Hi Folks,

We have multidomian heirarcy with A_domain.com(forestroot) and B.A_domain.com(resource), C.A_domain.com(accounts) [25+ domain controllers in branch sites for accounts domain]

We have hub and spoke replication topology and it's somewhat messy. I would like to optimize. I would like to know if domain controllers in branch sites need to have replication link to forest root domain controllers. Ideally the Schema and DNS partitions will be replicated to all DC in the forests and the branch sites DC can have replication partners in hub site for the same domian i.e. C.A_domain.com DC in branch sites gets replication data from C.A_domain.com DC in hub site. The hub site DC for C.A_domain.com will have replication partner from A_domain.com(Forest) from the same hubsite. Do you see any issues removing replication link from branch sites to forest root and creating a replication link with another dc at hub site from the same domain.

Regards,

Nav

Regards, Navdeep

Hi,

Rather simple question. Can I run security translation in add mode while my users are logged in and working in the source domain without problems? I've been told that the users should be logged out, but I can't find it documented anywhere. This would really make the process easier if they can continue to work like nothing was happening.

Thank you.

Hi

We are changing the 1 Gb NIC of Domain controllers, will do the change with FSMO owner first and once it's up we will proceed with second DC. Is there any special procedure with changing NIC for a DC?

Thank in advance

LMS

Hi people i need generate wildcard certificate for *.domain1.com and *.sub.domain2.com

one second level wildcard and one third level wildcard. It is posibble to include this two domains in one wildcard certificate? I need it from public authority.

Thanks

Hi, we've had some intermittent issues with maxtokensize errors on Windows 7 and Server 2008 computers in our environment. We implemented a group policy to push out the key atHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lsa\Kerberos\Parametersand set the value to 48000 as suggested by this article.

https://technet.microsoft.com/en-us/library/active-directory-maximum-limits-scalability(v=ws.10).aspx

However, on some servers, we are still seeing errors such as the following, and group policy is failing to apply because of it.

"The kerberos SSPI package generated an output token of size 15719 bytes, which was too large to fit in the token buffer of size 12000 bytes, provided by process id 4.
 
The application needs to be fixed to supply a token buffer of size at least 48000 bytes."

I have confirmed the registry key exists on the server. Can anyone suggest an explanation why this could be occurring?

Hello,

i have multiple domains with DNS zone transfer configurations these configuration has been changed from allow zone transfer to be unchecked is there any security id's can provide me who changed it ?  

Thanks in advance.

Hi

I want to create Security boundary for OU, so that login in to computers from one OU should be restricted to users from other OU.

Consider my OU as a geographical city, we are having 100 cities (OU) under one forest one domain infrastructure.  

Need a solution either OU permission level or GPO level, but with less administration or any other suggesions are highly waiting.

Thanks

Our Org is working on Re-Designing Active Directory,
Due to following:

1. All end user machines are managed by a vendor - How appropriate is it to create a separate domain specifically for Computer
So that the vendor does not have any rights or privileges in the Root Domain (Current Structure is Single Forest-Domain)

2. Please consider that going forward everything will be upgraded to Windows Server 2012 R2 or a latest one available a given point in time - with Features like DAC, AuthN Policies and AuthN policy Silos, Protected Users, DRS-Device Registration Service,
How appropriate is to create domain only for machines and then manage all access to all the resources required by the machines...

3. Isn't the latest trends recommend to remain in Single Forest-Domain structure - and use features or technologies like Federation, Mobility and Cloud...

Please do reply at your earliest, and thanks in advance to all

Best Regards,
/AnExtremist

An Extremist

Hello Experts,

Here is our current environment in our Domain -

Hi

I am deploying an Azure 2012 Server that I am going to join to my existing domain as an additional DC. My current DC is a SBS 2003 server

How would I join and configure the 2012 server to the domain so that both DC's will function independently of one another.

I have already tried setting this up but as soon as I lose the connection between the two machines, the 2012 server stops functioning when users try to connect.

I assume this has got to do with the "Operations Master" settings but I am reluctant to make any changes to these settings as I cannot afford to have the SBS 2003 server stop working since it is the main DC in the office.

In summary, I would like to have SBS 2003 and Server 2012 both be DC's of the same domain but not require a persistent connection between them to function properly. How can I achieve this?

Thanks in advance

Hi -

I am working in a Windows 2008 R2 environment. I have an OU that has the "protect this object from accidental deletion" box checked, which puts an explicit DENY on the "Delete All Child Object" permissions for the EVERYONE group. I am also a member of a group that has create/delete permissions for computer objects in this OU. I find that despite the explicit DENY permission, I am still able to move computer objects out of that OU

Question: Assuming that moving an object involves deleting it from one OU and creating it in another, how am I able to move the object? My expectation is that the explicit DENY on the OU would prevent me from deleting the object from the OU despite my group-based permissions.

