Hello,
At my company we are trying to implement a system to send alerts to employee mobile phones through e-mail. Is there a way through Active Directory to convert the mobile phone numbers of our users to email addresses? Example: 5555555(at)vtext.com
From this, I need to be able to create a distribution list that selected users can send alerts through. Thank you for your help.
Hello Friends,
I have AD infra with Windows Server 2012R2. I would like to rename the domain name as
Source domain name - abc.com
Target domain Name - xyz.com
Current Domain and Forest functional level - Win2012 R2
Note - I don't want to manual domain join on client machines . Please suggest the suitable steps.
Thanks in Advance.
Thanks & Regards
Naresh T
Hello,
I've been stuck on this problem for quite a while now. I have an old child domain that was not properly decommissioned several months ago. I am not able to properly remove the domain and it's now causing replication problems in the forest.
I have used the NTDSUTIL to try and remove the metadata but this does not work at clearing out everything.
When I browse the Active Directory and Trusts the child domain is still listed.
I have tried, using both LDP and ADSIEDIT, to delete some partition configuration items but I receive errors.
The two items still remaining are:
1) "cn=childdomain, cn=partitions, cn=configuration, dc=domain, dc=com"
2) "cn=childdomain$ cn=users, dc=domain, dc=com"
I received an error that the domain could not be deleted because there exists domain controllers that still host this domain. The second error is an Access Denied error.
I'm not even sure if deleting these two settings will finally clear out all the metadata to stop the replication of the old domain partition.
Thank you for your suggestions.
Hi,
I'm looking at setting up the site link costs, but I'm a bit confused at the calculation MS is using inhttps://technet.microsoft.com/en-us/library/cc753764(v=ws.10).aspx
MS says: Use the following table to calculate the cost of each site link based on wide area network speed (WAN) link speed. For WAN link speed that is not listed in the table, you can calculate a relative cost factor by dividing 1,024 by the log of the available bandwidth, as measured in Kbps.
If we take the example at 9.6kbps which seems to be pretty specific on other sites as well, then if you divide 1024 by 9.6 it gives you 106, but the example says the cost is 1042.
The calculation is: Cost=1024/log(available bandwidth in Kbit)
is log the actual wan speed (9.6kbps) and the bit in brackets is just the description of what it is asking for?
Could you let me know how this cost is calculated and the description of what the extra value is for?
Thanks
Jaz
Writing a Poweshell script to generate a gui interface for updating AD fields, which are replicated to Office365, using DirectorySync.
We have local AD accounts which have Office365 mailboxes, but no local Exchange mailboxes. When a user changes their email address, we allow them to keep the old and new address active for receiving email. Need to update proxyaddress
attribute with old email address for sync to Office365.
How can i use Powershell to update the proxyaddress attribute? Get/Set-Aduser and Get/Set-User do not have access to the proxyaddress attribute, and set-mailbox command does not work because there is no locally associated mailbox.
Suggestions?
Jim Schortinghouse
Mercer University IT
schortingh_j@Mercer.edu
Hi guys, I bring you a bit of a problem I'm having when joining a server 2012 R2 to our domain.
This is the layout:
Site1: 1 RWDC (FSMO Roles, everything). FANTASY NAME DC1
Site2: 1 RODC (Also DNS and GC). FANTASY NAME RODC1
The sites are on different subnets separated by a firewall. I have created rules in this firewalls, to reflect the communication between DCs as detailed in the following technet links:
QUESTION 1: When in those links it says "TCP Dynamic" with no port number, what does that exactly mean?
Let's continue: So, replication between this DCs is working good, as reflected on this "Repadmin /showrepl":
PS C:\Windows\system32> repadmin /showrepl RODC1Still, when I try to join my server (SERVER1) in Site2 to the DOMAIN, through the RODC (RODC1) it fails saying it fails to contact the domain. My IP Configuration in SERVER1 is on the same subnet as RODC1 and has RODC1 IP as primary DNS. The error in event viewer is "Error 1355 The specified domain either does not exist or could not be contacted".
Also, I have precreated the computer account and added it to the "Allowed RODC Password Replication Group".
So guys, any ideas?
Thanks!
Hi! I'm getting this error regularly on a domain controller:
The following fatal alert was generated: 20. The internal error state is 960.(SChannel Event ID 36888)
All threads I've found refer to an invalid certificate on IIS. However, for me this occurs on a domain controller where IIS is not installed. So, Google hasn't been too helpful.
Any suggestions what could cause this? AD DS, DNS and File Services (namespace + DFSR) are installed on the machine.
Hi!
We have 4 DCs on the Head Quarter and 2 DCs on each Branch Office (6 branch offices in total).
FSMO roles are on the 4 DCs servers on the Head Quarter.
One DC on a Branch Office died, and we coulndn´t recover that server. So we decided to cleanup It from AD.
Please, correct me if I am wronk on the following steps:
1) Remove DC´s computer account from Active Directory Users and Computers
2) Remove any Reference from this DC in Active Directory Sites and Services
3) Remove any reference in DNS (Forward and Reverse)
4) Remove computer account from ADSIEDIT
a. OU=Domain Controllers,DC=domain,DC=local
b. CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
c. CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain,DC=local
5) NTDSUtil to check if server was deleted successfully
ntdsutil
metadata cleanup
connections
connect to server tvbadc04
q
select operation target
list domains
select domain number
list sites
select site number
list servers in site (the server should not appear)
select server number (if the server is present)
q
remove selected server
q
6)RepAdmin /SyncAll /AePd
Hi,
So I am going absolutely crazy try to configure RODC that will authenticate the clients after credential caching has been done so that the authentication is done on the RODC.
