Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

Using the command line, How to apply admin rights (privileges) to the user?

January 9, 2017, 10:37 am
$
0
0
Hello everyone,

Windows Server 2012 R2 , Active Directory

Sometimes I need to give Admin Rights (Privileges) to the user, so he/she can install Software, Applications, Run as Administrator, etc. on his/her laptop.

The laptop is already bind to the Active Directory.

With the GUI this is what I do and it work great, no problem:

Start MMC
File
Add Remove Snap In
Local user and Group
Add
Save Console to the Desktop

Right Click the Console that I just saved before and select Run as Administrator
I put my credentials, because I am a Domain Admins user.
I select Local Groups
Groups
Administrator
and final I add the user name as administrator for his/her laptop
I select Ok and Apply and thats it.


Question…..how can I do all the above with the command line?

Thank you so much and thank you so much in advance for your help
Search

Universal Group

January 9, 2017, 11:25 am
$
0
0

Can someone explain the difference between Distribution vs Security mode in Universal. Which mode of Universal group is recommended for ADRMS
.

Any help will be appreciated

ADRMS issue

January 9, 2017, 11:31 am
$
0
0

Hi All,

I am seeing the following error in 2008R2 server for users in different domain with ADRMS cluster created in different domain. I have nested users in other domain in an Universal group.

Microsoft.DigitalRightsManagement.Licensing.NoRightsForRequestedPrincipalException: The publish license contains no rights for the requested principal.

Any help will highly be appreciated

Replacement for NIS server role?

January 9, 2017, 1:41 pm
$
0
0
As outlined in this blog post: https://blogs.technet.microsoft.com/activedirectoryua/2016/02/09/identity-management-for-unix-idmu-is-deprecated-in-windows-server/ The NIS role is removed from AD 2016. Does anyone have suggestions for a replacement? We just use native linux tools (samba) to add linux servers to our AD domain. However, in 2016, this seems to prevent group membership from working for file permissions on cifs shares. I'm looking for suggestions of ways around this. 

Removing permissions to view objects in an OU to Authenticated Users

January 7, 2017, 9:03 am
$
0
0

Hi,

On a OU, I removed the ability for Authenticated Users to List Contents. When checking the effective access, it shows that list-content for my test user is denied.

However if I open an ADUC under the test user, or a powershell command and I do a Get-ADUser on the OU, I am still able to retrieve the user accounts in that OU.

What am I missing ?

Best regards,

MSA Account's password change causes failure to connect to SQL DB

January 8, 2017, 9:12 am
$
0
0

Hey,

I have an MSA account which runs an IIS application pool in my organization.

Seems that every 30 days, when the MSA account automatically resets its password, the site cannot connect to the SQL DB (this DB is located on a different AD Forest, a trust exists).

This is the error : the login is from an untrusted domain and cannot be used with Windows authentication.

Mostly after about 10-15 minutes, the problem resolves itself (maybe the connection reopened, not sure).

1.Is the GAP caused by replication between DCs? as far as I am aware of, when a trust exists, the DB's server should query the DC's of the trusted Domain in case the authentication failed (I could be wrong here), trying to see if the problem is replication here.

2.When the MSA account changes its password, and there is an open connection to the SQL DB, is the connection expected to fail because of the password change? Must I force the IIS application to close the connection and reopen it somehow?

This happens on multiple MSA accounts, on multiple IIS servers, on multiple environments, with different OS, some environments has Server 2008 R2, and some has 2012 R2.

Thank you for your help!

Event ID: 2019

January 9, 2017, 10:58 pm
$
0
0

Hi ,

The Server was unable to allocate from the system Nonpaged pool because the pool was empty.

Event ID: 2019

Regards,

Abdul

High page file usage

January 9, 2017, 11:29 pm
$
0
0

Hi everyone,

From our monitoring tool i am getting error High page file usage 95 %

My virtual machines memory is 4 GB and during virtual machine creation i have created one drive double the size of my page file i.e 8GB and moved the page file to E drive. Now i can see my page file size 95%

Please guide me how to troubleshoot it.

Search

Disk Space

January 9, 2017, 11:35 pm
$
0
0

Hi My primary partition size is 100 GB and its almost 95 GB full. 

I need to delete temporary files related to windows. please guide me what files wrt windows can be deleted like temp, prefetch.

Windows Could not connect to the group policy client service.

January 3, 2017, 7:59 pm
$
0
0

Hello Experts....One of our client is facing this issue on Windows 10 & 8 client machines. They can not login, it gives an error "Windows Could not connect to the group policy client service".There are multiple users who are facing this issue. 

Can you please help me what could be the problem. I am unable to resolve this. DC is running on Windows Server 2012 R2.

Thanks,

Sim

ad user attributes backup & restore

December 31, 2016, 1:55 am
$
0
0

Dear team

   How to backup & restore AD user attributes in windows 2012 R2. If it is possible GUI mode backup & restore.

please guide me how to take backup & restore AD users

Replication access was denied

January 3, 2017, 9:44 am
$
0
0

Hi Experts,we have 4 Writable domain controllers and 12 RODC.

When i type repadmin /replsummary /bydest /Bysrc in writable domain controller i get below error.."Replication access was denied" & "DSA operations is unable to to proceed because of a DNS lookup failure"

Could some one please guide me,how to troubleshoot this issue.



