Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Steps to secure Active directory pass the hash attack and clear text password

$
0
0

Hi,

I have Microsoft Active directory implemented with windows OS 2012R2 person who don't have Any privilege rights on the server he is able to escalate himself as enterprise admin. I would like to know how to secure this. As per my understanding he is using pass the hash attack and PowerShell exploit.


Nagesh C Samant


Changing account name

$
0
0

Please tell me how to change my account name

Active Directory Backups

$
0
0

Hi

When Im backing up my domain controllers, is the system state all i need to be backing up or shoud l I backup up other folder like say documents and settings.Is the system state all that is required to get my DC's backup and running in a restore scenario.

Thanks

 

One-Way Domain Trust - The user name or password is incorrect

$
0
0

Hello,

i have been created a one way Trust between ad.salzburg.at and intern.vienna.at.

Configuration:

This Domain: ad.salzburg.at
Specified domain: intern.vienna.at
Direction: Incoming: Users in the local domain can authenticate in the specified domain.
Trust type: External
Transitive: NO
Outgoing trust authentication level: Domain-wide authentication
Sides of trust: Create the trust for both this domain and specified domain

So the Problem is, when i join a Global Group in intern.vienna.at eg. GRP_GL_IT to a Domain Local Group eg. GRP_DL_IT i get the Error: "The user name or password is incorrect." but when i change the location to ad.salzburg.at i get an Authentification Prompt. I type the Username/Password from an DomainAdmin (Administrator) from ad.salzburg.at but i cannot see the tree from the AD.

When i Run Find Now i can see the Domain Local Group but i cannot add this group to my Global Group in intern.vienna.at

On the Domaincontroller in Domain ad.salzburg.at i get an Error in the Eventlog -> Audit Failure

But i take the correct User and Pwd

Have everyone a Solution for my problem?!

LDAP query to return users and groups recursively?

$
0
0

I have some VBA code in Excel that returns the list of users and groups contained in the group 'SomeGroup'.  However, since 'SomeGroup' contains other groups, I'd like to return the users and groups in those sub-groups as well, in other words, recursively, as many levels as there are.

Does anyone know an elegant way to do that?  I don't have any code for that at this point, I thought I'd ask here before trying to write something.  Here's what I have so far, it works great for 'SomeGroup', but just for the current level, nothing below that.  Thanks:

Dim oDomain Dim strADsPath As String Dim oConn As Object Dim oCommand As Object Dim rsADGroupMembers As Object Set oDomain = GetObject("LDAP://RootDSE") strADsPath = oDomain.Get("defaultNamingContext") Set oConn = CreateObject("ADODB.Connection") With oConn .ConnectionString = "Provider=ADSDSOObject;Trusted_Connection=yes;" .Open "Active Directory Provider" End With Set oCommand = CreateObject("ADODB.Command") oCommand.ActiveConnection = oConn oCommand.Properties("Page size") = 10000 oCommand.CommandText = "select employeeid, cn, mail, objectguid from " & _"'LDAP://" + strADsPath + "' " & _"WHERE 'memberof:1.2.840.113556.1.4.1941:' = 'CN=SomeGroup,OU=Agency Wide Groups,DC=agency,DC=SomeDomain,DC=com'"

Set rsADGroupMembers = oCommand.Execute ... more code ...









WARNING: Error initializing default drive: 'Unable to find a default server with Active Directory Web Services

$
0
0

I have a lab with 2 servers 2016. One is DC, and i have created few users. 

I can login from the second server into the domain with domain account. whoami "domainname\username"

The issue is when i try to import-module activedirectory i am getting a warning:

WARNING: Error initializing default drive: 'Unable to find a default server with Active Directory Web Services  running.'.

I have checked ADWS service on DC and status is running.

What could be an issue?

