We have a root domain and multiple child domains at 2008 R2 level. We want to upgrade 1 child domain to 2012 DC. My understanding was to upgrade Schema on root domain (Schema master) and then do domainprep on child domain (infra master) and then introduce
2012 DC in child domain. Microsoft told me do schema upgrade on root domain DC and on same DC do domain prep (he said you don't need infra master on this DC to do domain prep), and then after that he said do domainprep & gpprep on child domain DC and then
install 2012 DC in childdomain. My understanding was domainprep on Root domain DC will not be required. please advise
↧
2008 to 2012 Domain upgrade
↧
Trusted forest with DC shared same AD site and same subnet
Hello All,
I have a question about a specific AD configuration.
We have a Forest thrust between 2 Forest (A and B).
We want to add new DC from forest A in Datacenter of forest B, in the same subnet where Forest B DC's are already installed
So we will use the same subnet and AD site name for DC from different forest.
At first, there should not be any problems, but i just want to be sure.
Thanks,
↧
↧
Protect service Account from accidental Deletion
I want to protect my service account from accidental disable/enable from all users. To accomplish this task I tried to take help of DSACLS, However I am having difficulties to achieve this goal. Below command gives me error as mentioned below . Can someone assist me to resolve my issue
C:\>DSACLS "CN=serv_test,CN=Users,DC=ID,DC=COM" /D "Domain Users:RPWP;userAccountControl;user" /I:Tuser is specified as Inherited Object Type. /I:S must be present.
The parameter is incorrect.
The command failed to complete successfully.
↧
"RPC Server Unavailable" while attempting to Join domain
I am promoting one of the Windows Server 2008 as Additional Domain controller of Windows 2003 Server Domain controller. while promoting it is getting failed due to "RPC Server Unavailable".
Then i am trying to add same Server 2008 to that domain there also its showing "The Following error occured attempting to join the domain xx.com: THE RPC server unavailable"
Is there any to resolve this.....
MCT,MCSE,MCSA,MCTS, Server Administrator
↧
Test-ComputerSecureChannel fails on domain controller
Hi all,
I've 2 domain controller (DC-01 and DC-02) both Windows Server 2012R2. When I run the cmdlet test-computersecurechannel on DC-01, i get:
PS C:\Windows\system32> Test-ComputerSecureChannelTest-ComputerSecureChannel : Cannot verify the secure channel for the local computer. Operation failed with the
following exception: The specified domain either does not exist or could not be contacted.
At line:1 char:1
+ Test-ComputerSecureChannel
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (DC-01:String) [Test-ComputerSecureChannel], InvalidOperationException
+ FullyQualifiedErrorId : FailToTestSecureChannel,Microsoft.PowerShell.Commands.TestComputerSecureChannelCommand
on the DC-02 the cmdlet runs fine:
↧
↧
Latency on a domain workstation when accessing a network share.
This is the first time I've ever posted a question on any blog, but I'm at my wits end. I have a domain with about 50 users. I have one system that when trying to access a file share on a server in the domain, it takes an extraordinary amount of time to
load, but eventually will, if you just let it do it's thing. It doesn't matter what profile I log in with (user or admin) the problem is the same.
I took the system off the users desk and connected it at my desk. Everything works fine. Files load quickly. So I thought, it was something on that network port. To test, I brought a different system to that users desk and connected it. Oddly, the connection to the shares was fast and loaded quickly on both a user and admin profile. I replaced the users system and the problem returned.
I can access the internet no problem, no latency. I can ping the server at less than 1ms. I flushed the DNS. I cleared the ARP. I updated everything. I tried in Safe Mode. I disabled Add-ons. I added the server to the host file. I don't know what else it could be.
Why does it work at a different network jack and why does a different system work on that jack?
Any help is greatly appreciated.
I took the system off the users desk and connected it at my desk. Everything works fine. Files load quickly. So I thought, it was something on that network port. To test, I brought a different system to that users desk and connected it. Oddly, the connection to the shares was fast and loaded quickly on both a user and admin profile. I replaced the users system and the problem returned.
