Quantcast
Channel: Directory Services Forum
Viewing all 2536 articles
Browse latest View live

How inactive users become in active directory

February 18, 2013, 3:15 am
$
0
0

Hey I have below script to pull out the information of inactive users in domain.

But I want to understand that on which attribute, inactive users mark as inactive in AD.

I mean the attribute of lastlogontimestamp or lastlogondate?

Hence, I have most of the users in my domain which lastlogontimestamp or lastlogondate is not set their attributes then How can I get to know the these accounts are inactive in AD?

Import-Module Activedirectory
Search-ADAccount -accountinactive -usersonly -DateTime (Get-Date).AddMonths(-14) | Where {$_.SamAccountName -like "d00*" -and $_.enabled}| select name,SamAccountName,lastlogondate,UserPrincipalName | Export-Csv C:\inactive.csv -NoTypeInformation

Search

Not getting event id: 110 in application log after resetting ms search

February 18, 2013, 10:04 am
$
0
0

Hi after resolving some other issues I am currently still having problems with the OWA search function, I have tried the solution as below;

You will need to execute a script on the affected Mailbox servers that re-installs the symbolic links:
1. Download the script Repair-ExchangeSearchSymlinks.ps1 from the Script Center (http://gallery.technet.microsoft.com/scriptcenter/16afe88b-6c6d-49a3-8b03-2a2ece27f61a) .
2. Copy the Repair-ExchangeSearchSymlinks.ps1 script to the Scripts folder on the Mailbox server (default location is C:\Program Files\Microsoft\Exchange Server\v14\Scripts).
3. Within the Exchange Management Shell, navigate to the Exchange Scripts directory (default location is C:\Program Files\Microsoft\Exchange Server\v14\Scripts).
4. Within the Exchange Management Shell, run the following script:
.\Repair-ExchangeSearchSymlinks.ps1
5. Within the Exchange Management Shell, run the following script (without the symbols [] and substitute the database name(s) for any databases you wish to reset:
.\ResetSearchIndex.ps1 <-force> <dbname> [<dbname>]...
.\resetsearchindex.ps1 –force db001
6. In the event viewer on the mailbox server you will see Event ID 109 when the rebuilding of the index starts for each database and an Event ID 110 for each database when the index rebuild has completed.

8. After receiving Event ID 110 for each database, test to make sure search functions correctly with both OWA and Outlook operating in Online Mode

But I never get a event ID: 110

Can anyone help?

W2k3 AD responsiveness/high loading

February 18, 2013, 9:29 am
$
0
0

Hi guys

I would like to find out if there are any tools to check if the AD server is busy, serving how many requests and if the load is high?

How do you guys measure from, e.g. by the packets? 

My situation: there are new server and client infrastructure added into my production environment. ADUC is not opening up properly; client logon is unsuccessful increasingly. could the traffic to the AD be too high?

2008 functionality level

February 18, 2013, 8:29 am
$
0
0

I'm getting ready to raise my domain functionality level to 2008r2.

I'm on Exchange 2010 so that shouldn't be an issue.

I have kix scripts that map folders for the users. Would that be an issue.

Anything else i should be looking for as far as potential issues

Ldap Query VAMT

February 18, 2013, 9:46 am
$
0
0

Hi Guys

I am trying to do a Ldap query to use it with VAMT 2.0 to only select the computers in a specific OU, for example: MyDomainName/MyCountryName/Computers, so i write: LDAP://MyDomainController.com/OU=Mycountry/OU=Computers,DC=MyDomainController,DC=.com??sub?(&(objectClass=computer)(operatingSystem=Windows 7 Enterprise)), it shows  "An operation error ocurred" i just wanto to search Windows 7 Enterprise computers, can someone Please give me some guidance.

Thank you so much!

Dcdiag Failed NCSecDesc

February 18, 2013, 8:16 am
$
0
0
Hi everyone

  I'm doing a survey of the environment to start the process migration from 2003 to 2008.Getting fix some flaws but has a replication that can not even understand the reason for the error.in DCdiag, ALL DC's (22) are presenting the message below:


Doing primary tests



   Testing server: Site_Berrini_SP \ VALENCIA

      Starting test: NCSecDesc

         Error BUILTIN \ Administrators does not have

            Replicating Directory Changes

            Replication Synchronization

            Manage Replication Topology

         access rights for the naming context:

         CTIS DC =, DC = local

         .........................VALENCIA failed test NCSecDesc

==================================================


Error BUILTIN \ Administrators does not have

            Replicating Directory Changes

            Replication Synchronization

            Manage Replication Topology

         access rights for the naming context:

         CTIS DC =, DC = local

         .........................JARI failed test NCSecDesc



Dsquery group realized a builtin \ administrators and the accounts below are all blocked for security and a single account that is demonstrating the SID.I wonder if the problem arises from such account and if I can delete them if the problem is being generated by it.


