Windows 10 has a new feature called Wifi Sense. The feature connects WLAN adapter to any open hotspot in vicinity. It also shares WLAN passwords with friends over Facebook.how to completely disable this through GPO in a domain for all users or by any other way.
Regards, Triyambak
Hi guys, we are going to create a 2-way transitive forest level trust between an old 2003 domain and a newer 2008R2 domain.
We will be migrating users from old to new and want to retain SID history and allow migrated users to access resources in the old 2003 domain.
I've read a little about SID filtering and not sure if I need to disable it, or what the default state of SID filtering is for a forest trust?
Hello There,
One of my client looking to use the ADFS 3.0 as an IDP. However, ADFS 3.0 has 3 trusted internal ADFS. (example, when idpsignonpage displayed, it shows 3 option to choose).
Our goal is, we do not want the user to force on selecting which IDP to choose. So we are looking for an option like, use our own logon page and based on user id, we will authenticate and get the required tokens programmatically. so we do not want ADFS logon page to display at all.
Any idea or reference is really appreciated!
thanks,
PerfeITo
Hi
I'm looking for a method to force users to use custom form when creating new appointment or meeting in their calendars.
What I know and what I've done:
1. I've prepared custom meeting form and I've published it to "Organizational Forms Library"
2. I've also tested that I can use form I've published by Going to Calendar > New element > more... > Choose Form and then choosing from Org Library
3. Additionally I've managed to set default Calendar form to the one I've prepared but only when it is published to my Personal Form Library (Publish as > "Outlook's Folders") that is stored inside my db I suppose.
I know how to set default form in my calendar but don't know how to set it to form from Org Library because I only have "standard form library" and "personal form library" to choose from. ONLY local sources - I CAN'T choose from Organizational Library.
(it's under right click on the calendar in "when publishing in that folder, use"...)
My question:
1. How to set customized Meeting/Appointment form as default form Globally (for whole organization or, better, for some group of users)?
2. Can you point me to some documentation? (please don't give me links to Outlook 2003 Form Administrator)
thanks
Marek
We have so many DCs (Windows 2003) in our domain. I have promoted another new DC - windows server 2012 in our environment. How can i restrict this new DC record in DNS database so no user authentication request come to this domain controller till the complete replication of AD database ?
After complete replication we can authenticate user with this new DC.
hi ,
i have been asked to make a DR plan for our domain. we have two DCs and i am trying to make a baremetal restore of our primary dc (server 2008r2 enterprise) . all fsmo roles are reside on that server . what i did was ,
1. took a system state backup to d: drive using server backup utility
2. then a full server backup to remote share
3. restored baremetal image to a same hardware(but a new server with same size of disk) on a test network
4. after completion of my restore process i removed network cable and reboot to dsrm mode
5. issued directory restore password and issued " wbadmin start systemstaterecovery -backuptarget:d -authsysvol and process was completed without any errors
when i booted in to nomal mode after recovey , i can not login to dc giving my domain admin credentials . a lite blue scree appears hole time. i tried several reboots but still in the same state.
* i am not authorized to connect recovered dc to production lan ( promoting new server to dc )
* can not keep another dc on DR site
is there any possible solutions in my case ?
Dear experts.
i m using windows 2008r2 server at office location and i want to operate that server from my home pc through internet.
Dear experts
we have two offices in different location we installed windows server and configure ADDS,I want to connect both office in same domain .via internet.
please help me.
Hi,
I have several printers installed by gpo (computer configuration) but, I don't know how to avoid that domain users could modify the printers settings.
Any suggestion?
Thanks a lot.
After upgrading domain controllers from Windows 2008 R2 to windows 2012 R2. We cannot copy an existing user that has a mailbox.We get the error Windows cannot create the object username because: The name reference is invalid.
Therefore, I applied Update Rollup 17 for Exchange Server 2007 Service Pack 3.
I am still getting the same error.
In addition, I am getting errors like
Consolidate: The Active Directory service Referral interface failed to service a client request. RFRI is returning an error.
The Directory Service Referral interface failed to service a client request.
RFRI is returning the error code:[0x3f0].
Referral Interface cannot contact any global catalog server that supports the NSPI Service.
Referral Interface cannot contact any Global Catalog that supports the NSPI Service.
Clients making RFR requests will fail to connect until a Global Catalog becomes available again.
After a Domain Controller is promoted to a Global Catalog, it must be rebooted to support MAPI Clients.
I am not finding anything wrong on the Global Catalog servers.
