Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Active Directory query not working with IIS8 on windows 2012 server.

January 29, 2015, 10:58 pm
$
0
0

Hi,

Recently i moved my website from Windows 2008 server to 2012 server. Everything works fine except i am not able to query Active Directory service hence i am not able to add user from Active Directory.  It was working till i moved my website from 2008 server with IIS 7 to 2012 server and IIS8. 

Something to do with IIS8 , because when i debug the code on the 2012 with code, its working , only after i host it in IIS8 it not working.

Kindly let me know if some settings need to be done?

Regards,

Ashrith

Search

AD DS for two different locations

February 2, 2015, 2:36 am
$
0
0

I have an AD DC up and running in 192.168.10.0/24 network.

The IP of AD DS server is 192.168.10.247

I have another office with the block of 192.168.1.0/24.

Both my office routers are connected through MIKROTIK GRE tunnel.

Is it possible for 192.168.1.0/24 computers and users be connected to AD DS server.

Active Directory User Rename issue

February 2, 2015, 3:29 am
$
0
0

Our Company changed the Policy for "user Login Name" and Changed from names to ID Numbers.

We have about 2000 Users and all Users have same email accounts.

We cannot delete the Users and Create with new User Names as Clients have local profiles on Computers.

after Rename, the Changes not reflecting to the Sharepoint Portal Database.

What need to do?

Demotion Using dcpromo Leaves Incorrect Administrator Password - Windows 2012

May 14, 2013, 12:22 pm
$
0
0

I have been testing Windows 2012 AD in a non-prod environment.  After a few months, I was finished with the testing so I wanted to demote the DCs to retire the test domain.  I had 2 DCs, both Server Core and used dcpromo on each of them to do the demotion.  I used the "/AdministratorPassword" switch and I carefully entered the password, which is one that I am very familiar with, and of course it's visible on the screen so I could see that it was correct.

On each of these former DCs, I was unable to log on using the local administrator account after the demotion.  The message was that the password was incorrect.  On the first one it wasn't much of a problem since it was still a domain member, but being that the second one was the last DC in the domain, I am unable to log on to the server at all.  Fortunately this is not a production server, but I would still like to be able to use it.

Has anyone else come across this?  I realize that dcpromo is deprecated, but I don't think that means unsupported.  If it happened just once, I might have to accept that I typoed, but it happened on both of them and I used a password that I have used regularly in my test environment for years.  Just recently I did the exact same thing to two Windows 2008 R2 DCs and I didn't have this problem. 

Thanks in advance for any confirmations that this is a problem for others, or ideas as to what may have happened.

Cheers.

Problem with Password change

February 2, 2015, 3:04 am
$
0
0

Hello Everyone,

I seem to have a challenge with my AD that i cannot identify where the problem is, when a user password expires and they're prompted to change, it takes long while processing the change then later gives wrong password. This happens untill i have to force a password change from AD which again takes like a minute to change the password.

How can i fix this? I have 2 ADs and one has all the roles, i have run Repadmin /showrepl and all are successful.

C:\>nltest /dclist:MYDOMAIN
Get list of DCs in domain 'MYDOMAIN' from '\\SVR1.MYDOMAIN'.
Cannot DsBind to MYDOMAIN(\\SVR1.MYDOMAIN).Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABL
E
List of DCs in Domain MYDOMAIN
    \\SVR1 (PDC)
    \\DR01
The command completed successfully

Meshack



Windows server 2008 RODC continously logging Netlogon 5803 warning logs.

February 2, 2015, 5:40 am
$
0
0

Hi,

We have a RODC in our environment and for the past month I have been noticing a warning log in event viewer(Netlogon 5803).

We have no net logon policies defined in group policies. Any inputs on how to eradicate these warning messages would be greatly appreciated.

Insufficient access error while updating AD attributes

February 2, 2015, 6:35 am
$
0
0

Please find the attachment, I have tried to update the lastLogon attribute to replicate in global catalog, then the error has occurred as follows. I have enterprise administrative power, then also not able to update the attribute, please help

thanks in advance.


I_NetLogonControl failed: Status = 5 0x5 ERROR_ACCESS_DENIED

February 2, 2015, 6:51 am
$
0
0

I have a single DC on a single domain that is both a PDC and DNS server. Windows Server 2012.  This is the only DC. I cannot join new PC's to domain. I am getting DNS could not resolve to domain controller. The new pc's can resolve by name to DC. Also the existing PC's are take 5 minutes or more to get to the desk after cred's are put in. This just started happening. 

