hi friends
i want to directly type in the following code into cmd
is there any trick or 3rd-party Application to make it easier, i mean adding some kind of tab completion here?
i don't want to user answer file, imagine i haven't created an answer file & so it's not available now. i need directly type in the entire code
thanks in advanced
Hello guys,
The sympton is the same as the one in 
"The
server does not support the requested critical extension." Exception.
I got the error in calling IDirectorySearch::GetNextRow. As I observe, the error is trigger when retrieving the another page of records. The LDAP path to connect is "GC://<FQDN_of_GC>". The search filter is (&(|(objectClass=group)(objectClass=msExchDynamicDistributionList))(mailnickname=*)). There are about 100 thousands of group objects in the forest. So the answer in that thread does not help.
Any thoughts?
Thanks.
Msts.cn@Outlook.com
Background...
We have around 30 locations and we need to deliver different GPOs to these locations.
There can be between 3 and 8 PCs in each location.
These PCs can move around at short notice (mainly as a backup with neighbouring locations should
PCs fail)
The GPOs differ to change printers (2 per location and 2 backup printers from neighbouring location), auto login, desktop wallpaper
Which is in your opinion the best solution for login speed, GPO & device management?
1) Multiple OUs with a single GPO in each OU, the devices can be moved into new OU when the PCs move
2) Single OU with multiple GPOs, add devices to security group and use security filtering on the GPOs
3) Single OU with single GPO, add devices to security group and use item level targeting on the group
Hello,
I have 2 domain controllers running Windows Server 2012 R2 Standard across countries in one domain.
My goal is: Users should logon to any one of the Domain Controller and should get the same profile.
I have created a shared folder on 1 DC and specified it's network path for roaming profile in all user's properties in AD.
The issue is, when I logon to any DC using Domain User, I can logon successfully, but user profile doesn't get created in the shared folder. So, when I logon to other DC, I don't get the same profile contents. As it is creating profile locally on DCs.
I don't want to join any PCs to my domain. I want users to take RDP of DCs and use them with same profile on both DCs.
Please help me to resolve this issue.
Thank you in advance.
Regards,
Shailesh
HI All,
I am having Problem setting up Lync 2013 Persistent Chat
All the Steps on configuring the Topology is ok but when i open the Control Panel to activate PCHAT this warning pops up "All the Channel server are down"
I had remove and install the PCHAT for several times already but still no luck of fixing.
Hope you can help me fix this.
Thank you All
I understand that the answer I am looking for is probably not a "best practice" so please bare in mind that I am looking for a "workaround".
I have vehicle mounted Windows 7 Pro Clients who operate on both WIFI (when in our garage, and on verizon air cards when out in the field. Our primary applications are hosted by another entity via a VPN on a client provided my NetMotion. When my vehicles come back into my garage, I would like them to 1) register with my DNS server, and 2) be able to process Group policy updates, 3) do all these without breaking down the VPN.
When I connect to the VPN, I get the distant DNS server of the agency network. I can access all my internal resources (file shares, printers, remote desktops, etc by IP address.) However some services such as group policy seem to be directly tied to DNS. Also, I cannot get the WIFI adapter to successfully register with my DNS servers. I have attempted to place entries in the hosts file for x.x.x.xmydomain.local however this allows me to browse file shares, etc while still on VPN, but DNS registration and gpupdate still fail.
Any ideas for a workaround?
I want to understand if we change User logon Name to Employee Number format in Active Directory for all User accounts, then what would be the impact on existing profile. Whether we need to change it manualy or it will connect to same profiles in terminal session.
As i observed it create new profile after logon name changed to employee number where existing users profile settings get fails to load and prompt for new settings (such as outlook reconfiguration, share drive mapping etc.).
Kindly let me know the proper process to overcome with this, how to connect same existing roaming profile with employee number format change.
Hello
Let me first explain the setup here. I have a windows server 2010 machine that is setup as a domain for my office. Works perfeclty fine. I also have 2 virtual machines with Linux Centos on them and apache etc.
The ip of the windows server is 192.168.1.1 and the 2 virtual machines 192.168.1.3 and 192.168.1.4 . I have a public domain, lets say example.com which has a cname record for dev.example.com that points to my office network, through the router to the windows domain machine.
From there i can port forward directly to 192.168.1.3 with port 80 and the web pages load fine.
The problem is i want to have for example dev2.example.com to be routed from the windows machine to 192.168.1.4
How can i set the windows server up to do this? Currently with the port forward i can only direct everything to 1 of the virtual machines.
I tried to use DNS manager in the forward lookup zones, and it worked, but only internally. If i try to access the domain externally it is trying to load 192.168.1.3 and not the external router ip.
Hello
I havethis error ina2003environment whereIwillset up a newserver tobedomain controller.A serveris
brokenand removed.
Could Ipress thechangeandwillthe rolesbe movedto the server thatisrunning?
Hello All,
I need help in the design of the Active Directory Services. Let me first give some background before I line up the questions one by one.
BACKGROUND: There is a Forest Root Domain with the name ofabc.com residing in company's Headquarters in Country A. Exchange, Lync, SharePoint and other applications are installed in that particular domain. Now, a requirement has come up to setup an Active Directory for the users in another Country B. Users in Country B, do not have any dependency on either the Active Directory or any applications running in the Headquarters inCountry A. They run their services locally, currently, in a workgroup environment. The Network Connectivity betweenCountry A and Country B is 256 Kbps. Country B's IT report to Country A IT and IT Policy flows fromCountry A to B. There are eight-8 locations in Country B that require Active Directory with oneHub Location that is connected to Country A. Total number of users in thoseeight-8 locations are around 250. All the eight-8 locations in Country B are connected to each other by at least 1 Mbps.
