need help fixing my account
↧
need help fixing my a ccount
↧
Restricting users by access rights
Hello,
We are in need of a configuration which does not seem to be available with Microsoft standard features. Please advise how we can achieve the below:
1) 1 User group that can only RDP to a particular set of servers(cannot start/stop services or install anything)
2) 1 User group that can RDP and start/stop all services on a particular set of servers(cannot install anything)
3) 1 User group that can pretty much be an admin but is unable to install/uninstall any software
4) 1 User group who can do anything
thanks
Madhu
↧
↧
Help needed to register PTR record for a new Domain Controller
Hello guys,
I have a remote site with one Domain Controller/DNS Server. This DC has two NICs - one for the production connection and one for the backup. Production connection uses its own IP as preferred DNS server address and one of the hub site DC's as a alternate DNS server. Backup
connection is configured not to register its IP address to DNS and it doesn't have any DNS server addresses configured.
DNS server is listening production NIC IP address.
Yesterday I was notified by a college that one application was failing because reverse DNS query for this remote DC was not returning any result.
When I started investigating, I discovered that Reverse DNS zone actually
was missing PTR record for this remote DC. All other Domain Controllers in other
sites have PTR record registered. Also, production NIC had option
"Register this connection's addresses in DNS" UNchecked.
Next I used following PS command to enable automatic registration to DNS:
Get-NetAdapter -Name "Production" | Set-DnsClient -RegisterThisConnectionsAddress $true
It's now more than 24h since I enabled this setting on the remote DC, but I still
can't see PTR record registered on the reverse lookup zone. I was contemplating
should I run ipconfig /registerdns, create a static record or wait even longer? If I run ipconfig /registerdns command, could it cause duplicate entries to DNS since it affects all NICs right? Still I think waiting doesn't change a thing and manual intervation is now required.
Please help how to get my DC register its PTR record to DNS.
I have a remote site with one Domain Controller/DNS Server. This DC has two NICs - one for the production connection and one for the backup. Production connection uses its own IP as preferred DNS server address and one of the hub site DC's as a alternate DNS server. Backup
connection is configured not to register its IP address to DNS and it doesn't have any DNS server addresses configured.
DNS server is listening production NIC IP address.
Yesterday I was notified by a college that one application was failing because reverse DNS query for this remote DC was not returning any result.
When I started investigating, I discovered that Reverse DNS zone actually
was missing PTR record for this remote DC. All other Domain Controllers in other
sites have PTR record registered. Also, production NIC had option
"Register this connection's addresses in DNS" UNchecked.
Next I used following PS command to enable automatic registration to DNS:
Get-NetAdapter -Name "Production" | Set-DnsClient -RegisterThisConnectionsAddress $true
It's now more than 24h since I enabled this setting on the remote DC, but I still
can't see PTR record registered on the reverse lookup zone. I was contemplating
should I run ipconfig /registerdns, create a static record or wait even longer? If I run ipconfig /registerdns command, could it cause duplicate entries to DNS since it affects all NICs right? Still I think waiting doesn't change a thing and manual intervation is now required.
Please help how to get my DC register its PTR record to DNS.
↧
How to point my domain name to the same domain name hosted in another web server
Hello everyone. I need help with this. I have set up Windows Server 2016 with my domain name, let's say example.com. The issue is that my domain example.com is hosted by Siteground. When I set my own server to be my DNS server I cant access my website from any of our computers. I was wondering how to point my local domain example.com to the one hosted in Siteground with the same name.
Thanks for any help.
↧
Windows Security Log Event ID 4776 on DC
I have a 2008 R2 DC with Windows 7 client.
When I login to client PC using local account instead of domain account several event logs are getting logged onto DC as shown below.
What is causing this event, and possible solution.
