Hi,
Do we have any Active directory tool for WIndows 2008 /R2 ? I am in process of designing an AD for large group and wanted help in sizing the infra. It will be great if we have anythng like Exchange sizing tool for designing and sizing of Windows 2008 R2 Active directory also...
Pls help...
Thanks for your revert...
Greetings!
We have two domain controllers (windows 2008 r2 servers).
* Primary DC (global catalog)
* Secondary DC (FSMO holder)
When we restart primary DC in the time of restarting we are unable to do any RDP to connections inside the domain.
Secondary DC is also a DNS server. Repliciation should be working (since the last check). We are trying to find out the reason, why RDP to other machines thru hostname or IP is not working while Primary DC is being restarted.
Domain Functional level: 2003
Forest Functional level: 2003
When we run: dcdiag /test:DNS on both server we recieve error:
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record in zone company.local
Any hints would be most then appreticiated.
With best regards,
bostjanc
Hi,
I have a application, in which I want to access the folder on Windows7 and VS2010 development environment. Based on the input commend (eg: dir, ls, etc) the folder is accessed. If the user is denied for access then it should not allow even if the user is"Administrator". In my existing application I am firing the command thru system() function which behaves correctly. How ever for new modification I don't want to use sytem() function so as a replacement I am using FindFirstFile(), FindNextFile(), _stat64(). I want if the administrator is denied access to a particular folder on the same machine then it should not access the folder. FindFirstFile(), FindNextFile(), _stat64()which is leading to a wrong behavior.
Please let me know whether this can be achieved for "Administrator" user.
Thanks in Advanvce..!!Hello all,
We have many application and third party integrated with active directory but i face the following issue with all application also with Exchange 2010 SP2,
when i reset password for particular user he can access his account with the old password for period time that happens only with integrated applications but domain logon works fine , is that a normal behavior, can we handle it , thanks all.
Dears,
how to set the time server in my domain, currently I have two domain controllers with 5 minutes difference between them
Thanks
Hi
I am trying to Import users newusers.ldf with LDIFDE. here is the file contents but i am getting error is there any one can help. thanks in advance. here is LDF file
DN: cn=April Stewart,OU=People,DC=Contoso,DC=com
ChangeType: add
CN: April Stewart
objectClass: user
sAMAccountName: april.stewart
userPrincipleName: april.stewart@contoso.com
givenName: April
sn: Stewart
displayName: Stewart, April
mail: april.stewart@contoso.com
description: salesRepresentative in the USA
title: Sales representative
Department: Sales
company: Contoso, Ltd.
DN: CN=Tony Krignen,OU=People,DC=Contoso,DC=com
changeType: add
CN:Tony Krignen
objectClass: user
sAMAccountName: tony.Krignen
userPrincipleName: tony.Krignen@contoso.com
givenName: tony
sn: Krignen
displayName: Krignen, tony
mail: tony.krignen@contoso.com
description: salesRepresentative in the USA
title: Sales representative
Department: Sales
company: Contoso, Ltd.
This is the error i am getting, as far as i know i am fallowing MSpress book instruction and there is no typo it is same as book says.
C:\Users\Administrator\Documents>ldifde -i -f Newusers.ldf -k
Connecting to "SERVER01.CONTOSO.COM"
Logging in as current user using SSPI
Importing directory from file "Newusers.ldf"
Loading entries.
Add error on entry starting on line 1: No Such Attribute
The server side error is: 0x57 The parameter is incorrect.
The extended server error is:
00000057: LdapErr: DSID-0C090C26, comment: Error in attribute conversion operati
on, data 0, v1771
0 entries modified successfully.
An error has occurred in the program
No log files were written. In order to generate a log file, please
specify the log file path via the -j option.
C:\Users\Administrator\Documents>
I set up a stand alone AD LDS server in DMZ, and was able to configure it to adamsync to our internal AD manually. The way I sync is to run adamsync as a local administrator, while in the configuration XML file I added internal AD user (see below).
<source-ad-account>adldsuser</source-ad-account>
<account-domain>domain.us</account-domain>
When I run adamsync, I use /passprompt to enter domain\adldsuser password in command line. The problem is obvious: I have to remember to login to manually sync it every a couple days. I am desperate to know how to schedule it so that it can sync automatically. I tried search online but can't find any solution to it.
In a practical world, how do you guys configure AD LDS in DMZ? and how to you accomplish syncing automatically?