I am getting netlogon errors. 5774. Any Idea's ?

mputer:      AD_SERVER.Oakwood2.local
Description:
The dynamic registration of the DNS record '_kerberos._tcp.Default-First-Site._sites.dc._msdcs.Oakxxx.local. 600 IN SRV 0 100 88 AD_SERVER.Oakxxx.local.' failed on the following DNS server:  

DNS server IP address: 192.168.x.x
Returned Response Code (RCODE): 0 
Returned Status Code: 10054  

For computers and users to locate this domain controller, this record must be registered in DNS.  

USER ACTION  
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. 
  Or, you can manually add this record to DNS, but it is not recommended.  

ADDITIONAL DATA 
Error Value: An existing connection was forcibly closed by the remote host.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5774</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-02-02T13:29:23.000000000Z" />
    <EventRecordID>33628</EventRecordID>
    <Channel>System</Channel>
    <Computer>AD_SERVER.Oakxxxx2.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>_kerberos._tcp.Default-First-Site._sites.dc._msdcs.Oakwood2.local. 600 IN SRV 0 100 88 AD_SERVER.Oakwood2.local.</Data>
    <Data>%%10054</Data>
    <Data>192.168.x.x</Data>
    <Data>0</Data>
    <Data>10054</Data>
    <Binary>0000</Binary>
  </EventData>
</Event>






Search

Domain controller upgrade in Exchange Environment

January 20, 2015, 6:32 am
$
0
0
We have an existing 2003 Server Environment and Exchange server 2003 coexistence with Exchange server 2010 with DAG setup. We have recently decided to move to a windows server 2012 standard Environment. How do I promote the new windows Server 2012 std to DC and remove the 2003 Server from the Environment. My users are currently using the old 2003 DC to logon.

in brief

We have windows 2003 enterprise + sp2 Domain controller (holding DNS as well) and Exchange server 2003 Entp + Exchange server 2010 running in Coexistence with DAG.

We have decided to remove the 2003 Server from the Environment and go with Windows 2012 Standard OS. I would know to know the what will be the impact on Exchange server environment if any ?

please suggest right path with less downtime.Mailing service should not be affected.

TheAtulA

Computer domain re-join

January 23, 2015, 3:34 am
$
0
0

Hi

If we manually change the domain membership of a server from DomainA to DomainB, but then need to return it to DomainA (e.g. something doesn't work while on DomainB) can this be done cleanly ?  Or is it effectively creating a new computer account back in DomainA ?  With new GUID/SID etc ?

Would a full backup of the server (including system state) make any difference ? I don't think it would as it is the reference in A.D. which has been changed.

Does the computer account go disabled or get deleted when removed from DomainA ?  Or does this depend on what account is used to perform the task ?

Thanks

Error on users changing passwords "mutual authentication failed . the server's password is out of date at the domain controller".

January 20, 2015, 8:38 am
$
0
0

my apologies if this question has already been raised in this forum before :i have migrated users to domain setup . The DC is running  on 2008 server.Everything looked good until the end user passwords started expiring .  ALL end users are not able to change the passwords (especially when they have expired ). They are getting an error with the message : " mutual authentication failed . the server's password is out of date at the domain controller".

i am forced to change the users' passwords at the domain controller . To say this has been a real challenge  will be an understatement. How do i sort out this problem?

 

Setting up domain time source

January 23, 2015, 9:35 am
$
0
0

Hi, we seem to be having some trouble setting up NTP in our domain. This is apparently a very simple process, type a few commands and voila is all works. 

The present state of set up is this

3 domain controllers, one holding all FSMO roles. The one holding the FSMO roles has a GPO applied to is using WMI filtering. I have confirmed that the GPO is effective with RSOP. In this GPO we have defined enabled the NTP client and also set the below


The NTP server is our core switch which in turn gets time from the internet. 

When I check the config on the PDC I get



But when I run a check the time against the source I get a difference 

Tracking 
The current time is 23/01/2015 17:34:20.
17:34:20, +04.1620684s
17:34:22, +04.1573097s

Any ideas?

DC's are 2012 R2 as is functional level on forest and domain

Thanks

2008 R2 Domain Controller PDC Emulator for SP1 upgrade

February 2, 2015, 11:53 am
$
0
0
So my PDC is 2008 R2 and need to bring it up to SP1. Does anyone think I need to move that role to another server before upgrading it or upgrade it in place?

Trust Verification Status = 1311 0x51f ERROR_NO_LOGON_SERVERS

January 21, 2015, 5:34 pm
$
0
0

Hi All,

  We are having intermittence disconnection to forest trust and when i run the following command found this

nltest /sc_verify:external.com

Flags: 80
Trusted DC Name
Trusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
Trust Verification Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully

We have 5 DC's and  only one cause this issue.

