Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Create and auto-configure Outlook 2013 profile based on active directory user

0
0
Is it possible to create and automatically configure an Outlook 2013 profile based on a user account in active directory? If not, is there an out-of-the-box solution for this? I have seen some information about applying group policy settings but it does default settings, not user-specific (signatures, out of office replies, categories, rules, nk2). I'm happy to provide more information if required.

Domain migration with UPN suffix the same as target domain name

0
0

Hello,

We are currently thinking of migrating domain (internal.local), this domain has UPN suffix (external.local). UPN suffix is necessary for Office 365.

We would like to migrate to new domain (external.local), which is the same as UPN suffix used.

Is it possible? What is the best way to do this?

Thanks in advance,

Pēteris

Exchange 2010 Mail Store Size Exceeds

0
0

Hi all I received continuous mail from my exchange server's email address administrator@domian.xx.xx

The contents of the email is

"The mail store[Mailbox-database-XX] size exceeds 85 GB(s), the time
interval of notification is 1 hr(s)" 

Any could provide some hints on these or solution might be appreciated.

Regards


----- bsl

How can I copy an .exe file from a remote file server using active directory to a GPO computer.

0
0

So the issue I'm having is trying to copy an .EXE file to several workstations in my OU in Active Directory. Normally I would do this by converting the exe into an MSI file, however the .EXE is the actual program and not an installer. I need a way of doing this and I've been struggling to find a solution online. I'm not a very good at scripting and could use any assistance on this. I tried to do this with a batch file, but kept running into UAC issues when the .bat would run on the workstations during login. I don't want to disable UAC so there must be another way around this. The batch file I have is very basic:

######

@echo off

copy \\fileserver\path\file.exe C:\Users\Public\Desktop

#####

Establishing Global Active Directory ( GAD)

0
0

HI All,

  Our parent Company is proposing GAD and want to know bit more about the setup.

  We are separate forest in different country . So if we are resource domain and if they are the Account domain how our users getting impact by this design?

  We got 5 sites and each site got 200+ users. 

  What will happen to our AD servers? Domain? Mail? Groups and shares?

High level i know they want one AD to manage.

As

 

Domain controler // DS/DFS/System error

0
0

Hi

suddenly one of our 2008R2Sp1 DC get a lot off error  ... all others are OK

System :

EventID 4  The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server xxxxx

DFS replication :

Event 1204 The DFS Replication service failed to contact domain controller  to access configuration 

Directory Service

1865 The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network 

1311 The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. 

DNS server

4000 The DNS server was unable to open Active Directory.  

Given those huge errors, i wonder if it's not a solution to Depromote/remove from domain the repromote this server ..... 

what do you think about it ?

regards


Group Policy Replication issue

0
0

Hi All,

I have issue with group policy replication, few policies recently created are not replicated to other DCs. I have restarted FRS service and also server but no luck but I noticed the file named as "DNS Settings" type as "msDNS-ServerSettings" which is not common in AD Sites and Service-->My Site-->Servers-->My PDC Server,   after deleted this file my replication issue gone. Can any one explain what happen behind this....

systemMayContain and MayContain

0
0

Hi

I have a interforest migration scenario with a 15 year old domain where there are 100 custom attributes that are bound to a class.

Source domain is FFL and DFL 2003

In the source domain the class have all 100 attributes in systemMayContain 

Target domain FFL and DFL 2008R2

When I create the class (Auxiliary-Class) in target all attributes I add are placed under MayContain instead of systemMayContain in the source, when I have been reading about this it has to do with inheritence from the Auxiliary-Class

Will this cause any problems later on?



Windows DNS issue

0
0

I did a DCDiag and got the following issues with DNS:

"Root zone on this DC/DNS server was not found"

It fails the delegation test for all DC's

"[Broken delegation]

Warning: Delegation of DNS server server.domain.com. is broken on IP:X.X.X.X"

DNS delegation for the domain domain.com.domain.com. is broken

[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]

The Domain was stood up in a windows 2000 environment, recently the "_MSDCS.domain.com" folder icon was moved from under the Domain.com zone and into it's own zone... We have two forward lookup zones now, the _MSDCS and the domain.com zones.

The DC's resolve public, domain, etc names without issue. 

We have verified the forwarders work as well and all NIC settings are correct.

In DNS I can not find domain.com.domain.com.

How do I fix the Root zone on this DC/DNS server was not found?


Migration from SBS2003 to 2012 R2

0
0

Hi all

My organization has a SBS2003 server and we are migrating it to a Windows Server 2012 R2 platform.

