I have a local ADFS 3.0 setup with device registration enabled.
Registration works on LAN and internet for Windows 8.1 clients and IOS devices but fails for Windows 10 clients, they just ask for a server and then again fails. Workplace Join event log is empty.
I have double checked DNS.
How do I troubleshoot this further?
I've searched the net for a while now and there is not good instructions on this. I know SBS is an oddball of an OS. Can I add the 2012 R2 server as a another DC and demote the old thus transferring roles? I know I have to update DNS, transfer DHCP, etc.
Any help is appreciated.
Thank you,
I am trying to pull a list of all users with an email address who are not members of specific groups in AD into a list for export. What I have is the following:
Get-ADUser -Filter * -properties memberof,mail | Where-Object {$_.Mail -ne $null -and !($_.memberof -like "*mydocs*")} | Select Name | measure
But it seems the memberof is truncating so my !($_.memberof -like "***" is not finding all instances of the group memberships.
How can I have the memberof value reflect all instead of ... so that I can pull all users who are actually not members of specific groups with name like *mydocs* into a complete accurate list?
Frank
Hi guys,
I've read that it's reccommended to have no more than 75 users using Server Essentials Role installed on Server 2012 R2 Standard.
We have a client with pretty well bang on 75 users and we really like the experience of the Essentials role with respect to Office 365 integration. We've tried DirSync and I must say there is a bit of a process to get everything to work. We usually force a full sync when we create a user as the sync isn't instant, we need to muck with the attribute editor in AD to specify primary email address (and alias' if required) etc...It's just not nice in comparison to WSE role.
I've read that it's not recommended to have more than 75 users with WSE role - can anyone back this up? Or is the Azure AD connect stuff a 'nicer' version of DirSync?
Any help appreciated! thanks!
We are fairly new to active directory, and we are trying to create a disaster recovery plan for the DC we have hosted at Amazon Web Services.
In AWS, one of the common methods of backup is to take a 'snapshot' of the state of a virtual server. This snapshot will include all data stored on its virtual disk drives. Should the virtual server fail, a new virtual server can be spun up from a snapshot.
My concern is for the integrity of Active Directory in a disaster recovery scenario. Suppose our AWS DC crashes due to some kind of hardware failure at AWS. We can have a replacement DC spun up from our backup within minutes. However, suppose our backup snapshot is 7 days old. When we spin up the DC based on this backup, the DC will come up in the state it was 7 days previously. Also suppose there have been considerable changes in our domain since that backup was made. My question is, is ADDS on the restored AWS DC smart enough to 'catch up' on what it 'missed' without corrupting our AD?
If the answer to the above is no, what are some viable alternatives for disaster recovery?
I'm unable to access WebHDFS(unix) from windows browser due to Kerberos security. Can anyone help me with this?
Below is the error in browser for “http://****.****/webhdfs/v1/prod/*****/archive?op=LISTSTATUS&user.name=us”
Problem accessing /webhdfs/v1/prod/******/archive. Reason:
GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))
Team
I have 2 sites which exchange 2010 servers & both are internet facing. I would like to migrate the Mailboxes to O365.
Please help on below
1. How many Hybrid Servers we required on each site ?
2.how to calculate for CAS Servers ? i want to use multi role servers on both sites , 2 on each site with HA for Load balance but is it enough for take all CAS requests ? as normally i have 4 cas servers for OWA & all other authentication so please help on this part.
If i have one 2 cas exchange 2013 on each sites, is it enough for CAS traffic ?
Thanks
Hi,
We have client machines that will not be on the network, we want to lock them down so that Users can’t change the desktop background. Is this possible? Or is the only way through Group Policy? Which won’t work as the client machines are standalone.
Thanks.
Populating various fields in Active Directory, such as Company, Mobile Phone, etc. makes them appear in the Exchange GAL.
I must create a custom attribute to contain an additional email address, call it companyEmail aka 'Company Email.'
How do I make this custom attribute carry over into the Exchange 2013 GAL when I update the GAL via the Exchange Shell??
I already know how to make the custom attribute and how to update the Exchange GAL, what I don't know is how to make the custom attribute appear in the person's contact information in the Exchange 2013 GAL.
