Quantcast
Channel: Directory Services Forum
Viewing all 2536 articles
Browse latest View live

Windows server 2003 configuration

February 15, 2013, 10:41 pm
$
0
0

I have installed a windows 2003 server and have added active directory module with 2 users and also have given then local access permission and its working fine. Now i need to require the Administrator to do the installations and deny the same to the active directory users. Have tried many options in the group policy but was not successful. I wish i could get a solution for this. 

Even if when the users try to install software promting for a Admin privilege or password would be fine.

Thanks and regards,

Search

Is it possible to merge 2 DC's?

February 16, 2013, 5:43 am
$
0
0

Hello,

My current scenario is, I have 1 DC running Windows Server 2003 R2 and i have recently purchased a brand new SBS 2011 server. When configuring SBS i elected not to use the migration option due to medical software running that is not compatible on SBS 2011 and i would need to keep the current DC on the domain but not running as the primary because SBS must be the primary. So i now have mydomain.com (2003 R2) and mydomain2.local (SBS 2011) on my network. How can i merge both into 1 if possible keeping both domain names? Can DNS be configured to point to both as its much easier for my users to type mydomain.com instead of mydomain.local. I've read that i can dcpromo the 2003 server and then add it to the mydomain.local domain but how would DNS be affected? will i have to manually recreate all DNS entries from the 2003 Server?? or is there an easier way?

I can not import users in active directory

February 16, 2013, 9:25 am
$
0
0

Dear Supporter

I  extracted a CSV file from my AD and now, in a new domain i need to import my users from the CSV file i saved from the old AD. Can i ? (i tired to import the CSV but gave me

"C:\Users\Administrator\Desktop>csvde -i -f 1out.csv
Connecting to "(null)"
Logging in as current user using SSPI
Importing directory from file "1out.csv"
Loading entries.
Add error on line 2: Already Exists
The server side error is "A cross reference already exists."
0 entries modified successfully.
An error has occurred in the program
No log files were written.  In order to generate a log file, please
specify the log file path via the -j option."

and if i cant so what is the right way to extract users from a AD and import it in another

kindly help me out here cuz my manager has gave me this task week ago and he is waiting to kill me next week for it :(

....

Disabled GPO for Windows Update is still applied to one of the Vista workstations

February 15, 2013, 4:44 pm
$
0
0

The majority of the PCs in our office are on Windows 7 Pro, but we have a few older Vista machines and a few even older XP boxes.

We have a GPO enforced in Active Directory that configures Windows Update for all the workstations to pull from a local WSUS server (and disables user control over the settings, of course).

On Tuesday, February 12, 2013 Microsoft released some system updates that took all our Vista machines down. Precisely speaking, they all were able to boot up afterwards; however, there were weird things going on on all of them, such as network logon script unable to complete, Outlook 2010 crashing when starting, Excel spreadsheets won't open, .NET-based apps stop working and .NET installation failing, and all this kind of things.

Anyways, my question is not about this glitchy M$ updates. I decided, that enough is enough (considering that it wasn't the only Windows update that badly affected Vista), so I excluded all Vista machines from being affected by the GPO for WU. To do this, I applied a WMI filer that I called "Not Vista" as follows:

SELECT *
FROM Win32_OperatingSystem
WHERE NOT (Version LIKE '6.0%' AND ProductType = '1')

It seemed to work fine (after gpupdate /force and reboot) on all the Vista boxes but one. On that one, the Windows Update settings still remain locked, with "Windows update is controlled by your system administrator".

Any idea on that?

Thanks.

Hidden Objects in Active Directory

February 15, 2013, 7:38 am
$
0
0

Hi All,

In Discussion some one tell me that we can create hidden objects in Active Directory (like users,ou) using its attributes way like  we hide folder) is it possible if yes then how ?

Pls Reply ..............................

Failed 2003 DC after moving FSMO to new 2012 DC with failed replication

February 16, 2013, 10:13 am
$
0
0
Installed a new Windows Server 2012 Std (gui), joined it to the domain, installed the AD role with DNS and the moved the FSMO roles to new server. I noticed that the replication was failing so I tried a few things suggested on technet and then rebooted the 2003 PDC. When the 2003 boots up it doesn't detect AD and fails to login. The 2012 server is up but it too can't detect AD. I noticed that the SYSVOL and Netlogon shares have gone from the 2003 although the folders are still there. Is there anyway I can resolve this without restoring AD since I'm doing this all remotely (I know that's a bad idea). I can access the UNC paths of the 2003 server and the MMC tools not the registry though.

Thanks,

ljac

What is Active Directory (AD) and how it works ?

February 16, 2013, 6:32 am
$
0
0

Hello,

I downloaded Server 2008 R2 trial and want to try something.

I found on YouTube that is first step of configuration is that to configure Active Directory Domain Controller (forests and etc.)

