Hi,
Above DISM which worked for me to convert from core to gui windows 2012. is this the only best way to do conversion.
what about PS commnads.
Regards
Raj Navalgund
ADS/DNS/DHCP/RIS/GROUP POLICY/PowerShell/VMware/Esxi/Storage.
↧
Dism /online /enable-feature /featurename:Server-Gui-Mgmt /featurename:Server-Gui-Shell /featurename:ServerCore-FullServer
↧
Publishing Directory (LDAP) via Webpage
Hello. One of the deficiencies that I am having trouble finding a solution for is, an out of the box solution to read the contents of the LDAP tree and publish selected information (Employee Directory) to a website.
Ideally, being able to suppress certain accounts from the list (eg. if TEST is in First Name), being able to export the data to CSV and such would be hugely beneficial as well.
Is there any out of the box solutions that are reasonably priced that folks can suggest? Thanks!
Ed Gray
↧
↧
Domain Controller and Corrupt Secondary Domain Controller
I have a Windows Server 2003 acting as the primary domain controller and another server also running Windows Server 2003 acting as the secondary domain controller. I want to remove the secondary domain controller because it seems to be corrupt. Certain entries in the Active Directory have funny signs like $%^$@ for example but that is not in the primary domain controller. I want to remove the secondary domain controller and create it on a new other server. What is the steps need to be done doing this without breaking or corrupting my primary domain controller in the process aswell? Can I do this in live production aswell because that is only that role the second domain controller has?
↧
Domain Administration
If I have a abc.com and sub-abc.com, can I consolidate the administration GPO and AD?
What is the best way that can go about for this?
↧
Account Lockout and Automatic Email notification to Managers
Currently we are trying to reduce number of remedy tickets and would like to hand-over unlock operations to users manager or reporting officer.
I know it is simply very possible to create a script and report about the locked out users every defined number of minutes. But what i want to achieve is simply in below way:
- User ID get locked.
- Automatically send email to target user's manager or Reporting Officer.
- Manager or Reporting Officer unlocks the user ID (We will give delegation for Maangers to only Unlock AD User Accounts).
- User login to PC without contact support desk and we can reduce number of Remedy tickets getting generated.
Thanks for reading my question.
↧
↧
Windows 10 cannot join domain or access shares - The specified network name is no longer available (System error 64)
Hi All,
I got a peculiar problem that I cannot seem to understand. I suspect there must be something wrong with our domain configuration, as no Windows 10 machines (upgarded or clean install) is able to join (or re-join) the domain, or access any file shares on any servers. The error message is always the same:
System error 64 has occured.
The specified network name is no longer available
Checks that I've completed:
- Windows 7 on the same machine/network OK
- Windows 10 upgrade is not okay, Windows 10 clean install also unable to join the domain
- ip, DNS config, DNS suffix OK
- nslookup domain.local OK
- nslookup domain controllers OK
- ping domain OK
- ping domain controllers OK
- net use \\DC\Netlogon returns the same error
- gpupdate returns the same error (see below)
- No suspcious errors in the event log
- Raised domain functionality level to Windows Server 2008 R2
- IPv6 enabled everywhere
- DFS is enabled on the DCs
- UNC hardening turned on/off (RequireMutualAuthentication=0, RequireIntegrity=0), didn't help
We have Windows SBS 2011 and a Windows 2008 R2 domain controllers. The servers are hosted with only IPv4 VPN communication enabled with site-to-site tunneling between the offices. However nothing changed in the network infrastructure since we tried upgrading Windows 7 computers.
The full GPUPDATE error message:
Computer policy could not be updated successfully. The following errors were encountered:The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{UID}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
I found this thread to be quite useful and seemingly people are having the same problem, however it didn't resolve my issue:
https://community.spiceworks.com/topic/1119601-windows-10-group-policy-issue
Some people even hinted that it is a Win10 bug that wasn't yet solved in the Threshold 2 update.
Is there anyone out there who could help me? :)
↧
End user challenges after AD migration
What are the possible challenges or issues being faced by end users for whom the domain has been merged into a totally different domain.
For. e.g Company A bought Company B and then domain B is merged into Domain A, then what would be the major impact on end users of Domain A & B.
As per my understanding users from Domain A shldn't be facing any issues while users from domain B will/may face some issues like accessing file shares, any static ip's , permission issues etc.