Thank you,

Recommend System Requirements for server 2012 r2 domain controller

$
0
0

Hello,

            I would like to know the recommended system requirements for server 2012 r2 domain controller (Active Directory Server) to manage nearly 400 domain users! I mean CPU, Memory, Hard Disk etc.. and also the recommended server hardware (Eg: Dell R320 etc...) matching with this requirements! I am tired of googling about this and no useful recommendations was found. Really appreciate for all of your opinions!

Best Regards,

Wai Yan

Configuration information describing this enterprise is not available

$
0
0

Greetings:

I'm in bad shape here.

We added a Windows 2012 R2 std.   server to an active directory with a single Win 2003 server.  It was running fine for months until we tried to remove the Windows 2003 server.  I went through the steps to make the 2012 server the Operations Manager and PDC.  All seemed fine.

When I ran dcpromo on the Win2003 server it first would not let me, saying instead that it couldn't find another PDC.  So.... I ran dcpromo /forceremove and remove AD from it.

Now I can't run any of the AD administrative tools.  Most giving the error in the Title of something similar.  I found a post mentioning that Win 2003 does not correctly replicate the NETLOGON and SYSVOL shares.    I did a NET SHARE command at the admin command prompt and see no entries for NETLOGON or SYSVOL. :-(

I've seen posts about how to fix the Ntfrs (https://social.technet.microsoft.com/Forums/windowsserver/en-US/7dde2a7c-416b-4ba4-8861-cfa915c4eba9/a-processing-error-occurred-collecting-data-using-this-base-domain-controller?forum=winserverGP)  but it must be done on the Win2003 server and it's too late for that now.

However, users that are logged in are still able to access the server.  (I don't know what will happen if they logout though.) Plus, in Computer Management I can see the shares and users 

Is there anyway I can fix this (setup the shares?) without losing everything?  This is a very simple setup with under 20 users, no Exchange--though they do use SQL Server.  There were not group policies.

Any ideas?  Anything short of starting from scratch?

TIA,
Dan


Not able to add Windows 7 Machine in Activie directory 2008 R2

$
0
0

Hi,

I have some windows 7 machines in which i am facing issues adding it to 2008 R2 AD. If i change the IP address of the machine it is getting added, when i revert it back to its old ip it is getting trust relationship error.

DNS is installed in the same server and we are using static address. below is the screenshot of error

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "xyz.local":

The query was for the SRV record for _ldap._tcp.dc._msdcs.xyz.local

The following domain controllers were identified by the query:
dc01.xyz.local
adc01.xyz.local


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

Disable TLS 1.0 and TLS 1.1 on Windows 2008 R2 Domain Controller

$
0
0

Hello Friends,

During the security audit we have been suggested to disable TLS 1.0 and TLS 1.1 on all our domain controllers, recommendation is only enable the TLS 1.2, we have downloaded the required hotfix to enable TLS 1.1 and TLS 1.2 support for remote desktop and that hotfix has been tested in test lab.

Now we are planning to disable the TLS 1.0, TLS 1.1 on DC's in production environment however just to be safe and avoid impact we tested the same in AD test environment and result is as per below...

1. Downloaded the RDP hotfix and Installed to allow RDP support when TLS 1.0 is disabled, this is required as Windows 2008 R2 does not support TLS 1.1 and TLS 1.2 for RDP connections.

2. Checked LDAPS (Port 636) connection using LDP.exe with targeted test dc from other Windows 2008 R2 server, connection successful and found that TLS 1.0 is being used. (Verified using WireShark).

3. Downloaded IISCrypto tool (Version 1.6 Build 7), Clicked on Best Practices template and rebooted the DC. (Best Practices does not disable the TLS 1.0).

