Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

computer registration - container

February 9, 2015, 2:22 am
$
0
0

Hello,
is it possible to choose container for newly registered computer automatically? I have an environment with multiple domains and I want to achieve, that computer from domainA network will be automatically registred to the domainA container instead of "computers" container and computers from domainB network will be automatically registered to the domainB container. I know, that I can change "default container" for newly registered comuters to something else than "computers container", but that's not what i need. Is there any solution for this? Thank you....

Search

Integrating active directory authentication with ASP.Net application

February 9, 2015, 2:39 am
$
0
0

Hi,

 I have an ASP.Net application which uses SQL Server database authentication now. My requirement is to move the authentication from database to Active directory and integrate active directory with my ASP.Net application.

I am new to active directory and ASP.Net. Could you please help me in doing this step by step by clearly.

Thanks,

Praveen V

 

Raising Domain Functional / Forest Functional Levels

February 8, 2015, 6:05 pm
$
0
0

Hi guys,

I've upgraded my AD servers to Windows 2012 and have removed all the Windows 2003 servers in my network.

However, I wish to implement fine grained password policy. However, my Forest and Domain Functional levels are still at 2003. The minimum requirement for fine grained password policy states that the domain functional level must be set to Windows Server 2008 or higher.

How do I go about raising the Forest / Domain functional level? Which functional level should I raise first (the forest or domain)? Will there be any downtime and implications if I were to perform the raise?

Thanks guys!!

Alternate DNS name space creation in Windows 2012 R2 DNS

February 9, 2015, 4:29 am
$
0
0

Our organization is planning to build a new Win 2012 R2 Active Directory . The domain name is ABC.com, is already registered externally so , our plan is to build a internal domain with ABC.com and build a new DNS name space internal.ABC.com.

How can I do this in DNS console. 

 Also suggest me anything wrong in our plans

"The home folder could not be created because the network name cannot be found" error in AD users and computers

March 10, 2014, 9:12 am
$
0
0

Our home folders are stored on a non-windows NAS device and with Windows XP and 2003 we've always got the above error when creating or modifying users home folders, even when the shares were al ready created and being used.

However this was never really a big issue as the error that popped up was really for information and finshed with a "we've modified the user properties anyway, please create the share manually" type message.

Unfortunately now we are moving to windows 7 and 2008R2, this last part of the the message is missing and it won't accept the correct value. 

This issue may be in the way that the NAS device shares the folder, as only the username that matches the folder name can access the share.  This behaviour can't be modified.

Is there a way to get Windows 7/2008R2 AD users and computers to behave the same way that Windows XP/2003 does , i.e. don't try and create the share just set the value in the user properties  ?

The AD is still at 2003 level and we can still use Windows XP/2003 clients to make the changes but this is a bit of a limitation.


Log on to... Attribute with 2012R2

February 6, 2015, 1:03 am
$
0
0
Hi there,

is it possbile that the behavior of the attribute "userWorkstation" or "Log on to..." has changed with an 2012R2 Domain? 

With 2008R2 it was possible to just put in the Target machine and the user was able to connect to that machine through rdp.

Doing so now makes the user unable to connect to any machine, only by adding the source machine as well that works again.

can anybody confirm that disprove that behavior with 2012R2 Domain?

Thanks alot!

Improvements in AD and Windows Infrastructure:

February 8, 2015, 10:05 pm
$
0
0


Hello Everyone,

I have taken up a new assignment with a team to manage the entire AD and Wintel operations for the client. Though they have an already existing setup. I have been asked to spend some time and research on the existing network and make it to some standards. I mean without client saying, to improve the services/infrastructure to a better standards so that it becomes easy to manage and maintain. Easy to identity the issue related to incidents when it occurs.

We have Both Windows 2000, 2003 and 2008 R2 servers and Domain Controllers. DNS is integrated with AD. We have DHCP, Exchange and Office communicator implemented.

I was handling a different technology, though i have good understanding of AD and Windows i would like to get your help as in what are the things i should start focusing on.

What improvements should i go ahead with. Is there a any bench mark or a predefined standard already which should be implemented in a Datacenter?

Request you all to pour in your suggestions/advices.



Thanks

Need to collect the Windows logon and logoff events across the Domain in a DC eviornment, for different machines and user accounts.

February 8, 2015, 11:19 pm
$
0
0

Hello All,

I am trying to build a Tool to collect the info about all the user's who login and logoff on daily basis in a domain network. I am using a windows 2008 server as a DC and have xp, win 7, win 8 , win 12 server as clients in the network.

