Managed Service Accounts do not start services on boot up; they can't find...
Problem:I'm having an annoying issue with Managed Service Accounts where they do not start the services they're assigned to on boot up. This is because they cannot find the domain controllers. When I...
View ArticleLNF user object replicating amongst GC's
Hi,Scenario - 1X2003 forest with 14 domainsI had a user object (Tim) in the lostandfound OU of domain1 and used to be an active user in domain1. A conflict had occurred and hence the LNF object.It was...
View ArticleMigration of Primary Domain & Secondary domain Controller
We have two domain Controller 1) Primary and 2) is backup domain controller and we are planning to migrate Primary domain controller in New Hardware and make Current Primary domain Controller as backup...
View ArticleRestrict AD view for specfic users
Hello,Env - Windows 2008 Domain functional levelWe'd like to provide certain managers in departments with the ability to add and remove users from specific AD groups.We know we can provide them with...
View ArticleCross-Forest Kerberos Authentication Delegation of client credentials
We're trying to design a solution to host a SharePoint 2010 BI portal and allow access to external clients.We currently have a resource forest setup where the SharePoint architecture will be built....
View ArticleClik here to view.
Service fails to start, error 1297 and 7000
I have a lab configured with a single domain controller and one client server. Both servers are Windows Server 2008 R2 Standard and the functional level of the domain is Windows Server 2008 R2. After...
View ArticleWindows 2003 AD + File/Print Server - need to demote to member in 2008 mixed...
Hi-Our Primary DC - holds all 5 roles/GC - is a Win 2003 R2 w/ 2008 schema.We also have a file/Print Server that is a GC w/ "no" roles now and needs to be demoted.We just want the Windows 2003...
View ArticleDirectory Services cmdlets inconsistency
Hello,I noticed 2 (small) problems with current Active Directory cmdlets :- Cmdlet prefix may varies - sometimes Verb-ADNoun, sometimes Verb-ADDSNoun- Cmdlets to manipulate AD ACL (get-ADPermission,...
View Article2008 R2 DC and NT4 clients - compatibility
Hi everyone,We are running a single forest/single domain with two domain controllers. Domain functional level is Windows 2000 Native. Forest functional level is Windows 2000. The two domain...
View ArticleDelegate control Move user Objects from one OU to another OU
How i can delegate contorl to user (test1) to move user accounts from one OU to another OU (Child OU) in windows 2003 ?Please help me
View ArticleActive Directory
HelloWhere is the forum for Active Directory Questions ?Thanks. Regards.
View ArticleHow to Make a copy of Production AD for Test Lab
Hello Experts,I am in doubt with respect to take AD snap shot or Clone for the test lab. I have written it bit lengthy and please go through it.In our production environment, AD DS is running on...
View Articlenslookup resolving .com query with com.co.in name and IP 96.125.163.8 everytime
C:\Documents and Settings\host>nslookup Default Server: server.domain.co.inAddress: 10.126.130.23> google.com Server: DC.Domain.co.in Address: 10.126.130.23Non-authoritative answer: Name:...
View Articleno sysvol_dfsr
I have no Sysvol_dfsr folder, dfsrmig /GetGlobalstate give's me an eliminated state, but i can not replicate DFSR with repadmin /replsum /syncallThis is the output i get from repadminReplication...
View ArticleSynchronize passwords between two domains?
Does anyone know of any "FREE" products that can accomplish password synchronization between (2) domains? It could even be a script or some type of process that completes this. I am really only going...
View ArticleAccount Lockout not working as expected
Hi,We are running Win 2008R2 servers fully patched, and have a Domain Default Policy applied to all computers/servers) on the domain. In that GPO we configured the following:Account lockout threshold :...
View ArticleCan Active Directory Federation Services be used as a replacement for FIM?
Can Active Directory Federation Services be used as a replacement for FIM (Forefront Identity Manager)?
View ArticleThe user does not have RSOP data
I have reviewed numerous postings for this issue. However, none of them really apply. I have a few user accounts that I am unable to run gpupdate. Does not make a difference what computer I am on -...
View ArticleAD & DNS Issue
Hi,I used Dcpromo to retire a Windows 2003 domain controller. The process stopped after couple of minutes with message "cannot stop netlogon service". It gave me an option to go back or forward. I...
View ArticleForcing replication with Powershell
I'm working on a script that I can run to force replication between all DCs in my domain. The script works great and replicates all of the partitions. What I'd like is to modify the script so will only...
View Article
