If you enable debug logging, specify a log file and later disable the logging and delete the file, after a reboot, DNS Server will not start even thou the logging is disabled. DNS Server will still require the log file.
Looks like a bug.
↧
DNS Debug Logging Issue (Bug)
↧
USN not updating
Hi,
I have 6 DC with 3 sites all are additional domain controllers.
AD replication is working correctly,But the USN is not increasing on all the domain controllers.
ALL DC holds Global catlog role.
DC1 shows USN is 56250 other DC shows USN between 27300 to 32000
How to bring all the DC in same update sequence
↧
↧
ADMT - How to migrate exchange emails addresses of users and groups (coupled with 365).
Hi Gang,
We are in the process of interest migration. We have are migrating from our source forest to the new target forest. Source/domain is bound to a forest and domain levels of 2003. Target forest/domain has forest and domain levels of 2012 R2.
We noticed that with distribution lists and users with email addresses aren't fully migrated. Sure the groups and users are migrated with SID history and so on but not any of their emails.
We have yet to deploy an exchange server on the target domain. The reason being that we have 365 but still are using DirSync with an Exchange 2003 box in the source domain.
How do we deal with this? Should we get rid of the Exchange 2003 box? Some forums suggest ADMT does not migrate Exchange objects whereas others say it does. Could you please help us!!!!!
Thanks,
Daniel
↧
Error while reseting the password.
Hello All,
We have a SAP base application which is Intergated with Active Directory. SAP application is resposnbile for creating, deleting, moving the users object. The necessary delegation is provided to that user id which creates, delete and manage the user object.
Since last week, when a request is triggered from SAP application for creating of users, the user object is created, but it is disabled. The application tries to reset the password and enable it, but it keeping fails. So the users are in disabled, if we skip the password reset part, users are getting enabled properly.
I have tried to Bind with that id and I am able to create, delete and even change the password of users. I don't see any issue with the delegation of rights, but however the application throws below error in their system.
Thanks HA
↧
We are using server 2012 r2 active directory and I can linux and mac join domain server 2012 r2 ?
Hello support,
We are using server 2012 r2 active directory and I can linux and mac join domain server 2012 r2 ?
↧
↧
Migrate Windows 2003 AD - NetBios to Windows 2012 R2 with FQDN
Hello Everyone,
In the past, I have no problem to migrate Win2003 DC/FQDN to Win2012 R2 DC/FQDN with the same domain name.
Currently, I'm working on a new project to upgrade old Windows 2003 NetBIOS domain name (ABC) to new Windows 2012 R2 with Fully Qualified DNS domain name (XYZ.com). This DC will also running DHCP and DNS.
What is the best practice to perform this migration? Anything that I need to watch out? Any guide for video for this?
Please help.
Regards,
Key
↧
AD intergrated dns, fail after primary down and client cannot use alternate dns
Currently, I have two servers 2k12 running AD integrated dns. They're both replicating well with each other. some of my clients use a static IP address.
- Primary server: primary.contoso.net 192.168.100.1
- Secondary server: secondary.contoso.net 192.168.100.2
- Client: 192.168.100.33, preferred dns192.168.100.1/ Alternate dns 192.168.100.2
After primary was down, my client cannot nslookup till my client move Alternate dns(192.168.100.2) to Preferred dns.
Any solution on how it is automatic to let the clients know secondary dns server when the primary is down?
Any advise,
Thanks with Regards,
Sunsami MAO
↧
Backup event id 517
The backup operation that started at '2016-09-15T07:12:22.937071400Z' has failed with following error code '2155347997' (The operation ended before completion.). Please review the event details for a solution, and then rerun the backup operation once the issue is resolved.
I find this hotfix https://support.microsoft.com/en-us/kb/2182466, but it mention that if we are not affected by the issue, it is recommended we wait. another domain controller can successfully backup. Should I apply the hot fix? I feel confused.
↧
Services Are stopped
Hi,
I am using windows server 2012 r2, and am having some trouble in starting services like ,AenService ,gupdte,windows module installer are not starting ,I've tried to start it manuely but the result was same, please provide me with the solution
Regards
binil baby
↧
↧
password expiration for AD joined latpop
Hi Guys,
Just need someone to confirm my theory please. Our default domain policy is set to expire passwords after 60 days. A few users of ours have got laptops: computers are joined to the AD, users are using their AD accounts to log on. They always use the pc offline, at home. What happens to their laptops if they change the password from the office pc and they leave the laptop at home?
Will they be able to log on from their laptops at home? Sorry guys, I already know the answer but I need to get some expert's advice to confirm my theory
Regards
↧
password compare or attribute matching on search via ldap
Hello.
Is there a recommended way to perform password verification on either a ldap search or ldap compare command.
I thought I could do this using userpassword or unicodepwd attributes on a user object but both are not set.
Can they be set to match password provided on user creation or update and can they be used to verify a password provided via ldap.
Note. The bind credentials are using a different dedicated user. and I want verify a different user and password .
Can this work via search filter or compare operations?
Thank you.