I can access the internet no problem, no latency. I can ping the server at less than 1ms. I flushed the DNS. I cleared the ARP. I updated everything. I tried in Safe Mode. I disabled Add-ons. I added the server to the host file. I don't know what else it could be.
Why does it work at a different network jack and why does a different system work on that jack?
Any help is greatly appreciated.
↧
Password SYNC from ADDS to LDS!!
Hi ,
Any Suggestions or links how can I Sync password from ADDS to ADLDS?
↧
Active Directory Users export and import another domain
Hi Team,
I have MZ (10.X.x.x)and DMZ(192.X.x.x) network environment here....requirement is..
one MZ domain is abc.com and another DMZ domain is xyz.com..
Which have MZ domain users with all objects with respective OUs export and import to another DMZ domain xyz.com...
Please help on this..
Thanks
Bhaskar B
Bhaskar B Exchange Administrator
↧
Last password reset of DSRM
Is there any option to find out when was the last password reset of DSRM.
↧
↧
Windows server 2012 R2 Conditional Forwarder: NSlookup fails the first time
Hi,
Windows server 2012 R2.
I have a conditional forwarder added to resolve to the customer domain (abc.com). When I do nslooup -type=mx abc.com it fails the time and it resolves the second time.
My domain contoso.com (not my real domain)
First nslookup
c:\> nslookup -type=mx abc.com
Server: DC1.constoso.com
Address: 192.168.1.5
DNS request timed out was 2 seconds.
***Request to DC1.contoso.com timed-out
Subsequent nslookup
c:\> nslookup -type=mx abc.com
Server: DC1.constoso.com
Address: 192.168.1.5
Non-authoritative answer:
abc.com MX preference =1, mail exchanger =mail.abc.com
mail.abc.com internet address = 10.10.0.5
Any ideas what might be this issue?
Thanks,
↧
Computer Hangs - Screen Saver Group Policy
Hi All,
We have deployed the new screen saver GPO to all the users,
Computer freezes as soon as it reaches the desktop home screen.
Clicking anywhere one the screen or pressing any button on the keyboard has just no effect whats ever.
SK
↧
Protect service Account from accidental Enable/Disable
I want to protect my service account from accidental disable/enable from all users. To accomplish this task I tried to take help of DSACLS, However I am having difficulties to achieve this goal. Below command gives me error as mentioned below . Can someone assist me to resolve my issue
---------------------------------
C:\>DSACLS "CN=serv_test,CN=Users,DC=ID,DC=COM" /D "Domain Users:RPWP;userAccountControl;user" /I:T
user is specified as Inherited Object Type. /I:S must be present.
The parameter is incorrect.
The command failed to complete successfully.
-----------------------------------
My service Accounts resides in same OU's where normal User accounts resides. Implementing on whole OU will not be feasible for me as Service Desk people will not able to perform day-today operations for Normal users. Here my goal is to selectively identify all Service accounts scattered over multiple OU's and then implement this restriction. I am able to achieve this via GUI interface but I have more than 1500+ service accounts in my domain and its not feasible through GUI and I was looking for some kind of command line solution.
Thanks
Gautam
↧
An attempt was made to reset an account's password - Child domain Administrator
Dear Sir,
our one of the Child domain Administrator login not able to login,
then we are checked in Event Viewer -> Windows Logs -> Security.
-------------------------------------------
An attempt was made to reset an account's password.Subject:
Security ID:"xxxxx"\Administrator
Account Name: Administrator
Account Domain:"xxxxx"
Logon ID: 0x29xxxxx
Target Account:
Security ID:"xxxxx"\Administrator
Account Name: Administrator
Account Domain:"xxxxx"
----------------------------------------------------------
our team, all are take RDP connection regularly. need to find who reset/changed the password.
please help us - how to find?
