Hi all,
I hope you can help
I am looking to populate to the "city" field depending on the content of the office field
IE if the 'office' field is set to "Kings Cross", the'city' field gets populated with "Sydney"
Next thing, if there is a city_mapping.csv file with this office to city mapping can this be referenced?
I have over 500 entries to update and would rather not go mad(der) than I already am
many thanks!
Hello
Today we noticed that a newly installed domain controller has problems with the replication.
a dcdiag says:
C:\Users\administrator.TECNOFIL>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = TECGVM02
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\TECGVM02
Starting test: Connectivity
......................... TECGVM02 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\TECGVM02
Starting test: Advertising
......................... TECGVM02 passed test Advertising
Starting test: FrsEvent
......................... TECGVM02 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... TECGVM02 failed test DFSREvent
Starting test: SysVolCheck
......................... TECGVM02 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000603
Time Generated: 12/12/2015 09:09:04
Event String:
Active Directory Domain Services could not disable the software-base
d disk write cache on the following hard disk.
A warning event occurred. EventID: 0x80000B46
Time Generated: 12/12/2015 09:09:15
Event String:
The security of this directory server can be significantly enhanced
by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest)
LDAP binds that do not request signing (integrity verification) and LDAP simple
binds that are performed on a clear text (non-SSL/TLS-encrypted) connection. Ev
en if no clients are using such binds, configuring the server to reject them wil
l improve the security of this server.
......................... TECGVM02 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... TECGVM02 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... TECGVM02 passed test MachineAccount
Starting test: NCSecDesc
......................... TECGVM02 passed test NCSecDesc
Starting test: NetLogons
......................... TECGVM02 passed test NetLogons
Starting test: ObjectsReplicated
......................... TECGVM02 passed test ObjectsReplicated
Starting test: Replications
......................... TECGVM02 passed test Replications
Starting test: RidManager
......................... TECGVM02 passed test RidManager
Starting test: Services
......................... TECGVM02 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x80040020
Time Generated: 12/12/2015 09:09:04
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its wr
ite cache enabled. Data corruption may occur.
A warning event occurred. EventID: 0x80040020
Time Generated: 12/12/2015 09:09:04
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its wr
ite cache enabled. Data corruption may occur.
A warning event occurred. EventID: 0x80040020
Time Generated: 12/12/2015 09:09:04
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its wr
ite cache enabled. Data corruption may occur.
A warning event occurred. EventID: 0x00001796
Time Generated: 12/12/2015 09:09:18
Event String:
Microsoft Windows Server has detected that NTLM authentication is pr
esently being used between clients and this server. This event occurs once per b
oot of the server on the first time a client uses NTLM with this server.
A warning event occurred. EventID: 0x00002724
Time Generated: 12/12/2015 09:09:25
Event String:
This computer has at least one dynamically assigned IPv6 address.For
reliable DHCPv6 server operation, you should use only static IPv6 addresses.
......................... TECGVM02 passed test SystemLog
Starting test: VerifyReferences
......................... TECGVM02 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : tecnofil
Starting test: CheckSDRefDom
......................... tecnofil passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... tecnofil passed test CrossRefValidation
Running enterprise tests on : tecnofil.ch
Starting test: LocatorCheck
......................... tecnofil.ch passed test LocatorCheck
Starting test: Intersite
......................... tecnofil.ch passed test Intersite
C:\Users\administrator.TECNOFIL>
Anybody an idea how to get this replication error between dc1 (TECGVM01) and dc2 (TECGVM02) fixxed?
Regards and thank you
I just built a Functional Level 2008R2 AD Forest from the ground up with 2 domain controllers running Server 2012R2. After installation I verified that dcdiag was completely clean and verified DFS by creating a GPO which I confirmed was replicated to the SYSVOL on both DC's.
Today I went in to create another GPO and found that it would not replicate to one of the DCs.
Sure enough running a DFS Health report showed "waiting for initial replication"
DCDiag continues to show completely clean.
Repadmin /replsum continues to show no errors
Repadmin /syncall completes with no errors
I'm completely baffled as to either what happened or what to do. Restarting the DFS service completes with no errors or warnings whatsoever in the event log. Restarting all systems has no effect.