Thanks
Byron
Hello,
We have Windows 2008 R2 Domain and various servers like SharePoint, TFS, TMG in existing domain.
But when I add a User to a existing project group in A.D its shows it exists, but when I check the same project group in TFS Project it doesn't.
The time it takes to synchronize is too long almost 45 mins - 1 hour.
Since all our servers are virtual Machines hosted on 2 Hyper-visors only which has a network card of 1 Gb each. The Synchronization time it takes is too long.
Can any one suggest the solution for this please?
Hi,
is it still possible to configure delegation on a Windows 7 or WIndows 8 computer to manage AD Users ?
For example if I want to delegate control on a specific OU and I want to create a specific MMC (with specific Taskpad view) for that, Can I still do that on Windows 7 /8 ?
I was able to create a custom view MMC on Win 7/8 but didn't find any way to create a custom Taskpad view for them.
If it is not possible, is there any other solution ?
Thanks
Hi,
simple question.
Is there a delegation assistant through ADAC or do I still have to use the ADUC console even on my Windows 2012 box ?
Thank you
Hey all,
I have a very simple PS script that imports users via .csv to a generic import OU. From there I need to move them into 1 of 3 main OU's. depending on which OU they are put in they need to have a profile path set and a group membership added. My question is can I do this in AD or maybe a GPO or will I have to make another script to do this? I'm trying to keep this simple. Any thoughts are much appreciated :)
Hello,
Is it possible to directly transfer all FSMO roles from a Windows 2003 DC to a Windows 2012 DC? Our domain and forest are at Windows 2003 functional levels. Doug
Dears
I have new installtion of WIindows 2008 R2 EE, with Enterpise Root CA
Based on this link
http://technet.microsoft.com/en-us/library/hh467900.aspx I have created OperationsManagerCert template, the version number is 100.2
I cannot sign the request through /certsrv since it does not show versions higher than V2
How to sign my client request in this case?
Thanks
Hello everyone, happy 2013!
In a one way trust: DomainA(trusting)-> DomainB(trusted), the best practice to allow users from B accessing resources from A would be to follow AGDLP (the Global group of DomainB would be inserted in Domain Local group of DomainA).
But what if you don't administer DomainB? i.e. you have no possibility of creating or requesting Global groups on the other side of the trust.
Do you recommend any other way besides the awkward ADLP (i.e. DomainB users inserted directly in DomainA local groups)?
i was referring to this article because my additional DC was having problem : http://technet.microsoft.com/en-us/library/hh147324%28v=ws.10%29.aspx
question : do i change the sysvolready parameter on the DC without problem or on the DC with problem?
for example DC1, when i do a "net share" i can see sysvol and netlogon.
On DC2, i can't see sysvol and netlogon when i do a "net share".
so, where should i modify the registry? DC1, or DC2?
Thanks.
Hello All,
I have deployed rodc server in dmz network we have one intranet website hosted outside the company with another vendor which is why we had to deploy rodc server so that users can authenticate with the same AD users and passwords, (please do not say that this is supported or not supported as this is already implemented) when i ever i sit at home and try to run ldp.exe and connect to the server it connects successfully, but when i try to bind the creadentials with encrypt traffic after bind checkbox selected i receive the following error, even if i do not select this check box it does not connect, please note that all ports are open from my public ip to rodc server. one more thing is that i have not installed dns on rodc server. please help
53 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 1)
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, NEGOTIATE (1158)); // v.3
{NtAuthIdentity: User='rodc.admin'; Pwd=<unavailable>; domain = 'ffcqa.com'}
Error <49>: ldap_bind_s() failed: Invalid Credentials.
Server error: 8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1
Error 0x8009030C The logon attempt failed
If answer is helpful, please hit the green arrow on the left, or mark as answer. Salahuddin | Blogs:http://salahuddinkhatri.wordpress.com | MCITP Microsoft Lync
hi,
i am using the two windows server 2080R2. In 1st server there is an AD and in another server is a read only domain. Now the problem is these two server replication is not happening. I am troubleshooting the problem. When i open the active directory sites and services from there i select that server and say replicate now it is giving me following error.
The following error occurred during the attempt to synchronize naming context abc.local from domain controller server2 to domain controller exch2k10:
The source server is currently rejecting replication requests.
This operation will not continue.
Please anybody suggest me how to resolve this problem.