Hi All,
- Required your suggsation on best third party Active directoy Admin tools
↧
Third Party Tool Active Directory
↧
ADMT Migration users can not access shared folders
Hello,
Working on a migration project, we migrate groups, users, computers and apply security translation....the servers such the file servers are still on the source domain.
We have disabled SID Filtering and enabled SID History across the forest trust.
Now I'm facing a major problem, some users can not access the shared folders ( does not have permission) but I see that the users belong to the right group domain.
But when I let the user to access to the shared folder through a terminal server ( which is in the source domain), they have access to the shared folder.
I'm looking for help, thank you ?
↧
↧
Unable to access domain contoller from IP address from Source domain
Dear Team,
I have Forest Trust between two domain. i have 2 dc in Target domain 2 in source domain.
i am able to access one DC of my target domain contoller from Source domain using IP address and FQDN
Second domain controller where i installed admt only i can access through FQDN not through IP address.
getting no logon servers available to server the request.
i am able ping the domain contoller ,all the ports are opened. able to solve name via nslookup.
Please suggest.
↧
Primary DNS servers not resolving the requests
we had 4 DNS servers in Organization and i configured in PC IP Configurations as Follows:
192.168.1.60
192.168.1.61
192.168.1.62
192.168.1.63
8.8.8.8
So all the local requests were going to Local DNS and Internet to 8.8.8.8
Last week i demoted 192.168.1.61 Successfully. and removed secondary DNS entry (192.168.1.61) from IP Configurations.
Problem is i cannot resolve the local Servers, even i cannot ping the domain name.
ipconfig /Flushdns Works for sometime but problem comes again.
Internet is working fine.
Nslookup working fine.
Problems only with few computers having access to internet.
↧
Account locking in Active directory
Hi,
I have a user whose account locks out while connecting to Wireless which uses A.D authentication, I have checked all caching in Laptop and cleared the same. Account locks out only when user tries to connect to Wifi, and it is a Radius WIfi, and rest all users accounts are working fine in same wifi with A.D authentication.
Account locks specially when logging for the first time at start of the day and when system is left idle or locked.
Please suggest,
Best Regards,
Ahmed Shaikh
↧
↧
File Server migration With ADMT
Dear Team,
Scenario: We have done Computer Migartion using ADMT.
Need to do my file server using the same with old domain to new domain. File server is running with Windows Server 2003.
please confirm what are precaution and Steps we have to follow for the same.
↧
Client can open sit after 2 or 3 times refresh
Hello
my name is amir , I recently have installed Active directory ,I did configure Dhcp on my AD .everything looks fine and work properly but after joining domain ,clients's browser is making an error when they search any site.after 2 or 3 times of refreshing it would open.
↧
Demote a PDC to CDC without breaking trust relationship between clients and DC
I have a network in which there is 1 PDC, 2 clients in a virtual environment. I want this PDC to become CDC of another DC in different forest without breaking any trust relationship between clients and PDC. Is it possible to do it by demoting DC or by
role transfer or by any other method? The aim is that I do not want my clients to be removed from domain and then joined again. Clients should interact with DC as they were interacting earlier.
↧
NTP configuration done right - with GPO
Hi guys.
We have configured NTP thru GPO following this article: http://www.sysadminlab.net/windows/configuring-ntp-on-windows-using-gpo
QUESTION1:
For NTP server we have put: time.windows.com,0x9
Do you suggest to put anything else?
QUESTION2:
When running this on PDC server (win 2008 r2): w32tm /query /source
We get an error: The following error occurred: The specified service does not exist as an installed service. (0x80070424)
This ain't good right?
With best regards
bostjanc
↧
↧
RemoteADC (10.10.5.xxx) Replication is not working.RPC Unavailable
Dear Team,
I am having replication issues with.Remote ADC Not Replication in PDC and ADC,Find thr Repadmin Report for your reference.
Repadmin: running command /showrepl against full DC localhost
DR-Site\REMOTEADC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 77ee3ff6-81d7-4e56-a7dd-f31426b7160f
DSA invocationID: 4ead33ba-0373-4695-a429-1da96e438367
==== INBOUND NEIGHBORS ======================================
DC=SHRIL,DC=COM
Corporate\CORPORATE via RPC
DSA object GUID: a1f63612-02ad-4550-b0c1-c780aa1cb9e1
Last attempt @ 2016-12-29 12:27:58 failed, result 1722 (0x6ba):
The RPC server is unavailable.
