Hello everybody,
Can I perform authoritative restore without doing non-authoritative restore?! suppose I have 2 scenarios: the first I have only one DC, and second scenario I have one PDC and some additional DCs. So can I achieve this or not.
Thanks
Regards
I have an environment containing 2 physical servers (MS Windows Server 2012). I've been facing many problem with client access to my exchange server, so i did some investigation and found out that the active directory has three other registered servers with active directory services, so i deleted those servers and left the main DC (I did this from the main DC itself)
And now i can't access either one of the physical servers, (The security database on the server does not have a computer account for this workstation trust relationship)
And I don't know the local user credentials. Please help, this is really urgent!
hi,
i have a new branch office with 172.17.0.0/24 subnet and multiple VLAN on it,
my clients are in 172.17.5.0/24 and 6 and 7 subnet and my AD is in 172.17.50.0/24 subnet
i want to create a site and site link for this new branch office.
which subnet i have to set for ad site subnet?
Hi,
I have to syncronize the data between the Business Units of my Company with the central Platform.
At that moment I have a domain at my Business unit and another Domain at the platform.
I have to migrate all the users and computers from the BU to the platform and then install an RODC at the business unit which will have the data of the platform(read only). The only problem is that the users of the business unit are present in the AD local but also on the AD of the platform. In the AD local I have the users and computers but on the AD of the platform I have only the users, that were created because some applications needed this.
My question is: how can I do the migration so that I won't have two times the users. Can I migrate the computers and assign them the users that are already on the AD of the platform? Is there any other solution for this type of migration?
I thought to migrate the domain of the business unit to be in the same domain as the platforms (uninstalling the AD of the BU and then nmigrate it as a member server for the platform and then reinstall the AD. The only problem is the users which are already on the platform.
Any help would be apreciated!
In the scenario we have 3 DC's
When one of the DC is rebooted within normal working hours (Guess it is the same out of working hours - have not tested that). Users who has locked their computers, will not be able to logon when they return to their computer again. Computer has to be rebooted before they are able to login again. DC's are 2008 R2 and computeres are Windows 7.
Best regards,
Thomas
I have 18 DCs, my PCD emulator is configured according to KB article https://support.microsoft.com/en-us/kb/816042, pointing to pool.ntp.br
Non-authoritative answer:
Name: pool.ntp.br
Addresses: 2001:12ff:0:7::186
2001:12ff:0:7::193
2001:12ff::8
200.192.232.8
200.20.186.76
200.160.0.8
200.160.7.186
200.160.7.193
200.186.125.195
200.189.40.8
My 2 main DCs in central datacenter are perfeclty synchronized with external time servers, including PDC emulator
But...
Some DCs are getting time from a crazy and satellite-connected DC, i´m sure that nobody did that, checked by w32tm /source
A lot of users are 11~=~minutes late.
Configuration details for location:
LegacyDomain (legacy.pri): Single Forest, empty root with single sub-domain: Windows 2000 Forest Level with Windows 2000 DC (I know I just typed W2K but I don't have the magic wand to make developers move their systems ;-)
TrustedDomain (prod.pri): Single Forest, single domain: Windows 2003 Forest Level with 1 - Windows 2008R2 RWDC and 1 - 2012 RODC
Problem:
We're having issues authenticating users in prod.pri from systems in the legacy.pri when the RWDC in prod.pri becomes unavailable at the site. The PDC for prod.pri is at another location and there are a number of DCs globally located outside the site with the problem.
This issue was experienced prior to the addition of the RODC at the site in prod.pri when the RWDC at the site became unresponsive due to a disk full condition. (It is likely this issue could exist at other locations that just haven't had the conditions align)
Three weeks ago an RODC was added to the site for prod.pri. Last week in an attempt to convert the site from having a RWDC on prod.pri to only having a RODC, the RWDC was disconnected from the LAN for testing. While users on prod.pri experienced no issues authenticating with systems on prod.pri *(we confirmed connections in the logs on the RODC) we did experience authentication failures for users in prod.pri authenticating on systems that remain in legacy.pri.
Unfortunately I'm also in an outsourced service provider model so every step in troubleshooting includes a time lag. Any idea if we just have an issue where we need to flush something on the legacy.pri systems or is there something else at play in the complexity of domain trusts?
Thank,
Jeff
Hi Support,
We are using Active Directory server of Windows 2008.The server timing is running fast(i.e showing time 20 minutes fast) because of that all the computers which are connected to Active directory server are also showing the server time 20 minutes fast compare to original time.
I have set the correct time in the server but it is showing again showing 20 minutes fast.
Please let me know how to set the correct time in the server to avoid running fast and also let me know if we set the correct time in the server whether all the computers will automatically set time in the computer as per the server time.
Looking forward for your reply at the earliest.