4. After reboot checked LDAP secure connection, able to connect to LDAPS (Port 636) TLS 1.0 is being used.

5. Manually removed TLS 1.0 (kept TLS 1.1 & TLS 1.2) using IISCrypto, applied and rebooted the DC.

6. After Reboot i was not able to connect to DC on 636 port using ldp.exe.

7. Re-enabled the TLS 1.0 and rebooted the server.

8. After reboot i am now able to connect to DC on 636 port using LDP.exe.

Now question : Is TLS 1.0 is always required to be enabled on DC to allow secure LDAP connection? Is there any way to set the LDAP to use TLS 1.2? In our environment there are only 2-3 servers which are using secure LDAP (Port 636) to connect to DC and those are using TLS 1.0 protocol, we are in the process of enabling the TLS 1.2 support in those application and post that we want to disable the TLS 1.0 and TLS 1.1 on all DC's, since testing was not successfully we are now struck. Please assist. 


MCP, MCTS

Active Directory Web Services service terminated unexpectedly

$
0
0

Hi everyone:

I'm having a problem with the Active Directory Web Services service does not start. Attach the event ID:

Log System:

Log Name:      System
Source:        Service Control Manager
Date:          1/6/2015 6:55:19 PM
Event ID:      7034
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xxx.dominio.com
Description:
The Active Directory Web Services service terminated unexpectedly.  It has done this 35 time(s).
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" /><EventID Qualifiers="49152">7034</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime="2015-01-06T22:55:19.292471600Z" /><EventRecordID>32583</EventRecordID><Correlation /><Execution ProcessID="556" ThreadID="1388" /><Channel>System</Channel><Computer>xxx.dominio.com</Computer><Security /></System><EventData><Data Name="param1">Active Directory Web Services</Data><Data Name="param2">35</Data><Binary>41004400570053000000</Binary></EventData></Event>

Log Application:

Log Name:      Application
Source:        .NET Runtime
Date:          1/6/2015 6:55:13 PM
Event ID:      1026
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xxx.dominio.com
Description:
Application: Microsoft.ActiveDirectory.WebServices.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ServiceModel.CommunicationObjectFaultedException
Stack:
   at System.ServiceModel.Channels.CommunicationObject.Close(System.TimeSpan)
   at Microsoft.ActiveDirectory.WebServices.WindowsHostService.StartService(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name=".NET Runtime" /><EventID Qualifiers="0">1026</EventID><Level>2</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2015-01-06T22:55:13.000000000Z" /><EventRecordID>1661713</EventRecordID><Channel>Application</Channel><Computer>xxx.dominio.com</Computer><Security /></System><EventData><Data>Application: Microsoft.ActiveDirectory.WebServices.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ServiceModel.CommunicationObjectFaultedException
Stack:
   at System.ServiceModel.Channels.CommunicationObject.Close(System.TimeSpan)
   at Microsoft.ActiveDirectory.WebServices.WindowsHostService.StartService(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)</Data></EventData></Event>

And

Log Name:      Application
Source:        Application Error
Date:          1/6/2015 6:55:13 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xxx.dominio.com
Description:
Faulting application name: Microsoft.ActiveDirectory.WebServices.exe, version: 6.2.9200.16579, time stamp: 0x516356a2
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d34d8
Exception code: 0xe0434352
Fault offset: 0x0000000000047b8c
Faulting process id: 0x4ac
Faulting application start time: 0x01d02a03d45e2d00
Faulting application path: C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 1273a0f1-95f7-11e4-93f7-3440b59e2092
Faulting package full name:
Faulting package-relative application ID:
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Application Error" /><EventID Qualifiers="0">1000</EventID><Level>2</Level><Task>100</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2015-01-06T22:55:13.000000000Z" /><EventRecordID>1661714</EventRecordID><Channel>Application</Channel><Computer>xxx.dominio.com</Computer><Security /></System><EventData><Data>Microsoft.ActiveDirectory.WebServices.exe</Data><Data>6.2.9200.16579</Data><Data>516356a2</Data><Data>KERNELBASE.dll</Data><Data>6.2.9200.16864</Data><Data>531d34d8</Data><Data>e0434352</Data><Data>0000000000047b8c</Data><Data>4ac</Data><Data>01d02a03d45e2d00</Data><Data>C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe</Data><Data>C:\Windows\system32\KERNELBASE.dll</Data><Data>1273a0f1-95f7-11e4-93f7-3440b59e2092</Data><Data></Data><Data></Data></EventData></Event>

I was working about this solution but nothing. "http://blogs.microsoft.co.il/yuval14/2012/06/08/how-to-resolve-error-message-the-active-directory-web-services-service-terminated-unexpectedly-event-id-4079-andor-7034/".

