Hello all,
i have Exchange 2010 SP2 as following :-
2 server CAS/HUB with hardware Load balancing. [ CAS1 and CAS2 ]
2 server Mailbox still with out DAG [ Mail 1 and Mail 2 ]
Mail 1 holding MB-DB1
i see the following screen in all servers Except Mail 1
During opening mail box through OWA it takes along time then open mail box , please advice.
Is there a good reason not to install CA role on a 2008 domain controller ? and could the role be moved fairly easily to another server later if required ?
thanks
Hi Team,
My setup is i have one Root domain and two child domain.
Root domain :in.com
child domains : h1.in.com and h2.in.com
i have created the "test" user in my root domain but that user(test) not shown in my child domains..
And i create the "test" user in my child domains. but it not shown in my Root domain.
can anybody help me please..
regards
Gouse
How to run gpupdate /force on remote computer?
(Without psexec)
I've tried to dcpromo a new Windows 2008 server installation to be a Domain Controller, running in an existing domain. I am informed that, first, I must run adprep/forestprep ("To install a domain controller into this Active Directory forest, you must first perpare the forest using "adprep/forestprep". The Adprep utility is available on the Windows Server 2008 installation media in the Windows\sources\adprep folder".
Trouble is that adprep/forestprep says that:
Adprep cannot run on this platform because it is not an Active Directory Domain Controller.
[Status/Consequence]
Adprep stopped without making any changes.
[User Action]
Run Adprep on a Active Directory Domain Controller.
So, which needs to be installed first (they cannot really be dependent upon each other), and how do I go about completing this?!
Thanks
Stephen Simpson
hello everyone,
i have been working on introducing a new RODC to one of our Remote Branches. i have setup all that i can determine that is necessary to allow this to work. the connection between the offices is quite a slow 500k link.
i have one new user defined in AD that has been added to the Allowed RODC policy and the machine they use. it passes in the Resultant Policy on the Writable DC and when i log into the workstation it will 'sometimes' grab the correct RODC.... other times it will use one of the other two DC's.
i can't figure out why or what is causes this.
i have the ADSS setup correctly and the respective Subnets are defined properly.
thanks for any help on this.
Hi,
We currently have to AD sites (A and B) on 2 two physical locations. I am considering consolidating those two site into one, as i would make many things much simpler (like Exchange deployments). We have the necessary bandwidth (redondant 1 Gb+) and low round trip latency (under 10 MB) between the 2 sites. For over 1 year now, we had and Exchange 2010 deployment on site B (no Exchange servers on site A) with 75 % of our clients on site A and it ran without any problems.
I've also changed the inter-site replication parameters to emulate intra-site replication ( (USE_NOTIFY) on DEFAULTSIEIPLINK). Again, no problems and DC replication is fast and reliable.
My questions:
- Is it possible (and supported) to consolidate 2 AD sites into one (everything from site B would be moved (logically) to site A) ?
- Is there any other considerations or impacts I might be missing that could make this idea a bad one?
Thanks in advance
Michel Dube
Michel Dubé IT analyst (servers) - UQAR
I am seeing event ID 11 in event viewer for many servers (all sql servers) – windows 2003 Domain
There are multiple accounts with name MSSQLSvc/bq_sqlsrv.uk.corp.company.net:1433 of type DS_SERVICE_PRINCIPAL_NAME.
There are multiple accounts with name MSSQLSvc/dk_sqlsrv.uk.corp.company.net:1433 of type DS_SERVICE_PRINCIPAL_NAME.
There are multiple accounts with name MSSQLSvc/om_sqlsrv.uk.corp.company.net:1433 of type DS_SERVICE_PRINCIPAL_NAME.
So i had a read of this bloghttp://blog.joeware.net/2008/07/17/1407/ and ran his adfind tool which gives the below results.