%NICWIN-4-Security_4776_Microsoft-Windows-Security-Auditing: Security,rn=425496272 cid=972 eid=672,Mon Jul 02 06:21:08 2018,4776,
↧
↧
Eliminate Domain Needed when Sign in to ADFS 3.0
Hello,
So i want to custom adfs 3.0 so that user doesn't need to enter the domain (just their username) to the username box.
then, i found this article:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn636121(v=ws.11)
Then i tried Example 1: change “Sign in with organizational account” string & Example 2: accept SAM-account name as a login format on an AD FS form-based sign-in page , just to know if they works.
But apparently nothing works, how to verify if the jss already right ?
Any Help/Clue? Thanks :)
↧
Eliminate Domain Needed when Sign in to ADFS 3.0
Hello,
So i want to custom adfs 3.0 so that user doesn't need to enter the domain (just their username) to the username box.
then, i found this article:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn636121(v=ws.11)
Then i tried Example 1: change “Sign in with organizational account” string & Example 2: accept SAM-account name as a login format on an AD FS form-based sign-in page , just to know if they works.
But apparently nothing works, how to verify if the jss already right ?
Any Help/Clue? Thanks :)
↧
having multi domains to be used as upn suffix for my end users, how to make one of them the default so it would appear first in the list when creating a new user account
i went to AD domains and trusts and added domain abc@123 for example
so now i can change the upn suffix for any users to be abc@123
when i create a new user the old domain is the one that comes first and i have to choose abc@123 from the drop list
i think there is a way to make abc@123 appear first, anyone knows how?
↧
cmd
which command can i use to see all pc's and the users connected to our network
↧
↧
Last password reset of DSRM
Is there any option to find out when was the last password reset of DSRM.
↧
User Profile Cant Be Loaded
Hello All,
Recently i updated .ADMX files to the latest "10"and everything works fine, but after a few weeks an issue start "a user profile cant be loaded", i know how to fix it but it keeps happen almost everyday "mostly windows7 and a few cases for windows 10". We have 2000+ computers.
DC: windows server 2012 - workstations: 7 and 10
Note: i did push IE11 through SCCM lately to all windows 7.
Is there anyway to figure out what the causing of this issue
Best Regards,
↧
Trusted forest with DC shared same AD site and same subnet
Hello All,
I have a question about a specific AD configuration.
We have a Forest thrust between 2 Forest (A and B).
We want to add new DC from forest A in Datacenter of forest B, in the same subnet where Forest B DC's are already installed
So we will use the same subnet and AD site name for DC from different forest.
At first, there should not be any problems, but i just want to be sure.
Thanks,
↧
WellKnownObjects AD Container pointing to old Deleted Object
I have posted the same query on the Small Business Forum, but now posting in the General AD Column for more inputs.
The current scenario is, I am dealing with a 2012 R2 Domain Controller (Only one AD) on which no other computer objects can be added. The error is quite simple "A device attached to the storage is not functioning". Investigation on this error has lead to many things which is an issue with the AD Domain Controller.
This Domain was initially running on SBS which was moved to server 2012R2 and decommissioned. Now the current situation is the Default Computer attribute is pointing to SBSComputers OU which has been deleted and it is not even seen in Deleted Objects. The wellknownObjects is pointing to the OU which is in the Deleted Objects. The current location is below:
B:32:A9D1CA15768811D1ADED00C04FD8D5CD:OU=SBSComputers\0ADEL:4e10ac07-6894-43cb-a7b7-cca05f90a74b,CN=DeletedObjects,DC=XXXXXX,DC=local
When we are trying to change it to a new OU, via both Set-ADObject (Get-ADRootDSE) and redircmp commands, both get an error that the Set Object cannot be found:
PS C:\Windows\system32> Set-ADObject (Get-ADRootDSE).DefaultNamingContext -Remove @{wellKnownObjects = "B:32:AA312825768811D1ADED00C04FD8D5CD:OU=SBSComputers\0ADEL:4e10ac07-6894-43cb-a7b7-cca05f90a74b,CN=Deleted Objects,DC=XXXXXXX,DC=local" } -Add @{wellKnownObjects ="B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=XXXXXXX,DC=local" } -server AD.XXXXXXX.local
Set-ADObject : Directory object not found
At line:1 char:1
+ Set-ADObject (Get-ADRootDSE).DefaultNamingContext -Remove @{wellKnownObjects = " ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (DC=XXXXXXXXX,DC=local:ADObject) [Set-ADObject], ADIdentityNotFoundExce
ption
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,M
icrosoft.ActiveDirectory.Management.Commands.SetADObject
Tried through ADSI Edit and AD Explorer tool, but not able to modify this entry
PS C:\Windows\system32> redircmp "CN=Computers,DC=XXXXXXX,DC=local"
Error, unable to modify the wellKnownObjects attribute. Verify that
the domain functional level of the domain is at least Windows Server 2003:
No Such Object
Redirection was NOT successful.