Any insight would be greatly appreciated.

Thank you

In my forest, I have a 2 way transitive trust with another forest.  The trust is set to allow forest-wide authentication. We have an RODC in the data center where the remote forest is located.  In the System event log on the RODC, I see frequent instances of Event ID 5723, followed a few minutes later by event ID 5805, both from netlogon. The Events read as follows:

Log Name:      System
Source:        NETLOGON
Date:          12/27/2015 6:11:33 AM
Event ID:      5723
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      RODC.mydomain.com
Description:
The session setup from computer 'OtherDC1' failed because the security database does not contain a trust account 'OtherDomain.Internal.' referenced by the specified computer.

USER ACTION
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'OtherDomain.Internal.' is a legitimate machine account for the computer 'OtherDC1' then 'OtherDC1' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:

If 'OtherDomain.Internal.' is a legitimate machine account for the computer 'OtherDC1', then 'OtherDC1' should be rejoined to the domain.

If 'OtherDomain.Internal.' is a legitimate interdomain trust account, then the trust should be recreated.

Otherwise, assuming that 'OtherDomain.Internal.' is not a legitimate account, the following action should be taken on 'OtherDC1':

If 'OtherDC1' is a Domain Controller, then the trust associated with 'OtherDomain.Internal.' should be deleted.

If 'OtherDC1' is not a Domain Controller, it should be disjoined from the domain.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="NETLOGON" /><EventID Qualifiers="0">5723</EventID><Level>2</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2015-12-27T12:11:33.000000000Z" /><EventRecordID>116817</EventRecordID><Channel>System</Channel><Computer>RODC.mydomain.com</Computer><Security /></System><EventData><Data>OtherDC1</Data><Data>OtherDomain.Internal.</Data><Binary>8B0100C0</Binary></EventData></Event>

Log Name:      System
Source:        NETLOGON
Date:          12/27/2015 6:21:01 AM
Event ID:      5805
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      RODC.mydomain.com
Description:
The session setup from the computer OtherDC1 failed to authenticate. The following error occurred:
Access is denied.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="NETLOGON" /><EventID Qualifiers="0">5805</EventID><Level>2</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2015-12-27T12:21:01.000000000Z" /><EventRecordID>116819</EventRecordID><Channel>System</Channel><Computer>RODC.mydomain.com</Computer><Security /></System><EventData><Data>OtherDC1</Data><Data>%%5</Data><Binary>220000C0</Binary></EventData></Event>

These events appear several times a day, at intervals anywhere from about 1-5 hours apart.  

Based on the text in event 5723, I added OtherDC1.OtherDomain.Internal to the "Allowed RODC Password Replication Group" in mydomain, but this did not make a difference. 

What would cause this and how can I resolve the issue?

This might seem like a basic question but I figured I would not need Fine grain policies to achieve this.  I have a set of users that enjoy changing their password from "Password1" to "Password2" and so on.  I want to remove the ability to have the word "Password" to be in a user password.  The Domain is Server 2008R2 and Complexity is turned on.  Do I need Fine Grain Password Policy or am I missing a setting.

I think this is firewall related. I am trying to get all of the ports open on my Cisco 1921 router to allow seamless traffic within the domain. The two networks are on separate subnets they are on separate VLANs.  

192.168.1.0 (domain controllers/DNS)

192.168.5.0 (New servers)

When I join a domain it joins and gives me the following error

"

Using the domain join User Interface (UI) to join a Windows 7 or Windows Server 2008 R2 workgroup computer to an Active Directory domain by specifying the target DNS domain name fails with the following on-screen error:

Changing the Primary Domain DNS name of this computer to "" failed. The name will 
remain "<DNS domain>.<top level domain>". 
The error was:

The specified server cannot perform the required operation."

I performed the steps here http://support.microsoft.com/kb/2018583 and still get the error.

Here is my NetSetup. 