Any suggestions to resolve?
Good Morning.
I`ve joined a computer to a domain and when I try loggin on it gives me the message: "The security database on the server does not have a computer account for this workstation trust relationship".
I've tried making the following:
- Deleting the computer from my domain, deleting the object from AD and joining it again.
- Steps explained in these links:
http://technet.microsoft.com/en-us/library/ee849847(v=ws.10).aspx
http://clintboessen.blogspot.in/2011/06/security-database-on-server-does-not.html
And also used netdom and nltest to reset the trust relationship but nothing seemed to work.
Does anybody have any clue?
Ps.: If I change the computer name it works normally.
Raphael Santos | MCP 70-410
Email: raa.santos@hotmail.com
Linkedin: http://br.linkedin.com/pub/raphael-santos/39/87b/958/
Hi - are there MS instructions on migrating Certificate Services from Windows 2008 SBS to Windows 2012 Standard? Can I set up Certificate Services on the 2012 server while the 2008 SBS one is running, for replication, and then transition to the 2012? Thanks!
David
SF Dave
I am migrating a Windows 2012 Standard server to a Windows Server 2012R2 Essentials server. I am at the point where I am ready to remove the W2012 Std DC and noticed that the demotion works a little different in 2012.
When I demote the DC it still has DNS and AD services installed. What should I do next? Is there a step by step or best practice?
Thanks.
Hi All,
We have two domain
Parent domain and child domain,
There are two users who belongs to child domain and they want administrative access on the computer object( Laptop) belongs to parent domain.
If it is same domain we can provide access using managedby, Since it is cross domain i am not sure how to do this. Kindly help on the same. Thanks!!
Hi everyone,
I have performed an authoritative restore of our ADDS FSMO DC to an isolated testlab. Obviously there are no other DC's to replicate with it, so it's complaining:
Event ID: 2092 Replication
This server is the owner of the following FSMO role, but does not consider it valid. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated.
This can be done by using NTDSUTIL.EXE to seize the role to the same server.
A netdom query fsmo says the ADDS DC is the FSMO holder.
So I boot into ADDS repair mode, try and seize the roles to 'make it valid' but when I try and connect to the ADDS DC, I get:
Binding to <server>
DsBindWithSpnExw error 0x6ba The RPC server is unavailable.
SYSVOL is shared out (via d4), but there is NO NETLOGON and NO Group policy/SCRIPTS folders within C:\Windows\SYSVOL
Any tips most appreciated!
Hi
I want to create Security boundary for OU, so that login in to computers from one OU should be restricted to users from other OU.
Consider my OU as a geographical city, we are having 100 cities (OU) under one forest one domain infrastructure.
Need a solution either OU permission level or GPO level, but with less administration or any other suggesions are highly waiting.
Thanks
Hello all IT Professionals I've got several questions to ask !
Well guys there is a bit of confusion here the dialogue box says the all of accounts use Forest Root Domain FQDN as there UPN Suffix but why we still create and use new UPN Suffixes ?
Why do we use UPN Suffixes ?
hello,
organization has about 1k users, those users are located in two domains, separate forests.
one of them is in external domain, one is .local.
what are the suggestions and best practices to ensure users have single sign on experience in the .local domain? and all users use the same UPN suffix (external one).
The external domain is a no-brainer. changing the UPN to match the "e-mail" and setting up ADFS, but what is approach for the .local one?
Can two UPN identical (external) suffixes be used for both domains? What are the options here?
Suggestions are appreciated, thank you.
Guys I have several questions about transitive trusts and they are:
Consider the following Infrastructure :
Since all of forest trusts are transitive will the Forest A trust Forest C ?
And if not so what does a transitive trust mean ?
Hi,
I am not able to promote DC at one of our remote site having MPLS network connectivity though I can see Portqry results are ok.
We have Windows 2012R2 Infra and MPLS Network
During promotion, wizard takes several minutes at Examining DNS Servers, and moves forward, then it gives error message The Operation Failed because, Active Directory Domain Services could not cerate the NTDS setting objects for this active directory domain controller CN-NTDS.......Ensure the provided network credentials have sufficient permissions.
"The RPC Server is unavailable"
I have searched several posts, but none of them is helpful. Even I took Netmon traces from both the DCs, but I do not have enough skills to dig the traces.