I've just tried a clean setup on a virtual machine configuring a fake domain and configuring an Exchange 2013. I've migrated without problem onto this machine a mail box from the old server and all worked fine, so i'm quite confident that this part of the migration process should work.

After that i decided to start the real migration following this guide 

http://blogs.technet.com/b/canitpro/archive/2013/05/05/step-by-step-adding-a-windows-server-2012-domain-controller-to-an-existing-windows-2003-network.aspx

and then this one

http://blogs.technet.com/b/canitpro/archive/2014/04/02/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx

Long story short:

I've added the new 2012R2 machine to the domain and promoted it to domain controller.

I cannot proceed now because there's no replica from the old server to the new, so once i try to shut down the old server nothing related to the domain is no longer working.

ExhangeSrv is the new server. TsMailSrv is the old one.

Here I expected to find an auto generated link to the old server. Once i try to click the "Replicate configuration from the selected DC" the popup shows.

I've tested the DNS but all seems to be working fine:

Another significant test I've done is this one that tell me that no netlogon share is found

Does anyone know what can I do?

Many Thanks in advance

RPC error remote Event Viewer/remote dcdiag

0
0

Hi All,

I am writing a code to perform active directory health check. When I perform dcdiag /s:<server name> /test:kccevent i get results for 80% of servers. While on few Domain controller it shows failed with RPC error. While the same test is passed locally. All  other results except FRSevent, KCCevent and DFSRevent are fine.

I want to be more prepared before i reach to the network guy to open port (135) for few sites where issue is occurring. Can you guys tell me the if anything else can cause this? 

Also if I will appreciate, any suggestion on any other important test result to be added here, except dcdiag?

Thanks - Alok


Move Users Accounts using Filter and Path from CSV

0
0

Hi 

Im trying to move user accounts based on a set of filters on a csv file to the appropriate OU on that same file. I want to grab all users in AD that match the teachers name and grade level for each row, and move them to the OU listed for that same row. 

Here is how the date is configured on the CSV file

School

Grade

TeacherADOU
QCV0      Jane DoeOU=Teacher1,OU=Grade 0,DC=students,DC=local

Here's the script Im using:

import-module activedirectory
$mappings = Import-Csv -Path "C:\studentsAccounts\Student_AD_ImportSorted.csv"

foreach ($map in $mappings){
    $grade=$map.'grade'
    $teacher=$map.'Teacher'
    $OU=$map.'ADOU'
    
    Get-ADUser -server "ho-sb-dc03" -Filter {(Department -eq "$grade") -and (Title -eq "$teacher")} | Move-ADObject -Server "ho-sb-dc03"  -TargetPath $OU
}


When i run it, i get an error about the $OU variable being null.

Move-ADObject : Cannot validate argument on parameter 'TargetPath'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
At C:\studentsAccounts\MoveNewStudents.ps1:9 char:149
+     Get-ADUser -server "ho-sb-dc03" -Filter {(Department -eq "$grade") -and (Title -eq "$teacher")} | Move-ADObject -Server "ho-sb-dc03" -TargetPath <<<<  $OU
    + CategoryInfo          : InvalidData: (:) [Move-ADObject], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.MoveADObject
 

memberof not set in a cross-forest scenario

0
0

Hi,

I have two forests and I created a bi-directional forest trust. In order to prepare for admt I tried to add some user from the one forest A to a domain-local security group forest B. That seems to be working, as the user is listed in the Groups"members" UI in forest B.

But if you go to the user object in forest A the Group Membership is not listed, and you can also not see that when checking the memberof property. whoami /Groups also does not Show the Group Membership. For a Domain admin in forest A, that is also a member of the builtin/Administrators in forest B, that results in "you must be a member of Domain admins", and permission is denied if you tried to migrate SID, even if you grant migrate SID history explicitely.

So I have two problems
why cant I find the Group in the memberof? (when checking via GUI or get-adprincipalgroupmembership)
Is there any way to migrate the SIDHistory if you are unable to put the account to builtin/Administrators?

What did I miss? Please help .

Thanks in advance,

Martin 


Error on Configure Active Directory Certificate Services on the Destination Server

0
0

Hi guys, I'm quite new to active directory and I hope that you can help me out. My primary goal is to set up Certificate Services. I have already installed the role "Active Directory Certificate Services", with Certification Authority Authority Installed. Next step from the guide that I use is to "Configure Active Directory Certificate Services on the Destination Server".

