0
I am trying to promote a domain controller in Hyper-V Windows 2012, but I keep getting an error message "Verification of replicas failed. An Active Directory Domain controller for the domain could not be found"
↧
Unable to promote server to domain controller
↧
When will ADMT/PES be available for Windows Server 2012?
Having upgraded to Windows Server 2012 I would like to trash the AD and take users and their passwords across to a new domain. The main reason for this is that the AD still has a load of hacks in it from Exchange 2007 to segregate address books. I want to tidy things up ready for Exchange 2013 so I'm building a new domain.
To get the passwords across I need to run PES on the old domain with a key generated on the new domain. ADMT 3.2 will not support this.
So my question is when is ADMT 3.3 (guessing) and PSE for Win2012 going too be released?
↧
↧
LDAP over SSL
A hosted service wants to authenticate against our AD. They recommend using LDAPS. What is best practice? Install a public certificate on a DC. For instance on DC1.contoso.com. Then would I open up 443 on the firewall to that DC and allow from that IP? How would that affect other local LAN clients authenticating to that DC?
↧
Trust between 2008 R2 and 2012
Hi. I testing trust betwen 2008 R2 and 2012.
Ip settings of 2012:
C:\Users\user>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : 2012-DC2
Primary Dns Suffix . . . . . . . : domain12.localnet
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain12.localnet
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-0A-13-05
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::71e0:cad3:ca85:f742%12(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.16.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.16.10
DHCPv6 IAID . . . . . . . . . . . : 251663709
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-0F-2E-C0-00-15-5D-0A-13-05
DNS Servers . . . . . . . . . . . : ::1
172.16.16.100
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
IP settings of 2008 R2:
C:\Users\user2>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : 2008R2-DC1
Primary Dns Suffix . . . . . . . : domain08r2.localnet
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain08r2.localnet
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-42-C3-61-BF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-0A-13-04
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4cf7:6d13:14e5:d98a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.10.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.10
DHCPv6 IAID . . . . . . . . . . . : 234886493
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-0F-2F-64-00-15-5D-0A-13-04
DNS Servers . . . . . . . . . . . : ::1
10.10.10.100
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
I have successful trust configuration for two-way trust:
Authentication - Domain-wide
I'm created on 2012 Server Universal security group "Trust", add my account on this group. And now i wand add this group to NTFS settings on 2008 R2 Server. But i have error:
That i make uncorrect?
Thank you!
↧
LDAP connection string, receiving error
Here is my string, LDAP://[serverFQDN]/OU=IT,OU=Employees,DC=domain,DC=Com
When entering that in a browser I get this error.
↧
↧
Prevent end users from browsing active directory from RDS servers
Hi all,
I am working on security compliance task that requires that users who connect to RDS servers not be able to browse active directory under any circumstances, and they showed me that the user can browse AD by going to print from any application and then click on find printer and then things get uglier from there until they can actually see the domain and the OUs and what not.
I disabled the find printer button with a GPO, but I am not sure this is enough, because I am sure there are lots of other ways for them to access to browse AD. I am still working on it and researching left and right but thought to post this question in hope of an expert on this matter to point me in the right direction to remediate this security matter.
Some info about the infrastructure:
All servers are windows server 2008 r2
Forest and domain functional level 2008 r2.
I really appreciate any help or comments.
Thanks in advanced.
Mohsen Almassud
↧
Domain User can not logon to thier Domain computer in Windows 2008 Server Domain without admin group
Hi dears,
kindly I have below issue:
1. The Message I get :
"You can not log on because the method you are using is not allowed on this computer. Please see your network administrator for more information".
2. The privilege " Allow Log On Locally " in the Local security policy/security setting/local policy/user right Assignment has the Tab Add User Group disabled even when you are a member of the Domain admin . So we can NOT add or remove any of the
groups or users that are already included.
3. I also studied the other article link that you provided, thanks very much, but still the problem is alive.
4. As I mentioned , using the server operators or any other equivalent Built in groups and adding the user will enable a work around of LOGON but still the privileges are limited.
5. The only time that I get result is when I include the user as the member of the Domain Admin group and that is not a secure solution.the same issue and I tried all the solution that you post but the issue was still:
So Domain users can't log in to domain computers, just domain admins and this is not secured as you knew.
Please advice.
↧
(1753) There are no more end points available from the endpoint mapper. Firewall Problem
Hi
We are having some replication problems with 2 of your windows server 2008 R2 SP1 DC's. repadmin /replsum gives us this error on both dc's:
(1753) There are no more end points available from the endpoint mapper
The problem from what i have read is the connection on 135 are not connecting. I have run a netstat and see TCP 0.0.0.0:135 is listening. However port query reports FILTERED on the 135 port test. I have added an incoming connection rule for that port on all networks on both problem DC's as a test and still nothing. But if i disable the entire firewall then 135 can be connected to. So I don't quite understand why. This happen out of the blue.