I changed the Microsoft.ActiveDirectory.WebServices.exe.config file, add two line " <add key=”DebugLevel” value=”Info” />
<add key=”DebugLogFile” value=”c:windowsdebugadws.log” />", Attach the log

ADWS Log - AppDomain Microsoft.ActiveDirectory.WebServices.exe with ID 1 - 01/06/2015 17:51:37 ((UTC-04:00) Georgetown, La Paz, Manaus, San Juan)
OS Version Microsoft Windows NT 6.2.9200.0 - CLR Version 4.0.30319.18449
ADWS: [1/6/2015 5:51:37 PM] [1] Main: entered
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeBackupPrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeBackupPrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeRestorePrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeRestorePrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeAssignPrimaryTokenPrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeAssignPrimaryTokenPrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeIncreaseQuotaPrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeIncreaseQuotaPrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeDebugPrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeDebugPrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeTcbPrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeTcbPrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeShutdownPrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeShutdownPrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemoveUnnecessaryPriviledges: all present unnecessary priviledges removed successfully
Program: [1/6/2015 5:51:37 PM] [1] Main: Starting Windows service host.
WindowsHostService: [1/6/2015 5:51:37 PM] [1] WindowsHostService constructed
WindowsHostService: [1/6/2015 5:51:37 PM] [4] OnStart: entering.
WindowsHostService: [1/6/2015 5:51:37 PM] [4] OnStart: ServiceStart thread started.
WindowsHostService: [1/6/2015 5:51:37 PM] [6] StartService: entering.
PerfCounters: [1/6/2015 5:51:37 PM] [6] InstallCountersIfNeeded: entered
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersInstalled: entered
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersInstalled: System\CurrentControlSet\Services\ADWS key is present
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersInstalled: System\CurrentControlSet\Services\ADWS\Performance key is present
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersInstalled: First Counter value is present
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersInstalled: perf counters are  installed
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersCurrent: installed perf counter version: 6
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersCurrent: desired perf counter version: 6
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersCurrent: perf counter category ADWS is  current
PerfCounters: [1/6/2015 5:51:37 PM] [6] InstallCountersIfNeeded: counters already installed and current, no work needed
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Create Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Delete Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Get Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Put Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Enumerate Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Pull Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Open Enumeration Contexts' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetADGroupMember Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetADPrincipalGroupMembership Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'SetPassword Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'ChangePassword Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetADPrincipalAuthorizationGroup Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'TranslateName Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetADDomainController Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetADDomain Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'MoveADOperationMasterRole Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetADForest Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'ChangeOptionalFeature Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetVersion Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Number of Directory Instances' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Possible Connections' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Allocated Connections' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Reserved Connections' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Non-reserved Connections In Use' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Reserved Connections In Use' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Open Web Service Sessions' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Active Web Service Sessions' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Web Service Sessions Created Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action LDAP Cache Maximum Possible Size' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action LDAP Cache Connection Creation Rate' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action LDAP Cache Connection Reuse Rate' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action DS RPC Cache Maximum Possible Size' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action DS RPC Cache Connection Creation Rate' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action DS RPC Cache Connection Reuse Rate' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action Cache Size' performance counter
PerfCounters: [1/6/2015 5:51:37 PM] [6] Initialize: initializing performance counters
PerfCounters: [1/6/2015 5:51:37 PM] [6] Initialize: all performance counters initialized
ADWSHost: [1/6/2015 5:51:37 PM] [6] ADWSHost constructed
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] ProvisionCertificate: using host name for certificate name
Utils: [1/6/2015 5:51:37 PM] [6] GetComputerDnsName: computer name is xxx.dominio.com
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] ProvisionCertificate: using cert name xxx.dominio.com
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] ProvisionCertificate: loaded certificate
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] AddServiceThrottlingBehavior: MaxConcurrentCalls=32, MaxConcurrentSessions=500
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateServiceHost: including UserName endpoints
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateServiceHost: adding endpoints for Windows/
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateServiceHost: adding endpoints for UserName/
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] StartConfigurationLoading: entered
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] StartConfigurationLoading: establishing watcher on C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe.Config
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: entered
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for InitialPoolConnections, using default value 5
