RODC - Secure NTDS.DIT
Dear all, I have one RODC in a DMZ secured by certificates. I need to protect the ntds.dit or get some wayto reduce the fields that sincronize the RODC. The problem is, if some user get access to the...
View ArticleTwo different Active directory domain controllers replication.
Hi, I want to move my active directory domain controller to new domain controller, I mean i want to shift from abc.local domain to xyz.com domain controller. Is it possible? if so than how it can...
View ArticleClik here to view.
DC Replication Issue / Error.
We have setup a new DC in our 'AD site and Services' and this DC is generating following error every time we manually choose 'Replicate now' option between this DC and other DC.
View ArticleDomain upgrade to 2012 R2 - Post changes question
Hello,I'm about to the demote from my infrastructure the last domain controller still running 2008 R2.On this last DC there's an uncontrollable list of applications and services that are configured to...
View ArticleApplying Rollup 3 for ADFS 2.0
I'm applying Update Rollup 3 for ADFS 2.0 to address an problem I'm having related to Issue 3 in the KB https://support.microsoft.com/en-us/kb/2790338. I have 2 internal ADFS servers and 2 external...
View ArticleNot all groups returned by domain controllers of another forest
We have a software that works on workstation that is a member of another domain in another forest.When this software starts it connects to our domain and checks user's group membership with api...
View ArticleVMAT (KMS) Activation Errors with 2012R2
We have an AD environment with a KMS server activating Windows and Office products. Recently we deployed 2 Windows Server 2012R2 Virtual Machines and these particular 2 guests will not activate. They...
View ArticleAdd Permission at Active Directory level to control user's behaviour on...
Good day. We would like to achieve the concept of setting user permission at Active Directory level rather than at application level, whereby: 1) At Active Directory, set up two users (User1 and...
View ArticlePrevent AD Users to join certain AD security groups ?
Hi all,We are going to build an extranet with sharepoint. Customers should be added to our active directory but they may only be member of 1 specific AD group, they are not allowed to be part of any...
View ArticleDomain Controller Local Policies
Dear Experts,Due to come security concerns, we have been tasked to security harden our Windows 2008 R2 Domain Controllers. As such, have a few qs that i need some advice on. We currently have 2 DCs...
View ArticleExternal Domain Trust Removal
I am trying to clean up some external domain trust issues. The trust has been removed from one side of the trust, but I cannot remove the trust from the other side. I have domain admin logins in both...
View ArticleVAMT 2
HiI have inherited a VAMT 2 server from our previous network manager and have no documentation on this. I was wondering if anyone could explain how it works.When i open the tool there are no computers...
View ArticleDomain controller upgrade Server 2008 R2 to Server 2016
Hi All,I have 2 DC's that are currently running Server 2008 R2. I am planning on upgrading these in the near future, but am wondering if it might make more sense to just wait until Server 2016 is...
View ArticleBulk Disabling AD Users using dsmod
Hello,I am working on a downsizing of the AD environment for my client, they have given me a text file of 200 users to disable. The DC is running 2008 Enterprise SP2, I do not have access to RSAT or AD...
View ArticleMoving FSMO roles to another site Windows Server 2008 R2
We have 14 sites/Subnets created in Active Directory, replication topology from HQ to each site and FSMO roles is hosted on one of the DC in HQ, all sites have local Domain Controller, we are in...
View Articlegetting temp profile
Some users are getting temp profile and generating even log: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you...
View ArticleTo find the AD Schema attribute
Hello All,I have script to find the AD schema attribute for the all objectdsquery *"cn=Schema,cn=Configuration,dc=MyDomain,dc=com"-Filter"(objectClass=attributeSchema)"-AttrLDAPDisplayName rangeUpper...
View ArticleLDAP Automation error automation error -2147463155 8000500d trying to update...
AD on Win 2012 R2I'm working in an isolated sandbox with a test AD server and a Win 7 workstation running Office 2013. I am new to AD and LDAP, but quite proficient in VB and VBA (and C# for that...
View ArticleCan't add 2012r2 as member server of a 2003 domain
Hi everyone and thanks in advance by your help. I have a 2003 domain (DDL and FFL = 2, previously 1) with two dc's, both are 2003, static IP (only IPv4), DNS pointing to itself on each one. When a try...
View ArticleADFS Proxy Config Wizard crashes
Hello,I've installed ADFS 2.0 Proxy on a Win2008R2 server. The first screen checks for the Federated Server, for which I type in "adfs.domain.org" and that gives me a success. So I know communication...
View Article