Hi All,
I am planning to transfer FSMO roles from DC 2008 to new DC server 2016, i want to use same IP address of existing 2008 DC on New DC 2016, is it possible that after i transferred the roles to new DC, can i shutdown old DC and use the same IP address on new DC 2016? because all users are using DC 2008 in preferred DNS and have Static IP address so it is difficult for me to change for 100s of users.
Regards,
Agha
Hello everyone. I need help with this. I have set up Windows Server 2016 with my domain name, let's say example.com. The issue is that my domain example.com is hosted by Siteground. When I set my own server to be my DNS server I cant access my website from any of our computers. I was wondering how to point my local domain example.com to the one hosted in Siteground with the same name.
Thanks for any help.
I have a relatively small network with 2 sites and one DC in each one (total 2 DCs in the network). They are currently running Windows Server 2003 and it's finally time to upgrade.
Since upgrading Windows Server 2003 DCs directly to Windows Server 2016 is not officially supported (and I read mixed responses to the question whether it technically works) I'll be upgrading the DC on one site to Windows Server 2008 R2 first (it will be upgraded to Windows Server 2016 later). The upgrade is not in-place since the said DC is running on antique hardware and is 32-bit, so I'll introduce a new DC and demote the old one.
This is done in one location. In the other one I'm trying to spare the need to have a temporary 2008 R2 server and go to 2016 directly. If I understand correctly I need to remove all 2003 DCs before I can introduce the first 2016 DC, right? So my plan is that after I have the 2008 R2 DC running in the first site (2003 will be removed from it), I'll also demote the 2003 server in the second site and only then promote the 2016 server, however this temporarily leaves the domain with only one functioning DC and the second site without a DC at all. This situation should probably not take too long because I'll be promoting the new DC immediately after demoting the old one, however since I've demoted the only DC in the second site it means that the new DC will have to replicate its schema from the first site - and the sites are connected via VPN connections.
Do you think this is an acceptable risk? Can you pinpoint things that can go wrong?
Thanks!
Hi All,
I'm looking for some advice on how Base DN targeting works.
I'm researching an appliance product that allows you to add an authentication provider to authenticate users to a service provided by that appliance. In this case I am adding Active Directory via LDAP as an authentication provider.
I would like to set a Base DN to target a set of groups within an OU down the AD tree and when I do this, the appliance finds the groups and I can add these group within the appliance to provision access to the service.
Lets say I have a domain called contoso.local with a structure like this;
contoso.com
- Users
- Admins
- Application
In this case, I've set my Base DN is ou=application,ou=groups,dc=contoso,dc=com
The appliance finds the groups within the OU and I can assign a group, say Group1 to access the service provided by the appliance. If I add users to this group however from theUsers OU, the appliance can't authenticate them as they do not exist under the Base DN root structure.
To my mind, if they are a member of a group I have added and applied permission to within the appliance then it should be able to authenticate them but I'm being told this is not possible.
I'm clearly a little rusy on this, but does that sound correct and if so, what are the alternatives? To set the base DN as dc=contoso,dc=com or move other OUs around? How else could I lock this down?
Thanks in advance!
We have been testing out a new ADFS Authentication Provider.
It has been working fine, then all of sudden we get this error. I have searched for "ADFS You can only specify a maximum of one identity claim" but this error doesn't seem to show up. Any ideas what's wrong?
PS C:\Windows\system32> $typeName = "NewAdapter.MyAdapter, NewAdapter, Version=1.0.0.0, Culture=neutral, PublicKeyToken=xxxxxxxxxxxxxxxx, processorArchitecture=MSIL"
PS C:\Windows\system32> Register-AdfsAuthenticationProvider -TypeName $typeName -Name "NewAdapter"
Register-AdfsAuthenticationProvider : ADMIN0021: Invalid authentication provider data. You can only specify a maximum of one identity claim.
At line:1 char:1
+ Register-AdfsAuthenticationProvider -TypeName $typeName -Name "New ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Register-AdfsAuthenticationProvider], InvalidDataException
+ FullyQualifiedErrorId : ADMIN0021: Invalid authentication provider data. You can only specify a maximum of one identity claim.,Microsoft.IdentityServer.Management.Commands.AddExternalAuthProviderCommand
Hi,
I need to retire a Win2008/DC server that was the original server in the network and held all the fsmo roles. I've since moved all the fsmo roles to a Windows 2012 R2 Server including the PDC Emulator.