395 consecutive failure(s).
Last success @ 2016-12-13 10:24:32.
Corporate\CORPORATEBACKUP via RPC
DSA object GUID: bcc2c234-86b5-4534-b998-2df6063b566f
Last attempt @ 2016-12-29 12:29:43 failed, result 1722 (0x6ba):
The RPC server is unavailable.
1 consecutive failure(s).
Last success @ 2016-12-29 11:29:02.
CN=Configuration,DC=SHRIL,DC=COM
Corporate\CORPORATE via RPC
DSA object GUID: a1f63612-02ad-4550-b0c1-c780aa1cb9e1
Last attempt @ 2016-12-29 12:28:19 failed, result 1722 (0x6ba):
The RPC server is unavailable.
395 consecutive failure(s).
Last success @ 2016-12-13 10:24:33.
Corporate\CORPORATEBACKUP via RPC
DSA object GUID: bcc2c234-86b5-4534-b998-2df6063b566f
Last attempt @ 2016-12-29 12:28:40 failed, result 1722 (0x6ba):
The RPC server is unavailable.
1 consecutive failure(s).
Last success @ 2016-12-29 11:28:24.
CN=Schema,CN=Configuration,DC=SHRIL,DC=COM
Corporate\CORPORATE via RPC
DSA object GUID: a1f63612-02ad-4550-b0c1-c780aa1cb9e1
Last attempt @ 2016-12-29 12:29:01 failed, result 1722 (0x6ba):
The RPC server is unavailable.
395 consecutive failure(s).
Last success @ 2016-12-13 10:24:33.
Corporate\CORPORATEBACKUP via RPC
DSA object GUID: bcc2c234-86b5-4534-b998-2df6063b566f
Last attempt @ 2016-12-29 12:29:22 failed, result 1722 (0x6ba):
The RPC server is unavailable.
1 consecutive failure(s).
Last success @ 2016-12-29 11:28:45.
DC=DomainDnsZones,DC=SHRIL,DC=COM
Corporate\CORPORATE via RPC
DSA object GUID: a1f63612-02ad-4550-b0c1-c780aa1cb9e1
Last attempt @ 2016-12-29 12:27:58 failed, result 1256 (0x4e8):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
396 consecutive failure(s).
Last success @ 2016-12-13 10:24:44.
Corporate\CORPORATEBACKUP via RPC
DSA object GUID: bcc2c234-86b5-4534-b998-2df6063b566f
Last attempt @ 2016-12-29 12:28:40 failed, result 1256 (0x4e8):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
1 consecutive failure(s).
Last success @ 2016-12-29 11:29:22.
DC=ForestDnsZones,DC=SHRIL,DC=COM
Corporate\CORPORATE via RPC
DSA object GUID: a1f63612-02ad-4550-b0c1-c780aa1cb9e1
Last attempt @ 2016-12-29 12:27:58 failed, result 1256 (0x4e8):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
395 consecutive failure(s).
Last success @ 2016-12-13 10:24:45.
Corporate\CORPORATEBACKUP via RPC
DSA object GUID: bcc2c234-86b5-4534-b998-2df6063b566f
Last attempt @ 2016-12-29 12:28:40 failed, result 1256 (0x4e8):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
1 consecutive failure(s).
Last success @ 2016-12-29 11:29:23.
Source: Corporate\CORPORATE
******* 396 CONSECUTIVE FAILURES since 2016-12-13 10:24:45
Last error: 1256 (0x4e8):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
Source: Corporate\CORPORATEBACKUP
******* 1 CONSECUTIVE FAILURES since 2016-12-29 11:29:23
Last error: 1256 (0x4e8):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
is not replication to Corporate domain serversRemoteadc is not replication to Corporate domain servers
I am having replication issues with.Remote ADC Not Replication in PDC and ADC,Find thr Repadmin Report for your reference.
Repadmin: running command /showrepl against full DC localhost
DR-Site\REMOTEADC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 77ee3ff6-81d7-4e56-a7dd-f31426b7160f
DSA invocationID: 4ead33ba-0373-4695-a429-1da96e438367
==== INBOUND NEIGHBORS ======================================
DC=SHRIL,DC=COM
Corporate\CORPORATE via RPC
DSA object GUID: a1f63612-02ad-4550-b0c1-c780aa1cb9e1
Last attempt @ 2016-12-29 12:27:58 failed, result 1722 (0x6ba):
The RPC server is unavailable.
