Recommended NTFS permissions for Home folders - Windows 2016
Hi,What are the recommended NTFS permissions from user home drives when you want to automate their creation from the Profile tab of each user account in AD? I dug around and tried some of the older...
View ArticleADFS SSO
I'm currently using ADFS to provide SSO to SharePoint Online sites for users within the organisation. There is now a plan to have one of those sites integrate with an internally hosted (on-prem) web...
View ArticleAD LDS Backup failing
We have a web server that uses AD LDS for managing tabs, roles, security, etc. running on Windows Server 2016.I am currently having an issue backing up AD LDS using the DSDBUTIL. It has been running...
View ArticleNetwork ports required to open for one way trust to work to a resource domain
We will be deploying a new resource domain and need to setup a one way Active Directory trust.I think I will have to setup DNS resolution which I plan to do by implementing conditional forwarding in...
View Article"Locked for editing..." by a generic username, not the named user
Hi,Following on from my thread here:...
View ArticleClik here to view.
Certificate authority general usage
Hi,I am new to CA system and I am wondering if we install a CA system will this impact how Active Directory works or communicates ?I have setup a test domain, and I noticed that the CA test server has...
View ArticleDoes the Active Directory attribute msDS-AuthenticatedAtDC (forward link)...
Do you know if the linked value msDS-AuthenticatedAtDC (on the user) timeout after a period of time (e.g. TTL) What I mean by this say a user called Fred authenticates via RODC01 (for example he logs...
View Article"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR
Hi to all,I need some advice about situation which I have.We have two domain controller primary and secondary.On primary domain controller we have JRNL_WRAP_ERROR but adding GPO and other settings are...
View ArticleWhy one user can't change the password if the user have Full Control over the...
Hello all,Let's take an example to explain a scenario. I have one user named 'demop' which have full control over the Group named 'weak_permission' which contains a user named 'victim'. Now, I tried to...
View ArticleWhy ADCount is not set to 1 when in the Privileged Group Domain Admins?
Hi,For example I have an user named 'demop' which perviously was not in any privileged Group so that means that object does not contains any admin count attribute which i confirmed it. So I moved it to...
View ArticleDC Promo 2016 server created duplicate SVR records in DNS
Hi all,I know how to fix the issue. This is a link to that process.https://support.microsoft.com/en-us/help/4496901/windows-dns-registers-duplicate-srv-records-for-a-dcHow important is it that I do it...
View ArticleAccess Active Diretory by using 389?
Hi everyone,How are you? Hope you can help... My colleague is writing up a program (by ColdFusion) so that his program can retrieve and display some directory info (such as phone numbers). As you know...
View ArticleShould raise the functional level to Windows Windows 2016 or Windows 2019
Hi,We have completed the upgrade of all our domain controllers in one of our forest to Windows 2019.the current functional level is Windows 2008 R2. Should we raise it to 2016 or 2019 ?
View ArticleAfter upgrading AD new users doesn't appear at Sharepoint and others
Hi,a few weeks ago I've upgraded AD servers from WS 2008 to WS 2016.We use Sharepoint foundation at my company and new users created are not appearing when I want share any folder with them. Old users...
View ArticleRecreate failed DC from scratch with same name and IP
Hi,We have 3 DCs (Windows 2012 R2), but number 2 crashed because of disk failure. We don't have backup as we have 3 DCs on separate physical hosts and even separate locations.However, we have several...
View ArticleGPO to assign security group to have Admin privilege - Server 2016
Hi IT Experts,My objective is to delegate IT support team to have full local admin privilege but same time should be denied accessing to all the servers either directly or remotely. To accomplish this...
View ArticleDNS does not work. Access denied
Hello,we have 2 DC's. server2(not a fsmo owner) is turned off about a mounth.server1(fsmo owner) worked fine but after reboot it doesn't. Event id shows DNS events 4000 and 4007.DNS snap in throws...
View ArticleWindows 2012R2/Windows 2016 domain support for Windows 2000 server
Hi,Everyone,There is a problem to be consulted, my domain server is 2008R2, forest and domain functional level is 2008R2, and I want to upgrade to 2012R2/2016, then for some old windows server 2000 in...
View ArticleMake a field as read-only for users
Hello, I need to make the field Office (physicalDeliveryOfficeName) read-only for my users.So, nobody can edit the own Office field.How can I do it? Many thanks to everyone!Piero
View ArticleAD domain upgrade order
My ad is a single forest multi domain architecture, with one root domain and two sub domains. When I upgrade, should I upgrade the sub domain or the root domain first?
View Article