1. who reset or changed the password
2. Source IP or source computer name?
3. Source system login user id?
Regards, Pradhap P
↧
↧
Microsoft Active Directory Lightweight Directory Services (AD LDS) to allow ldap authentication for third party applications
We are thinking of implementing Microsoft Active Directory Lightweight Directory Services (AD LDS) to allow ldap authentication for third party applications.
Some applications require AD schema modification and we are trying to avoid that by implementing AD LDS as we can have the new attributes in AD LDS rather then extending AD schema.
Has anyone implemented this and is there a guide available for this implementation?
And what is the best way to test this before implementing in production?
Some applications require AD schema modification and we are trying to avoid that by implementing AD LDS as we can have the new attributes in AD LDS rather then extending AD schema.
Has anyone implemented this and is there a guide available for this implementation?
And what is the best way to test this before implementing in production?
↧
Conduct Test-ComputerSecureChannel on client, succeed on secondary dc02 but failed on primary dc01.
Hi All,
I created a VM lab environment to test planned AD setup. I have DC01 (primary) and DC02(secondary) running in windows server 2012R2. I also set up a client running in Win 7Pro.
When I test using test-computersecurechannel, things are looking good on the DC02. In the client machine, test went through with server DC02 but not server DC01.
Any tips will be appreciated!
Below screen shot is testing on the primary DC01. From what I searched in the forum, error on the primary DC is normal.
Below is the screenshot of testing on dc02.
Below is the screenshot of testing on client. Test is good with dc02 butfailed with dc01.
↧
Get-ADUser
I have script and I need find users from AD by DistinguishedName
# Specify target OU.
$TargetOU = "ou=testi,ou=Users,ou=test"
# Read user sAMAccountNames from csv file (field labeled "Name").
Import-Csv -Path Users.csv | ForEach-Object {
# Retrieve DN of User.
$UserDN = (Get-ADUser -Identity $_.Name).distinguishedName
# Move user to target OU.
Move-ADObject -Identity $UserDN -TargetPath $TargetOU
}
I get the following error:
get-aduser : Cannot find an object with identity: 'test test' under: 'DC=test,DC=test'.
I have CSV file and there are names like "Testi Testi", if I put "Testi.testi", then it will work just fine. Problem is that we have accounts that have different logon names, than the actual DistinguishedName. Like username is "Marta.Kyll" and DistingushedName is "Marta-Kylie Kyll"
↧
Allow private network to access domain controller
Hi
Trying to setup NAS server with private IP address ( say 192.168.1.x).But it complains about not being able to reach the DNS server .
How can I create a rule or policy at server to allow private network "192.168.1.x".
Thanks
↧
↧
Active Directory
Hi All,
If we mention the computer object language in computer properties attribute, does it change the regional and language settings in particular server.
Please share your inputs asap
Thanks in advance, R.R.Prabuyuvaraj
↧
Resource based Constrained delegation- Trust Requirement
I am planning to run some test around Resourced based Constrained Delegation. I came across a statement to have a Two way Trust between Domains\Forest in order to implement Resource based Constrained Delegation.
Domain A User
Domain A Server
Domain B Resource
So if Domain B has a One way Trust with Domain A, where Domain B is Trusting and Domain A is Trusted, wouldn't it be sufficient? Is it a Must to have a Two Way Trust?
↧
Account & Resource Domain Setup.
Hi All,
DomainA Users/Computers are migrate to DomainB. Keep all the servers in DomainA.
Users are login to DomainB DC01 but Computers are getting the DHCP form DomainA -DC01.
DomainA DC01 - 192.168.1.1
DomainB DC01 - 10.1.1.1 /Site: DCsite1
Q1: In DomainA DC01- DHCP scope should i put DomainB DNS ?
Q2 : In DomainB DC01- Site & service--IP , User subnet should Point to site: DCsite1 ?
Q3 : Is there a benefit for setup DHCP in DomainB DC01 ?
As
↧