Clik here to view.
Get all nested Acrive Directory groups of user account
Hello,I need a powershell script to retrieve all nested groups that user belongs to. I.e. if user is member of "Group1" and "Group1" is member of "Group2", both groups should be listed.Any help will be...
View ArticleProblem uninstalling AD LDS replicas when first instance is not running
I am trying to understand the process for uninstalling instances of AD LDS and have come across a problem when I try to uninstall a replica when the FSMO role holder is not active.My scenario is as...
View ArticleClik here to view.
Add-KdsRootKey failing with "The process cannot access the file..."
Hello community,Environment Mixed with one (1) domain controller running Windows Server 2008 and one (1) domain controller running Windows Server 2012.Steps to Produce the Problem These steps produce...
View ArticleDomain controllers high availability
HI,We have a small windows environment with 2 domain controllers + DNS. (DC1 and DC2), Last week DC1 and DC2 went down and i was not able to login to any of the servers. I brought up another additional...
View Articleconfigure Integrated Windows Authentication for Cloud Based SSO provider
Hi,We are using a cloud based SSO and they have connected to our AD. They have a Launchpad website, which the SSO apps will live. For internal users on domain, management wants user to be...
View ArticleADFS: Event ID 684 error every hour
I set up ADFS recently. I followed the guidance for setting up for Azure, with plans to use it for other purposes. I am seeing error 684 every hour at about :52:36 minutes:seconds after the hour, so...
View ArticleDecommisioning 2003 with Directory Services/Exchange/Certificate Authority
I have a Server 2003 SP2 Standard server that used to be a physical box. It's running Exchange 2003, Directory Services and Certificate Authority. It used to be the FSMO role holder.Two Server 2012...
View ArticleHow to set a specific password policy to one user in AD 2008 R2?
Hi,My Active Directory is at 2008 R2 level (domain and forest). I have a domain-wide password policy:-password changeable at 80th daypassword expires at 90th dayNow, I need a specific password policy...
View ArticleISASS.exe-System Error SAM Initialization Failed(Secondary DC- 2003R2)
ISASS.exe-System ErrorLSASS.EXE - System Error, security accounts manager initialization failed because of the following error: Directory Services cannot start. Error status 0xc00002e1.Please click OK...
View ArticleSysvol folder not shared and not replicated
Hello guys!At my enviroment I have 2 DC installed Windows Server 2012. Last week I noted that the "second" DC there isn´t sysvol\<domain>\policies folder content replicated. I demoted and...
View Articlewindows 2012 "R2" active directory compatibility
I have a sql 2005 server installed on a windows 2003 r2 server, exchange 2007 sp3 on a windows 2008 server, citrix 4.5 xenapp on windows 2003 r2 servers, and few windows xp users. Any compatibility...
View ArticleHow can update lastlogontimestamp on domain controller 2008 R2
HiI found that I have lastllogontimestamp attribute value on my DC computer account for next 2 year "2016."I am wondering if its set for 2016 then why its not replicating from latlogon attribute as its...
View ArticleCan a SBS 2011 Standard server be added to a Server 2003 domain as a member?
I have purchased a Dell T320 with Server SBS 2011 Standard preinstalled. I wanted to add it as a member server. I was told that it was Server 2008 with more features. The domain has a Server 2003 as...
View ArticleBlocking ldap (port 389) on the DC?
Hello DS Guru's,I have a need to block ldap (port 389) network wide and make sure all clients are using ldaps where possible.I have read numerous threads stating that blocking ldap on the DC is not...
View ArticleEvent ID 5774 on DC
I am seeing multiple errors (Event ID 5774) in the event viewer on our Windows Server 2008 R2 Standard Domain Controller: The dynamic registration of the DNS record '_ldap._tcp.pdc._msdcs.DOMAIN.com....
View ArticleWhere should i create groups in active directory?
Should i create the group in its OU, for instance in my accounting OU, which has the members of the acct in it, should i also create the group accounting and put it in that OU as well?
View ArticleMove DC1 -> file -> DC2
HiI want to copy all AD configuration from live DC to a new backup DC that is not attach to the company network. I want to get working mirror of live DC by export AD configuration to a file and next...
View ArticleHow to prevent a user account from being locked out by other's users?
Hello!Is it possible to prevent a user account from being locked out by other's users?In our domain any user can lockout any user's or administrator's account by typing 5 times wrong password.Thank you.
View ArticleWindows 2012 DC Black screen with mouse after windows update
I was doing some update to our GPO to network drives remotely when the update prompt with count down timer came up. I closed the dialog and continued to work on the GPO. When I disconnected and wanted...
View ArticleDCDiag Error Enterprise Read-only Domain Controllers doesn't have Replicating...
I'm trying to cleanup our domain to eliminate errors and warnings when running DCDIAG and other tools. Following is one problem I had and the associated resolution:Running DCDIAG on any of our domain...
View Article