↧
Authenticate to Internal Trusted Domain From DMZ App Server
I just finished setting up a new AD Forest in our DMZ, bi-directional IPsec communication between the DMZ DC the Internal Domain's DC, and a one-way external non-transitive trust between them so that accounts in the Internal domain can access resources in the DMZ domain.
Now I need to use one of the accounts on the Internal domain as a service account on one of the DMZ application servers. However, whenever I try to find the account the management console (mmc) is locking up, I think because it is unable to communicate with the Internal domain in order to perform the user lookup.
Do I have to open firewall ports between ANY server I need to authenticate Internal domain users? I was hoping that I could just channel all of the communication to the Internal domain AD services through the DMZ DC. Is that not the case? It kind of defeats the purpose of setting up a separate AD Forest for the DMZ if I still have to open up these ports for my servers that need to authenticate Internal domain users. There's got to be another way to do this. Does anyone know?
FYI, when I browse for a user account from the DMZ DC it prompts me for credentials for the Internal domain, but my understanding is that it SHOULD. However, when I do the same thing from the DMZ App Server it just sits there, and never even prompts me for credentials.
Hopefully there is another way to get this working other than opening up LDAP between all of the servers I need to authenticate against the Internal domain. However, if I do end up having to do that, should I set up IPsec for that communication as well, or just open up TCP 389?
↧
ADFS Listen over two different Names
Hi Users;
First thank you for read this article and try to help me.
I published in Microsoft TMG my AD FS on internet like https://sts.contoso.com and I try to login in https://sts.contoso.com/adfs/ls/idpinitiatedsignon and work perfect, but if i try to access in https://sts.contoso.com/federationmetadata/2007-06/federationmetadata.xml the IE show me the xml like a text without format.
On the internal LAN the same AD FS is working like https://sts.subdomain.contoso.com and I try to login in https://sts.subdomain.contoso.com/adfs/ls/idpinitiatedsignon and work perfect and if i try to access in https://sts.subdomain.contoso.com/federationmetadata/2007-06/federationmetadata.xml the IE show me the xml perfect.
If i try to use the Internet Url (https://sts.contoso.com/federationmetadata/2007-06/federationmetadata.xml) into my CRM configuration it does not work but if i use the internal URL (https://sts.subdomain.contoso.com/federationmetadata/2007-06/federationmetadata.xml) work perfect.
Someone Can help me how to troubleshooting this ???
Thank you.
adecchi
↧
↧
is it possible to demote a failed dc and keep it as a file server ?
hi
i have a virtual machine with windows server 2012 with active directory role on it. (does not hold any fsmo role)
the machine crashed several times and then active direcotry currption occurred (blue screens, and only able to boot in active directory service restore mode)
my question is, can i demote it and still keep it as a file server ? or i have to migrate everthing before demoting it and remove from network?
currently i installed a new dc and this one still running under directory restore mode and file shares working noramlly
thanks
↧
Shipping?
hello I just want to ask if I buy a product from design lab for example a controller, can it be shipped to all countries? I'm from Lebanon,Beirut I want to see if I can buy a product. thanks
↧
SBS Server 2008 Std FE, No password change box after expiry
Hi,
We have a very odd recent problem.
User passwords are set by GPO to expire every 90 days. When logging on and told they have expired they are not getting the option to change the password.
The "Old Password, New Password, Confirm Password" dialogue does not appear.
Ctrl-Alt-Del does not work. We literally have to go into ADUC and reset the password in there!
GPO is simply:
| Enforce password history | 2 passwords remembered |
| Maximum password age | 90 days |
| Minimum password age | 1 days |
| Minimum password length | 8 characters |
| Password must meet complexity requirements | Enabled |
| Store passwords using reversible encryption | Disabled |
Can anyone shed any light on this please; I am totally lost.
Cheers,
Andy.
↧
Users cannot change their passwords
I have 40 users that cannot change their passwords. They all receive error message, "The security database on the server does not have a computer account for this workstation trust relationship." No user can change a password on their own.
Clients are on Windows 7 OS
DC is Windows Server 2008 SP2 not R2
Thanks!
↧
↧
Windows 10 Remote Server Access
I am using a HP 15 laptop - windows 10 and I am trying to get remote server access. Can someone please help?
I can be more descriptive of my situation if someone has any questions.
Thank you
↧
User cannot change password at their first logon & unable update password issue
Hi Guys,
I got two issue here. (Windows server 2012)
1. number 1 being user cannot change the PW at their first logon.
I reset the PW in AD and tick 'user must change their password at next logon', so user enter the PW I provided, then redirect to change new password, but everytime after entering new password, it just bounce back saying user must change their password. If I didnot tick the box when I reset the PW, then user can logon with PW I provided.
2. User cannot change their password after changing their password once, it says unable to update the password, it does not meet........
I know this is about group policy setting, so I change the GPO like this
- Enforce PW histroy - 3
- Maximum PW age - 90
- Minimum PW age - 0
- PW must meent complexity requirements - Disabled
- Store psswords using reversible encryption - Not Defined
And then I did a gppdate /force on user's PC, but still coming up with the error unable update the password (Password entered is new, definitely not history password).
Any thought is appreciated.
↧
Group policy wont apply to windows 10 machines
↧