Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

after dcprmo cant login (domain admins) but can in domain administrator

$
0
0

Hi All

I got issue , after dcpromo , only can login "domain administrator" account , the others "domain admins"(the same level administrator ) account , cant access .And there are no sysvol and netlogon ,  in event log , I find event 50 56 ,  but I guess not this . I setup in VM , I login in locally not remote.

 


ADFS/WAP - redirect http to https

$
0
0

Hello,

we are running an Server 2012 R2 ADFS-Farm with WAP.

What is the recommended option to redirect http requests to https?

Starting with the August 2014 Windows Update rollup, the Application Proxy listens for health probes also on http.

Only for http redirects installing the whole IIS is not feasible I think.

Thanks in advance,
Thomas

Client side on (windows 2008 r2 server) GPO version sysvol version showing (65535)

$
0
0

Hi 

I can see GPO version number is showing mismatched from other client servers in gpresult.htm report for all GPO . See below snapshot.

how can I resolve this issue as on DCs I have checked the all applied GPO and they don't have any version difference on DCs.

It's showing only client servers running on windows 2008 r2 O.S.

All Sysvol version showing (65535) Why so..

Override Group Policy firewall

$
0
0

All,

I am trying to find the Registry key(s) which allows me to override the Group Policy enabled firewall.  When this laptop is not connected to the Domain, Group Policy turns on the firewall.  I tried to override this behavior by changing the following DWords to 0.  However, the PCs firewall is still enabled.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\

Thank you,

tjcreek55

missing folders in dfs

$
0
0
we are missing big files/folders under a dfs tree. Is there a way to find out what happened and where the files/folders went ?

Report All Computers and Last Logged on User to those computers from Active Directory.

$
0
0
Report All Computers and Last Logged on User to those computers from Active Directory. Any scripts/ tools/ suggestions.

DNS NIC settings failover question

$
0
0

This morning my site had our primary DNS go down, we have 3 DNS servers in the DNS settings tab on all our nics, we have 5 subnets associated to our site. Now when our primary DNS went down we here at our main site were still able to resolve both internal and external, however one subnet range was isolated no internal or external. Now from my stance I know that they did not successfully move to the next dns server in the order but I need to prove it... Is there an event id or log I can use to show this?

Another unique aspect is this subnet range gets there DHCP from a cisco ASA device, and the argument is being made that everyone else did not go down the dns server list meaning when the primary failed it went straight to the last server in the list even though the rest of the servers were up and working.

Any insight as to how I can prove this from a windows perspective without stopping the dns server service to duplicate the issue would be appreciated.

Reporting on changed attributes

$
0
0
I have a script that runs right now that shows me accounts that were modified in the past 24 hours. It does the job but reports on any kind of change (obviously). I want to narrow this down to just report on a particular attribute changed, in my case the email attribute. Is there an easy way to do this or would I have to run two reports and compare?

Domain controler // DS/DFS/System error

$
0
0

Hi

suddenly one of our 2008R2Sp1 DC get a lot off error  ... all others are OK

System :

EventID 4  The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server xxxxx

DFS replication :

Event 1204 The DFS Replication service failed to contact domain controller  to access configuration 

Directory Service

1865 The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network 

1311 The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. 

DNS server

4000 The DNS server was unable to open Active Directory.  

Given those huge errors, i wonder if it's not a solution to Depromote/remove from domain the repromote this server ..... 

what do you think about it ?

regards


Searching Through AD

$
0
0
Server 2012 R2 with AD. How would i go about searching through AD using ADSI Edit for references/instances of an object? I dont see a "search/find" option in ADSI. Is it possible?

Duplicate Ipv4 Address

$
0
0

I have a WS2012R2 Server.  In ipconfig /all I am getting a "Duplicate" in my server ipv4 address for my Windows 7 host computer. 

Also when I log into my Windows 7 host with a AD UC user in ipconfig it shows the host IPv4 as "Preferred" but the server IPv4 Address has the "Duplicate".

I cleared all of the nonessential IPs in DNS Manager.

What am I doing wrong?

No root stage

$
0
0

dear all 

i added windows server 2012 R2 to existing windows 2003 R2 domain, the FRS not able to replicate the contents of SYSVOL 

i did alot of diagnostics and discovered that there is no root storage when run this command 

ntfrsutl ds |findstr /i "root stage"

no result appear and no errors 

NTFS file folder permissions

$
0
0

to check the Directory Permission recursively I use

get-childitem\\abcd\E -recurse | get-acl | Format-List | Out-File "c:\temp\output.txt"

This lists the local and AD groups with access to files and folders.

I am looking for a script that can list the users in the AD groups with access to all these files/folders.

Win 2008 servers can't access sysvol or netlogon partition on Windows 2012 domain controllers

$
0
0

I have a small Windows 2012 domain that includes 3 Win 2008 servers and 8 Windows 2012 servers. None of the 2012 servers have an issue connecting with AD or viewing\\<domain controller>\netlogon or \\<domain controller>\sysvol> in Windows explorer.