While migrating the domain I am using the option with SID history.
Regards,
Eager 2 Learn
↧
AD Server configuration
. AD Server configuration – We have close to 75 employees and 10 employees from
other country. We need to create AD accounts and the file server for their day
to day activities "Any methods please suggest me"
other country. We need to create AD accounts and the file server for their day
to day activities "Any methods please suggest me"
↧
ADFS - wrong user getting authenticated
Hi,We have a simple setup - a single ADFS server running on Server 2012 authenticating users to Office 365. We are not using ADFS proxies, but traffic does pass through a reverse proxy.
When a userA logs in, they sometimes get logged in as userB - if they change a document in SharePoint, it shows as userB and they receive userB permissions. Logging off/on to Office365 solves the problem (they login successfully as userA)
There is no pattern about which user gets logged in as which user. I have a suspicion it may be because two users login at the same time, but I can't prove this and we can't reproduce it on demand.
Generally the user doesn't notice immediately after login so it's hard to search in eventvwr on the ADFS server.
What is the likely cause and how should I troubleshoot this? Enable debug logging on the ADFS server? Clearly this is a pretty serious problem.
Any help appreciated.
↧
↧
Domain Rename
My apologies if this isn't the correct forum. My question cuts across multiple technologies. My company has just taken on a new customer that has the following setup.
- Windows 2003 domain that is a mix of Windows 2003 and 2012 DCs.
- Single label domain (SLD) for AD DNS.
- Exchange 2003 is the production mail platform but someone had installed Exchange 2010 and the schema has been extended. Nothing has been migrated to the Exchange 2010 platform.
Customer's objectives (in no particular order)
- Migrate from on premise Exchange to Office 365.
- Migrate from SLD to a FQDN.
My questions.
- Can I migrate to Office 365 with a SLD? I found one reference in a MS article entitled "Single-Label-Domains in Active Directory Domain Services (AD DS)Considerations, Migration, and Co-existence" that seems to indicate that it isn't supported. I haven't been able to find any supporting information.
- I know that renaming a domain with Exchange 2010 in it is unsupported, but if Exchange 2010 is uninstalled/removed, does this put the domain back into a state that a domain rename is supported?
- If domain rename isn't possible, can ADMT be used to migrate to a new domain, considering that Exchange is in the environment?
Regards,
Kyle
↧
WIN10 PRO cannot connect to WIN SBS 2008 Domain, message references GPO issue
I upgraded a Windows 10 laptop to Windows 10 Pro with the Pro Pack purchased from the Microsoft Store. The install as a bit rocky but in the end did complete and display a message of successful install.
When I changed the membership on the laptop from the workgroup WORKGROUP to our domain (let's call it MAIN), authentication by an administrator was required and given and the Welcome message was displayed along with a restart required message.
After restart when attempting to login to the domain account, an error is displayed that an object needed for GPO is missing. (I do not have the exact message at this time.) All the searching I have done on the web does not address this set of symptoms/conditions.
Is it a problem to attach a Win 10 Pro client to Win Svr 2008 (not R2)? Is there a hotfix/update I can access for this situation?
Any help is appreciated. I cannot provide much more information at this moment as I have caught the flu and have been banned from the office until it's over - and I am going stir-crazy!
Steve
↧
What are the drawbacks to have computers in a domain and users/ressources in a child domain ?
Hi,
we have an Active Directory domain oganized like this :
1. DomA with approx 1500 users; 1000 computers and 120 servers
2. DomB which is a child domain of DomA with 500 users, 100 computers and 20 servers.
DomB is a very old domain and we will migrate in few months every ressources (users, computers & servers) from DomB to DomA
But actually, we want to migrate ONLY computers from domB to domA (when I say migrate, I mean "manually change the domain configuration" from each computer (as we also have many specific tasks to do on each ones).
So my question is :
What are the drawbacks to be in such situation ? (so with users from DomBlogging from a computer member of "DomA" and accessing ressources onDomA and DomB.
I dont really think it's a good situation but I dont have enough arguments to convince my boss ;-)
Many thanks for your help
↧
Course Grained Authorization in AD
We use Active Directory (Win2008) to authenticate users for multiple applications. Does anyone know if I can prevent a user from being authenticated to a specific application if they are not in a specific Group?