I am using Domain\Administrator account on setting it up, ticked Certification Authority, then set up type, Enterprise CA. As soon as I hit on "Next", I get a pop up that says below:

"CcertSrvSetup: SetDatabaseInformation: The system cannot find the pat specified: 0x80070003(Win32: 3 error_path_not_found)

I have searched everywhere but cannot seem to find an exact issue as I am having. Any help would be appreciated. Thank you. 

Edit: We are using Windows Server 2012 R2

Names in common Active Directory tool interfaces in a multilingual environment

0
0

I have observed (in testing) that if I promote my first domain controller using an English version of Windows server and then the second with the French version, the names of many of the items in ADUC and ADSS retain the English names.

Full détails of my experiment are in this short blog post:

http://davidmtechblog.blogspot.com/2015/08/active-directory-domain-controllers-in.html

For example, even on the French domain controller (DC4), "Account operators" (and all the other groups) retain the original English name.

On the other hand, in a purely French environment, the names of these groups are indeed translated.

Is this behavior typical?

Would the language of the first domain controller always take precedence?

I'm thinking this could be a challenge if, at first, the domain had only Polish domain controllers and then, the company expanding, domain controllers in based on Windows server in another language were added.

Would admins in the US or UK have the names of the groupes referenced above all in Polish?

 

Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.


Event 5774 on simple DC with AD and AD based DNS with internet forwarding to DSL router

0
0

Every 4 Hours I get about 10 NETLOGON Errors 5774, for example:

Bei der dynamischen Registrierung des DNS-Eintrags "_ldap._tcp.Standardname-des-ersten-Standorts._sites.dc._msdcs.domain.de. 600 IN SRV 0 100 389 SERVER.domain.local." auf folgendem DNS-Server ist ein Fehler aufgetreten: 

IP-Adresse des DNS-Servers: 217.160.80.136 / Verbindungsantwortcode (RCODE): 0 / Zurückgegebener Statuscode: 1460 

Here domain.de is the old domainname, Domain.local the new one, the change was made about 3 years ago. The Server runs well, there are no known Problems on daily work.

Over a long time I tried many things to solve the Problem, but no success.

- Recreating the DNS Zones

- dcdiag /fix

- Deleting the DNS Cache at Client/Serverside

- gpfixup

- Seaching the AD for old entries with Domain.de -> nothing found

- deleting netlogon.dns/netlogon.dnb and restart NETLOGON, call nltest /dsregdns

The last test recreates the netlogon-files and there I can see some obsolete entries pointing to domain.de,

for example: domain.de 600 IN A 192.168.0.11

but I don't find the right place, where I can fix this.

Has everyone an idea where I can find the source definition of this entries and what I can do to clean this?




Web Enrollment - No certificate templates could be found

0
0

I migrated a Windows 2008 R2 root enterprise CA to Windows 2012 R2.  All looks like it’s working well except that I can’t get Web Enrollment to work.  Upon selecting to submit a certificate request, I get the message:

No certificate templates could be found.  You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.

Certificate enrollment does work through the Certificates MMC, in fact I was able to create a certificate to secure the CA’s Default Web Site.

I have done everything I can find on the Internet to fix this, including:

Any of you seen anything like this and maybe have an idea how to remedy it?


Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."


Any way to filter a large list of Sites in Active Directory Topology Diagrammer?

0
0

Hello,

We have about 150 sites in our AD implementation.  I'd like to use Active Directory Topology Diagrammer to just draw a subset, or filter, of all sites.  Can this be done?  If not, anyone know of another way to do this or another product/utility to do this?


Thanks for your help! SdeDot

AD Site Problem

0
0

Hi dears,

i have 2 site in a domain with 2 Different Subnet and in 2 city,

my clients get Wrong Dynamic site in registry so log on and join in wrong site.

how i can fix it?

How does Certficiate AutoEnrollment work?

0
0

Could someone clarify something for me? I am trying to configure the autoenrollment of a certificate in Group policy and the process is not working. My question is this-If everything is configured correctly as a user configuration autoenrollment in Group Policy than the certificate should be downloaded to the users personal information store on their computer at the time of login correct?

This is opposed to it being downloaded at whatever time the certificate is first needed. We are setting up WIFI access using certificate authentication so I was wondering if maybe the certificate would not be downloaded until the first time the person needed the certificate at the time they want to use the WIFI.

I have reviewed the Group Policy settings over and over and they seem correct and the users rights on the certification template allows read,enroll and autoenroll but it just is not downloading the certificate.

I have been following this

http://social.technet.microsoft.com/wiki/contents/articles/3048.troubleshooting-certificate-autoenrollment-in-active-directory-certificate-services-ad-cs.aspx

and everything seems okay.

Viewing all 31638 articles
Browse latest View live




Latest Images