Give user right to backup DC
HiI encountered this question online. I am unsure which is the correct answer.You have a Group Policy object (GPO) named DomainPolicy that is linked to the domain and a GPO named DCPolicy that is...
View ArticleDR Testing in Sandbox environment.
In previous years we would perform a DR test consisting of bringing up a handful of our Windows Server VMs (On VMWare) at our Disaster recovery location. The DR location has it's own SAN array that is...
View ArticleObject deletion protection - "Delete child" ACE on parent?
So I know what "protect accidental deletion" flag do, I also know it adds an ACE deny everyone on "delete" and "delete tree". It all makes sense. But what I don't know is it also adds a deny "Delete...
View ArticleClik here to view.
Enable Kerberos AES encryption on an existing one-way trust
I'm trying to get kerberos to work between an internal and a DMZ forest with a one-way trust between them and have narrowed the issue down to encryption type between the client and DC.After some...
View ArticleScript to Update DNS Address with Different Interface Names on Multiple Servers
Currently, we have an environment that requires adding a new Domain Controller with a new IP Address. Management requires all the servers in the environment to update the DNS with a new IP Address of...
View ArticleDomain Services - Active Directory Hosting DMZ
Hi Team,Just wanted to know why the people hestiate do keep their servers joined in the Domain Network while the server is placed in DMZ segmentation.I would like know a well detailed security notes...
View ArticleAD Replication in Server 2008R2
Set up New child DC in an existing forest. Having trouble replicating Active Directory, so it works All of the time.
View ArticleDomain Controller taking long time to login via Remote Session while another...
Dear All,we are facing a issue with our domain controller (windows 2012r2) when i was accessing the server via remote session its took long time to login after given credential and some time it got...
View ArticleLastlogon mystery
We've got a domain with a 60 day password expiration policy. An audit uncovered the following condition with a group of accounts and I'm having a hard time coming up with an explanation. (Names have...
View ArticleIs this possible?
I have a DNS only domain, domain.com. It is just a DNS domain with several A records and a few SRV records for lync, Exchange. Can I do dnscmd /zoneexport domain.com c:\temp\domain.com.dns to export...
View Articledividing an enterprise to two different organization
Hello everyone,An organization (enterprise) consists of two departements. Theses two departements exist in foure countries. These two departement share Active Directory and some ERP systems.Now the...
View ArticleClik here to view.
Help with delegation - Usergroup should be able to delete computers but do...
Hi everyone,i'm searching for the setting to allow users to delete computers but do not create any. All tutorials are about creating AND deleting so i think i'm missing a right here.Currently i've the...
View ArticleHow to active directory Smart Card Authentication with external certificate...
HI,We are planning to have AD authentication for users with smart card and certificate for smart card comes from third party issuer. How to do this. How smart card authentication works.Thanks,Sai Siva...
View ArticleA Large Task to complete with intelligence - A New Network Printer Setup for...
Hello All, We have a new network printer in the office and wanted to set up for more than 100+ PCs We have 1511,1709 and 1803 mix version windows installed. Active Directory 2012 and All PCs in Domain...
View ArticleActive Directory and external openldap
Hello,Now I have all the users and passwords stored in openldap (no domain) and I want to introduce Active Directory on the network.Is it possible to configure AD to use openldap as a password...
View ArticleMake visible on Organization tab in ADUC a new Attribute
Hello, How do I make visible on Organization tab in ADUC the new attribute I added named "hrmanager" ? We already have Manager showing in the Organization tab. I would like HRManager to show right...
View ArticleMany Global catalog DC's in the Same Site
Hello ,I m looking for an explanation why sometimes some Customers make many Global Catalogs DC's in the same Remote Site (same location) ?Regards
View ArticleAD replication error (Event ID 1864) / deleted DSA / AD cleanup
Hello everybody, we have a problem with the AD. In the past we upgraded some of our DC's from server 2012 to server 2016. We have a forest - not yet all subdomains are upgraded. As recommended by...
View Article1 Domain Controller with replication in progress
I recently installed a new DC and made it the PDC. The old PDC was demoted and removed from the domain.On the new PDC in GP management I have this "error" 1 Domain Controller with replication in...
View ArticleDR Testing in Sandbox environment.
In previous years we would perform a DR test consisting of bringing up a handful of our Windows Server VMs (On VMWare) at our Disaster recovery location. The DR location has it's own SAN array that is...
View Article