Senior System Engineer.

How To Change The whenCreated field in Active Directory

January 2, 2017, 2:00 pm
$
0
0

I have a user account which I want to modify the creation date. I found some info on another forum but it wasn't to detailed and didn't work for me when I went and tried it. My testing environment is all on Windows Server 2016. 

Login as a member of Schema Admins (preferably on the Schema Master FSMO)

Launch LDP.EXE

Connect to the Schema Master FSMO using LDP.EXE

Bind to the Schema Master using an account with Schema Admin permissions.

From the Browse menu, choose Modify

In the Modify dialog box, leave the DN field blank, and type schemaUpgradeInProgress in the Attribute field. In the Value field, enter the number 1. Click the Enter button, then click the Run button.

Close the Modify dialog box.

Launch ADSIEDIT.MSC and modify the mAPIID values for the necessary attributes. (You may need to wait for the Active Directory to replicate.)

Run LDP again, and change the value of schemaUpgradeInProgress from 1 to 0.

From the Active Directory Schema console, right click on the console and choose "Reload the Schema"

Is there any more detailed methods on how to accomplish this task?

Can i have Multiple Domains in a Server 2012 R2

January 7, 2017, 8:40 am
$
0
0

Hi,

I need to know can i have Multiple Domain Name in a Single Active Directory Server.

Or Can i create multiple Forest in a Single Domain Controller.

For Eg : Technet.com,Technet.in,Windows.com & Windows.in.

Thanks & Regards,

D.Nithyananthan.

Windows XP supported client operating system in Windows Server 2012 R2 domain?

January 3, 2017, 7:29 am
$
0
0

Hello,

We're in a process to upgrade our Domain Controllers running 2008R2 to 2012R2.

This article implies that Windows XP is not supported client OS in 2012 domain. Is this correct? We still have about 10 XP boxes joined to our domain.

https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/deploy/upgrade-domain-controllers-to-windows-server-2012-r2-and-windows-server-2012#a-namebkmksysreqsaoperating-system-requirements

Search

DNS Recursion Issue

December 14, 2016, 2:02 pm
$
0
0

Hello everybody,

I have single forest single domain environment that is experiencing an external DNS recursion issue.

Our DNS servers are 2008r2.

Internal DNS name lookups are working without issue but when trying to resolve anything external, we get multiple time outs.

Pinging external domain names does work but is slow, nslookup to external domain names will either timeout out once or twice before succeeding or fail all together and when loading a website in a browser it may timeout and say DNS failed before finally loading.

Recursion is turned on.

Simple recursion tests pass on the DNS server and the forwarders are configured and valid.

I need assistance with this please.

Thank you.


Migrating Users,Computers,Group Policy from Root Domain to Child

December 29, 2016, 7:20 am
$
0
0

Hello,

We are going to migrate users, computers ,Group Policy, OUs, from Root domain to New child domain Controller.

1. How will we migrate Users, from Root to Child: ADMT Works good but does the password will remain the same or no password will change for each user, and by changing UPN as frst it was user@root.local and migrating to user@child.root.local does user will still logon with the same user name with no changes.

2.By migrating Computers with ADMT does it will effect already Domain Joined Computers with root.local as these computer will be migrated to child.root.local domain.what will be the response of these computers.

3.How to migrate Group policy from root to child.

4.Can we migrate complete OU with user or no user will be done manually through ADMT or any best recommendation for migrating users?.

Thanks......


Can't log in Windows Server 2012 r2 when the network cable is plug

January 10, 2017, 2:09 am
$
0
0
Hello every body ,
So here’s my problem, I recently made an update for windows 2012 r2 in 4 of my domain controllers. Since there is impossible for me to enter on these computers.
I can’t logon on physically on my servers and neither on rdp. The only way I find is to enter in my windows 2012 r2 server domain controllers is to unplug the network cable before the restart of windows and then I plug the network cable after 5 minutes the restart is completely over.
The problem is don’t find which KB do this kind of thing. Also I have the problem in my physical machines and my virtual servers.
Thanks


fast concurrent bind against RODC

January 10, 2017, 2:55 am
$
0
0

Hey,

I can do a normal bind against an RODC but when I try a fastbind against the same RODC I get the following error:

"System.DirectoryServices.Protocols.LdapException: The supplied credential is invalid."

Is there anyway I get get a fastbind to work with an RODC?

Thanks,

Martin

Admins sporadically getting "You do not have sufficient privileges to delete " but they have sufficient permissions to delete the object

August 7, 2012, 7:07 am
$
0
0

We've been getting a handful of calls lately from our Network Admins complaining that they can't delete computer accounts.

The get an Active Directory dialog box that states that they are a loser..."You do not have sufficient privileges to delete XXXXXX".

When it occurs, it affects all of the Adminis for the particular problem object in question.

As a domain admin and enterprise admin, I am able to delete the object without a problem.

The Admins are able to delete other comptuers accounts as well as create new computer accounts with in the same OU.  The security and ownership is identical for both problem objects and non-problem objects.

I'm stumped and I couldn't get any relavant hits on TechNet or the web.

David W. King

Techical Architect - Systems, Information Technology
(919) 784-3889 david.king@rexhealth.com

REX Healthcare, 4420 Lake Boone Trail, Raleigh, NC 27607

David W King



Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>