1. Since there is no dependency on any services running in Country Aand keeping low connectivity of 256 Kbps between two geographical locations, would it be a good design to create a separate forest forCountry B?
2. Or Since IT Policy flows from A to B, it is appropriate thatCountry B should also be part of the same domain. The only thing that worries me about this design is the low connectivity speeds and there is only one connection at the moment, in case of inactivity, it might cause problems to users or applications here in the Headquarters as they might send requests toDCs in Country B sometimes? Any suggestions on this?
3. If I go with the same domain, what would be better:
A. Create ADCs in the same domain.
B. Create DCs in the child domain (countryb.abc.com)
C. Create DCs in the child domain (global.abc.com) so that any new territories that come up can be added in here as well.
4. What should be the number of DCs/ADCs in Country B keeping in mind that connectivity between locations is around 1 Mbps and there are around 250 Users in total in them?
hi all
I struggle with a problem which it make me crazy these days.
I had windows server 2008 R2 domain.I wanted to migrate to 2012.so I install a new server 2012 and ran a new DC.
after that I transfer all FSMO roles to 2012.now my 2008 Domain controller doesn't have any roles.
but if I shutdown 2008 Server,My AD users and computers,Domains and trusts and ... console 2012,doesn't open and I face an error but my AD Replication seems to be ok(without any problem)
I search a lot and I see my sysvol folder isn't share on 2012 DC and it is empty also inside my domain there is no policies and script folder also netlogon folder is nor appear.
Is my problem related to Sysvol?
should I do extraaction for switching to 2012?
P.s:I read alot of articles about sysvol but it wasent help me.Please help me what shoul I do?
thanks in advanvce
Planning on migrating FRS to DFSR for a child domain, I know this is a per domain process.
It shouldn't matter which domain is migrated first, the child or root. But to doublecheck : The plan is to migrate they child domain and the root domain will take a couple of months before it's prepared. Does it matter? Even though i'm pretty certain it doesn't matter because it's a per domain process, but wanted to verify.
We have created a group with some permissions in for our IT Apprentice.
These include create user accounts, reset passwords, unlock accounts, modify membership of a group, join and remove computers from domain and rename computer.
The permissions have been assigned to a group and the apprentice is a member of it. All of the permissions work correctly apart from renaming a computer. I created a test use this morning and put that in the same Workstation Admin group it is able to rename machines but the apprentice cant. I've searched about the web but don't seem to be able to find a solution to this.
Any help would be greatly appreciated
I am having a hard time understanding Windows authentication.
Currently I am trying to figure out how the users password can be used after the NTLM hash is changed. Here is the scenario:
1. User has password set and NTLM hash is updated.
2. User is set to "smart card required for interactive log on" and NTLM hash is once again updated.
3. User's original password still works for non interactive log on.
4. Turn off smart card required and the user's password from step one is still valid.
Is the users NTLM hash sent after authentication? How can the client generate the same NTLM hash that exists on the DC? It cannot be adding something from UserAccountControl since the NTLM hash does not change when smart card log on is turned off.
Thank you in advance.
hello
i wanna create telnet batch file for my co-worket that if his ADSL modem going to hang up, he can run this file that his modem going to reboot.
i dont know how input modem's user name and password.
thank you for you answer.
iman
Hi all,
We have faced an issue during downtime maintenance in Data Center.
After downtime, we restarted all production servers and root domain controller.
In our data center, we have 2 node windows clusters for DB and
IIS Applications.
After we restarted rot domain controller, DNS console not opening and active directory related consoles are also not opened.
And also by using domain user account, not able to login to servers also.
Also cluster resources was also not worked.
After long time, and rebooted several time DNS and AD started working.
In this root domain controller had all 5 FSMO roles.
And we have additional DC in remote controller also.
Domain Controller OS: Windows Server 2008 R2 Enterprise.
We faced 2 times same issue during downtime
Why this issue will come. Can anybody help me .
Hello everyone.
I'm planning on adding a Windows 2012 server and giving it a Directory service role into our existing Windows 2008 Active Directory infrastructure. I am confident that it will work
just fine after doing some reading, but I want to ask everyone opinions
on what are the proper steps that I should follow or things to look out for. Shall I transfer all of the FSMO roles from a Windows 2008 to this new Windows server 2012 AD or shall I leave it on the Windows 2008 AD server until all of my AD servers
are upgraded in windows server 2012?<o:p></o:p>
Thank you
all in Advance.<o:p></o:p>
Jepoy<o:p></o:p>
Thanks, Jepoy
I'm trying to perform a recovery in Directory Services Restore mode, but I can't because I can't get access to backup, which is on a remote shared folder. I have no network access at all, which is causing the problem. The think is the moment I switch back to normal operation my connectivity is fine. I have it set statically, but no matter what I do in Directory Services Restore mode I can't get connectivity back.
Any ideas would really be appreciated! Thanks.
Hi, this is originally from https://social.msdn.microsoft.com/Forums/sqlserver/en-US/f15bd9f3-2e14-42e1-a6d0-576f7dd74ded/msa-account-naming-rules?forum=sqlsetupandupgrade. Does anybody know of any special naming rules for MSAs? We have an issue with embedded $ characters in the name. I seen other report issues when using more than 15 characters, but have not tried it myself. For the $ within the account name, there was no error creating the account; however, the account was not to be found. It works fine once we removed the embedded $ chars. Is this a known limitation in directory services or the tools used to mange it? I'm interested in knowing the details because we are starting to use MSA. A naming standard will be affected by rules - hopefully now rather than later. Thanks.
Randy in Marin