How to check AD Replication?
Hi AD Expert,I have AD Server running 2008 R2 in premise and another one AD running 2012 Standard on the cloud. Besides, I have also AD servers on the other countries that connected via VPN tunnel.How...
View ArticleMissing SysVol and Netlogon shares
Hi,I just created an ADC in our environment. It is noted that SYSVOL and NETLOGON shares does not exist. Can you please help me in this regard? We are using Server 2012.Regards,Anees
View ArticleClean up AD of old server & clean metadata
Hi, I've inherited quite a server mess and I'm hoping that the AD experts in this group might help. Currently I have 2 servers and one of them has AD on it and the other does not. The issue I'm...
View ArticleRestrict the Bitlocker key recovery tab
Hi, i have a request to restrict who can see the Bitlocker recovery tab in AD.can anyone provide the steps required as i was not involved in its setup so i am not sue if this has already been...
View ArticleClik here to view.
About Domain Controller Locators issue:client computer Can not correctly...
Domain Controller: windows server 2008 R2Main Office: DC1, DC2 (Five fsmo)China Branch Office: DC3, DC4I Found some issues about My office client computers, have only a few computer that can't...
View ArticleNetlogon could not register the domain name for the following reason:
NETLOGON will not start on DC1. DCDIAG shows old (no longer existing) DC as Default-First-Site-Name even though it's metadata has been cleared from the domain, in ADSites it is NOT listed as the DFSN,...
View ArticleNTFRS error event 13559 intermittently and replication stops
Hello all: I have a single domain with 160 domain controllers (physical and virtual) we just got event 13559 on domain controllers at this moment its in physical servers only. The File Replication...
View ArticleFind Days since last logon of Computer Account
I am looking to find the way to add the "days since last log-on" field in the following Powershell script. Can someone please help me in tweaking the following script to add the days since last logon...
View ArticleUnable to edit Account Options with Delegate AD access (Access Denied)
We allow the IT services in other countries to manage certain parts of their AD/OU via Delegate Control. Under one Country OU, the delegate rights to edit Account Options are no longer working. This...
View ArticleAccount lockouts
We have a user that keeps getting locked out and I can;t seem to trace the source of the logins.Using the account lockout tool I can see that the user is hitting two domain controllers, the PDC and a...
View Articlefailed to authenticate to DC (event ID 3210)
I´m troubleshooting different Workstation slowness scenarios, and one of the conserning event ID is 3210 which indicates some authorization issues between Client Computer and Domain. Also group policy...
View Articleactive directory 2012 setup
I have set up active directory 2012 on a virtual machine via using Vmware. Before attributing new features to the server (like AD DS, DNS) I changed the name of the machine (to a simpler form), changed...
View ArticleNon-Authoritive Restore taking too long - how to find out why/track initial...
I have had a server that despite not logging anything obvious like USN rollback has been acting strange - kept replicating back to other servers overwriting changes that had been made on them and such....
View ArticleDomain Users problem
We run windows server 2008 R2 in an office. Active directory is being utilized in office.Everything is good but we have a problem with some of users in our domain!Some of users have been joined to...
View ArticleDisabling users that have been inactive for longer than 45 days. Question...
HiMy Company would like to start disabling AD users who are inactive for longer than 45 days. We will use the LastLogonTimestamp attribute that gets replicated every 9-14 days. They want me to change...
View ArticleClik here to view.
Restricted Group - GPO
Hey All,I want Domain Admins group to be member of local admin group on all user computer. I thought of doing this through Restricted Group section in GPO, I modified the Default Domain Policy, Under...
View ArticleChanging WindowsTokenLifetime and LogonTokenCacheExpirationWindow
Hello, SharePoint administrators have sent me this article and ask me to change these two parameters of AD DS: WindowsTokenLifetime = 10 minutes (default 10 hours) LogonTokenCacheExpirationWindow = 2...
View ArticleCannot connect to Replication partner
2 DC's in a very small home network. I went down so I restored it from backup. Now replication is failing. C:\Users\Administrator>dcdiag /test:checksecurityerror /replsource:DC2Directory Server...
View ArticleDelegation for Password Reset
Is this possible?Scenario:Service desk will be able to reset account passwords including domain admin members and the access of SD are only limited to that?Or do you need to be a part of domain admin...
View ArticleDC Promo fails - Access denied
Hello,I was in the process of migrating 2 DC's (DC1 & DC2) Server 2003 to Server 2008 R2 Standard. In the process of all this I prepared the Forest and Domain and had successfully added the first...
View Article