The Server is running with Forest and Domain functional level 2012R2, but still the command fails. We only way to get over this is a way to change the Default Computer Object of WellKnownObjects to a valid OU. I checked even third party tools which also fails to accomplish this.
Any assistance on this would be much appreciated.
The responses from the SBS forums can be viewed from the below URL:
https://social.technet.microsoft.com/Forums/en-US/af3b856f-9986-4950-913f-fbbe70d079f4/wellknownobjects-ad-container-pointing-to-old-deleted-object?forum=smallbusinessserver2011essentials
Regards.
Jay
↧
↧
Shared Folder For Domain Users
Dear All,
How can i allow domain users to share their own folder "created by them"on their PCs. I did disable UAC but didn't work. Is there any group policy i can configure to let domain users to share folders on their PCs or any other solutions ( except adding them in local admin group).
Our envirenment:
1- windows server: 2008 R2 and 2012 r2
2- windows 7 and 10
Best Regards,
↧
Protect AD objects from accidental deletion
Hello, I believe this feature was introduced in 2008.
I recently upgraded all our domain controllers to 2016
We noticed a higher number of "access denied" when moving or deleting AD objects shortly after the upgrade.
I guess I'm just wondering if the upgrade went back and re-enabled that checkbox or a change in 2016 policy because seems like they all got re-enabled?
↧
Active Directory "User must change password at next logon" takes 2 log off's before prompts for password change.
Active Directory "User must change password at next logon" takes 2 log off's before prompts for password change.
How do i set it that it forces the user to change password after 1 log off?
↧
Server 2016
I have a server 2016 that was a secondary domain to a Windows 2008 R2 server. the 208 R2 Server is dead and I need to promote <g class="gr_ gr_164 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-del replaceWithoutSep" data-gr-id="164"
id="164">the 2016</g> to the primary, but I am not having any luck. Any help would be greatly appreciated.
↧
↧
Hidden Users
Dear All,
I have a user in active directory when i do search for it, then i got result but when i go to that OU then i cant find him. I did move this user to another OU and now it showing. I did check " showinadvanceviewonly" and it sets to " not set".
Why this happening? How to get other hidden users?
This OU contains more than 2000+ users and i got a message every time i open that OU. All from letter M to Z are no exist on that OU. Is it because the OU has more than 2000+ objects in it.
Best Regards,
↧
Track Service Account
Dear All,
Are there any wayto track the computer that used the service account. For example, if user X used ServiceAccount@test.com from his computer, can i get his computer name. Are there any tool, script or PS command to get this kind of information
I have an audit tool showing when and where that account has been used, but there are a few users using this service account and its difficult to know who did use it and make any changes.
Best Regards,
↧
User permissions inheritance disabled
Hello All,
I did delegate a user in our team to do some AD tasks, but there are a few users he could not manage. After checking these users, i found the permissions inheritance is disabled. I need to get all these users then i enable permissions inheritance. Can i do it by powershell not script.
Regards,
↧