20 Bay Windows Home Server (Not Vail!)
http://piroozjavan.blogspot.com/
↧
↧
’net work path was not found
Hi I am using win server 2008r2 standard edition. When I join domain in win 8 or 7 pro Then its show error
1. ‘’net work path was not found
2. the specified server cannot perform the requested operation join domain.
Please help me
↧
Child Domain Trust Relations
HI All,
We have a HQ in US and Domain name is us.domain.com. They have few Child Domains.
Parent Domain: us.domain.com
Child domains: contract1.us.domain.com
contract2.us.domain.com
Now we just acquisition new business and domain name is newbusiness.com
We have create the forest trust between US ( Outgoing and incoming trust proerties)
Domain Name Trust Type Transitive
us.domain.com Forest Yes
contract1.us.domain.com External NoContract2.us.domain.com External No
Now i need to give permission to contact1 and 2 Administrators to admin newbusiness
But i cannot add those users to newbusiness\domain admins ?
As
↧
Forest Trust - Trusting domain cannot see child domain of trusted domain
Environment:
Forest A has a parent and child domain
-DomainA.Local
-Child.DomainA.Local
Forest B has a single domain
-DomainB.Local
I setup a 1-way Forest trust (transative) between DomainA.Local and DomainB.Local where DomainB trusts DomainA. This is working well and DomainB can "see" DomainA, I.E., the domain is listed in the drop down for logon to, it is a location I can use when adding members to domain local groups, etc.
I cannot, however, "see" the child domain of DomainA (Child.DomainA.Local) from DomainB. My understanding was that the Forest trust was supposed to be completely transative, therefore, DomainB should trust any domain that DomainA trusts.
I did some further testing and added another trust, this time an External form DomainB.Local to Child.DomainA.Local. I did not remove the orignal Forest Trust. With this in place I am able to "see" Child.DomainA.Local form DomainB.Local
Is this how I will have to leave it or am I missing somethign with my original Forest Trust? Thanks!
--Kevin
↧
Site and Site Link Question
Found out we have a DC in the wrong Site, causing logon issues due to distance. I am in a "chicken and egg" situation, caused by my own ignorance. I can't create a new site to put this DC into because there is no Site Link for it (I am required
to select an existing site link). However, I can't create the IP Site Link because it requires that I select 2 sites. Am I just supposed to select 2 random sites? I know I am doing something wrong. In looking at the Site Links, most show "sitelink
automatically generated"....not sure how they get automatically generated, while others appear to be manually created.
HDL
↧
↧
One Way trust, sudden Client problems
I've got 2 domains in separate forests. Domain A and Domain B.
Domain A trusts Domain B. This is a one way trust.
All PC's are in Domain A. They all run Windows 7. Both domains run at 'Server 2008 R2' forest functional level.
Half of the users log in with credentials from domain A, and they have no problems.
The other half of my users log in using credentials B. Logging in is fine, and they can access services such as Domain B's Exchange server, from their Domain A clients.
However, all of a sudden last Monday, for no reason, whenever any user from Domain B tries to change their password from their Domain A client, they get an error "The Security database on the server does not have a computer account for this workstation trust relationship" which implies the PC has dropped off the domain during the password reset.
If they then click 'switch user', re-enter their domain B username, and enter the new password, it then lets them back in as if there was no problem. Up until last Monday, this had been working fine, and we didn't have any problems.
The only thing that has changed, and this could be unrelated, is the domain controllers on domain B were change over from 2008 R2 DC's to 2012 R2 boxes recently. The forest functional level is still 2008 R2.
Naturally I've checked in AD domains and trusts, and clicking on 'validate' seems to imply there is no issue. Also checking the trust via nltest comes back OK.
I'm a bit stuck now, so wondered if anyone had any ideas as to what might have caused this, or how to fix it please?
Many thanks.
↧
account keeps locking
Hi,
My user account keeps getting locked out.
int the event viewer of the DC I can see that the login fails are coming from my own computer.
How can i find out what is causing this.
There are no schedule tasks or service running with my user account.
Kind Regards,
Stephen
↧
Need help going from SBS 2011 to SBS 2012 Standard
I've searched the net for a while now and there is not good instructions on this. I know SBS is an oddball of an OS. Can I add the 2012 R2 server as a another DC and demote the old thus transferring roles? I know I have to update DNS, transfer DHCP, etc.
Any help is appreciated.
Thank you,
↧