This what I am doing, can some one please tell me what I'm doing wrong.
1.So I configure the clients to get an IP from the DC DHCP and join the clients to the DC. (TESTED AND WORKING)
2.Then I configure the RODC on the DC for Password Retention Policy and set up the RODC Server as a new Server VM. (TESTED AND WORKING)
3.Then I change the RODC primary DNS IP to itself (127.0.0.1) and the alternate DNS as the DC IP.
4.Then I point the clients to use the RODC as the primary DNS IP and the DC as the alternate DNS IP
5.Then I turn off the DC and test the clients to authenticate by the RODC, the clients login but then the network is unknown and not Domain Network. At this point I have checked that the clients IP is something other than what the DHCP has given them it is probably because of changing the primary DNS of clients to RODC IP.
As you can see below the W10, W8 and W7 computers and MAdmin, M1 and M2 clients are allowed in the Password Retention Policy yet the authentication happens only at the DC, am I missing some step.
Could some one kindly please let me know where I am doing wrong.
Thank You Very Much
I am trying to discover the source of malicious authentication attempts in our domain. We are seeing multiple 4776 events in the Security log of a specific domain controller. Random login names used at about 10 per minute. See event below.
I have been unable to determine the source computer as the event's Source Workstation field is blank. I installed Wireshark and can see this domain controller asking other sub domains about authenticating the false account name, but haven't been able to identify the infected source computer.
Question: What are the initial authentication packet types in Wireshark I should be looking for to determine the source? Also how can I receive more verbose information from the Security log which may reveal the originating computer? Any other logs I can investigate?
Please advise. Thanks.
Event 4776, Microsoft Windows security auditing
The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: stella
Source Workstation:
Error Code: 0xC0000064
Hello everyone, happy Monday.
Sorry I am very new in AD Windows Server 2008 R2.
My boss told me to clean our Computer Containers because our company has no more than 300 employees but our Computer Containers has more than 700 host machine names.
So what I did, I selected Active Directory Module for Windows PowerShell and I run this simple command line: Get-ADComputer -Identify machineusername -Properties *
By doing this I can tell when it was the LastLogonDate for the user machine, so I can disable the user machine name. Everything works perfectly. The problem is that I have more than 700 computers name to check, it will take me for ever to do one by one.
Using the above command line, can I apply some sort of filters? Example date? My boss told me to disable all the machine that lastLogonDate was prior to Jan 2016.
Thank you so much in advance and have a great day.
Hi All,
Just a weird scenario we're experiencing now, we didn't have any changes on the server side or anything for almost 2 years but since last week 3-5 users are logged to another DC from the other site, the thing is we try all troubleshoot procedures we saw
on web, check all DC setup and it's all fine. We think that this is an isolated issue because not all users are affected. Is there something you can suggest to check or to troubleshoot it on the client side?
Thanks,
Ken
Good Morning,
One of our client machine always goes to lock screen that everytime we need to type password.
so how can we change the period more longer than this?
Best regards,
VeasnaYim
Two domains "A" and "B" in different forests with 2-sided external domain non-transitive trust over vpn.
Both with DC under Windows 2008R2, Domains and Forests Levels - 2008R2.
There are some additional servers under 2008R2 and old 2003R2 in domain "B".
On this 2003's servers in "B" domain I can't add to security (in shared folders or terminal servers etc) users and groups from "A" domain, but in 2008 and 2008R2 servers all works well.
In 2003's servers in "B" domain, in security tab ("Select users, Computers or Groups" window) the "A" domain is visible, but search does not work.
DNS works well, all tests (like dcdiag) passed, firewall factor excluded.
Hello Friends,
Since last two days we have been having some replication errors in our Windows 2008 Domain Environment, below is the replication error for problematic DC(s).
(1722) The RPC server is unavailable
During the issue when we try to open the ADUC on problematic DC we are getting below error.
Also when i try to run dcdiag getting bellow error.
Performing initial setup:
Trying to find home server...
Home Server = DC01
* Identified AD Forest.
Ldap search capabality attribute search failed on server DC01, return value = 81
MCP, MCTS
Hi, we have a number of branch offices, or remote data centers rather, where some of the networks are not routed (for various reasons) over the WAN link to the central data center. The remote data center has two RWDCs from the central domain in order to authenticate users and provide domain join functionality etc. These RWDCs are on networks with routes to both the central site as well as the local, non-WAN routed networks. We have AD sites setup with all subnets for all remote data centers as well as the central data center with site links setup in a star topology, all remote sites replicating only to the central data center.
In some scenarios, particularly domain joins, where the client does not yet know its AD site belonging, it will of course query DNS to locate any AD server in the domain. I assume the SRV records in e.g. _ldap._tcp.dc._msdcs.<domainname> will be used. But since these records contain AD servers from other sites, is there a best practice on how to force the domain join to occur towards the local RWDC only? Use "netdom join /domain:domain\dc" seems to be one option but may not work in all install scenarios.
Schematic picture: