Migrate CA to another machine - private key KRA issue
I'm trying to migrate Subordinate Certification Authority from Windows 2003 to 2008 R2. I use Key Recovery Agent to archive users private keys. How to migrate old certificate KRA with private key to...
View ArticleSecuring RDP
Hi all, I just want to secure rdp access on some servers. Actually rdp is configured to use a self-signed certificate, but it's not the way our Retina reports like. There's a lot of guides to do so,...
View ArticleClik here to view.
AD NetBIOS domain name rename - reboots question
I’m working on a domain rename plan – but just the NetBIOS domain name. There are lots of caveats and warnings out there about being really careful and maybe it’s better to just migrate etc. However,...
View ArticleServer 2003 + Server 2012 - "Operations Master"
HiI am deploying an Azure 2012 Server that I am going to join to my existing domain as an additional DC. My current DC is a SBS 2003 serverHow would I join and configure the 2012 server to the domain...
View ArticleDisabled accounts getting locked out.
Seeing lockout events for disabled accounts and also see the status of the account being locked. Can not simulate the same with normal invalid logon attempts. Want to understand how these lockouts are...
View ArticleHow to list all domain groups in a different domain
Hello,I can query users in my domain by using "net user /domain".But how can I ask domain users in a different and autheticated domain (I can access resource of the 2. domain) using windows command...
View Articleblue screen after system state recovery domain controller 2008r2
hi ,i have been asked to make a DR plan for our domain. we have two DCs and i am trying to make a baremetal restore of our primary dc (server 2008r2 enterprise) . all fsmo roles are reside on that...
View ArticleDisabled accounts getting locked out
Seeing lockout events for disabled accounts and also see the status of the account being locked. Can not simulate the same with normal invalid logon attempts. Want to understand how these lockouts are...
View ArticleMSIS7015-HttpSamlMessageException in ADFS 2.1
MSIS7015-HttpSamlMessageException in ADFS 2.1 Hi All I'm trying to configure WebSphere(SP) with ADFS 2.1(IdP) for SAML SSO.The IdP initiated flow is working fine.But when I try to send a AuthnRequest...
View ArticleActive Directory Certificate Services could not publish a Certificate for...
I am using device certificates for use with device authentication through a SCEP setup on my MobileIron MDM environment. The devices are authenticating successfully however, the below error messages...
View ArticleUrgent help: need your advice on audit policy
HI all, We configured audit policy to show as below in domain default group policy. Windows 2008R2 forest and doamin functional level. But, when I run auditpol /get /category:*, none of sub category is...
View ArticleChange IP-Adresses of DCs
Hello,I have a 2008R2 DC which should be removed from our Network. The ip-adress of this DC is entered as DNS Server on many Routers etc. My plan is to demote the 2008R2 DC and give the ip-adress an...
View ArticleGP(Group Policy) Replication: Sysvol Replication
Hi All, I want to clear some point about GP Replication 1. GPO replication use FRS/DFS but that replication does not adhere to any site boundaries. means replication will converge to all of the domain...
View ArticleClik here to view.
Issue while registering Service Prinicple Name
Hello All,We are facing a issue while registering a Linux base server which is part of domain. In the below screen shots, you can see the second machine registered the SPN successfully and we get the...
View Article"Access denied" when I grant permissions to view CA via groups, but success...
Hi!I have Enterprise CA on AD 2012 R2 level forest. I want to manage it on another server via remote tools.I create Cert Admins and Cert Managers security groups and grant Manage CA and Issue and...
View Articlerepadmin removelingeringobjects
Hello,I have a single DC environment (that had previously demoted DCs) I've tried searching for tutorials on how to show lingering objects in AD using repadmin.Here is the command that I see:repadmin...
View ArticleAuthentication restrictions for LDAP query
Hi,I am trying to configure a third party service to do an LDAP query to our AD to authenticate users. I am able to authenticate to AD and can do a query using the account...
View ArticleSubordinate CA Redundancy Check Query
We hav a CA architecture in place with one offline root CA and two Enterprise subordinate CAs. All three are in Windows 2008 R2. I want to know if the subordinate CAs are configured in redundancy -...
View ArticleThe Main Domain Problem
HiI Have two server and i installed active dirctory and the other server the replicate from master domain and then now my master domain die and the domain backup working good ( the replicate) . So how...
View ArticleDefault security AdminSDHolder
Hi,For reasons still undetermined, security on the AdminSDHolder object has partly disappeared...I don't have backup to allow me to restore the object (the issue date of 2013)How can I recover/restore...
View Article