If I try to do the same thing from the Win 2008 servers though, I get prompted for a username/password and even with a valid password supplied I get an "Access Denied" error.

I can otherwise ping the domain controllers, access the C: drive via the admin share (c$), users authenticate with no issue. If I manually drill down from the admin share (C$) I can get into the sysvol folders and browse them.

Running gpupdate from a 2008 server generates these messages:

"The processing of group policy failed. Windows attempted to read the file \\xxx\sysvol\xxx\Policies\{long string}\gpt.ini from a domain controller and was not successful. Group policy settings may not be applied until this event is resolved."

Using windows explorer and \\domain controller\c$, though, from the 2008 server, I can drill down and find that gpt.ini file and open it and edit it if I want.

Running rsop.msc generates the message "Unable to generate RSoP Data. In logging mode, likely causes are group policy has never successfully processed for the computer or user, RSoP logging was never enabled, or data is corrupt. In planning mode, verify that the selected domain controllers supports RSoP"

Running rsop.msc from any 2012 server runs without problem however, so it appears the domain controllers support it.

I'm stumped - any suggestions?

Paul


Block User ID creation as numeric number in AD

$
0
0

Hi,

Is it possible to block user id creation as a numeric number in AD?

Ex: 123456@domailname, domain\123456

If yes please guide. :)

Thanks & Regards

Mathivathanan Vijayakumar



Enter Address Leases for computers are within the Round Robin Scope

$
0
0

DHCP>WIN-12345>IPv4>Scope[192.168.1.0] Round Robins>Address Leases contains some Client IP Addresses for some computers in AD UC but not the ones I need.  These computers are within the Round Robin Scope of 192.168.1.100 to 192.168.1.253.  How do I enter my computer in DHCP Round Robin Scope?

Migrated to domain User have administrative rights

$
0
0

Need help,

I have migrated local administrator account to domain user account using Forensit Profile Wizard, domain controller is on Windows 2012 R2, but after this procedure this user have full administrative rights on his computer (and should have User rights)

I have pu this user in Users groups on AD for sure,

not helping force gpupdate. Could anybody tell me how now in windows change this migrated account to be user non admin type?

many thanks

Help figuring out what i need

$
0
0

Hello, this is the first time i`m asking a question here so excuse me if it`s in the wrong place.

I need help figuring out what i need to make what i want work (the how to will come at a later time if necessary). 

So i have a small firm and i am tempted to switch over to windows server / active directory, but before i do that i wold like to know what i should ask of my IT department and if what i want is possible .

What i plan to do is the following : i have 19 work stations that i plan to use software distribution to. All i want is for all 19 to have the same software and the the respective software be configured identical (if possiblewith out the option to change any of the settings from the user side) also to do updates to windows / respective software using group policy and last have a central storage for all to keep data on.

All pc-s are on same network (so a local server and a local domain wold be feasible but if there is any online solution that wold be cheaper or more effective i`m open to any suggestion  ).

So what i`m asking is : is what i want possible? and will a windows server with active directory be able to do all that or do i need to consider other stuff that i have not. 

Thanks in advance.

Scope to enter host computer data into DHCP Address Leases

$
0
0

In DHCP>WIN-12345>IPv4>Scope[192.168.1.0]>Address Leases contains some Client IP Addresses for some computers in AD UC but not all the ones I need.  These computers are within my Scope of 192.168.1.100 to 192.168.1.253.  You can add one by "reserving a Reservation" in the DCHP Manager under right-click Reservations.  The next part to enter Address Leases from the DCHP Manager is Lease Expires says Reservation (inactive).  How do I turn on Reservations in DHCP Address Leases?


Weirdness with AD?

$
0
0

Hi,

I'm the systems administrator for an approximately 100 node multi-site network.  I am having issues with AD.  My environment is a Server 2003 hybrid set up with multiple DC's.  Whats happening is when a user, regardless of the PC operating system, goes to open a file on a share on the network, they either cannot open the folder, or the list on;y shows a partial list of their files.  The strangeness comes in here:  If they go through Computer or My Computer and access their folder through the drive listed, the full list will appear (sometimes the PC needs to be rebooted as well after performing the "fix").  Now, when the user goes in to open a file via Office or a shortcut the full list appears or in the case of using a shortcut the file will open.  Also, prior to do the fix mentioned earlier,  databases (both SQL and proprietary) don't work.  PC operating systems are mostly XP and Windows 7.   The PC acts as though it is not connected to the network, even though it clearly is because the user can utilize email and Internet. Is this possibly an ACL issue or something else??  In 18 years I've never seen this type of network/PC behavior....

Any help or explanation of what is happening would be much appreciated.

Thanks ahead of time for any help with this.

Viewing all 31638 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>