395 consecutive failure(s).
Last success @ 2016-12-13 10:24:32.
Corporate\CORPORATEBACKUP via RPC
DSA object GUID: bcc2c234-86b5-4534-b998-2df6063b566f
Last attempt @ 2016-12-29 12:29:43 failed, result 1722 (0x6ba):
The RPC server is unavailable.
1 consecutive failure(s).
Last success @ 2016-12-29 11:29:02.
CN=Configuration,DC=SHRIL,DC=COM
Corporate\CORPORATE via RPC
DSA object GUID: a1f63612-02ad-4550-b0c1-c780aa1cb9e1
Last attempt @ 2016-12-29 12:28:19 failed, result 1722 (0x6ba):
The RPC server is unavailable.
395 consecutive failure(s).
Last success @ 2016-12-13 10:24:33.
Corporate\CORPORATEBACKUP via RPC
DSA object GUID: bcc2c234-86b5-4534-b998-2df6063b566f
Last attempt @ 2016-12-29 12:28:40 failed, result 1722 (0x6ba):
The RPC server is unavailable.
1 consecutive failure(s).
Last success @ 2016-12-29 11:28:24.
CN=Schema,CN=Configuration,DC=SHRIL,DC=COM
Corporate\CORPORATE via RPC
DSA object GUID: a1f63612-02ad-4550-b0c1-c780aa1cb9e1
Last attempt @ 2016-12-29 12:29:01 failed, result 1722 (0x6ba):
The RPC server is unavailable.
395 consecutive failure(s).
Last success @ 2016-12-13 10:24:33.
Corporate\CORPORATEBACKUP via RPC
DSA object GUID: bcc2c234-86b5-4534-b998-2df6063b566f
Last attempt @ 2016-12-29 12:29:22 failed, result 1722 (0x6ba):
The RPC server is unavailable.
1 consecutive failure(s).
Last success @ 2016-12-29 11:28:45.
DC=DomainDnsZones,DC=SHRIL,DC=COM
Corporate\CORPORATE via RPC
DSA object GUID: a1f63612-02ad-4550-b0c1-c780aa1cb9e1
Last attempt @ 2016-12-29 12:27:58 failed, result 1256 (0x4e8):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
396 consecutive failure(s).
Last success @ 2016-12-13 10:24:44.
Corporate\CORPORATEBACKUP via RPC
DSA object GUID: bcc2c234-86b5-4534-b998-2df6063b566f
Last attempt @ 2016-12-29 12:28:40 failed, result 1256 (0x4e8):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
1 consecutive failure(s).
Last success @ 2016-12-29 11:29:22.
DC=ForestDnsZones,DC=SHRIL,DC=COM
Corporate\CORPORATE via RPC
DSA object GUID: a1f63612-02ad-4550-b0c1-c780aa1cb9e1
Last attempt @ 2016-12-29 12:27:58 failed, result 1256 (0x4e8):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
395 consecutive failure(s).
Last success @ 2016-12-13 10:24:45.
Corporate\CORPORATEBACKUP via RPC
DSA object GUID: bcc2c234-86b5-4534-b998-2df6063b566f
Last attempt @ 2016-12-29 12:28:40 failed, result 1256 (0x4e8):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
1 consecutive failure(s).
Last success @ 2016-12-29 11:29:23.
Source: Corporate\CORPORATE
******* 396 CONSECUTIVE FAILURES since 2016-12-13 10:24:45
Last error: 1256 (0x4e8):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
Source: Corporate\CORPORATEBACKUP
******* 1 CONSECUTIVE FAILURES since 2016-12-29 11:29:23
Last error: 1256 (0x4e8):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
is not replication to Corporate domain serversRemoteadc is not replication to Corporate domain servers
↧
How to remove write protected CN object after failed DC/dcpromo removal
We have two domain controllers, dc1 and dc2. We have already removed dc2 and made meta data cleanup (with ntdsutil, with microsoft script, with GUI). Unfortunately we have always one CN object left which is write protected (Protect from accidential deletion) which can't be deleted. It is located in:
CN=dc2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=forestrootdomain
To delete the msDFSR-Member CN object (dc2) in the Topolocy CN via ADSIEdit fails. To delete it with Powershell fails too, PS command:
Get-ADObject "CN=dc2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=forestrootdomain" | Set-ADObject -ProtectedFromAccidentalDeletion:$false
with the following error:
Set-ADObject : A required attribute is missing
But if we can't delete this CN object, we can't recreate a domain controller with the same hostname who has a functional replication and advertisement within the domain.