First, I want to know what is AD, AD DC, how it works ?

Do I need real domain to make it or can use something like addc1.local ? Can I use it on other computers ?
If answer is yes on second : can I use it outside network, to share it via ex. Hamachi ? Or if answer is no : Can I use hamachi for it or must have real domain and how ?

Thanks in advance.

Domain login problem

February 8, 2013, 2:57 am
$
0
0

I have a small forest with a root doamin and a child domain with two DCs in each domain.

The first DC (PDSvr1) has the roles PDC, RID, Infrastructure, DNS, WINS, DHCP.

The second DC (PDSvr2) has the roles Catalog, DNS, WINS.

When the network status is OK there is no problem to login to the domain for users as well as directly on the server console.

However when there is a network problem between the two DCs users can not login even thoug they have network connection to either DC.

The most weird thing is that is not possible to login at the PDSvr1 console either. I would expext that the PDSvr1 locally has all information it needs to verify/authenticate the admin user login.

When the network connection between the two DCs is OK again, the logins also work OK again.

The same problem applies for the servers and users in the child domain.

Can anyone explain this phenomena?

Search

I have a problem in my Parent domain controller, Additional Domain Controller and Exchange Server 2003 when i do ipconfig /registerdns fails with Registration of DNS records failed: RPC server unavailable". Kindly inform me what was the actual problem

February 18, 2013, 3:52 am

Windows 2008 R2 10157 WSMAN after dcpromo

February 18, 2013, 4:59 am
$
0
0

Hello,

i´ve tested all the possible suggested tips, but could not solve the problem:

Windows 2000 AD, new Windows 2008 R2 DC, error 10157 WSMAN, 8344: %%8344

I could not add user "NETWORK SERVICE" via adsiedit.msc as "NETWORK SERVICE" does not exist anymore. I found it on another W2008R2 Server (non DC) as lokal, but DC does not have lokal users. The other domain services are working (especially DNS is correct), dcdiag did output no errors. Manually adding WSMAN using setspn did not solve the problem. As this is a DC i don´t want to deactivate option "update primary domain suffix" in host properties (as found on the internet). There isn´t an Exchange 2010 installation on our AD.

Is there another way to solve this issue?

csvde import users from UTF8 .csv

February 18, 2013, 5:02 am
$
0
0

Hi,

I am trying to import users using csvde from .csv file. All works fine except that the .csv file is saved as Unicode (utf8) and imported usernames have wrong characters for non ascii characters.
I have tried to use the -u switch, but then I receive error:

Invalid file format. DN Attribute not defined

How can I import users with correct utf8 characters if this can be achieved with csvde?

Migrate Active Directory Contacts with all their attributes

February 15, 2013, 3:11 am
$
0
0

Hello, I have two domains (source and target).

I want to migrate all contacts from source domain to target domain will all contact's attributes.

I'm ready to use any tool like PowerShell, CSVDE, LDFIDE, etc.

Thanks you in advance !

nslookup resolving .com query with com.co.in name and IP 96.125.163.8 everytime

February 17, 2013, 9:22 am
$
0
0

C:\Documents and Settings\host>nslookup
Default Server:  server.domain.co.in

Address:  10.126.130.23

> google.com
Server:  DC.Domain.co.in
Address:  10.126.130.23

Non-authoritative answer:
Name:    com.CO.IN
Address:  96.125.163.8
Aliases:  google.com.CO.IN

Check Point Identity Awareness

January 28, 2013, 3:01 am
$
0
0

Hello

The Question is about the Check Point Identity Awareness Software Blade and AD Query. This allows our firewall to identify the users of network traffic. We use WMI events form the Domain Controllers for that. The standard procedure is to create a user with Domain Administrator rights.

Because we do not want that this specific account has domain administrator privileges we would like to follow the procedure described in the Check Point Knowledgebase: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk43874

I am really unsure if we should do that. I cannot estimate the risk that this procedure poses.

What do you think about it?

Stefan

cache lookup DNS

February 18, 2013, 3:41 am
$
0
0

Hi

What is the mean of this Cache Lookup .(root)  in DNS if I  Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

  1. On the View menu, click Advanced Features. See below snap. is this made any different in nslookup or resolution process ?

Search

Change of LAN network mask result in GPO software deployment failure

February 18, 2013, 7:53 am
$
0
0

Hi guys,

Due to the increasing number of devices in our network, we've had to increase the number ov available IP, so we changed the network mask from 25 to 24.

Everything went fine but we observed that the software deployment via GPO failed to work properly, Installers could not find the “source” for packages to be installed, which is a network share. Fixed by forcing a re-deploy of the applications.

A second problem was with the installation of Kaspersky network agent on managend computers. The Group Policy was not applied at all. I had to create a new one instead.

I could find any reason for this, that's why I am wondering what could have been triggered this behaviour.

Your explanation would be very useful to understand this strange (for me) behaviour ..