04/17/2012 18:37:16:985 -----------------------------------------------------------------
04/17/2012 18:37:16:985 NetpValidateName: checking to see if 'DIONYSUS' is valid as type 1 name
04/17/2012 18:37:17:001 NetpCheckNetBiosNameNotInUse for 'DIONYSUS' [MACHINE] returned 0x0
04/17/2012 18:37:17:001 NetpValidateName: name 'DIONYSUS' is valid for type 1
04/17/2012 18:37:17:001 -----------------------------------------------------------------
04/17/2012 18:37:17:001 NetpValidateName: checking to see if 'DIONYSUS' is valid as type 5 name
04/17/2012 18:37:17:001 NetpValidateName: name 'DIONYSUS' is valid for type 5
04/17/2012 18:37:17:001 -----------------------------------------------------------------
04/17/2012 18:37:17:001 NetpValidateName: checking to see if 'corp.smrhosting.com' is valid as type 3 name
04/17/2012 18:37:17:001 NetpValidateName: 'corp.smrhosting.com' is not a valid NetBIOS domain name: 0x7b
04/17/2012 18:37:17:110 NetpCheckDomainNameIsValid [ Exists ] for 'corp.smrhosting.com' returned 0x0
04/17/2012 18:37:17:110 NetpValidateName: name 'corp.smrhosting.com' is valid for type 3
04/17/2012 18:37:23:923 -----------------------------------------------------------------
04/17/2012 18:37:23:923 NetpDoDomainJoin
04/17/2012 18:37:23:923 NetpMachineValidToJoin: 'DIONYSUS'
04/17/2012 18:37:23:923 	OS Version: 6.1
04/17/2012 18:37:23:923 	Build number: 7601 (7601.win7sp1_gdr.120305-1505)
04/17/2012 18:37:23:923 	ServicePack: Service Pack 1
04/17/2012 18:37:23:923 	SKU: Windows Server 2008 R2 Enterprise
04/17/2012 18:37:23:923 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
04/17/2012 18:37:23:923 NetpGetLsaPrimaryDomain: status: 0x0
04/17/2012 18:37:23:923 NetpMachineValidToJoin: status: 0x0
04/17/2012 18:37:23:923 NetpJoinDomain
04/17/2012 18:37:23:923 	Machine: DIONYSUS
04/17/2012 18:37:23:923 	Domain: corp.smrhosting.com
04/17/2012 18:37:23:923 	MachineAccountOU: (NULL)
04/17/2012 18:37:23:923 	Account: corp.smrhosting.com\dave
04/17/2012 18:37:23:923 	Options: 0x25
04/17/2012 18:37:23:923 NetpLoadParameters: loading registry parameters...
04/17/2012 18:37:23:923 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
04/17/2012 18:37:23:923 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
04/17/2012 18:37:23:923 NetpLoadParameters: status: 0x2
04/17/2012 18:37:23:923 NetpValidateName: checking to see if 'corp.smrhosting.com' is valid as type 3 name
04/17/2012 18:37:23:923 NetpValidateName: 'corp.smrhosting.com' is not a valid NetBIOS domain name: 0x7b
04/17/2012 18:37:24:032 NetpCheckDomainNameIsValid [ Exists ] for 'corp.smrhosting.com' returned 0x0
04/17/2012 18:37:24:032 NetpValidateName: name 'corp.smrhosting.com' is valid for type 3
04/17/2012 18:37:24:032 NetpDsGetDcName: trying to find DC in domain 'corp.smrhosting.com', flags: 0x40001010
04/17/2012 18:37:24:954 NetpDsGetDcName: failed to find a DC having account 'DIONYSUS$': 0x525, last error is 0x0
04/17/2012 18:37:24:954 NetpLoadParameters: loading registry parameters...
04/17/2012 18:37:24:954 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
04/17/2012 18:37:24:954 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
04/17/2012 18:37:24:954 NetpLoadParameters: status: 0x2
04/17/2012 18:37:24:954 NetpDsGetDcName: status of verifying DNS A record name resolution for 'Hestia.corp.smrhosting.com': 0x0
04/17/2012 18:37:24:954 NetpDsGetDcName: found DC '\\Hestia.corp.smrhosting.com' in the specified domain
04/17/2012 18:37:24:954 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
04/17/2012 18:37:25:141 NetpJoinDomain: status of connecting to dc '\\Hestia.corp.smrhosting.com': 0x0
04/17/2012 18:37:25:141 NetpProvisionComputerAccount:
04/17/2012 18:37:25:141 	lpDomain: corp.smrhosting.com
04/17/2012 18:37:25:141 	lpMachineName: DIONYSUS
04/17/2012 18:37:25:141 	lpMachineAccountOU: (NULL)
04/17/2012 18:37:25:141 	lpDcName: Hestia.corp.smrhosting.com
