Active Directory: Cannot create new user on operations master, but can on...
We have a domain for the school I work for that has our main operations master (HS-DC2), and 4 global catalog DCs all on the same domain. On our oper master, we cannot create / copy a new user because...
View ArticleOrdinary users with a domain account can enumerate Active Directory !
We have several domain users (non admins) who, using a VISIO template, could actually enumerate users, machines, and OUs from AD! How is this possible? From a security perspective I thought that only...
View ArticlePrevent timed lockout for computers on domain.local
Hello good people!First I would like to say I already have tried searching the forums, but I have not been able to find the precise topic and Windows Server 2012.Second I know what I want to do, and...
View Articleraising domain functionality to windows server 2003.
My question would be if raising domainfunctionality and forest would haveany problema or should we expect some strange behavior,we have 2 DomainController2003 and we wuld like to raisethe same...
View ArticleIt should be easy....PDC Timesource
Hi,Im trying to configure the Server 2008 DC with the PDC role for my clients site to talk to an external time source to get it's time. The domain time hierarchy is working fine and all servers and...
View ArticleOffline defragmentation of NTDS.dit
Hello,I'm studying for the 70-640 exam and while practicing in my lab environment I performed an offline defragmentation of the Active Directory-database. Seeing as this is a test-environment, the file...
View ArticleMigrate 2003 SLD to 2008 FQDN
Hello,I am in the early stages of migrating a windows 2003 single label domain to a 2008 level FQDN. We currently have exchange 2007 and Sharepoint 2007 installed. Any advice on steps to take would be...
View ArticleAdding an additional domain controller causes issues with first
Hi,I have a forest with a single domain/site W2008R2 functional level. The first DC was built without an issue. I have recently added a second domain controller to the domain, and this has caused the...
View ArticleChild domain no longer trust can't validate the trust.
I have a parent child domain. Connections between the parent and child are all open. All ports are check and communication is connectable.I know there is a replication issue. And now there is a trust...
View ArticleLastLogon is 24 days old and still more recent thean LastLogonTimeStamp
I know how this is suppose to work, but does not seem to be working properly. I have a disabled user who has a LastLogon of 3/4/2013, and the LastLogonTimeStamp is still older at 2/23/2013. What...
View ArticleADDS sites and services/RDP
I currently am unable to connect to a DC from outside of our internal network from another DC. I checked our router settings and the Remote desktop is enabled on it. I also checked the firewall. Could...
View ArticleServer not accessible, but still running fine
Hi all,We have had this same issue now with two of our Hyper-V host servers. The The symptoms are that when RDPing to the machine it asks for credentials, but then throws the error : Remote Desktop...
View ArticleExchange AD use in seperate orgnaization for local login...
Hi,I have aServer 2008 AD used for our Exchange 2007 installation. I have 6500 users in 25 separate organizations in this AD with each organization in a separate OU.I would like to push these AD...
View Articlechanging the primary domain DNS name of this computer to "" failed. The name...
Hi all.After joining successfully a computer to the domain, I get the above error.Does anyone know this specific error - "A directory service has occurred"?I found out that unbinding or disabling IPv6...
View ArticleRODC with NETLOGON 5723 & 5805 EventIDs | Machines in Domain
About 6 months ago, I travelled to a remote office where we had issues with machines falling out of the domain, more regularly then at our headquarters. I decided to deploy a RODC at this site, hoping...
View ArticleUnable to manage all AD objects In the network
Hello, I am unable to manage all AD objects within the network,want to know about any tool which can help me. If anybody know about a good AD Manger Tool please let me know here.
View ArticlePKI migration from 2003 to greenfield 2008 R2 plan-of-approach
Hi,I've done a lot of reading here already but I'm on a dead end. Here's my scenario:I have 1 Stand-alone root CA plus 2 Enterprise issuing CA's, all running Windows Server 2003. I'm trying to move all...
View ArticleThe renaming of nested group don't replicate display information across the...
Hello,I have the following issue, i don't understand why the display name of the nested group is not refresh:same forest / not parent-child domainDomainA has two DC: DCa1 and DCa2-GC; (DCa1 has all...
View ArticleHow can I convert a list of Active Directory Display Names in User Names?
I have a list of Display Names that need to be converted to Active Directory User Names. The list is in a CSV format and looks like this:"White, Charles""Henry, Marcus""Farrior, Anthony""Basis,...
View ArticleCode snippet to DUMP OU's ACL's
I have often seen folks looking for code snippets to extract ACL's from AD. I have recently uploaded an example that can traverse from a defined point. Code is located in the Script...
View Article