Single sign-on and UPN and domain trust
Our internet domain is contoso.com.Our e-mail addresses are like first_name.last_name@contoso.comOur Active Directory FQDN (UPN suffix) is local.contoso.com (created due to split-brain DNS problems).We...
View ArticleAD CS: Cannot request certificate using Webserver Template
Hello,I'm trying to request a Web Server certificate via the certificates snap in. The permissions are set accordingly (user & computer account should be able to access the CA and the Web Server...
View ArticleAD/DNS server running high CPU
Hi, we have 2 DC on a site which are using high cpu (100%) everyday at 1pm which make server unresponding, cant login or view anything until we restart the DC and then its all ok. This then also effect...
View ArticleJOINING COMPUTERS ON A NEW DOMAIN
Hello,I did a migration of users and computers from old domain to totally different new domain.I was able to transfer the users on their end pcs on the same network as the new AD.But when i try to join...
View ArticleRODC in place upgrade recommendations
Hi All,We are having a client with 20 Domain controllers in Data Center and 500 RODC's in Windows 2008 R2 OS. They want to introduce Windows 2012 R2 domain controllers in Data Center and perform...
View ArticleCreating kerberos realm for publicly routeable domain?
I'm attempting to validate if we can use PKINIT for SSO with ADFS to O365. I've run into an issue that because our UPN suffixes are set to the publicly routeable domain we cannot request kerberos...
View ArticleMigrate Server 2008r2 to 2016 Rebuilding Active Directory from Scratch with...
Hello All, I'm tasked with taking an old 2008 Active Domain structure and move it over to Server 2016. The Active Directory services is to be rebuilt from scratch. I've got to keep the old domain...
View ArticleApplication LDAP connections to wrong AD Site
Hi,I have some application that points to mydomain.com to lookup the domains available.the problem is it returns all the domains in both sites.is it possible if I ask for domain controlers it will only...
View ArticleReplication complains
I have 10 DC and they are in different sites and all part of the same domain.A user changes password but cannot login to an application as he/she has to wait for 15 minutes for the replication to...
View ArticleFRS to DFSR question
I’m about to demote my last 2003 Domain Controller this week and I was wondering when do I upgrade FRS to DFSR? Right now I’ve left the 2003 box running but with the NIC unplugged since Friday. Plan to...
View ArticleNltest /dsregdns shows ERROR_NO_LOGON_SERVERS
Hi,3 domain controllers, 2 in site A, 1 in site BWe have replaced our domain controller in site B, so it is now running Windows Server 2016. All replication seems fine, and can not see anything...
View ArticleClik here to view.
Failed to open the group policy object. you may not have appropriate rights
We have parent domain which is Parent.com & then a child domain which is Child.parent.com domain. We are currently facing the issues in child domain only. All GPOs in child domain are fine except...
View Articlewindows services account password auto update
hi there, since some policys, some services accounts need to change the passoword every 180 days, and then we need to go over all the server to change the "saved services account credential " on...
View ArticleDisabling NTLMv1
Hi,how to disable NTLMv1 in an Active directory infrastructure. If I disable NTLMv1 will there any outage occurs.AD:2008R2Client PC: XP3 and above used in my network.Please assist with your valuable...
View ArticleUpgrading offline root CA in two tier environment?
Hi, our root and issuing CA's needs renewing because the lifetime is being reduced.The current offline root CA is based on a Windows 2003 which does not support SHA-2. So I had a clever idea to set up...
View ArticlePowershell Script replace an attribute Value for User in AD
Hi everything is in the title, I want to replace the info attribute of my AD user by 1 or 0 depending of what is write in ITif into the info attribute it's "INT" what is write then it will replace by 1...
View Article2012R2 Backup DC not working correctly
We have a simple domain, 2012R2, 2 domain controllers and a dozen member servers, pretty much out of the box.When both DCs are up it appears as if everything is working fine, BPA and AD Replication...
View ArticleIs that a good idea to setup a dedicated Hyper-V Domain Controller on Hyper-V...
Hello!o/s: Windows Server 2016 Std Know that there is a lot of articles suggested best practices not to have DC roles on the hyper-v Server. To have a dedicated DC for Hyper-V on the Hyper-V server...
View ArticleTemporary Admin privilege
Hello, I read in multiple security articles that system admins often give temporary admin privilege to standard domain users ( Eg- Developers may need temporary access to advanced settings for testing...
View ArticleClik here to view.
Migration from RFS to DFSr issue
Dear All,Greetings,After runining Dfsrmig /setglobalstate 1The following is "Dfsrmig /getmigrationstate" results:and below is "Dfsrmig /getglobalstate"kindly, need your help to solve the issue.Thanks...
View Article