04/17/2012 18:37:25:141 	lpDnsHostName: (NULL)
04/17/2012 18:37:25:141 	lpMachinePassword: (null)
04/17/2012 18:37:25:141 	lpAccount: corp.smrhosting.com\dave
04/17/2012 18:37:25:141 	lpPassword: (non-null)
04/17/2012 18:37:25:141 	dwJoinOptions: 0x25
04/17/2012 18:37:25:141 	dwOptions: 0x40000003
04/17/2012 18:37:25:188 NetpLdapBind: Verified minimum encryption strength on Hestia.corp.smrhosting.com: 0x0
04/17/2012 18:37:25:188 NetpLdapGetLsaPrimaryDomain: reading domain data
04/17/2012 18:37:25:188 NetpGetNCData: Reading NC data
04/17/2012 18:37:25:188 NetpGetDomainData: Lookup domain data for: DC=corp,DC=smrhosting,DC=com
04/17/2012 18:37:25:188 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=corp,DC=smrhosting,DC=com
04/17/2012 18:37:25:188 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0
04/17/2012 18:37:25:219 NetpGetComputerObjectDn: Cracking DNS domain name corp.smrhosting.com/ into Netbios on \\Hestia.corp.smrhosting.com
04/17/2012 18:37:25:219 NetpGetComputerObjectDn: Crack results: 	name = CORP\
04/17/2012 18:37:25:219 NetpGetComputerObjectDn: Cracking account name CORP\DIONYSUS$ on \\Hestia.corp.smrhosting.com
04/17/2012 18:37:25:219 NetpGetComputerObjectDn: Crack results: 	Account does not exist
04/17/2012 18:37:25:219 NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x534
04/17/2012 18:37:25:219 NetpProvisionComputerAccount: LDAP creation failed: 0x534
04/17/2012 18:37:25:219 ldap_unbind status: 0x0
04/17/2012 18:37:25:219 NetpJoinDomainOnDs: Function exits with status of: 0x534
04/17/2012 18:37:25:219 NetpJoinDomainOnDs: status of disconnecting from '\\Hestia.corp.smrhosting.com': 0x0
04/17/2012 18:37:25:219 NetpDoDomainJoin: status: 0x534
04/17/2012 18:37:25:219 -----------------------------------------------------------------
04/17/2012 18:37:25:219 NetpDoDomainJoin
04/17/2012 18:37:25:219 NetpMachineValidToJoin: 'DIONYSUS'
04/17/2012 18:37:25:219 	OS Version: 6.1
04/17/2012 18:37:25:219 	Build number: 7601 (7601.win7sp1_gdr.120305-1505)
04/17/2012 18:37:25:219 	ServicePack: Service Pack 1
04/17/2012 18:37:25:219 	SKU: Windows Server 2008 R2 Enterprise
04/17/2012 18:37:25:219 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
04/17/2012 18:37:25:219 NetpGetLsaPrimaryDomain: status: 0x0
04/17/2012 18:37:25:219 NetpMachineValidToJoin: status: 0x0
04/17/2012 18:37:25:219 NetpJoinDomain
04/17/2012 18:37:25:219 	Machine: DIONYSUS
04/17/2012 18:37:25:219 	Domain: corp.smrhosting.com
04/17/2012 18:37:25:219 	MachineAccountOU: (NULL)
04/17/2012 18:37:25:219 	Account: corp.smrhosting.com\dave
04/17/2012 18:37:25:219 	Options: 0x27
04/17/2012 18:37:25:219 NetpLoadParameters: loading registry parameters...
04/17/2012 18:37:25:219 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
04/17/2012 18:37:25:219 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
04/17/2012 18:37:25:219 NetpLoadParameters: status: 0x2
04/17/2012 18:37:25:219 NetpValidateName: checking to see if 'corp.smrhosting.com' is valid as type 3 name
04/17/2012 18:37:25:219 NetpValidateName: 'corp.smrhosting.com' is not a valid NetBIOS domain name: 0x7b
04/17/2012 18:37:25:329 NetpCheckDomainNameIsValid [ Exists ] for 'corp.smrhosting.com' returned 0x0
04/17/2012 18:37:25:329 NetpValidateName: name 'corp.smrhosting.com' is valid for type 3
04/17/2012 18:37:25:329 NetpDsGetDcName: trying to find DC in domain 'corp.smrhosting.com', flags: 0x40001010
04/17/2012 18:37:26:251 NetpDsGetDcName: failed to find a DC having account 'DIONYSUS$': 0x525, last error is 0x0
04/17/2012 18:37:26:251 NetpLoadParameters: loading registry parameters...
04/17/2012 18:37:26:251 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
04/17/2012 18:37:26:251 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
04/17/2012 18:37:26:251 NetpLoadParameters: status: 0x2
04/17/2012 18:37:26:251 NetpDsGetDcName: status of verifying DNS A record name resolution for 'Hestia.corp.smrhosting.com': 0x0