Any suggestions appreciated.
Best regards
-- Regards Timo
↧
FTP Migration from one domain to another domain
we need to move our FTP to new domain, please suggest how to move what are the prere-quistes.
How much down time required.
↧
Gracefully restart AD domain controllers and keep FSMO role assignment unchanged
Hi There,
We have an AD domain setup with a total of eight domain controllers.
Currently Schema master, Domain naming master, PDC, Infrastructure master roles are assigned to a particular DC while RID Pool manager is assigned to a different DC. We'd like to restart the AD domain controllers (as part of
maintenance) gracefully while keeping the role assigned unchanged. Could you please let us know what is the appropriate procedure to restart the Domain controllers?
Thanks in advance for your help.
Vicky
↧
↧
NTP vs group policy not being applied?
Hi guys.
Configured NTP thru GPO.
Followed:
http://www.sysadminlab.net/windows/configuring-ntp-on-windows-using-gpo
I dont get it why a Domain Controller which is virtualized in Hyperv environment does not take that GPO, instead of that it still gets clock from its host?
C:\Users\administrator>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 2 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 0.0100000s
ReferenceId: 0x564D5450 (source IP: 86.77.84.80)
Last Successful Sync Time: 2.1.2017 18:51:51
Source: VM IC Time Synchronization Provider
Poll Interval: 6 (64s)
I know that I could solve this by running: w32tm /config /syncfromflags:domhier /update
on this VM, but why does not GPO do it job?
I see it does Filter out?
Please advise.
With best regards
bostjanc
↧
Migrating Users,Computers,Group Policy from Root Domain to Child
Hello,
We are going to migrate users, computers ,Group Policy, OUs, from Root domain to New child domain Controller.
1. How will we migrate Users, from Root to Child: ADMT Works good but does the password will remain the same or no password will change for each user, and by changing UPN as frst it was user@root.local and migrating to user@child.root.local does user will still logon with the same user name with no changes.
2.By migrating Computers with ADMT does it will effect already Domain Joined Computers with root.local as these computer will be migrated to child.root.local domain.what will be the response of these computers.
3.How to migrate Group policy from root to child.
4.Can we migrate complete OU with user or no user will be done manually through ADMT or any best recommendation for migrating users?.
Thanks......
↧
AD CS published certificates to wrong AD object
In a Windows Server 2012 R2 environment, after a user's certificate is issued it is published to the Requester's AD object instead of the Subject's object named in the certificate.
Scenario:
User A is specified in the CSR's subject
User B takes the CSR and issues the certificate for User A
After:
No certificate exists in User A's object
User A's certificate exists in User B's object
Any help would be greatly appreciated? I am expecting that the certificate would be published to the object specified in the subject of the request.
Chuck
Chuck
↧
AD Bulk User creation and AD user reset password via SMS
Dear All,
Good Day!
I need your help for the below.
Bulk AD user Creation...
- My AD Admin Create User’s Without Knowing the Password During Creation.
Also I’m for Security Application to reset my password vis SMS with AD like
- User Send Message contains ID, User Name then to reset Password
Thanks
Dweik
↧
↧
LDAP error 0x35(53 (Unwilling To Perform) in NTDSUTIL
I inherited this one.
Server was promoted to a DC in an existing single domain/forest that had one DC.
Client shut down old server without demoting or using metadata cleanup.
Client renamed new server to the name of the old server.
This broke AD/DNS/DHCP and where I got involved.
I was able to change the name of the server back to the name it had when it was promoted. NETDOM shows only the 1 FQDN of the server and AD/DNS/DHCP is working.
However, the original server still shows up in AD. It has a different SID, different SPNs, etc.
The client still wants to rename the new server to the old name but the object exists in AD so that's not possible.
If I run ntdsutil and metadata cleanup I am unable to remove the DC and the error is 'LDAP error 0x35(53 (Unwilling To Perform)'.
Any idea what could be causing this now?
-=Chris
↧
Security Thread of File services in Active directory
Hi Team,
please let me know the Security Thread of File services in Active directory domain services.
thakns
↧
updating Active Directory user Logon Count attribute
Is the logon count attribute updated only when a user physically logs in to a workstation or Is threre Any way to update the attribute programatically or through script.Just asking for testing purposes.
↧