My concern is that when I do a \\net time from any computer it always pulls the time from the 2008/DC. I am worried that if I demote the 2008/DC server that I am going to have time issues. Is there anything I need to do to make sure time syncs properly across my network?
Thanks
Paul Raflik
Hi,
It seems, that between two locations with domain controllers Port 389/UDP was filtered by external firewall (TCP works fine)
-------------------
Portqry:
UDP port 389 (unknown service): LISTENING or FILTERED
Sending LDAP query to UDP port 389...
LDAP query to port 389 failed
Server did not respond to LDAP query
-------------------
I know, that MS recommends to open Port 389/UDP.
But is this really relevant? What problems can occur with Port 389/UDP filtered?
The AD seems to work fine.
thanks in advance Boris
Hi,
DC was shutdown during maintenance and after that started problems with replication, dns etc. First problem what I need to debug is so I cannot
load DNS console and dns is not working.
Theres is error message:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
Service restart is not helping. How can I debug this problem?
Thanks.
Current scenario:
Domain and forest Functional Level:2003
end user os version (1000 XP , 1500 windows 7 , 200 windows 10)
Q1. For deploying Exchange server 2016 and SSCM in the environment you need to increase domain and forest functional level, after you increase the functional level is there any risk of end users (XP users) being impacted?
ad复制时提示这样的问题
尝试建立下列可写目录分区的复制链接时失败。
目录分区:
CN=Configuration,DC=dea,DC=com
源目录服务:
CN=NTDS Settings,CN=HK04,CN=Servers,CN=HK,CN=Sites,CN=Configuration,DC=dea,DC=com
源目录服务地址:
5a9637f8-e186-4a77-8e5a-7c0054384bd0._msdcs.dea.com
站点间传输(如果有):
此目录服务将无法与源目录服务复制,直到纠正此问题。
用户操作
验证是否源目录服务可以访问或网络连接性可用。
其他数据
错误值:
1908 找不到此域的域控制器。
i have server 2008 r2 and i want report from users actvity in active directory
i want track log on/log off users
Hello Guys,
Is there any way to generate report for every logon & logoff of all active directory users? This report will have fields like their computer name, username time & date.
Hi Everyone,
I have a number of AD Users and I would like to create a report which shows what the users have access to. There are a number of security groups, and ideally I would like my report to show which groups each user belongs to.
If anybody can offer any advice on how to generate such a report it will be greatly appreciated.
Kind Regards,
Davo
Hello
I have a colleague who is experiencing problems with getting the Remote Server Administration Tools in his windows features. We have followed the installation proccess for RSAT windows 10, and everything goes smoothly. However, after the required restart, active directory does not show up when searching for it. When trying to enable RSAT in Windows features, there is no "Remote Server Administration Tools". When searching for a solution, it was suggested to delete the english language package and reinstall it. This did not solve the issue. Active directory isessential for some work tasks, so we really need to solve it.
Kind regards
Hakan
Hi,
I wanna to create
1. Domain Controller + DNS - 192.168.10.0/29
2. Client Site A - 192.168.20.0/24
2. Client Site B - 192.168.30.0/24
How to setup Active Site and Services, DNS Configuration.
Please, Help Me.
Thanksssssssss,
We have Windows Server 2016 R2 with ADFS is already installed but we are missing the form authentication (as in following screenshot). Can anyone please let me know how can I add that missing component?
Hi All,
I am planning to transfer FSMO roles from DC 2008 to new DC server 2016, i want to use same IP address of existing 2008 DC on New DC 2016, is it possible that after i transferred the roles to new DC, can i shutdown old DC and use the same IP address on new DC 2016? because all users are using DC 2008 in preferred DNS and have Static IP address so it is difficult for me to change for 100s of users.
Regards,
Agha
Hi All,
Recently we migrated all FSMO roles from domain controller 2008 to DC 2016 on new server, we don't have DHCP in Primary DC2016 at head office. we have one ADC 2008 R2 at branch office and it has DHCP role so how can we transfer DHCP to new ADC 2016 server.
Regards,
Agha