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 10 for MaxPoolConnections
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 50 for MaxPercentageReservedConnections
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for MaxReservedIdleTimeout, using default value 00:02:00
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for MaxReservedTimeout, using default value 00:30:00
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 5 for MaxConnectionsPerUser
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for MaxBindLifetime, using default value 00:15:00
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for MaxServerDownRetry, using default value 10
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for SyntaxCacheEntryLifetime, using default value 01:00:00
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 00:30:00 for MaxEnumContextExpiration
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 00:02:00 for OperationTimeout
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 00:02:00 for MaxPullTimeout
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 5 for MaxEnumCtxsPerSession
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 100 for MaxEnumCtxsTotal
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for CertName, using default value NULL
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for MaxGroupOrMemberEntries, using default value 5000
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for CustomActionConnectionCount, using default value 10
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for CustomActionIdleConnectionTimeout, using default value 00:02:00
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for InstanceRediscoveryInterval, using default value 00:01:00
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 32 for MaxConcurrentCalls
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 500 for MaxConcurrentSessions
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value Info for DebugLevel
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value C:\temp\windowsdebugadws.log for DebugLogFile
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] ValidateSettingLimits: entered
ClassManager: [1/6/2015 5:51:37 PM] [6] Start: starting...
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [3] ScavengerThread: thread starting
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [3] Scavenger: waking up at 00:00:40 interval
EnumerationContextCache: [1/6/2015 5:51:37 PM] [6] EnumerationContextCache: using timer inverval 00:00:30
InstanceMap: [1/6/2015 5:51:37 PM] [6] InstanceMap: using timer inverval 00:01:00
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadAll: beginning
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadNTDSInstance: entered
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadNTDSInstance: found NTDS Parameters key
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadNTDSInstance: trying to change state to DC
InstanceMap: [1/6/2015 5:51:37 PM] [6] AddRemoveSessionPoolAndDictionaryEntry: trying to change state for identifier ldap:389
InstanceMap: [1/6/2015 5:51:37 PM] [6] AddSessionPool: adding a session pool for NTDS
DirectoryDataAccessImplementation: [1/6/2015 5:51:37 PM] [6] InitializeInstance: entering, instance=NTDS, init=5, max=10
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] InitializeInstance: entering, instance=NTDS, init=5, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 0
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=NTDS
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=NTDS, new count=1, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 1
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=NTDS
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=NTDS, new count=2, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 2
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=NTDS
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=NTDS, new count=3, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 3
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=NTDS
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=NTDS, new count=4, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 4
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=NTDS
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=NTDS, new count=5, max=10
InstanceMap: [1/6/2015 5:51:37 PM] [6] AddRemoveSessionPoolAndDictionaryEntry: state change successful (now hosts identifier ldap:389)
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadGCInstance: entered
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckForGlobalCatalog: entered
DirectoryUtilities: [1/6/2015 5:51:37 PM] [6] GetTimeRemaining: remaining time is 00:02:00
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckForGlobalCatalog: isGlobalCatalogReady: TRUE
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckForGlobalCatalog: NTDS Settings DN: CN=NTDS Settings,CN=XXX,CN=Servers,CN=Alpacoma,CN=Sites,CN=Configuration,DC=dominio,DC=com
DirectoryUtilities: [1/6/2015 5:51:37 PM] [6] GetTimeRemaining: remaining time is 00:02:00
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckForGlobalCatalog: options: 1
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadGCInstance: CheckForGlobalCatalog=True
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadGCInstance: trying to change state to Global Catalog
InstanceMap: [1/6/2015 5:51:37 PM] [6] AddRemoveSessionPoolAndDictionaryEntry: trying to change state for identifier ldap:3268
InstanceMap: [1/6/2015 5:51:37 PM] [6] AddSessionPool: adding a session pool for GC
DirectoryDataAccessImplementation: [1/6/2015 5:51:37 PM] [6] InitializeInstance: entering, instance=GC, init=5, max=10
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] InitializeInstance: entering, instance=GC, init=5, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 0
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=GC
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=GC, new count=1, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 1
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=GC
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=GC, new count=2, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 2
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=GC
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=GC, new count=3, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 3
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=GC
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=GC, new count=4, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 4
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=GC
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=GC, new count=5, max=10
InstanceMap: [1/6/2015 5:51:37 PM] [6] AddRemoveSessionPoolAndDictionaryEntry: state change successful (now hosts identifier ldap:3268)
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadADAMInstances: entered
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadAll: caught unexpected exception System.IO.IOException: No more data is available.