Regards
R.Pradeep
Hello community,
Environment
Mixed with one (1) domain controller running Windows Server 2008 and one (1) domain controller running Windows Server 2012.
Steps to Produce the Problem
These steps produce the problem both on the Windows Server 2012 domain controller and on another Windows Server 2012 server configured for centralized management. I login with my account which is in the Domain Admins group, and I start the Active Directory
Module for Windows PowerShell with Administrative privileges. I execute the Import-Module Kds command; then I execute the Add-KdsRootKey -EffectiveImmediately command and get the following error:
Other thoughts
Based on my understanding of the elements at work here, I believe there is a file located on the domain controller itself that is being locked by some other service. If anyone could provide clues as to which file and/or service could be at fault, I'd
appreciate. Alternative theories are more than welcome.
Thanks in advance,
Michael
We are using AD LDS to combine 2 forests to be able to authenticate with our Cisco phone system for Jabber etc
User synchronization and authentication works for all applications except the CTI Manager (for remotely controlling our phones)
I have pulled logs and it looks like LDAP may be the issue here. Any insight would be fantastic
CTI Provider Open Request
00130482.002 |13:46:01.526 |AppInfo |CTIManager::CtiManager::providerOpenRequest(): PROVIDER_OPEN_REQUEST received -- Connection Id=5 TcpHandle=[1:200:13:128] PeerIPAddr=10.10.0.207 PeerPort=50018 User name= CtiHandler=[1:200:22:124]
00130482.003 |13:46:01.526 |AppInfo |CTIManager::CtiManager::providerOpenRequest(): Provider Open Initiated -- Connection Id=5 TcpHandle=[1:200:13:128] PeerIPAddr=10.10.0.207 PeerPort=50018 User name=myusername CtiHandler=[1:200:22:124]
00130482.004 |13:46:01.526 |AppInfo |CTIManager::CtiManager::providerOpenRequest(): Total CTI connections=6 Logins in progress=0
00130482.005 |13:46:01.526 |AppInfo |CTIManager: CtiLoginQueue::findSubQueue(): proirity=0 subQueue index=2
00130482.006 |13:46:01.526 |AppInfo |CTIManager::providerOpenRequest(): Login Queued -- TcpHandle=[1:200:13:128] Connection Id=5 Priority=0 Login queue entries=1 Logins In Progress=0
00130482.007 |13:46:01.526 |AppInfo |MX_DEBUG: CTIManager: Login throttling timer started for 100 milliseconds
00130483.000 |13:46:01.526 |SdlSig |CtiQbeGenericMessage |init_complete_await_provopen |CTIHandler(1,200,22,124)
|CtiManager(1,200,21,1) |1,200,13,128.3^*^* |*TraceFlagOverrode
00130483.001 |13:46:01.526 |AppInfo |CQBEParser::ParseQbeMessage: PDU#=3
00130483.002 |13:46:01.526 |AppInfo |[CTI-APP] [CTIHandler::processIncomingMessage] CTI ProviderOpenRequest ( seq#=2 provider=UCProvider login=myusername heartbeat=60 timer=10 priority=0 lightWeightProviderOpen=0
AuthType=0 RequestOldFetch=0 EncryptedSSODataSize=0)
00130484.000 |13:46:01.527 |SdlSig |CtiProviderOpenReq
CTI Login Request
00130489.000 |13:46:01.637 |SdlSig |CtiLoginCheckReq |ready
|Directory(1,200,23,1) |CTIHandler(1,200,22,124) |1,200,13,128.3^*^*
|[T:N-H:0,N:0,L:0,V:0,Z:0,D:0] Login=myusername Seq#=2 Auth Style=0 3rd Party Certificate=0 mOcsp_url= mIssuerName= EncryptedSingleSignOnData Size=0
00130489.001 |13:46:01.637 |AppInfo |CtiLoginCheckReq::authenticateByUserName
00130489.002 |13:46:01.637 |AppInfo |CCMAsymmetricEncryption::DecryptText Enter
00130489.003 |13:46:01.639 |AppInfo |CCMAsymmetricEncryption::DecryptText Exit
00130489.004 |13:46:01.639 |AppInfo |Decrypted Key Status success - [52]
00130489.005 |13:46:01.639 |AppInfo |Nonce =0a21820f-4941-4730-bd5d-7d177147b84f
00130489.006 |13:46:01.639 |AppInfo |Nonce validation success
00130489.007 |13:46:01.639 |AppInfo |CCMSymmetricEncryption::DecryptText:enter
00130489.008 |13:46:01.639 |AppInfo |CCMEncryption::DecryptText (Exit) (Success))
00130489.009 |13:46:01.639 |AppInfo |Decrypted Password Status success - [8]
00130489.010 |13:46:01.639 |AppInfo |AuthenticationImpl::login:enter