C:\AdFind>adfind -sc c:bq_sqlsrv
AdFind V01.46.00cpp Joe Richards (joe@joeware.net) March 2012
Using server: CORPPL-AD02.corp.company.net:3268
Directory: Windows Server 2003
dn:CN=BQ_SQLSRV,OU=SQL Servers,OU=DB Management,DC=uk,DC=corp,DC=company,DC=
net
>objectClass: top
>objectClass: person
>objectClass: organizationalPerson
>objectClass: user
>objectClass: computer
>cn: BQ_SQLSRV
>distinguishedName: CN=BQ_SQLSRV,OU=SQL Servers,OU=DB Management,DC=uk,DC=corp,D
C=company,DC=net
>instanceType: 0
>whenCreated: 20040929141155.0Z
>whenChanged: 20120802201548.0Z
>displayName: BQ_SQLSRV$
>uSNCreated: 51099
>uSNChanged: 33966792
>name: BQ_SQLSRV
>objectGUID: {5A8EE7D2-32CD-4D60-B172-41B8CDABC96E}
>userAccountControl: 4096
>pwdLastSet: 129875983252290738
>primaryGroupID: 515
>objectSid: S-1-5-21-3484230728-397263411-2833629501-76113
>sAMAccountName: BQ_SQLSRV$
>sAMAccountType: 805306369
>dNSHostName: bq_sqlsrv.uk.corp.company.net
>servicePrincipalName: HOST/BQ_SQLSRV
>servicePrincipalName: HOST/bq_sqlsrv.uk.corp.company.net
>objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=net
>lastLogonTimestamp: 129884116473501859
--------------------------------------------------------------------------------------------------------------------------------------
Using server: CORPPL-AD02.corp.company.net:3268
Directory: Windows Server 2003
dn:CN=DK_SQLSRV,OU=SQL Servers,OU=DB Management,DC=uk,DC=corp,DC=company,DC=
net
>objectClass: top
>objectClass: person
>objectClass: organizationalPerson
>objectClass: user
>objectClass: computer
>cn: DK_SQLSRV
>distinguishedName: CN=DK_SQLSRV,OU=SQL Servers,OU=DB Management,DC=uk,DC=corp,D
C=company,DC=net
>instanceType: 0
>whenCreated: 20110104131322.0Z
>whenChanged: 20120805003536.0Z
>displayName: DK_SQLSRV$
>uSNCreated: 19016744
>uSNChanged: 34016653
>name: DK_SQLSRV
>objectGUID: {DDC551AB-F3F3-4BA9-BF8F-B1C169B6D670}
>userAccountControl: 4096
>pwdLastSet: 129886005142941672
>primaryGroupID: 515
>objectSid: S-1-5-21-3484230728-397263411-2833629501-144616
>sAMAccountName: DK_SQLSRV$
>sAMAccountType: 805306369
>dNSHostName: DK_SQLSRV.uk.corp.company.net
>servicePrincipalName: MSSQLSvc/DK_SQLSRV.uk.corp.company.net:1433
>servicePrincipalName: HOST/DK_SQLSRV.uk.corp.company.net
>servicePrincipalName: HOST/DK_SQLSRV
>objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=net
>dSCorePropagationData: 20120717092325.0Z
>dSCorePropagationData: 20120717092325.0Z
>dSCorePropagationData: 20120717092325.0Z
>dSCorePropagationData: 20120116132841.0Z
>dSCorePropagationData: 16010721193529.0Z
>lastLogonTimestamp: 129879221365397394
--------------------------------------------------------------------------------------------------------------------------
C:\AdFind>adfind -sc c:om_sqlsrv
AdFind V01.46.00cpp Joe Richards (joe@joeware.net) March 2012
Using server: CORPPL-AD02.corp.company.net:3268
Directory: Windows Server 2003
dn:CN=OM_SQLSRV,OU=SQL Servers,OU=DB Management,DC=uk,DC=corp,DC=company,DC=
net
>objectClass: top
>objectClass: person
>objectClass: organizationalPerson
>objectClass: user
>objectClass: computer
>cn: OM_SQLSRV
>distinguishedName: CN=OM_SQLSRV,OU=SQL Servers,OU=DB Management,DC=uk,DC=corp,D
C=company,DC=net
>instanceType: 0
>whenCreated: 20120508133504.0Z
>whenChanged: 20120730083024.0Z
>displayName: OM_SQLSRV$
>uSNCreated: 31819155
>uSNChanged: 33884157
>name: OM_SQLSRV
>objectGUID: {A9DD88A8-832F-4E03-96BC-6A7A650859C3}
>userAccountControl: 4096
>pwdLastSet: 129862424766223764
>primaryGroupID: 515
>objectSid: S-1-5-21-3484230728-397263411-2833629501-142265
>sAMAccountName: OM_SQLSRV$
>sAMAccountType: 805306369
>dNSHostName: OM_SQLSRV.uk.corp.company.net
>servicePrincipalName: MSSQLSvc/OM_SQLSRV.uk.corp.company.net:1433
>servicePrincipalName: HOST/OM_SQLSRV
>servicePrincipalName: HOST/OM_SQLSRV.uk.corp.company.net
>objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=net
>dSCorePropagationData: 20120508145251.0Z
>dSCorePropagationData: 20120508145251.0Z
>dSCorePropagationData: 20120508145251.0Z
>dSCorePropagationData: 16010108151513.0Z
>lastLogonTimestamp: 129881103046782065
So i am not really sure how to proceed
hi guys, i am trying to install exchange server 2008 on my server 2008 which i installed on virtualbox for studying purposes.
when i ran the dcdiag test, everything passes except Record Registration
any help will be appreciated. Thank you
Lovepreet Singh
Just being thorough:
Can my domain run with its two Windows Server Enterprise 2003 domain controllers at difference service pack levels during the upgrade from SP1 to SP2?
These servers are going to be down-promoted to file servers.
The likely answer is yes, but they're production servers and I can't makie a mistake.
Don't know if there is a forum for software this old!
Thanks!
We recently needed to perform a schema extension and subsequently found a number of replication issues.
There were a number of lingering objects nearly all of which were able to be removed using repadmin. There's one object that can't be removed through repadmin or repldiag. Details of the eventlog message are below.