04/17/2012 18:37:26:251 NetpDsGetDcName: found DC '\\Hestia.corp.smrhosting.com' in the specified domain
04/17/2012 18:37:26:251 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
04/17/2012 18:37:26:251 NetpJoinDomain: status of connecting to dc '\\Hestia.corp.smrhosting.com': 0x0
04/17/2012 18:37:26:251 NetpProvisionComputerAccount:
04/17/2012 18:37:26:251 	lpDomain: corp.smrhosting.com
04/17/2012 18:37:26:251 	lpMachineName: DIONYSUS
04/17/2012 18:37:26:251 	lpMachineAccountOU: (NULL)
04/17/2012 18:37:26:251 	lpDcName: Hestia.corp.smrhosting.com
04/17/2012 18:37:26:251 	lpDnsHostName: (NULL)
04/17/2012 18:37:26:251 	lpMachinePassword: (null)
04/17/2012 18:37:26:251 	lpAccount: corp.smrhosting.com\dave
04/17/2012 18:37:26:251 	lpPassword: (non-null)
04/17/2012 18:37:26:251 	dwJoinOptions: 0x27
04/17/2012 18:37:26:251 	dwOptions: 0x40000003
04/17/2012 18:37:26:251 NetpLdapBind: Verified minimum encryption strength on Hestia.corp.smrhosting.com: 0x0
04/17/2012 18:37:26:251 NetpLdapGetLsaPrimaryDomain: reading domain data
04/17/2012 18:37:26:251 NetpGetNCData: Reading NC data
04/17/2012 18:37:26:251 NetpGetDomainData: Lookup domain data for: DC=corp,DC=smrhosting,DC=com
04/17/2012 18:37:26:251 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=corp,DC=smrhosting,DC=com
04/17/2012 18:37:26:251 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0
04/17/2012 18:37:26:251 NetpGetComputerObjectDn: Cracking DNS domain name corp.smrhosting.com/ into Netbios on \\Hestia.corp.smrhosting.com
04/17/2012 18:37:26:251 NetpGetComputerObjectDn: Crack results: 	name = CORP\
04/17/2012 18:37:26:251 NetpGetComputerObjectDn: Cracking account name CORP\DIONYSUS$ on \\Hestia.corp.smrhosting.com
04/17/2012 18:37:26:251 NetpGetComputerObjectDn: Crack results: 	Account does not exist
04/17/2012 18:37:26:251 NetpGetComputerObjectDn: Cracking Netbios domain name CORP\ into root DN on \\Hestia.corp.smrhosting.com
04/17/2012 18:37:26:251 NetpGetComputerObjectDn: Crack results: 	name = DC=corp,DC=smrhosting,DC=com
04/17/2012 18:37:26:266 NetpGetComputerObjectDn: Got DN CN=DIONYSUS,CN=Computers,DC=corp,DC=smrhosting,DC=com from the default computer container
04/17/2012 18:37:26:266 NetpModifyComputerObjectInDs: Initial attribute values:
04/17/2012 18:37:26:266 		objectClass  =  Computer
04/17/2012 18:37:26:266 		SamAccountName  =  DIONYSUS$
04/17/2012 18:37:26:266 		userAccountControl  =  0x1000
04/17/2012 18:37:26:266 		DnsHostName  =  DIONYSUS.corp.smrhosting.com
04/17/2012 18:37:26:266 		ServicePrincipalName  =  HOST/DIONYSUS.corp.smrhosting.com  RestrictedKrbHost/DIONYSUS.corp.smrhosting.com  HOST/DIONYSUS  RestrictedKrbHost/DIONYSUS
04/17/2012 18:37:26:266 		unicodePwd  =  <SomePassword>
04/17/2012 18:37:26:266 NetpModifyComputerObjectInDs: Computer Object does not exist in OU
04/17/2012 18:37:26:266 NetpModifyComputerObjectInDs: Attribute values to set:
04/17/2012 18:37:26:266 		objectClass  =  Computer
04/17/2012 18:37:26:266 		SamAccountName  =  DIONYSUS$
04/17/2012 18:37:26:266 		userAccountControl  =  0x1000
04/17/2012 18:37:26:266 		DnsHostName  =  DIONYSUS.corp.smrhosting.com
04/17/2012 18:37:26:266 		ServicePrincipalName  =  HOST/DIONYSUS.corp.smrhosting.com  RestrictedKrbHost/DIONYSUS.corp.smrhosting.com  HOST/DIONYSUS  RestrictedKrbHost/DIONYSUS
04/17/2012 18:37:26:266 		unicodePwd  =  <SomePassword>
04/17/2012 18:37:26:344 NetpEncodeProvisioningBlob: Encoding provisioning data
04/17/2012 18:37:26:344 NetpInitBlobWin7: Constructing blob...
04/17/2012 18:37:26:344 Blob version: 1
04/17/2012 18:37:26:344 	lpDomain: corp.smrhosting.com
04/17/2012 18:37:26:344 	lpMachineName: DIONYSUS
04/17/2012 18:37:26:344 	lpMachinePassword: <omitted from log>
04/17/2012 18:37:26:344    DomainDnsPolicy:
04/17/2012 18:37:26:344    	Name: CORP
04/17/2012 18:37:26:344    	DnsDomainName: corp.smrhosting.com
04/17/2012 18:37:26:344    	DnsForestName: corp.smrhosting.com