00130489.011 |13:46:01.639 |AppInfo |AuthenticationImpl::retrieveCredential:enter
00130489.012 |13:46:01.639 |AppInfo |userid is myusername
00130489.013 |13:46:01.639 |AppInfo |AuthenticationImpl::login - no encryptedpassword Credential, look for password
00130489.014 |13:46:01.639 |AppInfo |AuthenticationImpl::login (Auth with password. Calling authenticateUserWithPassword)
00130489.015 |13:46:01.639 |AppInfo |authenticationDB::authenticateUserWithPassword():enter
00130489.016 |13:46:01.639 |AppInfo |Credential Length is: 8
00130489.017 |13:46:01.639 |AppInfo |authenticationConnector::getReadDSN:enter
00130489.018 |13:46:01.639 |AppInfo |authenticationConnector ReadDSN is:DSN=ccm2;uid=dbims
00130489.019 |13:46:01.639 |AppInfo |authenticationConnector WriteDSN is:DSN=ccm;uid=dbims
00130489.020 |13:46:01.723 |AppInfo |Setting Fields
00130489.021 |13:46:01.723 |AppInfo |userType is: 1
00130489.022 |13:46:01.723 |AppInfo |timeOfLockout is: 0
00130489.023 |13:46:01.723 |AppInfo |timeHackedLockout is: 0
00130489.024 |13:46:01.723 |AppInfo |hackCount is: 0
00130489.025 |13:46:01.723 |AppInfo |daysToExpiry is: 0
00130489.026 |13:46:01.723 |AppInfo |doesNotExpire is: 0
00130489.027 |13:46:01.723 |AppInfo |useExpiryWarning is: 0
00130489.028 |13:46:01.723 |AppInfo |isInactive is: 0
00130489.029 |13:46:01.723 |AppInfo |userMustChange is: 0
00130489.030 |13:46:01.723 |AppInfo |endUserStatus is: 1
00130489.031 |13:46:01.723 |AppInfo |imsInfo is: 1
00130489.032 |13:46:01.723 |AppInfo |lastSuccessfulLoginTime is: 1422470174
00130489.033 |13:46:01.754 |AppInfo |XXXXXX Check 1
LDAP Authentication
00130489.034 |13:46:01.755 |AppInfo |authenticationDB::login (Authenticating using LDAP)
00130489.035 |13:46:01.755 |AppInfo |authenticationLDAP.cpp::authenticateUserWithPassword():enter
00130489.036 |13:46:01.755 |AppInfo |LDAP userid is 'myusername'
00130489.037 |13:46:01.755 |AppInfo |authenticationUtils::escapeLDAPSpecialCharsForFilter():enter
00130489.038 |13:46:01.755 |AppInfo |
After Escaping for LDAP special Characters for Filter = myusername
00130489.039 |13:46:01.755 |AppInfo |authenticationUtils::escapeLDAPSpecialCharsForFilter():exit
00130489.040 |13:46:01.755 |AppInfo |LDAP not initialized...connecting...
00130489.041 |13:46:01.755 |AppInfo |authenticationLDAP::connect():enter
00130489.042 |13:46:01.755 |AppInfo |authenticationLDAP::Authenticate():enter
00130489.043 |13:46:01.755 |AppInfo |Authenticating with SSL enabled (ldaps://MYDOMAIN.local:50001)
00130489.044 |13:46:01.755 |AppInfo |LDAP initialize with SSL Return Code (0)
00130489.045 |13:46:01.755 |AppInfo |setting LDAP option LDAP_OPT_X_TLS_HARD
00130489.046 |13:46:01.755 |AppInfo |authenticationLDAPConfig::getLDAPConnectionTimeout():enter
00130489.047 |13:46:01.756 |AppInfo |ldapConnectionTimeout = 5
00130489.048 |13:46:01.756 |AppInfo |authenticationLDAPConfig::getLDAPConnectionTimeout():enter
00130489.049 |13:46:01.758 |AppInfo |ldapConnectionTimeout = 5
00130489.050 |13:46:01.758 |AppInfo |LDAP set LDAP_OPT_NETWORK_TIMEOUT option set to 5 seconds
00130489.051 |13:46:01.758 |AppInfo |Setting the REBIND function
00130489.052 |13:46:01.761 |AppInfo |LDAP authentication bind failed. LDAP code: -1
00130489.053 |13:46:01.761 |AppInfo |Connection # (0): failed (-1) ((null))
00130489.054 |13:46:01.761 |AppInfo |Details ::
00130489.055 |13:46:01.761 |AppInfo |MYDOMAIN.local 50001
00130489.056 |13:46:01.761 |AppInfo |------------------------------------------------------------------------
00130489.057 |13:46:01.761 |AppInfo |Available Servers (1)
00130489.058 |13:46:01.761 |AppInfo |authenticationLDAP::Authenticate():exit AUTH_NOT_INITIALIZED
00130489.059 |13:46:01.761 |AppInfo |authenticationLDAP.cpp: Error on authentication. LDAP error code: -1
00130489.060 |13:46:01.761 |AppInfo |authenticationLDAP::connect():Exit on Error
00130489.061 |13:46:01.761 |AppInfo |LDAP Connect: Returned from connect with rc: -1
00130489.062 |13:46:01.761 |AppInfo |Failure to initialize (connect) to LDAP server.
