Any limitations Or disadvantages with using msds-memberoftransitive?
Hi,Using msds-memberoftransitive attribute to get direct and transitive(nested) group membership of users. Would like to know if anyone there using it and any limitations with using...
View ArticleAdmins sporadically getting "You do not have sufficient privileges to delete...
We've been getting a handful of calls lately from our Network Admins complaining that they can't delete computer accounts.The get an Active Directory dialog box that states that they are a loser..."You...
View ArticleMaximum Password length
I was trying to set the maximum password length for user accounts in the AD. I know I can set the minimum password length using GPO, but is there a way that I can set a maximum and a minimum password...
View ArticleA question about Immediate and Urgent AD replication
The Microsoft documentation on the following does not make these point clear (especially question 2). Therefore I wanted to ask the question here and hopefully a member of the MS AD team will pick it...
View ArticleClik here to view.
Sites replication fail between subdomains
I have recently dismissed a 2012 DC and replaced with 2016 in a subdomain.At present replication of Sites and Services are not in sync between the 2 domains.The main domain still sees an old servers in...
View ArticleHow to Reactivate my windows ?
Hey all, i did format my system. Now i dunno where to activate my windows. Can someone help me out ?Thanks
View ArticleUnable to sync time from Primary DC
All domain controllers and clients are unable to sync their time from PDC and getting below error. PDC is dyncing from another NTP server in our environment. NTP port is accessablealready run /resync...
View ArticleDCPromo as ROWC fails - Server 2016
I've been working on a DCPromo issue for about 6 months that I can't seem to get around. Some of my specific details are a little fuzzy at this point since it's been so long but I tried the process 3...
View Articlenetlogon and sysvol not shared but synchronized and no error in event viewer
Hi everyone, I have a strange problem in a domain that I can not solve.There are two domain controllers in two different sites connected by a VPN, the domain controller that holds all the fsmo roles...
View Articlecomplete powershell script
Hi i am looking for a powershell script to display all the AD groups on that particular server .Since i am new i have no experience to write one .pls help Thanks
View ArticleNTLM\LM
I have a server\share that users are getting an access denied if using IP, netbios name works. At random the IP will work.I was reading a link and pointed to another link which does not exist. The...
View Articleldap active directory debug
hello:I am configuring sap cloud connector to use keytab to authenticate but running into an issue where DC rejects the authentication method. I have enabled debugging(ldap interface events) on DC to...
View ArticleResolve Netbios Domain\SUFIX???
I am unable to resolve my Netbios (I think) domain. My lovely FQDN is domain.domaindumb.com. NSLookup for FQDN resolves. NSLookup of domain resolves. Am I able to resolve domain because I'm using DNS,...
View ArticleUser authenticated on wrong DC
Hi,We had recently a problem with one of our DC:s. We had 4 DC, dc01, dc02, dc03 and dc04. For some readon dc04 died and it doesnt exist on the forest anymore. But every morning somehow some clients...
View Articledemoting server 2012 issues
Trying to demote a server 2012 PDC and the new server running 2016 is working, transferred all roles to new server and replication is working but when I try to demote the old server it says it cannot...
View Articlefailed KccEvent in dciag
hi all,I had to forcely remove a domain controller named DC2 (because it was considered as a tombstone)by stopping kdc service and then made a clean up metadata(keep in mind that I isolated dc02 in...
View ArticleClik here to view.
SYSVOL replication unknown server
I noticed that we have two unknown servers in our sysvol replication and I was wondering where it is possible to remove the two unknown servers. I haven't found any documentation that enplanes how to...
View ArticleDFS error in dcdiag before and after demotion of additional active directory
hi alli went to a company that has 2 domain controllers dc01 and DC02 ,dc02 is the additional domain controller was considered as tombstone because a replication doesn't take place since april 2017,...
View ArticleServer 2016 can ping but can't manage it remotely. (after removing GC role).
I was trying to replace a 2016 server with another server. While I was doing it, I remove Global Catalog role from the old server (running server 2016). Then, I had to get up to do something before I...
View ArticleQuestion regarding SID History filtering
Hi All,We are working to test the security of Active Directory external trust. As per Microsoft TechNet articles if we disable SID history filtering then the Administrators in trusted Domain can misuse...
View Article