As

Account is keep on lockout

January 20, 2015, 4:40 am
$
0
0

Hi,

One of my user Account is keepon Locking Out. I dono what is happening.

When i enable it is locking out on that moment itself.

In Event it is generating with particular ID 4625 and 4776 with One particular Server Ip

If i check that server northing is related to his ID, I checked Credential Manager, Services, Schedule Task.

Many thanks in advance

Regards, Hari Prasad.D

Search

Installing AD DS Role vs. Installing Forest/Domain/Domain Controller

January 18, 2015, 11:27 am
$
0
0

I am looking for a little clarification on the following Powershell cmdlets used to promote a server to a domain controller:

Install-ADDSDomainController - Promotes a domain controller within an existing domain.

Install-ADDSForest - Promotes server to domain controller and creates a new forest.

Install-ADDSDomain - Promotes server to domain controller and creates a new domain.

Do any of these cmdlets install the AD DS role on the server for you, or do you need to install the server role before running any of these? I know they check for prerequisites but I'm not sure what prerequisites they check for. From what I've read, it seems like the role needs to be installed before running these cmdlets but I haven't found anything that clearly states that as a requirement. It's also not clear why these cmdlets couldn't be capable of installing the role for you since they give you the option to install the DNS server role.

It would also be helpful to know the preferred way using Powershell to create a domain controller from a clean Windows Server 2012 R2 installation.

Thank you!

[ERROR] Couldn't find the Enterprise Organization container - Exchange install

February 3, 2015, 2:15 am
$
0
0

Hi There,

When running the Exchange 2010 install initial setup step - Setup.com /PrepareAD

We get the error message - [ERROR] Couldn't find the Enterprise Organization container 

No we have tried this in a multitude of ways and on different machines, but can't get past this error. Nor can we see a way to break this error down to see why its failing?  Numerous paths on the Web seem to lead nowhere relevant for a production environment.

Would you be able to shed any light on what to look for as at present i have no leads at all.

Many thanks

Stuart

Stuart

Windows Server 2012 R2 keeps restarting after promoting to Domain Controller!!

February 3, 2015, 2:47 am
$
0
0

Dear friends

After promoting to Domain Controller ,when i login to windows it says :

"Windows ran into a problem and needs to restart"

event viewer : A critical system process LSASS.exe failed with status code c0000005 the machine must now be restarted

+

maybe related : App Error wininit.exe ID:1015

when i boot in DSRM it doesn't restart...i tried similar issues like installing updates KB2955164,KB2966870,KB2432046,... but they were not applicable nor affect..

any help would be appreciated

ADFS access for external internet users

February 3, 2015, 3:59 am
$
0
0

Hello,

I have some questions which I will describe here below.

Say I have an ADFS server on my internal network and a ADFS Proxy in my DMZ. I configure ADFS for single sign on with a third party application (SAP Cloud for Customer in this case) and all my internal devices have single sign on access. Should work.

Now, I have a couple of users with Windows RT and Windows Surface Pro tablets externally. They connect through local Wifi connectoins (for example in a super market) to the third party cloud application. I also want to setup single sign on for them. My issue is here that they should be able to access the ADFS server on the internal network in order to single sign on to the cloud application, am I right? That creates the situation where they should use a token (SSL vpn) to connect to our network first and then they are able to use single sign on for the third party cloud applications, am I right? Or is there any other way to do that.

I think that it would be best to deploy direct access to get this to work flawlessly. That would be best right? Or is there any other smarter way? I have thought of configuring ADFS in Azure, I can extend my AD to azure and then configure and ADFS server there, but that would be same thing as setting it up on-premise and bypassing the DMZ. I could create a DMZ setup in Azure, but then I would still have the same issue as I have on-premise I would assume. Am I right about this or are there any other smarter tricks to get this to work for external clients?


Windows Server 2012 r2 with OpenLDAP2.4

February 3, 2015, 2:29 am
$
0
0

I have a requirement to connect my windows server AD to my linux OpenLDAP2.4 server. Once this connection has been established I need for a user to be able to log in to the windows server and have their home directory on the linux box be mounted and available for the user to access their home directory and files.

I have also heard there might need to be some changes done on the ldap schema on the linux server to satisfy the windows AD?

Does anyone have any information on how to configure the windows server (2012 R2) to do this? I am under the gun, time-wise, to get this implemented and working correctly.

Any help would be GREATLY appreciated. Thanks in advance!!

Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>