There seems to be a bug with Active Directory reporting back the incorrect expiration date for passwords when using Fine Granular Password policies. I have set my password is expire every 160 days via FGPP console. Bizarrely the old command query tools (net user or net accounts) is showing 30 days as the password expiration period for accounts but using PowerShell queries shows the correct expiration period (160 days). Unfortunately Windows client, Apple Mac and OWA is picking up the incorrect expiration period prompting users to change password within 30 days but not forcing them as their account has not technically expired, which is the 160 days. This is very confusing and annoying for the users!
I did have password policies in place using Group Policies but I removed them as needed more granular control on password policies.
Any ideas how to resolve this issue?
Many thanks
Liam
We are running a particular application where the only way to give a user access to it is to make them an AD user.
This application is for our end-user customers, and as such we don't want customers to have access to our entire AD directory. The purpose of this AD user is really just so they can log into the application and we don't want them doing anything more than that.
I created a separate OU and placed a user under it, and experimented with permissions settings on the OU (such as denying List Contents, List Object, and even Read all properties" as special permissions, but the AD user can still see a list of all AD users if they are in a AD login pop-up "Select User or Group" window, and click "Find Now"
I realize this is how AD works by default, but we only want to restrict permissions for very specific users.
I'm still thinking there should be a way to restrict this in the OU security permissions but so far no deny combination I've tested works.
In other research I found this article about a "confidentiality bit":
http://windowsitpro.com/active-directory/using-confidentiality-bit-hide-data-active-directory
But, it also says there that "base schema attributes" cannot be made confidential, and I'm pretty sure 'Name' is a base schema attribute right (?)
So what is a solution if we want to configure things so particular AD users would not be able to enumerate/query/browse the AD directory of users but can still log in to/through AD.
Thanks
Currently running 4 locations, separate IT depts at each. We use office 365 company wide working from the same domain/url and are running a single domain at one of the offices. Currently one of the admins is looking at adding Active Directory Synch: https://portal.office.com/AdvancedSetup/SetupExchange?scenarioType=DirSyncSetup to his local ADDS.
He then switched up too AD Connect:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-prerequisites/
and wants to add this to his domain (the same domain name we all use for office 365) to take advantage of the SSO mechanism.
My fear, and it may be unfounded, is that as soon as he adds the domain that all users are working with in 365 into the Azure ADFS everyone that is not a member on his local ADFS will lose the ability to connect to office 365 without the use of a proxy server and a VPN.
Has anyone had any experience adding multiple locations not bound by single domain into Azure directory synch? 3 of the offices are currently running workgroups and are not domain joined.
Thanks!
Dears,
We have plan to migrate our active directory 2008 to AD 2012, so we have some applications are running in our system, how can I know the applications are compatible with new AD, how do I import DNS's ? Kindly I need best plan for migrating AD 2008 to AD 2012.
Regards.
Hi,
We have 100K users in a large national domain and are looking to store pictures of employees, being 5k in size each, in Active Directory.
From a size and importance perspective, would it make sense to store employee pictures in an Application Partition instead of the Default Naming Context? Im not sure we would want employee pictures in the Default Naming Context.
Thanks for your help! SdeDot
I just noticed an Event Log warning that says I have a handful of machines that do not have IP Addresses that match any of the existing sites in the enterprise (Source: NetLogon, EventID: 5807). It references the %SystemRoot%\debug\netlogon.log to tell me exactly what machines do not have a corresponding AD site. The fix is easy enough, create a new site for the appropriate subnet.
Here's the catch, the machines I'm seeing in the log are upstream DNS servers that neither in my domain, nor on my side of the firewall. Should I still create a subnet object for those servers? If so, what site do I assign them to? They are not my servers.
DC1 is Windows Svr 2008
Alrdy Raised to Win Svr 2008 Domain Functional Level
DC2 is Win Svr 2012
After installing AD DS function and also assigned as a DC
Netlogon folder cannot be found
Only SYSVOL Folder is available
New clients login will not load the BAT file from the netlogon folder from
the DC1 as well.
i have tried the following:
https://support.microsoft.com/en-us/kb/947022
However, it only helps to present the netlogon folder from DC1.
It does not work for DC2.
Deeply appreciate if anyone can assist on this.
Thank you very much
Frank
We have added a pair of Server 2012 R2 DCs to our environment, and it does not seem that simple LDAP binds will work with them. We do binds in code, and from 3rd party applications.
We have 2008 and 2008R2 DCs that work fine. I cannot find any information that states 2012 should work any differently. Is there some info out there that would clear this up?