I forgot to look at the left side column for related threads and then I did find this, which I want to first verify if this is the correct way to do it in Windows Server 2012 R2 and Exchange 2013:
"Launch the MMC and add the Active Directory Schema. In attributes drill down to extensionAttribute1. Make sure these three properties are marked: Index this attribute in the Active Directory, Ambiguous Name Resolution, Replicate this attribute to the Global Catalog. And after some minutes ... give replication within a site between 5 and 15 minutes:"
Thank you, Tom
Hi,
Above DISM which worked for me to convert from core to gui windows 2012. is this the only best way to do conversion.
what about PS commnads.
Regards
Raj Navalgund
ADS/DNS/DHCP/RIS/GROUP POLICY/PowerShell/VMware/Esxi/Storage.
Hi Experts,
I have Added Child Domain now i want to demote this server for that purpose i do following steps
1-On particular domain controller RUN demote Wizard.
2-Follow link to perform metadata clean up
https://technet.microsoft.com/en-us/library/cc816907%28WS.10%29.aspx?f=255&MSPPError=-2147217396
But i got error when delete NTDS Settings (Screen Shot Attached)
My Mission is to remove hadeed-dc and join same machine domain as part of existing domain.
Please help
Dear all,
I look after a AD forest which has 3 domains and I use powershell on a regular basis to query the AD server in each of these domains. The way I currently do this is that I have a member server in each domain with AD users / computers installed and the AD PS module, however this only allows me to query just the domain I am logged into.
I would like to have just one management server in one of these domains (parent) and be able to query AD on each of the domains, is this possible?
How allow local admin account remote desktop after join domain ?
i know that after join domain the computer & user policy is control in domain controller, so when i remote desktop with local administrator i cant login. is there a way to allow local admin login through remote desktop ?
If I enable Advance Audit Directory Service Changes in Default Domain policy will it affect the logs that are already being generated by Basic Account Audit policy. Do I need to enable other advanced audit policies also to capture basic authentication logs.
My requirement is to retain the basic Security logs which are already being generated along with Object Move and Object deleted logs.
Hi
I recently encountered a problem on my active directory server, all my shared drives are inaccessible from every computer in the domain, i cannot ping the active directory server, and cannot connect using Remote Desktop Connection. Users have complained that they cant access even shared printers from LAN. All was working fine until this predicament, can anyone help.
Regards
Hello,
( Sorry my english is very bad)
I have 2 DC 2008R2 with replication between them.
I such to restore the AD with a Windows Backup
I stop the replica on the replica DC.
I restore successfully the Master DC. Then I have the Master Dc with a base -1 and the replica DC with the "corrupt" base. I search to replicate the base -1 on the replica DC.
On the Master DC I execute the command
authoritative restore
restore subtree « CN=info1,DC=info2 »
This command change 33 000 elements with success.
Then I reboot. And I activ the replica with the commande :
repadmin /options <DC Replica Name> -DISABLE_OUTBOUND_REPL
I force this replica, but the DC master received the comrrupt information from the replica DC.
Have you a explication ? a idee ?
thanks a lot for your help
EwKilian
Hi there
I need some help in understanding the domain merge in Windows server 2012 R2.
We have two domains namely A & B both on separate network. I want to merge domain B into domain A i.e all the user accounts, computer accounts, group etc. To do so I understand that this can be achieved by AD Migration tool and also have ruled the option of creating a two way transitive trust betweeen these two domains.
In the domain A, we will be having a container created which will hold all the users, computers from domain B so that everything from Domain B resides in only one container on Domain A.
Can you please advise me on how do we go about merging out networks subnets., dhcp and dns stuffs.
Also, what are the major challenges which can be forseen.
Regards,
Eager 2 Learn
(Note that i can not add graphics here. i will put them in a subsequent post)
I have an existing 2003R2 server which is being replaced by a 2012R2 Server.
I have verified that the existing AD is at at 2003 domain functional level.
When I Add the 2012 AD i get the following error:
Verification of replica failed. The forest functional level is Windows 2000. To install a windows server 2012 R2 Domain or domain controller the forest functional level must be Windows Server 2003 or higher.
When I go to the 2003 server, i can find the Domain Functional level, but i don't find anywhere to check the Forest Functional Level.
Can you point me in the right direction.