"CN = ntp service, CN = Users, DC = CTIS, DC = local"
 "Testerm CN =, OU = Admins, OU = DF, CTIS OU =, DC = CTIS, DC = local"
 "TR109386 CN =, CN = Users, DC = CTIS, DC = local"
 "CN = Administrator, CN = Users, DC = ctiscdi \ 0ADEL: 4cf8b1eb-5c42-4f03-960c-2259898a7d68, CTIS DC =, DC = local"
 "CN = Project Cacic, OU = Services, OU = DF, CTIS OU =, DC = CTIS, DC = local"
 "User CN = UP. Proxy, OU = Services, OU = DF, CTIS OU =, DC = CTIS, DC = local"
 "CN = User Lock USB and CDROM, OU = Admins, OU = DF, CTIS OU =, DC = CTIS, DC = local"
 "Cn = admin-CTIS, BLOCKED OR =, OU = Users, OU = DF, CTIS OU =, DC = CTIS, DC = local"


thank you

Quick question to understand AD replication between sites/DCs

February 18, 2013, 10:32 am
$
0
0

I just inherited a network setup and I am trying to decipher why decisions were made in the past.

I have three sites with four DCs:

Boston (1 DC) ----- Chicago (2 DCs) ------- Phoenix (1 DC)

Chicago is the primary location for all things with Bos and Phx being branches.

When I get into Connection properties of the NTDS Settings of each DC I am getting mixed information. For example one of the DCs in Chicago replicates from all of the other DCs but only replicates to the other DC in Chicago and the one in Boston.

I look at the other properties of the DC in Chicago and it only replicates from the DC in Chicago and it replicates to the other Chicago DC and the Phoenix DC. Why not the Boston DC?

It is scatter-brained like this so I am trying to better understand the reason why it may have been set up like this. I have seen latency when creating A records or other objects between the DCs and this has caused some lockout issues.

Thanks,

- Gymmbo

Active Directory Sites and Services - Site Costs

February 18, 2013, 11:24 pm
$
0
0

Hello,


I am looking for some site costing recommendations to help with a complex domain infrastructure, any information would be greatly appreciated. 


I will try and keep the issue brief to help understand exactly what I am trying to achieve.  Basically we have some 6 AD Sites specified by subnet, see below:


UK Site A - No Domain Controller

UK Site B - No Domain Controller

UK Site C - Domain Controller

US Site D - Domain Controller

US Site E - Domain Controller

AUS Site F - Domain Controller


The issue we are experiencing is that when users logon within Site A or Site B they use a random DC as their logon server instead of the DC within the UK Site C.  We could change the sites subnet to the location of the DC but this is not a true representation of our sites and would cause issues in a HA scenario.


I have been reviewing the site link costs and designed the following:


UK Site Link (Site A,B,C) - Cost 50

UK to US Link (Site C,D,E) Cost 100

UK to AUS Link (Site C,F) Cost 100


I am not familiar with the best scenario for the above site costs and again would appreciate any input.

Cheers.





Search

AD WS On Server 2008 SP1

February 19, 2013, 5:24 am
$
0
0

Greetings.  I am running Windows Server 2008 SP 2, with Microsoft .Net Framework 3.5 SP1 and have applied the HotFix for KB 969166.  When I try to apply KB968934, I get the message the update does not apply.  I have followed the information from this article, http://www.microsoft.com/en-us/download/details.aspx?id=2852.  I'm not sure what I'm missing.  This server is the only DC in my Virtual PC lab.  Is a DC running Windows Server 2008 R2 required for me to install this on a Server 2008 DC?

Thanks,
Don

Active directory Design

February 18, 2013, 10:55 pm
$
0
0

Hi,

We are planning to design New AD  arch for our company

we have two  offices in two different locations.we are planning for two domain (each domain has one PDC and one ADC),we are planning to have one forest 

the above design is ok.? need suggestion to design better AD

Thanks

Uthanda

Uthanda

convert user acount to a service account

February 18, 2013, 6:07 pm
$
0
0

Hello everyone,

 i need to know if a user account can be converted to a service account. if it can how would i do it. I am thinking that it can not be done.

The problem is we have a user account that was used to run tasks. this was before i took over. I can not change some of the tasks account due too an old program running on a couple of server that have the license bound to this user account. I think what i will end up doing is removing the user account and create a service account with the same username. But i wanted to check here first and see if i can just change it.  Input is very welcome. thank you all for your time and help in this matter.

installing an AD LDS instance

February 12, 2013, 3:37 am
$
0
0

hi

I have a small issue connecting a server running AD-LDS to the main domain

the steps that i have completed are

installed ADLDS intance called JO.local

ran schema analyser and created the differnces ldf file

now when i try to import it using this command

ldifde -i -s localhost -c “cn=Configuration,DC=X” “CN={3980CF7F-FFCE-4AF5-8C43-F9BBD65F2F6F}” -t 389 -f c:\Windows\ADAM\defferences.ldf

i get this error

Connecting to "localhost"

Logging in as current user using SSPI

Importing directory from file "c:\Windows\ADAM\Differences.ldf"

Loading entries.

Add error on entry starting on line 15: Referral

The server side error is: 0x202b A referral was returned from the server.

