}
State: [1] Stable
Last error: No error
Writer name: 'Cluster Database'
Writer Id: {41e12264-35d8-479b-8e5c-9b23d1dad37e}
Writer Instance Id: {3db3fb75-3258-4c88-8bb9-2e5247513cbd}
State: [1] Stable
Last error: No error
Writer name: 'IIS Metabase Writer'
Writer Id: {59b1f0cf-90ef-465f-9609-6ca8b2938366}
Writer Instance Id: {ff2a2752-b5b7-4fbf-a0ec-86cc324fbe7f}
State: [1] Stable
Last error: No error
Writer name: 'IIS Config Writer'
Writer Id: {2a40fd15-dfca-4aa8-a654-1f8c654603f6}
Writer Instance Id: {3ddb9312-c867-421c-9ba8-9d5493077645}
State: [1] Stable
Last error: No error
Writer name: 'Registry Writer'
Writer Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Instance Id: {6236179a-94fd-4175-85c2-852e32928932}
State: [1] Stable
Last error: No error
Writer name: 'COM+ REGDB Writer'
Writer Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Instance Id: {96f775b6-5f57-422b-a4a9-d55c9ef638ba}
State: [1] Stable
Last error: No error
Writer name: 'BITS Writer'
Writer Id: {4969d978-be47-48b0-b100-f328f07ac1e0}
Writer Instance Id: {f239011a-8187-4567-9116-72759a7fd05e}
State: [1] Stable
Last error: No error
Writer name: 'WMI Writer'
Writer Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Instance Id: {b7c2656d-ee4e-4f3a-a9a9-c96f840958be}
State: [1] Stable
Last error: No error
Writer name: 'Microsoft Exchange Writer'
Writer Id: {76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}
Writer Instance Id: {8b79246c-7fbf-479a-b635-dc083ef2bb94}
State: [1] Stable
Last error: No error
As per the Symantec TECHNOTE TECH181190 I restarted the Passive Exchange node and found 'Microsoft Exchange Replica Writer' state stable but after triggering the differential backup the Netbackup again failed withERROR CODE 130. After the Netbackup policy failed I again triggered the commandvssadmin list writers it again shows below result:
Writer name: 'Microsoft Exchange Replica Writer'
Writer Id: {76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}
Writer Instance Id: {71680e71-4b1c-489b-8da0-88f00b0272a6}
State: [7] Failed
Last error: Retryable error
Any comment will be appreciated. Thanks. Zahid Haseeb.
↧
↧
Can we remove the Authenticated Users permission for DNS record Creataion
Hi experts,
On our DNS server, " Authenticated Users " has " create child objects " permission on all Zones. I think This permission was given by long back. Now our managment have asked to remove all UNWANTED permission of users.
Due to this "Authenticated User " permission a normal domain user is able to create and delete records.
1. I am going to remove this permission. Will domain machines update the DNS records dynamically?
Please suggest.
↧
Format setting of 'Modified' col in AD
How can I set 'British' date format for the dates those I view in the 'Modified' column in AD ?
My system date is British . I view AD thru remote compter view . Not directly in the server . My system is a client to that server . I access thru 'Remote Server Administration Tools' .
↧
Muppet Question
Hi all,
As per the title this is a very silly question.
I've created a DNS stub on a local server and the data was replicated from the other server (remote domain) correctly. I now however need to to remove the stub. When deleting I get a warning that all occurrences will be deleted from AD. Now obviously it must mean the local AD and not the remote one (this is a separate domain) for all sorts of reasons (permissions being just one) but given the implications of anything happening to the remote domain, I just wanted validation.
It wouldn't be the first time that I've made an assumption, thinking ' no, that couldn't happen ' then sat open mouthed when it did.
Thanks
↧
event 5805
Hi,
I have a new VM server setup as a DC.
↧
↧
Forest Trust with SBS still in the domain.
Hi all,
We're transitioning from an SBS 2003 domain to a Windows 2012 domain. A new DC has been added and we've transitioned all services and FSMOs (patch for 21day extension applied) to the new server, all is working fine. We need to setup a trust to a new domain in order to start a new project but still have the SBS as part of the domain because it's supporting some other apps (migrating these currently).
While trying to setup the Forest trust I get an error that the DC (new 2012) can't be contacted but DNS stubs have been setup and names being resolved.
I've not had any issues with trusts before, do you think this is because the SBS is still in the domain or do I need to look elsewhere for a resolution?
Thanks
↧
how do i reset a domain external trust
Does anyone know if this command should be working?
netdom trust local_domain /d:remote_domain /ud:domain\local_admin /pd:* /uo:domain\remote_admin /po:* /reset /verbose
I keep getting the below and yet i was able to create the external trust with these 2 accounts.
netdom trust trustingDomain /d:trustedDomain /ud:domain\local_admin /pd:* /uo:domain\remote_admin /po:* /resetType the password associated with the domain user:
Type the password associated with the object user:
Access is denied.
The command failed to complete successfully.
C:\Users\local_admin>
↧
GPO replication issues
Hello.
We have 2 DCs replicating over 2 sites. None of them is RODC. On secondary DC, we are missing lots of GPO templates. Basically, there is nothing in Preferences for example, etc (images attached).
Any ideas?
↧