Can any of my friend throws light advise / point me what could be the issue?
Best Regards, Ranjit Singh
Hi guys.
I have found a problem on my network and I have tried to figure out how to fix it, but no success so far.
I have two domains, the first one is my main domain and the second one is my homologation domain.
My homologation domain trusts my main domain, but my main domain doesn't trust my homologation domain (non transitive trust).
Since beginning of November if anyone tries to change the password using Ctrl + Alt + Del and tries to change it of the other domain account, we get the error message below:
"The security database on the server does not have a computer account for this workstation trust relationship"
But this is quite weird because it changes the password successfully, but we get the error message.
Note: It just happens when I try to change the password from one domain to the second one.
For example: If I am logged on DOMAIN1 and I try to change password of an account on DOMAIN2, it changes successfully, but I get this error. It also happens if I try from DOMAIN2 to DOMAIN1, it changes, but error message.
Note2: Changing the password on the same domain that I am logged on, the problem doesn't happen.
Note3: When the problem started to happen we were installing and configuring ADFS (Federation Services) and Exchange Server (on different servers than Domain Controllers) on the homologation domain. Although we don't believe this is the problem.
Environment:
Main Domain: Domain Controllers running Windows Server 2012 R2 and Windows Server 2008 R2 (some branches, the headquarter is running 2012);
Homologation Domain: Domain Controllers running Windows Server 2012 R2 only;
Functional Level: Windows Server 2008 R2.
Client computer: Windows 8.1 (but even trying to change from any other computer the same problem happens).
What we've done trying to fix so far:
1. Uninstall ADFS (just in case);
2. Check Exchange configuration looking for some thing or issue about authentication;
3. Check for duplicates SPN (setspn -F -X);
4. Recreate the trust relationship (the same way than before);
5. Move FSMO between the servers;
6. Check DNS;
7. Reboot the servers (Domain Controllers);
8. DCDiag (no problems found);
9. Event Viewer of the domain controllers (nothing apparently related to the problem);
10. Rejoin the client to domain;
11. Check the workstation Event Viewer (just in case).
I don't know where is the problem exactly. We've researching for this since beginning of November and no success so far. :-(
Thank you in advance!
JC
Hi,
I need your help in restoring the deleted GPO.
FYI, I know the GPO GUID name and the links it had.
Also, replication is complete so no DC has the GPO still available.
Course of action that I'm thinking:
1 TSM restore the Sysvol folder to an alternate location on one of the root DC
2 Create a new GPO
3 Fetch the GUID for the new GPO
4 Copy the contents of old GPO into new GPO GUID folder
5 Create the links
6 Stop FRS
7 Set Burflags to D4 globally at startup
8 Start FRS
9 Confirm in FRS log for sysvol share creation
Or, ignore steps 6 - 9 above and just run gpupdate /force
Idea is to authoritatively restore the gpo to other Dc's as quickly as possible, without waiting for 60 mins when sysvol normally replicates.
Need your confirmation on the above steps and best advise.
TIA
- thestriver
Hi all,
I would like to understand how Active Directory works under the hood. I've checked some labs/videos on MVA and those were quite good, but I would like to see the full picture, including the best tools to use during troubleshooting. I'm an MCTS in Active Directory 2008, so I know how to configure and administer an AD, but I wanna go further.
Could you please suggest some trainings/books/labs/videos or anything that can guide me through AD mechanism/troubleshooting?
Thank you & Kind regards,
Dvijne
I'm a adminstrator of a Server 2012R2.
A ex-employee has a folder another user needs. When I tried to copy the specific folder from the user directory I get the error message 'Network Error" - You do not have permission to access \\server\Users Shared Folders\username\...
Note that the old users profile was corrupted and a new profile, for the new employee was created. I'm now trying to copy the files she needs over (she was using the ex-employee user name and password before it became corrupted).
Suggestions?
Thanks.
Darryl
Friends:
My AD DS is throwing an error reading "An attempt to fetch the password of a group managed service account failed." The name of the service account is msa; the computer that it references is my domain controller. And it is reporting error 6, whatever that means.
Does anyone know what this is and how to fix it?
Micah