when active directory server down or shutdown or discconnected that time our side internet aslo down
shrikant
↧
when active directory server down or shutdown or discconnected that time our side internet aslo down
↧
how setup device cal in server 2012
how setup device cal in server 2012
shrikant
↧
↧
Server with all FSMO Role down - How to come back alive?
Hi all,
I'm having big troubles today with our infrastructure. To be short my Primary DC that own all the FSMO Role is down, I have a second DC that is running correctly, we can continu to logon and Exchange continu working. It is a VM running on VMware 5.5 U3 updated last weekend from 5.1 to 5.5 with Firmware Update on our 2 ESXs HP DL360 and HP P2000 G3.
My question, can I "seize" all the FSMO roles to the second DC and build a new one with same IP (other names)? I have a Backup from VEEAM with Application Aware active but I have read that it's not a good Idea to restore a machine that owns all the FSMO Roles.
Thanks for your help, I don't know what to do because I don't wan't to make the entire infrastructure down.
Jo
↧
how to migrate windows 2008 to 2012
1. how to migrate windows 2008 to 2012 .
pls explain step by step
shrikant
↧
Could not update password with ADFS 3.0
I deployed ADFS 3.0 with update password endpoint is enabled. I get error "The User ID or password is incorrect" when trying to update password but I make sure both username and password are correct (I can log in to O365 through ADFS with that username and password)
I checked on event viewer and found error "UserNotFound"
Please help me!
Regards,
↧
↧
infrastructure master not updating domain references
A user account created in parent domain is a member of Universal and Local admin groups in both parent and child domains. I recently deleted it from parent domain and allowed for the update to reflect across the domains. As I expected, the membership was removed from groups from other domains on all domain controllers. Then I restored the user object using recycle bin feature. What I've observed is that the group memberships were restored in the parent domain successfully, but when it comes to child domain, only the global catalog server has the group memberships restored, and the dc where group membership is not restored is an infra master and it is not a GC.
What could be the reason?
↧
GPO Replications Issue
I am using WinSrv2012 R2 Data Center Version in two sites. Now, I am facing GPO Replication and so we copy each GPO into two sites whenever I create new one or edit in the existing one. Please suggest me how to check and fix this problem.
BestRgds,
Mmhein
↧
Why AD sets automatically PASSWD_NOTREQD-flag
I created new account in AD with my client-software and system sets this flag: PASSWD_NOTREQD to object and disables account. Why is this happening is this because of AD password policy or something else?
↧
Repadmin /syncall causes DC01 to try and replicate to itself and gets "Access Denied"
Hi Everyone. I have been trying to figure out this peculiar behavior from one of our DC's. We have 3 DCs in our environment and I can force replication on DC02 and DC03 with no issues. By issuing "repadmin /syncall" on DC02 and DC03, I get the following success message:
DC02: repadmin /syncall
From: a9326fa6-e465-4a55-8fe4-143f4d2100e8._msdcs.test.com
To : 3dc7a026-c031-4bdc-915f-f200e0aebcba._msdcs.test.com
CALLBACK MESSAGE: The following replication completed successfully:
From: a9326fa6-e465-4a55-8fe4-143f4d2100e8._msdcs.test.com
To : 3dc7a026-c031-4bdc-915f-f200e0aebcba._msdcs.test.com
CALLBACK MESSAGE: The following replication is in progress:
From: 83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.com
To : 3dc7a026-c031-4bdc-915f-f200e0aebcba._msdcs.test.com
CALLBACK MESSAGE: The following replication completed successfully:
From: 83ce846e-4d0a-485e-a414-4ac5abc39bc5._msdcs.test.com
To : 3dc7a026-c031-4bdc-915f-f200e0aebcba._msdcs.test.com
However, from DC01: repadmin /syncall
CALLBACK MESSAGE: Error contacting server 83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net (network error): 5 (0x5):
Access is denied.
SyncAll exited with fatal Win32 error: 8440 (0x20f8): The naming context specified for this replication operation is invalid.
The peculiar thing is that "83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net" is actually DC01 itself:
DC01: nslookup 83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net
Server: dc02.test.netAddress: x.x.x.40
Name: dc01.test.net
Address: x.x.x.120
Aliases: 83ce846e-4d0b-485e-a414-4ac5abc39bc5._msdcs.test.net
So why is DC01 trying to replicate to itself and not the other DCs? Or am I just looking at this wrong? We have only 1 site in Sites and Services, and all the DC's have the correct connection links in NTDS Settings.
Replication in our environment still works - just not when initiated from DC01. I can also manually replicate from DC01 when I specify the partition to replicate.
DC01: repadmin /replicate dc02 dc01 "CN=configuration,DC=test,DC=com"
Sync from DC01 to DC02 completed successfully.
Any ideas on why I cant do a repadmin /syncall on DC01?
Thanks!
↧
↧
Active Directory Users and computers search comes up blank on everything.
Hello.
I have 5 DC, 2 2012R2 and 3 2003. Domain lever is 2003.
Whenever I search for something in ADUC, it comes up blank. It does not matter what DC i try from or point ADUC to use. However it works fine in Powershell or administrative center, and i have gotten no other kind of error in the enviorement so everything else seems to be working great.
Does anyone have any idea on were to start with this one?
↧
RODC Compatibility - KB944043 for XP 32 bits
Hello,
According to the articles about compatibility of clients for Read Only Domain Controllers (https://support.microsoft.com/en-us/kb/944043 - https://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(v=ws.10).aspx), I would like to download KB944043 for Windows XP x86.
But this package is not available but XP x64 and Server 2003 x86/x64 are available.
Is there any reason to this ? And when can I download x86 package (french and english languages).
Thanks
↧
RDP error message: Your interactive logon privilege has been disabled.
Windows Server 2003 sp2, Terminal Server 2008.
Setting up sales department with VPN and RDP, everyone is fine except one user who gets an error message. Your interactive logon privilege has been disabled. I also just found out that she has been having a problem sending email from her BB when sending outside the GAL. Don't know if there related. Any help would be great.
Joe Mac Nichol
↧
Administrator Account locked : No caller/source computer.
I am facing issue of domain 'Administrator' account lockout every Saturday around 7:00 to 8:00 PM. When I check logs on domain controller its not showing source/caller computer. I know we have a scheduled Network scan (for vulnerabilities) run by Nessus Vulnerability Scanner (Vulnerability Scanner) at this time. This scan a specific VLAN of our domain so I am sure this is happening from one of target from this VLAN.
But how to trace that source computer. Nothing found in C:\Windows\debug\netlogon.log
↧
↧
WPAD BYPASS OPENVPN?
Hi,
I was wondering if someone else has this setup and has experience the same issue as me.
My setup Im using pfSense 2.2.4 with OpenVPN server and squid and squidguard everything is fine on that part. I then implemented WPAD on my windows server which gives the DHCP and the proxy PAC is hosted on pfSense. Everyone on the LAN gets forced into the Proxy automatically no issue here. Here is where it gets nasty....So if site 1 has pfSense with WPAD and the user wants to connect to the VPN using OpenVPN to site 2 which it does not have WPAD it will connect and you can navigate and such. But you cannot access the webGUI of pfSense or any other device in the the LAN of site 2 for some odd reason WPAD forces the users ONLY for OpenVPN i tried the same setup with PPTP works flawless I also tried with L2TP also works perfectly its only with OpenVPN not sure why? Also side note if i disable "automatic detect proxy settings" i can access the webGUI with OpenVPN but it defeats the purpose whats odd is how come It can work with PPTP and L2TP
Thank you
function FindProxyForURL(url, host)
{
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "192.168.3.0", "255.255.255.0"))
return "DIRECT";
return "PROXY 192.168.3.254:3128";
}↧
Tracking Domain Controller Demotion via repadmin
I had a slick repadmin command in my toolbox for tracking the replication of a demotion with repadmin and I somehow lost it and am getting stuck on the syntax. It essentially tracks the existence of the ntds objectguid on all the DC's with one command.
I was hoping someone here may know the syntax....the below doesn't work, but it's something close to that
repadmin /showobjectmetadata "<objectguid=0d03eba1-0a30-47fe-8844-47c6121eafda>"
↧
dc disk size report
Hi,
probably the question is more for Windows Server general discussion.
But may be somebody here can help...
I need to collect disk space info from all Domain Controllers.
Script available?
Thanks.
--- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis
↧
pam_ldap: ldap_simple_bind Can't contact LDAP server
Hello All,
We are doing LDAP testing for high availability. The configuration worked as expected to provide high availability across multiple LDAP domain servers. However new issue in noted during testing.
We have total four LDAP domain servers in configuration. LDAP client is unable to authenticate with BDC1 & BDC2 domain servers.
ADC1 - LDAP login success
ADC2 - LDAP login success
BDC1 - LDAP request time out
BDC2 - LDAP request time out
ADC1&2 belong to
one site and BDC1&2 to another.
We are testing from unix box 'AUNIX' on which var/log logs show below error:
pam_ldap: ldap_simple_bind Can't contact LDAP server
pam_ldap: reconnecting to LDAP server...
can someone please guide me.
Thanks.
ADR
↧
↧
DNS configuration for subdomain
I have to deploy a new domain in existing forest. Please someone can explain me the DNS configuration settings needs to be done in sub domain for name resolution between the root and the sub domain.
We have good WAN connectivity between the geographical regions.
↧
password expired?
I am facing a strange issue today.
One user change his password today due to it closed to expired day.
but after that, he can't unlock his PC.
per troubleshooting, once he locked his PC, if he connecting network, it will prompt msg: account has been locked out, it can't lgoin to.
but if disconnect network, he can login successfully with new password.
if he login to another PC, there is no issue.
how to fix it? i suppose there are some issue with local Passwork cache store in PC.
↧
Two hubs and spoke topology question
I have a 2008R2 domain with a hub and spoke topology. The hub has (2)DCs, and the spokes have a single DC. All DCs can communicate with each other, if needed, and we do have Bridge All Site Links enabled. The one hub(2 DCs), is in a centralized metropolitan location. We now have another site in that same centralized metropolitan city that is a D/R site with fast circuit, with 2 DCs that could also be a hub.
I was originally bringing this site into my topology as a spoke, but with a much lower cost on that site link. Now I am thinking I might want to actually make it a hub with a site link out to each spoke? So my question is, if I have (2)hub sites named A and B with site connections out to all the spoke sites named C, D, and E. Should I have a site link from A(hub1) to C(spoke1) and another site link from B(hub2) to C(spoke1) with the same cost? or should I create one site link from A(hub1) to B(hub2) to C(spoke1), another from A to B to D(spoke2), another from A to B to E, etc.
Not sure if this is confusing enough or not, or even if it really matters, but just trying to make sure I have things set up as good as I can.
Thanks,
Dave
↧