There are few questions in my mind which I am not able to answer.

1> When a user tries to login to the DC network, he/ she gets authenticated using the kerberos protocol. does these authentication gets logged on the AD server by default? I have see a way to enable it from registry but even that's not giving me the expected output in the eventvwr.

2> Do I have to use Audit policies to monitor all the user's log off and log on activities?

3> Is there a way to collect these information from any place on the AD server other than the Eventvwr?

Please help me in finding the solutions to these query's  of mine.

Thanks.

Search

IP address resolution for desktops

February 9, 2015, 7:28 am
$
0
0

Hi, this was working until we installed a new DSL modem, and I think I muddled a setting on Windows Server.

Our scanner (Sharp) sends documents to users desktops. It's a simple setup: only four directory machines/users on the network.

After the modem reinstall, the Scanner throws an error while sending the scanned document. Everything else works fine, printing, scan initialization, etc.

We tried sending the scanned doccument directly to the user's current IP address. That worked as well. But, of course we use DHCP, so next time round, that address may not be valid.

What on Server needs tweaked?

Thanks,

Ed

The following error occurred during the attempt to synchronize naming context domainxyz.net from domain controller DS1-A to DS1-B. The naming Context is in the process of being removed

February 9, 2015, 6:48 am
$
0
0
have a forest domain controller with 5  domain controllers in the forest. During installation of a new  domain controller (domainxyz.net), when the installation has completed and I have restarted my server. My server has crashed. I have installed this new domain controller with different name. I have removed all entries from forest of crashed domain controller also cleanup meta data. Replication is looking me fine when I run command repadmin /showreps but it give me following error when I replicate it from Site and Services The following error occurred during the attempt to synchronize naming context domainxyz.net from domain controller DS1-A to DS1-B. The naming Context is in the process of being removed or is not accessible

Active Directory query not working with IIS8 on windows 2012 server.

January 29, 2015, 10:58 pm
$
0
0

Hi,

Recently i moved my website from Windows 2008 server to 2012 server. Everything works fine except i am not able to query Active Directory service hence i am not able to add user from Active Directory.  It was working till i moved my website from 2008 server with IIS 7 to 2012 server and IIS8. 

Something to do with IIS8 , because when i debug the code on the 2012 with code, its working , only after i host it in IIS8 it not working.

Kindly let me know if some settings need to be done?

Regards,

Ashrith

NO WINS Server but WIN7 Client Default netBios Setting

February 4, 2015, 5:20 pm
$
0
0

Hi All,

  NO WINS Servers and  all our Windows 7 Clients are set to default to NetBios Settings.

    So do we need DHCP Option set to 046 (Wins/nbt node type 0x8) ?

AS

Best way to restore "deleted objects" container's ACLs?

February 9, 2015, 2:28 pm
$
0
0

Hi,

I haven noticed, when using the the LDP for reading the security description of "Deleted Objects" container that LDP returns to me "Error: Security: No Such Attribute <16>". Should it be readable or not? At least all other environments I can read it.

And if it should be readable, then what is the best way to fix it? Take the ownership, and etc... If I take the ownership, then I assume some ACLs are reseted and installations like Exchange and Lync requires domain preparations, right?

Petri

Domain controller upgrade in Exchange Environment

January 20, 2015, 6:32 am
$
0
0
We have an existing 2003 Server Environment and Exchange server 2003 coexistence with Exchange server 2010 with DAG setup. We have recently decided to move to a windows server 2012 standard Environment. How do I promote the new windows Server 2012 std to DC and remove the 2003 Server from the Environment. My users are currently using the old 2003 DC to logon.

in brief

We have windows 2003 enterprise + sp2 Domain controller (holding DNS as well) and Exchange server 2003 Entp + Exchange server 2010 running in Coexistence with DAG.

We have decided to remove the 2003 Server from the Environment and go with Windows 2012 Standard OS. I would know to know the what will be the impact on Exchange server environment if any ?

please suggest right path with less downtime.Mailing service should not be affected.

TheAtulA

Cannot DsBind to Domain (\\DC02).Status = 1722 0x6ba RPC_S_SERVER_UNAVAIL ABLE

February 9, 2015, 7:25 pm
$
0
0

HI All,

I have setup Virtual DC03 in One of my Site and add this to Site and Services. I have restart the Physical DC02 last night.