04/17/2012 18:37:26:344    	DomainGuid: b4127f22-c6e7-41dc-bed4-edde9256e120
04/17/2012 18:37:26:344    	Sid: S-1-5-21-2019615028-1116010465-369525228
04/17/2012 18:37:26:344    DcInfo:
04/17/2012 18:37:26:344    	DomainControllerName: \\Hestia.corp.smrhosting.com
04/17/2012 18:37:26:344    	DomainControllerAddress: \\192.168.1.3
04/17/2012 18:37:26:344    	DomainControllerAddressType: 1
04/17/2012 18:37:26:344    	DomainGuid: b4127f22-c6e7-41dc-bed4-edde9256e120
04/17/2012 18:37:26:344    	DomainName: corp.smrhosting.com
04/17/2012 18:37:26:344    	DnsForestName: corp.smrhosting.com
04/17/2012 18:37:26:344    	Flags: 0xe00031fc
04/17/2012 18:37:26:344    	DcSiteName: Default-First-Site-Name
04/17/2012 18:37:26:344    	ClientSiteName: Default-First-Site-Name
04/17/2012 18:37:26:344 	Options: 0x40000003
04/17/2012 18:37:26:344 NetpInitBlobWin7: Blob pickling result: 0
04/17/2012 18:37:26:344 NetpEncodeProvisioningBlob: result: 0x0
04/17/2012 18:37:26:360 ldap_unbind status: 0x0
04/17/2012 18:37:26:360 NetpRequestOfflineDomainJoin:
04/17/2012 18:37:26:360 	dwProvisionBinDataSize: 1016
04/17/2012 18:37:26:360 	JoinOptions: 0x27
04/17/2012 18:37:26:360 	Options: 0x40000003
04/17/2012 18:37:26:360 	lpWindowsPath: C:\Windows
04/17/2012 18:37:26:360 NetpDecodeProvisioningBlob: Unpickling provisioning blob with size 1016 bytes
04/17/2012 18:37:26:360 NetpDecodeProvisioningBlob: Searching 1 blobs for supported ODJ blob, highest supported version: 1
04/17/2012 18:37:26:360 NetpDecodeProvisioningBlob: Found ODJ blob version: 1
04/17/2012 18:37:26:360 NetpDecodeProvisioningBlob: Selected ODJ blob version: 1
04/17/2012 18:37:26:360 Blob version: 1
04/17/2012 18:37:26:360 	lpDomain: corp.smrhosting.com
04/17/2012 18:37:26:360 	lpMachineName: DIONYSUS
04/17/2012 18:37:26:360 	lpMachinePassword: <omitted from log>
04/17/2012 18:37:26:360    DomainDnsPolicy:
04/17/2012 18:37:26:360    	Name: CORP
04/17/2012 18:37:26:360    	DnsDomainName: corp.smrhosting.com
04/17/2012 18:37:26:360    	DnsForestName: corp.smrhosting.com
04/17/2012 18:37:26:360    	DomainGuid: b4127f22-c6e7-41dc-bed4-edde9256e120
04/17/2012 18:37:26:360    	Sid: S-1-5-21-2019615028-1116010465-369525228
04/17/2012 18:37:26:360    DcInfo:
04/17/2012 18:37:26:360    	DomainControllerName: \\Hestia.corp.smrhosting.com
04/17/2012 18:37:26:360    	DomainControllerAddress: \\192.168.1.3
04/17/2012 18:37:26:360    	DomainControllerAddressType: 1
04/17/2012 18:37:26:360    	DomainGuid: b4127f22-c6e7-41dc-bed4-edde9256e120
04/17/2012 18:37:26:360    	DomainName: corp.smrhosting.com
04/17/2012 18:37:26:360    	DnsForestName: corp.smrhosting.com
04/17/2012 18:37:26:360    	Flags: 0xe00031fc
04/17/2012 18:37:26:360    	DcSiteName: Default-First-Site-Name
04/17/2012 18:37:26:360    	ClientSiteName: Default-First-Site-Name
04/17/2012 18:37:26:360 	Options: 0x40000003
04/17/2012 18:37:26:360 NetpDoInitiateOfflineDomainJoin
04/17/2012 18:37:26:360 NetpDoInitiateOfflineDomainJoin: Setting backup/restore privileges
04/17/2012 18:37:26:360 NetpInitiateOfflineJoin
04/17/2012 18:37:26:360 	lpLocalRegistryPath: C:\Windows\system32\config\SYSTEM
04/17/2012 18:37:26:360 	dwOptions: 0x40000003
04/17/2012 18:37:26:360 NetpConvertBlobToJoinState: Translating provisioning data to internal format
04/17/2012 18:37:26:360 NetpConvertBlobToJoinState: Selecting version 1
04/17/2012 18:37:26:360 NetpConvertBlobToJoinState: exiting: 0x0
04/17/2012 18:37:26:360 NetpValidateFullJoinState: Validating provisioning data...
04/17/2012 18:37:26:360 NetpValidateFullJoinState: exiting: 0x0
04/17/2012 18:37:26:360 NetpClearFullJoinState:  Removing cached state from the registry...
04/17/2012 18:37:26:360 NetpClearFullJoinState: Status of deleting join state key 0x2
04/17/2012 18:37:26:360 NetpSaveFullJoinStateInternal: Injecting provisioning data into image...
04/17/2012 18:37:26:360 NetpSaveFullJoinStateInternal: exiting: 0x0