Thank you in advance.

bogdan

The directory service is busy error when trying to remove a trust.

February 18, 2013, 7:54 am
$
0
0
I am having a problem with permissions and it seems to point to a trust that was set up for a domain controller that is in the domain and running AD for the domain it is being trusted with. when i try to remove this trust it tells me the directory service is busy

Accessing remote registry issue

February 16, 2013, 9:13 pm
$
0
0
we have domain base environment windows server 2008 R2 and windows 7 professional,to restrict concurrent logon we implement userlock,but userlock shows some machines unavailable,while the machine are ON and avaliable on the network,i contact userlock support and they suggest me to check that userlock server connect to the workstation through remote registry.through IP server conects to the registry of the workstation but by name it does not connect..........for any suggestion to solve the issue i will be Grateful.

khan19

PowerShell - What available Assemblies from VisualBasic can be used?

February 18, 2013, 8:41 am
$
0
0

I ran across an article showing that PowerShell is able to use VisualBasic Assemblies by adding

Add-Type -AssemblyName Microsoft.VisualBasic

So it got me curious which Assemblies from VisualBasic can be utilized, or if there is a way (through powershell) to list which ones are available to be used? 

Such as [Microsoft.VisualBasic.Interaction]::Inputbox("Testing Inputbox: ")

What other ones can be used, and is there a way to list them like you can with members - like when you use get-member?

Problem with one site - rodc issue

February 17, 2013, 6:12 pm
$
0
0

Hi All,

I hope you will help me with my problem, because I have spent hundred hours to find what is going on...

topology is 2 hub and spoke, root and 3 domains, 50+ domain controllers, 50+ sites , and one of them is very strange...

it was a site without domain controller - small site, file server and 10 computers, there was a problem that clients could not find proper domain controller to authenticate (nltest failed,

"No authority could be contacted for authentication.

 (0x80090311)"

Other users from different sites could login without problems. What I have done, was to assign this subnet to site in datacenter, and it helped, users were able to refresh gpo etc. But after several days the same problem appear, reassigning subnet back to site without DC resolved a problem, but again only for few days

I decided to install RODC there, I hoped that it will resolve a problems, and improve performance. And it did, but only for another several days.

Today I found events:

    

Log Name:      DNS Server
Source:        Microsoft-Windows-DNS-Server-Service
Date:          2013/02/18 10:24:35
Event ID:      4016
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      JPTOK-FS01.ap.root.net
Description:
The DNS server timed out attempting an Active Directory service operation on ---.  Check Active Directory to see that it is functioning properly. The event data contains the error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DNS-Server-Service" Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" />
    <EventID Qualifiers="49152">4016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-02-18T01:24:35.000000000Z" />
    <EventRecordID>544258</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>DNS Server</Channel>
    <Computer>JPTOK-FS01.ap.root.net</Computer>
    <Security />
  </System>
  <EventData Name="DNS_EVENT_DS_LDAP_TIMEOUT">
    <Data Name="param1">---</Data>
    <Binary>55000000</Binary>
  </EventData>
</Event>



Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          2013/02/18 10:45:18
Event ID:      1435
Task Category: Knowledge Consistency Checker
Level:         Warning
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      JPTOK-FS01.ap.root.net
Description:
The Knowledge Consistency Checker (KCC) encountered an unexpected error while performing an Active Directory Domain Services operation. 

Operation type:
KccSearch 
Object distinguished name:
CN=NTDS Settings,CN=JPTOK-FS01,CN=Servers,CN=Tokyo,CN=Sites,CN=Configuration,DC=root,DC=net 

The operation will be retried at the next KCC interval. 

Additional Data 
Error value:
0 No Error.

Internal ID:
f04079c
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS KCC" />
    <EventID Qualifiers="32768">1435</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>1</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2013-02-18T01:45:18.321109500Z" />
    <EventRecordID>3537</EventRecordID>
    <Correlation />
    <Execution ProcessID="540" ThreadID="1072" />
    <Channel>Directory Service</Channel>
    <Computer>JPTOK-FS01.ap.root.net</Computer>
    <Security UserID="S-1-5-7" />
  </System>
  <EventData>
    <Data>KccSearch</Data>
    <Data>CN=NTDS Settings,CN=JPTOK-FS01,CN=Servers,CN=Tokyo,CN=Sites,CN=Configuration,DC=root,DC=net</Data>
    <Data>0</Data>
    <Data>f04079c</Data>
    <Data>No Error.
</Data>
  </EventData>
</Event>

and few more related to problem with replication from one site, where DC is off

I have manually configured to replicate this rodc with 2008r2 server from the same domain, and it was ok, suddenly rodc cannot run repadmin /bind command, ldap error time out, other servers can do this , there is no time out.

what is also strange my dcdiag results are little different depends on server I am running command.

I will reply on every questions you have...

regards


Viewing all 2536 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>