One of the SQL Server in this site got some following  issues this morning?

1. RDP to IP or Name with following error

     No Logon Server

2.  Netlogon Event Errors

3. Run Set command and found that logon server is DC03

 So i run the nltest  /dclist:domain

Cannot DsBind to domain (\\DC02).Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE

can ping the DC but i cannot add any domain users to this server?  AD communication has broken?AS

 

      

Search

Cannot join workstations to domain - DNS ldap records gone

January 28, 2015, 8:09 am
$
0
0

Hello.

Last month I had RAID issues with an old windows 2003 server. I've managed to recover  (so I thought) and boot it.

Today while joining workstations to my domain I got:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs."my.domain.com"

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are
registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set
intervals. This computer is configured to use DNS servers with the following IP addresses:

I've issued "dcdiag /fix" but I also got the following errors.


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\myserver
      Starting test: Connectivity
         The host 707374ab-bb88-48d4-b7de-00a3710ec8af._msdcs.my.domain.com could not be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name

         (707374ab-bb88-48d4-b7de-00a3710ec8af._msdcs.my.domain.com) couldn't

         be resolved, the server name (myserver.my.domain.com) resolved to the IP

         address (193.136.66.26) and was pingable.  Check that the IP address

         is registered correctly with the DNS server. 
         ......................... myserver failed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\myserver
      Skipping all tests, because server myserver is
      not responding to directory service requests
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : win
      Starting test: CrossRefValidation
         ......................... win passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... win passed test CheckSDRefDom
   
   Running enterprise tests on : my.domain.com
      Starting test: Intersite
         ......................... my.domain.com passed test Intersite
      Starting test: FsmoCheck
         ......................... my.domain.com passed test FsmoCheck

When I went to check my DC, wich is also the DNS server, I've found that the "_ldap._tcp.dc"... records do not exist anymore.

I was suspicious that there was some data I couldn't restore, now I'm sure.

Is there any way to restore the dns data for my domain, or do I have to use DCPROMO and start from scratch?

Thanks and regards.

Dave

Permission issues for directory services & file services

February 4, 2015, 7:06 pm
$
0
0

Hi All,

Basically we have created a test environment; we have created two way trusted for domain1.com and domain2.com. We plan to migrate all the user from domain1.com to domain2.com. We are using ADMT 3.2 to migrate the ad users. We have follow the instruction given by ADMT Doc to migrate users. We found that after migrate the users to domain2.com the user are not able to access file services. Just want to clarify we have migrate the group of users, SID history to new domain2.com.

We wonder is there any step we have missed out? Or anyone have face similar issues like us?

Please comments, if you have any experience can share with us.

Thank You!

 

Upgrade & Migration Plan for Windows AD and Exchange

February 10, 2015, 2:46 am
$
0
0

Hi All,

Got a requirement where I have make a plan for following migration & Upgrade:

1) AD upgrade from 2008 to 2012

2) Exchange Migration from 2007 to 2013 with Lynch

Would really appreciate your help here.

Regards, Prabhu

Client Certificate Authentication

February 5, 2015, 5:50 am
$
0
0

Hi guys

I am not sure if this is the right place to ask but here I go. We are trying to find the best option to push client certificates to our user's Mobile Devices so they just log into a website, type their credentials and the user certificated get pushed.

We have implemented Workplace Join, this allows us to use the certificate pushed by ADFS to log into a webapp with the only once, then for some reason (still under investigation) doesn't work anymore.

I have also read about Client Certificate Mapping Authentication with IIS and AD but obviously the Client Certificate has to be in the mobile device in order to accomplish the authentication.

Windows Intune ultimately will do the trick but the idea of this research is to find out what's available in Microsoft platform.

any help would be truly appreciated

Jesus

Adding Windows Server 2012 to a Windows 2003 Domain

February 10, 2015, 5:03 am
$
0
0

I currently have a DC that is Windows 2003.  I would like to add a Windows Server 2012 DC to this domain, and eventually retire the 2003.  I tried adding the 2012 server, but when I try to connect to the 2003 domain, it said the domain functional level was Windows 2000.  I raised the domain functional level on the 2003 box to W2003 level.  I rebooted the server and verified that it showing DFL as 2003.  I tried to add the 2012 server DC and get the same message about the DFL being W2K level.  I have rebooted both servers several times, but I am still unable to add the 2012 server to the domain.  Am I missing something?  What else can I try?

Thanks in advance,

D. Webb.

Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>