There is a 1988 error relating to a GUID for every domain controller in our child domain, I guess at least the child domain is consistent.
The question is whether there is any other way that this lingering object can be removed other than demoting and re-promoting each and every domain controller across the child domain?
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1988
Source DC (Transport-specific network address):
012b8e6f-cf5f-43a0-922f-15a8874d7e4b._msdcs.ROOTDOM.NETWORK
Object:
DC=81.4.101\0ADEL:6e333d56-abac-42e3-a233-91db9101a5f2,CN=Deleted Objects,DC=CHILDDOM,DC=ROOTDOM,DC=NETWORK
Object GUID:
6e333d56-abac-42e3-a233-91db9101a5f2
Hello,
Currently we have four domain controllers running Windows 2008 R2, spread across two AD sites.
We have two Domain controllers in each AD site.
We need to change all our domain controllers from Windows 2008 R2 to Windows 2008. In short, this is required because a trust relationship needs to be temporarily setup with an old NT4 domain, and this is not possible if our domain controllers are Windows 2008 R2.
We don’t want to change the name of any of these domain controllers.
Here’s a really brief summary of what I plan to do.
I will repeat steps 2-4 with the other domain controllers in site2.
Although I’ve provided a really basic run down of events, is there anything crucial I may have missed here, and what else do I need be particularly mindful of?
Many thanks,
Hi,
I am about the demote Win2k3 DC from the environment. I have read many articles related to this and did followings as preparations. I only did not quite understand certificate related step which some articles mentioning it before demoting the DC. How can I make sure that I don't have certificate related issues prior demoting the DC?
Note: I have 2 more DCs with Windows 2008 R2 and FSMO have been moved long time ago. No role left on the Win2k3 other than AD.
In addition I have plenty of KDC error as follow. Some people said that I should ignore it. Should I?
Event Type: Error Event Source: KDC Event Category: None Event ID: 27 Date: 21/12/2012 Time: 9:16:43 AM User: N/A Computer: ICD21 Description: While processing a TGS request for the target server krbtgt/ICD.LOCAL, the account ICD25$@ICD.LOCAL did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 18. The accounts available etypes were 23 -133 -128 3 1. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Regards
Hi ALl,
We have windows 2008 domain controller's in our domain... We have set the scavengin on zone for 36 Hrs refresh and non-refresh intervals.. and our DHCP Scope lease is for 3 days i.e. 72 hours...
I would like to know if a client has received a IP address from DHCP... That IP will be assigned to client for 3 days...as per DHCP Lease.. So I would like to know when will be the Scavenging take place after every 3 days or after every 36 hrs..?
Thanks
Thanks HA
Hey everyone,
I am a newbie when it comes to ADFS. Maybe I am grasping the wrong concept here. A little background on what I am trying to do. I am wanting to setup an ADFS solution so that our company website where we buy office supplies from, my users will not have to remember another username/pass combo. I am trying to get it setup so when they log into our domain through AD they will automatically be authenticated with the website.
So now for the actual infrastructure of what we want.
AD DC------ADFS Account Server------ADFS Resource Server------Webserver
I have the certificates all lined out and the ADFS Account server and the resource server are relying trusts. They are all issues certs from the AD DC. As the account server, shouldn't I be able to import/sync the AD info for our domain into the account server? I have read a ton of documentation, but I just can't quite grasp how this part of the ADFS solution works.
Is it possible to determine whether a Users password was set via the end user OR if it was set by an administrator through Active Directory Users and Computers?
I am trying to target users with a "force password reset at next logon", but I only want to target those users that have not reset since the last administrative set password.
thanks
I had a couple of duplicate spn's that I removed via setspn -D. I still have two issues:
1. There is a duplicate spn for a sql server that keeps getting re-created. Even though i delete it it comes back after a couple of hours.
2. removal of another duplicate spn broke an internal application that used kerberos for authentication. Changing the authentication to NTLM fixed it, but shouldn't this be happening in reverse? The app should have been having authentication issues due to the duplicate spn and removing it should have cleaned it up. Instead it broke it?
Hi
I have asked below question in AD L4 interview question in one company?
What is disaster recovery in AD, any example?
What can be reason of user slow authentication in Domain for 1 site for multiple users and how can we check it from DC side.
Can i get more Question and answer for AD L3 and L4 level?
Hi
I have 10 DCs in my child domain and in parent domain have 3 Dcs.
I don't have any DNS in root domain.
I have all ADDNS in child domain and my parent domain DCs are pointing to child Domain ADDNS in TCP/IP properties on preferred DNS.
As of now everything is working fine.
But i can see some discrepancy in my child domain ADDNS settings as follows:
1:- DC20, 21, 22, 23 & 24 has the same conditional forwarders updated to each other and except these 5 dcs, all other dcs don't have same conditional forwarders.
2:- DC20, 21, 22, 23 & 24 has the ISP IP address details in the forwarders but other remaining DCs are having DC20, DC21 IP address in the forwarders.
Also I have forest wide zone data replication enabled in the ADDNS.
I want to know that why its discrepancies in the same domain Active directory integrated DNS?