04/17/2012 18:37:26:360 NetpSetComputerNamesOffline: Checking for pending name changes...
04/17/2012 18:37:26:360 	SetHostName:	TRUE
04/17/2012 18:37:26:360 	SetDnsDomain:	TRUE
04/17/2012 18:37:26:360 	SetNetBiosName:	TRUE
04/17/2012 18:37:26:360 	SetCurrentValues:	TRUE
04/17/2012 18:37:26:360 NetpSetComputerNamesOffline: Setting Hostname to DIONYSUS
04/17/2012 18:37:26:360 NetpSetComputerNamesOffline: Setting Domain name to corp.smrhosting.com
04/17/2012 18:37:26:360 NetpSetComputerNamesOffline: Setting NetBios computer name to DIONYSUS
04/17/2012 18:37:26:360 NetpDoInitiateOfflineDomainJoin: status: 0x0
04/17/2012 18:37:26:360 NetRequestOfflineDomainJoin: Successfully initiated the offline domain join
04/17/2012 18:37:26:360 NetpJoinDomainOnDs: Setting netlogon cache.
04/17/2012 18:37:26:376 NetpJoinDomainOnDs: status of setting netlogon cache: 0x0
04/17/2012 18:37:26:376 NetpJoinDomainOnDs: Function exits with status of: 0x0
04/17/2012 18:37:26:376 NetpJoinDomainOnDs: status of disconnecting from '\\Hestia.corp.smrhosting.com': 0x0
04/17/2012 18:37:26:376 NetpCompleteOfflineDomainJoin
04/17/2012 18:37:26:376 	fBootTimeCaller: FALSE
04/17/2012 18:37:26:376 	fSetLocalGroups: TRUE
04/17/2012 18:37:26:391 NetpLsaOpenSecret: status: 0xc0000034
04/17/2012 18:37:26:391 NetpGetLsaPrimaryDomain: status: 0x0
04/17/2012 18:37:26:391 NetpJoinDomainLocal: NetpHandleJoinedStateInfo returned: 0x0
04/17/2012 18:37:26:391 NetpLsaOpenSecret: status: 0xc0000034
04/17/2012 18:37:26:485 NetpJoinDomainLocal: NetpManageMachineSecret returned: 0x0.
04/17/2012 18:37:26:485 Calling NetpQueryService to get Netlogon service state.
04/17/2012 18:37:26:485 NetpJoinDomainLocal: NetpQueryService returned: 0x0.
04/17/2012 18:37:26:485 NetpSetLsaPrimaryDomain: for 'CORP' status: 0x0
04/17/2012 18:37:26:485 NetpJoinDomainLocal: status of setting LSA pri. domain: 0x0
04/17/2012 18:37:26:485 NetpManageLocalGroupsForJoin: Adding groups for new domain, removing groups from old domain, if any.
04/17/2012 18:37:26:485 NetpManageLocalGroups: Populating list of account SIDs.
04/17/2012 18:37:26:563 NetpManageLocalGroupsForJoin: status of modifying groups related to domain 'CORP' to local groups: 0x0
04/17/2012 18:37:26:563 NetpManageLocalGroupsForJoin: INFO: No old domain groups to process.
04/17/2012 18:37:26:563 NetpJoinDomainLocal: Status of managing local groups: 0x0
04/17/2012 18:37:26:579 NetpJoinDomainLocal: status of setting ComputerNamePhysicalDnsDomain to 'corp.smrhosting.com': 0x0
04/17/2012 18:37:26:579 NetpJoinDomainLocal: Controlling services and setting service start type.
04/17/2012 18:37:26:579 NetpJoinDomainLocal: Updating W32TimeConfig
04/17/2012 18:37:26:610 NetpUpdateW32timeConfig: 0x0
04/17/2012 18:37:26:610 NetpClearFullJoinState:  Removing cached state from the registry...
04/17/2012 18:37:26:610 NetpClearFullJoinState: Status of deleting join state key 0x0
04/17/2012 18:37:26:610 NetpCompleteOfflineDomainJoin: status: 0x0
04/17/2012 18:37:26:610 NetpJoinDomain: NetpCompleteOfflineDomainJoin SUCCESS: Requested a reboot :0x0
04/17/2012 18:37:26:610 NetpDoDomainJoin: status: 0x0
04/17/2012 18:37:27:673 -----------------------------------------------------------------
04/17/2012 18:37:27:673 NetpChangeMachineName: from 'DIONYSUS' to 'DIONYSUS' using 'corp.smrhosting.com\dave' [0x1000]
04/17/2012 18:37:27:673 NetpDsGetDcName: trying to find DC in domain 'CORP', flags: 0x1010
04/17/2012 18:37:29:704 NetpDsGetDcName: found DC '\\HESTIA' in the specified domain
04/17/2012 18:37:29:704 NetpGetLsaPrimaryDomain: status: 0x0
04/17/2012 18:37:29:704 NetpGetDnsHostName: Read NV Domain: corp.smrhosting.com
04/17/2012 18:37:32:266 NetpLdapBind: ldap_bind failed on HESTIA: 81: Server Down
04/17/2012 18:37:32:266 NetpSetDnsHostNameAndSpn: NetpLdapBind failed: 0x3a
04/17/2012 18:37:32:266 NetpChangeMachineName: status of setting DnsHostName and SPN: 0x3a

