Secure LDAP - Domain Controller FQDN (.local vs .com)
According to this article microsoft requires that the name of the certfiicate match the FQDN of the server for LDAP over SSL with a third party.The FQDN of my Domain Controller is...
View ArticleHave to remove and readd multiple PCs to domain every morning, no error messages
For the past 2 weeks, every morning we have a few computers that will not allow any domain user to login (tested with 3 known good accounts)The only error message is the standard (Username or password...
View ArticleCross domain account logon events
Hi,Our organisation has two domains with a 2 way trust established between the two, lets call them domain A and domain B.We have users in domain A who often use domain resources in domain B, however,...
View ArticleAre my DNS settings correct as Exchange throws a wobbly when the pdc is down!
Hi there, apologies for posting but I can't seem to find the answer to this anywhere and afaik I am following all good practice! We have several sites with DCs in all of them and at our main location...
View ArticleHealthchecks of AD - issues
Do any of you do independant healthchecks/technical audits of active directory setups for clients/partners? I just wondered if you come across any common issues in design weaknesses/maintenance...
View ArticleLDAP Client Sessions
HII have several DCs with "LDAP Client Sessions" above 100 and I'd like to know:1) How can I know where that sessions come from2) How can I reset or logoff that sessions.Thank you very much!Alberto
View Articleproblem setting up new domain in different subnet
i'm in the middle of studying for exam 70-640, so a lot of stuff is still a mystery for me.all these are setup in a VM. Host and all guests OS are 2008 R2 trial. All VMs are connected connected using a...
View ArticleGrant permissions to a single custom attribute, possible?
Hi Is it possible to grant permissions to an account to write to one or two attributes fields in AD only? Instead of giving full rights to the whole schema. MMaelito
View ArticleImplications of re-using server names.
In our environment we have a group that routinely changes the names of servers. Then later on they will create a new server and give it the original name of the one that was renamed.This seems like a...
View ArticleLDAP Query in Active Directory - NPS Network Policy Attribute
Hi Guys, Does anyone know the best way to search for users in Active Directory (2008) with the attribute "control access through NPS Network Policy" (In user properties > dial In Tab) set too deny?...
View ArticleInter-Forest Site Subnet Overlap?
Hello,I have domain1.com with a site/subnet of London & 10.0.0.0/24 (added in sites and services) and now need to create domain2.com but need to use part of the 10.0.0.0/24 subnet. There will be a...
View ArticlemAPIID value not changed after Schema upgrade
I have noticed that the mAPIID value remained the same (32974) even after the schema upgrade.We had the schema version 31 and upgraded to 47 but the above attribute didn't change.I believe the that is...
View ArticleChange domain netbios name
Hi,We have a domain setup (example: TEMP.com) and the netbios domain name was set to (example: TEM&P) when the domain was first created (NT 4.0 days). Many of our new applications have a problem...
View ArticleCan't demote DC
When I try to demote the domain controller, i receive the can't transfer schema partition "the dsa operation is unable to proceed because of a DNS lookup failure", what I need to check? The DNS...
View ArticleAD with FSMO down for days?
Our agency is moving over the holidays and my DC with FSMO roles might be down for a day or two. I have some backup DC/GC servers in remote offices. Should I transfer FSMO rolls to one of those servers...
View ArticleCreate Account for Select Users to Install Programs
We are outsourcing some of our IT to a local company and I'd like to allow a few select users to have the ability to install plug-ins or software on end-users machines without having to contact an...
View ArticleMigrating the Certification Authority From a failed Server to another
I am currently working with a site who 2 years ago their CA had a bad hard drive. This CA was running server 2003. At this point any data on that drive cannot be recovered. Currently all new CA servers...
View ArticleAD Permissions on a specific User Attribute: ms-Exch-Extension-Attribute-5...
HiI would like to use the following attributes "ms-Exch-Extension-Attribute-5" & "ms-Exch-Extension-Attribute-6"for RADIUS software use.RADIUS will simply insert a serial number on the field for...
View Articleerror while domain
Dear All, d error is coming while adding system in domainPls help for following error,Network Path was not found.
View Article