00130489.063 |13:46:01.761 |AppInfo |authenticationLDAP::authenticateUserWithPassword():Exit on LDAP error: -1
00130489.064 |13:46:01.761 |AppInfo |authenticationDB::login (Done Authenticating using LDAP)
00130489.065 |13:46:01.761 |AppInfo |authenticationDB::login (LDAP FAILED) (-1)
00130489.066 |13:46:01.762 |AppInfo |AuthenticationImpl::setResults:enter
00130489.067 |13:46:01.762 |AppInfo |AuthenticationImpl::setResults retCode= -1
Hi guys,
recently I'm trying to delegate permissions for the Active Directory administration in our company. It all works great so far except for one thing.
I'm able to delegate the right to remove 'Protection Against Accidental Deletion' if its set, but somehow I can't find a way to delegate the right to initially set it. I already tried to grant Full Control for Computer Objects to the Group I want to delegate the rights to, but that didn't help.
I need this especially for Computer Objects but a general answer would be great either.
Hope someone can help me with this.
Thanks in advance.
Greetings
HI,
myself yogesh borse i am having windows 2008 Server DC in my office & 1 months before 100 laptops we bought OS installed in that laptop is windows7 through ghost now new application has been deploying to our environment for that we need to install their clients to every domain computers but the thing is that those 100 laptop had a ghost image had same SID hence application team suggested to change the sid of all 100 laptops by usingsystem preparation tool .
so my question is that after changing the 100 laptops SID's will it impact to the domain ?
please suggest & mail me on yogeshsborse@gmail.com
Thanks
Yogesh Borse
9920380498
Hello Every one,
I am creating a Lync Deployment Setup for testing purpose.
I have promoted one server to domain controller with the domain name as "lynclab.local". I am using Windows Server 2012 R2 operating system. Now the server name is domaincontroller.lynclab.local and it is hosting AD DS and DNS services.
Now for installing SQL Server on another server, I need to add the Server computer to the domain. But when I enter the domain name and press enter, It asked me to enter the Credentials to log on to Domain Controller. After entering the Administrator Username and Password I am getting an error message saying: "The following error occurred when attempting to join lynclab.local. The network path was not found".
I have tried all the possible solution from other websites but could not resolve. Even I tried to do all the things from starting but still getting the same issue.
I have 5 more servers and I could not join any of the servers to domain.
Looking for help........
Thanks and Regards,
Noor Hussain.
Server Manager>Dashboard>Create a server group
The Server Pool lists all the IP address according to Server and Computer.
I have one Computer.
I have assigned the Computer an IP address just like the rest in DNS manager.
In the Server Pool it lists "win7.mysite.com" separately but does not list the corresponding IP address or Operating System(Windows 7).
I have used Enable-PSremoting on both Server and Win7.
On Win7 I have upgraded to Powershell 4.0
How do I get to show all of the information?
Hi All,
I want to create an new active directory user account.
I am able to create accounts . but iam unable to create uid attribute while creating new user accounts.
Is there a way to create user account along with the uid attribute.
regards
Soma.
Priyabrata
Have two Forests with trust between. Suddenly trust is not working from Domain in Forest A to Domain in Forest B, but still working the other way around.
This happened once before due to time being out of sync, at which point I configured Forest B to retrieve time from Forest A and no issues since and definitely still in sync now.
Checked all the trust configuration and everything validates both ends OK. Either end can resolve the other domain and such fine.
Here is the error logged on the DC over in Forest B when someone from Forest A attempts say SMB access:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 1/09/2015 12:35:25 p.m.
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: DC01.DOMAIN-B.COM
Description:
An account failed to log on.
Subject:
Security ID:NULL SID
Account Name:-
Account Domain:-
Logon ID:0x0
Logon Type:3
Account For Which Logon Failed:
Security ID:NULL SID
Account Name:username
Account Domain:DOMAIN-A
Failure Information:
Failure Reason:An Error occured during Logon.
Status:0xc000005e
Sub Status:0x0
Process Information:
Caller Process ID:0x0
Caller Process Name:-
Network Information:
Workstation Name:Domain-A PC
Source Network Address:192.168.X.X
Source Port:54282
Detailed Authentication Information:
Logon Process:NtLmSsp
Authentication Package:NTLM
Transited Services:-
Package Name (NTLM only):-
Key Length:0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.