   at Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode, String str)
   at Microsoft.Win32.RegistryKey.InternalGetSubKeyNames()
   at Microsoft.ActiveDirectory.WebServices.InstanceMap.DiscoverInstancesFromRegistry(String regRootKey, String regKeyInstancePrefix, Boolean& instanceEncounteredErrorsOnThisRun, List`1 discoveredInstances, DirectoryType directoryType)
   at Microsoft.ActiveDirectory.WebServices.InstanceMap.CheckAndLoadADAMInstances()
   at Microsoft.ActiveDirectory.WebServices.InstanceMap.CheckAndLoadAll()
ADWSHost: [1/6/2015 5:51:37 PM] [6] OnClosed: entered
CustomActionCaches: [1/6/2015 5:51:37 PM] [6] StopCaches: disposing Custom Action connection caches
ClassManager: [1/6/2015 5:51:37 PM] [6] Stop: closing down...
EnumerationContextCache: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
QuotaTracker: [1/6/2015 5:51:37 PM] [6] Clear: clearing all usage
DirectoryActionImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
DirectoryDataAccessImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [3] ScavengerThread: woke up
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [3] ScavengerThread: received termination signal, exiting
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing pool
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing (instance=NTDS)...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ProhibitConnectionAcquisition: entering, instance=NTDS
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing pool
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing (instance=GC)...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ProhibitConnectionAcquisition: entering, instance=GC
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing utility connection NTDS
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing utility connection GC
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] StopConfigurationLoading: entered
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] Dispose: disposing
Some Idea, Tks for your help.


migrations


What will be affected when ADSync Server is down ?

$
0
0

Hi,

We are using Office 365 with ADSync and ADFS Servers on premise.

We would like to know if the ADSync Server is down, what service will be affected ?

1) Can users use mail via Outlook client on site ?  If Outlook authentication is via ADFS Server, I cannot see any problem.  Is it correct ?

2) If end users change their password (Like: Password has been expired due to Domain Password Policy) when the ADSync Server is down, can they still use Outlook Client to access Email on site ?  Can they access mail via OWA ?  My understanding is that both Outlook Client or OWA authentication are via ADFS Server and thus they should not have problem in accessing Email both method.  Is it correct ?

3) If it doesn't affect Outlook Mail access, what is affected when the ADSync Server is down ?

Thanks

Would it be easy to migrate ADSync Database to another Server ?

$
0
0

Hi,

We are running Office 365 with ADSync / ADFS and ADFS Proxy Servers on premise.

