Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

8524 The DSA operation is unable to proceed because of a DNS lookup failure.

August 4, 2016, 3:33 am
$
0
0

I have newly dcpromo a DC from DR site to join our domain, after that I checked my DC event logs and found errors showing as below:

I also searched the web and many suggest thats the CNAME or DNS issues. But I have no clue what exactly to check for CNAME or DNS.  please help

Thanks

Kin

____________________________________________________________________________

The attempt to establish a replication link for the following writable directory partition failed.
Directory partition:
DC=domain,DC=local
Source directory service:
CN=NTDS Settings,CN=WN2QADDN1AP0001,CN=Servers,CN=WuHanDRSiteLink,CN=Sites,CN=Configuration,DC=domain,DC=local
Source directory service address:
b6bfd3d6-ea13-4b7c-bb0e-e0b8fde1d323._msdcs.domain.local
Intersite transport (if any):
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=domain,DC=local
 
This directory service will be unable to replicate with the source directory service until this problem is corrected.
 
User Action
Verify if the source directory service is accessible or network connectivity is available.
 
Additional Data
Error value:
8524 The DSA operation is unable to proceed because of a DNS lookup failure.

___________________________________________________________________

Replication Summary

Replication Summary Start Time: 2016-08-04 18:30:32

Beginning data collection for replication summary, this may take awhile:

  .......

Source DSA          largest delta    fails/total %%   error

 HKSCADDNP1                43m:08s    0 /  10    0 

 HKSCADDNP2                43m:11s    0 /  10    0 

 HKSCADDNP3                44m:55s    0 /   5    0 

 WN2QADDN1AP0001     (unknown)        0 /   3    0 

Destination DSA     largest delta    fails/total %%   error

 HKSCADDNP1                43m:11s    0 /   8    0 

 HKSCADDNP2                44m:55s    0 /   5    0 

 HKSCADDNP3                37m:05s    0 /  10    0 

 WN2QADDN1AP0001           43m:09s    0 /   5    0 

 ___________________________________________________________________________

Search

Powershell script add bulk users in ADDS with custom Attributes

August 9, 2016, 5:34 am
$
0
0

Hi All,

Good day. We need to create 250 users in AD in specific OU. Need to set the email field and proxy attribute.

Also my domain name is abc.com and upn is xyz. User name and email address should come like ...@xyz format(UPN).

Default password should be set and enable "user must change password on next logon".

Please share any ps script available and excel sheet format.

Example format for the user Austin Jose

Display Name : Austin Jose

user id : ajose@xyz.com

mail id : ajose@xyz.com

Proxy Attribute : SMTP:ajose@xyz.com

Regards,

Austin Jose

ADMT 3.2 download not working

January 3, 2015, 12:33 pm
$
0
0

Every time I attempt to download ADMT 3.2 from the connect.microsoft.com site I get the following message:

"Page Not Found


The content that you requested cannot be
found or you do not have permission to view it.

If you believe you have reached this page in error,
click the Help link at the top of the page to report the issue and include this
ID in your e-mail: b7ca4403-66f3-40f6-bfde-54f26b08d6a8"

I've joined the program and unjoined multiple times. No luck.

Any ideas?

I want to I want to Access Restrictions group wise in adfs

August 9, 2016, 10:58 am
$
0
0

Hello Support ,

I want to I want to  Restrictions Access group wise in adfs 3.0

Group A member only allow to external access outlook client

Group B member only allow to external access outlook client & mobile

Group c member only allow to external access Skype for business on mobile 

group D share point is block for all external access 

I want to archive with claim rule . Please help me

AD LDS - ADAMSYNC - Object Filtering

August 9, 2016, 12:48 pm
$
0
0

I need to sync all users from our Domain to AD LDS, except we would like to not include our Service Accounts, which start with "svc".

I have tried using this, without luck.  I also tried the ! (This is the not character right?) infront of the objectcatergory and objectclass.  

Is this possible to sync all users except a group of certain users by name?

<object-filter> (|(&(objectClass=user)(objectCategory=person))(&(objectClass=user)(isDeleted=TRUE))(&(objectCategory=person)(objectClass=user)(!cn=svc*)))</object-filter>

Shut down domain controller for a month

August 9, 2016, 7:38 am
$
0
0

Hello,

I have two domains (one is 2000 and 2003 functional level). I have to shutdown for a month one DC for each domain. 

What are the best practices to shutdown a DC for a month. None of these have FSMO Roles.

Any ideas?

HELP!!

Thanks in advance

Regards

Schema Mismatch

August 9, 2016, 1:06 pm
$
0
0

Order of events

Deleted all mailboxes from exchange 2007 (have not used in two years moved to O365. Did not think how they were tied into AD) 

While doing this I was expanding the AD schema from 208R2 to 2012R2 through adding a new DC.

Did a restore of accounts (non-authoritative, again did not think)

We had 4 DC’s, but I removed one and was adding the new 2012 R2.  The three old DC’s seem to be replicating fine, we just cannot add a forth one back into the mix.  We receive a schema Mismatch.  Schema version on all 4 servers are 69 and the system schema version on the 3 2008 R2 servers is 47 and on the 2012 R2 it is 69

It did become a domain controller, but DNS will not function because it does not register that a complete sync was done.   I have removed it and ran DCDIAG and the results are below.


Win10 clients fail to find and authenticate with local Read-Only Domain Controller

August 5, 2016, 2:06 pm
$
0
0

Hello all,

I have a strange issue regarding authenticating to a recently installed Windows 2012 R2 RODC.  After successfully promoting the server and ensuring that ALL active directory users AND computer accounts were added to the "Allowed RODC Password Replication Group", certain PCs in that group still fail to find and authenticate this with server.  Note, this is the only DC at the site.

Upon closer inspection and reviewing the Advanced settings of the Password Replication Policy on this particular server, I noticed that in the "Accounts that have been authenticated to this Read-only Domain Controller" list, two or three computers that continue to give me issues are not listed here yet ARE correctly listed in the "Accounts whose passwords are stored on his Read-only Domain Controller" so I am really stumped as to why these few computers repeatedly fail to find the local DC.

Is there anywhere I can check?  I'm reluctant to remove the problem PCs from the domain and re-add them in fear that they will not even find the domain when I try to join them again.  

Any assistance regarding this issue would be appreciated.


Search

very very force help me. forward lookup zone dont show AD folder domain

August 6, 2016, 2:30 am
$
0
0

I have 2 Ad 2012 .both of us has dns integrated with domain

i chnage dns in one to secendry and suddenly the folder in forward lookup zones for my domain dont show up and hind. i cant see it.

when i create a new zone for my domain and gite it dns data bade in system32\dns\mydomain.dns

i cant other record 

please help me 

Generate report for every logon & logoff of all active directory users.

August 9, 2016, 2:33 pm
$
0
0

Hello Guys,

Is there any way to generate report for every logon & logoff of all active directory users? This report will have fields like their computer name, username time & date.

Determine who can do what in Active Directory?

August 7, 2016, 1:24 pm
$
0
0

Hello,

I'm managing a companies active directory environment and it seems quite a few people can do things within AD like create users or objects and reset passwords.  I'm looking to get a handle on who can do what within Active Directory to make sure they don't have access to everything.  I did find that they had a ton of Domain Admins that didn't need to be.  Are there any good tools out there that can audit the delegation within AD?  Thanks so much for the help.

How to setup AD Sync in best way

August 10, 2016, 2:54 am
$
0
0
We are currently having 4 offices around the world.

Just to name it easily, we can call it US1 , US2 , EU1 , EU2 per office.

Currently, we are setting up a AD sync/merge from EU2 -> EU1.
The goal is to then set sync/merge from EU1 -> US1.

What would be the best way to do the next one? Should US2 go to EU1 as well or to US1?

Or would it in the end be better to run everyone to US1 directly? 
US1 is the planned "master".

Distribution Group (Accept Messages from - Permission)

August 1, 2016, 12:55 am
$
0
0

Hello,

I have a requirement to apply the Accept Messages from permission on few of the distribution groups, but the ask is if the organizational structure is having few nested distribution groups as the members. How can we make sure that the permission shall be applied to the nested groups as well.

Scenario Example-

Distribution Group A - Can accept messages from AA User

Distribution Group B(Its a member of Distribution Group A) - Can accept messages from BB User

When, we send message to Distribution Group A from AA user, it won't be delivered to members of Distribution Group B even if it is a member of Distribution Group A.

Regards,
Manuj Khurana

client traffic between parent and child domain

August 27, 2015, 2:27 pm
$
0
0
What is the expected traffic (and why is it generated) between hosts from parent to child domain (and vice versa)?  I understand all these ports get hit between the Domain Controllers (https://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx) however I am also seeing some traffic on ports 389/626/500 between parent domain clients and child DCs.  Why would clients be talking that way and is this expected?

Setup Forest Trust

August 10, 2016, 3:55 am
$
0
0

We have a root empty domain called company.local and a child domain where all our users are locatedcorp.company.local

There is a 2-way transitive Parent-Child trust between company.local andcorp.company.local

We have an application running in AWS that runs its own AD forest called app.aws.local

We need to setup a one-way trust so users in corp.company.local can authenticate onapp.aws.local servers

I have tried to create a trust between corp.company.local and app.aws.local but it fails all the time, if i try to create the trust betweencompany.local (the root domain) and app.aws.local it succeeds but then i can only browse resources in the root domain not the child.

What i am missing and what should be the trust direction? I am thinking about making a one-way incoming trust fromcompany.local and a one-way outgoing trust from app.aws.local

Search

How do i get logs of Domain admin group changes

May 25, 2014, 10:40 pm
$
0
0

Hi

How  do i get a logs of domain admin group changes.

I want to find out who done changes on domain admin group recently. I enabled audit logs in domain controller 2012.

Disconnections while DC is down during patching

August 10, 2016, 8:48 am
$
0
0

We have around 4 DC's in our main site (Windows Server 2008)

Sometimes during patching or DC's our clients lose functionality to browse , Outlook keep asking for Passwords, Lync does the Same. Our Internal sites start prompting for the password etc. File shares inaccessible.

I am not sure why this happens as not all DC's go down at the same time.

How does a client fail between the various DC's while running. I dont want to restart the client to 


On-Premise AD to authenticate users accessing application servers in the cloud

August 10, 2016, 6:59 am
$
0
0

Hi,

We are planning to move our application servers to the cloud, but would like to use the on-premise Active-Directory for authentication. What would be the best practice for such a scenario?

Thanks in advance,

Zaf

Domain Joining port

July 24, 2011, 10:36 pm
$
0
0
What all network port are required for join a machine in Domain. One of my server is not able to join the Domain. Please let me know what all port i have to opened to this server side.
Nirmal Singh IT Administrator

I want to I want to Access Restrictions group wise in adfs

August 10, 2016, 11:18 am
$
0
0

Hello Support,

I am try to creating claim rule group wise who is part of this group only able to external access o365 services on mobile only .

Please help me to end point name so that we can create claim rule exem: active sync, owa, exchange, share point, onedrive for busines @ skype for business

Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>