The extended server error is:

0000202B: RefErr: DSID-03100768, data 0, 1 access points

any help much appriciated

thanks

        ref 1: 'x'

Operations Master shows ERROR on the RID tab only

November 1, 2011, 7:46 am
$
0
0

I thought by transfering the  RID role to another DC would solve my issue but I receive the message that the tranfer cannot be performed due to "The role owner attribute could not be read"  Should I force a transfer?  I plan to keep the existing DC but I fear there my be coruption.

 

Thanks

Cooch80

 

AD Distribution group not seen in EMC 2010

February 19, 2013, 6:16 am
$
0
0

Hi,

I am using 2008R2 and have Exchange 2010.  I've created some Global Distribution Groups in ADU&C's.  I have set a mail address for each in turn.  I have waited over 24hrs.  I have updated my global address list on my local pc.  The problem is that I cannot see the new distribution lists in the GAL.  I also cannot see the distribution lists in EMC.  Other lists are in there but I cannot see why the new ones aren't.  Obviously in hindsight I should have create the lists in EMC but I wish to know how I can get my AD lists to the EMC and in the GAL?

Thanks

Smithy

Infrastructure master *** Warning: role owner is undefined."

February 19, 2013, 7:01 am
$
0
0

I am having a similar issue too.

http://social.technet.microsoft.com/Forums/eu/winserverDS/thread/3f14e3c4-20dc-4645-88ff-524b4fd094d0

No error in Active Directory but.......

When i run "NETDOM QUERY FSMO" I get "Infrastructure master       *** Warning: role owner is undefined."

Running NTDSUTILS on the same the domain controller shows that the Infrastructure master roll is assigned to the Server I have run the the NETDOM query. Confused !!!!

I have read through the following link but it didnt help much.

http://www.ipsure.com/blog/2011/fsmoroleowner-problem-during-2003-2008-active-directory-transition/

The domain was originally a windows 2003 domain but the schema had been updated towindows 2008 R2.

Anyone had this ?

Kind Regards

Search

How to use dsquery to find a u AD user who manages an group

February 19, 2013, 6:58 am
$
0
0

I have a user who I need to determine which groups he is the owner of and export those reults to a text file. The trick here is we utilize TWO domains and so I would need to be able to find which groups he manages in both domains.

I have tried:

dsquery * domainroot -filter "(&(objectCategory=Group)(managedby=""LastName\, FirstName""))" -attr name > C:\Temp\managedby.txt

I get results from this, but his name does not appear in those results, even though I know specific groups he indeed is the owner of.

The domains are designed as: dom1.va.gov and dom2.sub1.va.gov (these are examples, not the actual domains)

Suggestions?

Ubanle to access a website from when users logon as a domain user or domain computer

February 18, 2013, 9:43 pm
$
0
0

I have installed active directory on a client side and all computer are domain member and domain name like abc.gov.bd. Now i have buy a domain for website hosting and hosted my website as http://www.abc.gov.bd/new because i have another web server which name http://www.abc.gov.bd. I have see my http://www.abc.gov.bd website by a host record but all users unable to access new web server page which is http://www.abc.gov.bd/new. But it is accessible from external domain or when i use primary DNS as a public like 8.8.8.8. How can i access this website from local domain? Please help me as early as possible.

Thanks, Limon Dhaka,Bangladesh

ADMT - Transitioning Service accounts

February 19, 2013, 8:38 am
$
0
0

Hi all,
I have to migrate with ADMT 3.2 the windows service accounts.
The customer had setup a custom windows service with the source domain administrator.
When I migrate this users what's happening in the server on the target domain?

Can I see the service configured with the target domain administrator? Do I have to set the password on the windows service?

Thanks a lot

Alex

Alex

AD Re-do in a live environment

February 12, 2013, 6:10 am
$
0
0

Hello everyone, 

I need to re-do our AD environment here and the reason is because the previous Administrator has created so many bad settings, it is now taking band-aids upon band-aids to fix them, which then only creates more issues. I am wondering, what the best route would be to implement a completely brand new AD environment, while the old one exists. 

My thoughts are, I first build the new DC, and allow a trust between domain.org(old broken AD) and domain.local(New Perfect AD.) I then take the users from domain.org and carry over to domain.local. I then can prepare the new AD for exchange and then point exchange to use the new domain(this is in theory, which seems to be broken) I will most likely have to rebuild exchange. I do at least want to move user mailboxes over with the user objects in the old domain. 

Anyone have any suggestions? I am perfectly fine with building the new DC and manually going to each PC and re-joining them to the new domain. But with the trust, I was thinking I could just give them the new domain name and have them log in via domain.local\username.


The trust relationship between this workstation and the primary domain failed

October 13, 2011, 1:03 am
$
0
0

Hello everyone,

 

We have Windows 2008 R2 Server with CA role installed (CA server). Bad situation is that this server is out of domain now. When I want to connect to CA server, I received message: "The trust relationship between this workstation and the primary domain failed"!

I know that I can re-join this server to our domain again, but problem is critical CA role on the server. Any solution for re-joining to the domain, without uninstalling CA role, please???

 

Thanks

 

Tarik

Viewing all 2536 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>