Currently, we are using SQL Server 2012 Express as ADSync Backend database.

1) We just wonder whether it is possible for us to migrate that database from the ADSync Server to an external Database Server running SQL Server Standard Version.  This is because we are running out of space for the SQL Server Express database.

2) We would like to know whether the Inbound and Outbound Rules for the ADSync Server is stored in the ADSync Database or there is another database / XML file for those rules ?

3) Can we just restore the ADSync Database to an external SQL Server and make changes in ADSync Server configuration so that it points to the ADSync Database (External SQL Server) ?  Is there any URL for the documentation ?

Thanks


Remove published trusted root certificate and all related items (e.g. AIA, CDP) from Active Directory

$
0
0

Recently, I became alarmed when I noticed an unusual certificate (hereafter: "BadCert") in the Trusted Root Certification Authorities section of the Certificates MMC on a computer.  I checked several computers in our environment and BadCert was installed as a Trusted Root Certification Authority on all of them.  As I manage our PKI, this alarmed me because I definitely had nothing to do with it.

I was able to identify the host server that seems to be responsible for it as the name of BadCert has the server hostname in its common name.  It is a Windows Storage Server 2012 R2 Storage Server Essentials server that one of our Systems Administrators (who also has Domain Admin rights) set up.  I asked him about it, and he does not know how or why a certificate related to this server ended up being pushed out as a trusted root certification authority.

I determined that BadCert is not being pushed out via Group Policy.  Instead, it appears to be published in Active Directory.*  At this point, I believe the prudent thing to do is to remove/unpublish this certificate in Active Directory.  The thing is, the originating server does not have the Active Directory Certificate Services role installed and does not have BadCert installed in its "Personal" certificate store.  It does have the Windows Server Essentials Experience role installed but the configuration is not completed.

I'm not sure how to proceed.  Can anyone assist?

* I see entries related to BadCert under "CN=Public Key Services,CN=Services,CD=Configuration,DC=<subdomain>,DC=<domain>,DC=<root>.  For instance there are items related to BadCert under the "CN=AIA", "CN=CDP","CN=Certification Authorities", and "CN=KRA" RDNs under that container.

Using AD Module from powershell

$
0
0

Hi,

I have to use on a regularly basis on many PCs some command to query AD. I create a powershell script to load the module but it is failing. Do I absolutely need installing RSAT on those computers first before querying Active Directory?

Thanks,


Can we prevent Computer Objects with a particular OS from joining an Active Directory domain?

$
0
0

Hi,

Is there a method whereby we could prevent a Computer Object with a particular OS, say 'Mac OS X' or 'Windows XP Professional' from joining an Active Directory domain?  The intention is to support our Security/Governance practice.


Thanks for your help! SdeDot

Not able to convert global security group to domain local group in Windows 2008 DC.

$
0
0

Hello, 

I am trying to convert a global security group to domain local group so I can add members across another domain.  

However, the option is grayed out.  

Is there another way for example using power shell? 

Please advise.  

Thanks. 


i need to map one computer to one specific user and i want to view in seperate attribute in user properties in AD server 2012

$
0
0

Hi,

    i need to map one computer to one specific user and i want to view in seperate attribute in user properties in AD server 2012

explanation :

AD user and computer console there is an ou called computers , in that i want to take one computer and i want to map it for specific user in same domain. 

and also i want to view that computer name in seperate attribute in user properties

office 365 update where are word and outlook now

$
0
0

updated 365 now no outlook or word icons what happened

Changing Passwords Between Domains

$
0
0

We are migrating users between domains. In some cases, the passwords aren't correctly being synchronized as advertised.

Question: How can a non-admin user in the old domain change their password for the corresponding user account in the new domain?

We have a two way trust between the domains.  When we run a CTL-ALT-DEL on the local PC, select Change Password, and attempt to change the password for the new domain, we receive an 'Access Denied' message.

What would you advise?

Viewing all 31638 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>