hi

I've download Winsrv 2016 TP4 and make a udisk media with the ISO, but during I install it to my PC, during starting the install windows, it reports an error

"Could not find install.wim.."balabala

I can install it in HyperV VM by mount the ISO, and I can install TP3 via the udisk. Does anyone has the same problem? Or know the reason or work around? Thank you.

Some help with understanding what's going on required.

I've setup a new AD Site for our Direct Access clients (Windows 8.1). The subnets are defined correctly. However, I've not assigned any specific DCs to the Site, as they can just use the DCs of our main site (we have no other sites, were previously using just one site for both local and remote clients).

Clients are able to process Group Policy just fine, except they still seem to be processing GPOs as clients of the main site.

i.e.,

• I run "nltest /getgetdc:domain" and 'Our Site Name' = Remote-Clients but 'Dc Site Name' = "Default....".
• I run "gpresult /r /scope computer" and 'Site Name' = "Default...."
• I check in the registry here: "HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DynamicSiteName\" and that's "Remote-Clients" (but the SiteName value is "Default...".

So, is this expected? Must I create and assign a DC (or two) to this new Site just so that I can get the clients to process for policy for their own site?

Here it is folks!

THE FINAL CHALLENGE OF 2015!!

Step up all known Gurus currently active!

Let us see the year out in style, with some final thoughts and knowledge from everyone we love and follow in the TechNet and MSDN community.

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations toTechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)

3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

Feel free to ask any questions below.

More about TechNet Guru Awards

Thanks in advance!
Pete Laker

#PEJL
Got any nice code? If you invest time in coding an elegant, novel or impressive answer on MSDN forums, why not copy it over toTechNet Wiki, for future generations to benefit from! You'll never get archived again, and you could win weekly awards!

Have you got what it takes o become this month's TechNet Technical Guru? Join a long list of well known community big hitters, show your knowledge and prowess in your favoured technologies!

Hello dear forum gurus

I have a problem with my DNS server   When primary DNS in ipv4 configuration in my local network on any machine pointing to my local DNS server my company web site do not load correctly.

DNS resolves website name but not load correctly: displaying only links and photos in random order. When I change dns to 8.8.8.8 it opens as normal website. 

Gotta tell u that my internal domain name is same as external. Both say mydomain.com

Please point me to what i am missing. 

• I have www host rescord pointing to public ip of external domain
• i have deployed IIS server with HTTP redirect for redirecting mydomain.com to www.mydomain.com

what else should I do???

Vusal M. Dadashzadeh

Hi,

I have enabled Advanced audit policy and then I have created event log subscription ( Source Initiated).But its not working and the events are not moving to collector servers Forwarded events. The subscription I created it shows as warning and When I press run time status and retry I get Access Denied message too.

Please see the error below and let me know how I can fix this ?