↧
Join Active Directory Domain and Windows Server 2003
I am new to this though I work with Active Directory ans Win Server 2008 at the office
This is a home trial.
Judging from the text I read tge download should include Win Server 2003. However I cannot see an installation set for that purpose.
How can I join an Active Directory Domain without having to buy one?
Thank you in advance.
Mario van Grichen
↧
↧
Replication Latency
Windows Server 2008. I have a domain controller that is showing the following error when I run dcdiag /test:replications /v : There are 6 replication work items in queue. Replication Latency warning.
How do I fix this and get this warning to clear?
How do I fix this and get this warning to clear?
↧
Admt v3.2 error when migrating users
when migrating users from one forest to another I get the following error:-
err2:7295 cannot get the os version for source.doman.local. no network path found.
This is migrating from a windows 2003 domain to a windows 2008 domain.
↧
One server of system state.bkp can be restored in another server.
I have a domain controller running in compaq ml 350 g3 server and it have a regular backup,recently it was crashed.Mean while my administrator has restored the system state.bkp to an another hardware (i.e) on a hp desktop for temporary purposes, it was working and frequently getting hang.two days after our server made up and we have to again restore the system state of the hp desktop to the server.we have done this and it was working, all the domains are able to login and doing there work.now my problem is, this server also started to hang.
so my question is can we restore one server system state .bkp to another server with same operating but different hardware
↧
Upgrading Active Directory - What about CALs?
Hi,
I have an Active Directory Windows Server 2003 with 2 DCs Win 2003, member servers 2003/2008/2008R2, and Windows XP Workstations.
If we upgrade the Active Directory up to Windows Server 2012, installing 2 new DCs wit Win 2012, so we are going to buy 2 license for the server, but, "Do we need to buy CALs for the workstations?".
Txs
Cristian L Ruiz
↧
↧
Forest wide AD site and DNS configuration
I have to deploy Active directory forest according to client requirement.
Root domain is going to be installed Chester brook (US) child domain will be installed Basingstoke (UK)
One more subdomain will be installed in Sydney (not a child domain, new domain in existing forest)
All the three office are connected with equal bandwidth.
I’m aware of schema and configuration partition will get replicated domain partitions will not be participated in replication.
My question in this situation
- How to configure the Active directory sites and services.
- How to configure the DNS for these 3 domains
- How to check the schema and configuration partition replication
↧
error: C:\Windows\NTDS does not refer to a valid hard disk
I'm setting up Active Directory Domain Services on Windows Server 2012 Standard and I'm receiving the following errors:
"Specified paths are invalid. Verification of directory paths failed. The folder C:\Windows\NTDS does not refer to a valid hard disk. Select a folder on a hard disk drive"
"Specified paths are invalid. Verification of directory paths failed. The folder C:\Windows\SYSVOL does not refer to a valid hard disk. Select a folder on a hard disk drive"
I have searched on Bing and Google, and have visited many forums and have not found a solution to this. There was a forum in TechNet with same problem, mentioning about installing a hotfix to fix this issue. (hotfix 299451) however the hotfix # mentioned on the post is incorrect.
So please, if someone has this solution. Let me know. Thanks in advance.
↧
Can`t rename computer computer account is already exists
We have domain on 2 DC`s(1 is GC and the 2nd is DC(Server 2008r2 ent)), Sometimes we need to replace old computers to the new ones. But they have to to be named like the old ones. So sometimes after removing old comuter from the AD, we still have an error
message "Can`t rename, computer account is already exists" where else should we remove it????????
↧
Preparing new forest with Windows 2008 R2 domain controller
Hi,
I'm preparing the New Forest including first domain on Windows 2008 R2 server with using 2003 domain and forest functional level, so do I need to do foresestpreap and domainprep?
Appreciate your comment on this.
thanks,
kalanke
↧
↧
Multiple A records for Domain Controller on AD integrated DNS Zone
Hi All,
We have two domains and single forest for our clients. Both the Forest and Domain functional levels are 2008 R2. Both the parent and chield domains are with AD integrated DNS zones. More then one Network adapters are configured on some of our DCs. Backup and Management IPs are configured on the same. During our regular DC health check reports we found that replication test to these DCs are failed (Those who has multiple NIC). We come to know that all the domain controllers are registered their static A records on their DNS zones. I understand that this is part of the Netlogon process of DC, however the issed DCs has registered 2 or 3 IPs for the same hostname on the DNS zones. When I deleted the other unwanted A records, it creates automatically after some time. I am not sure what is the cause and how can we avoid of Multiple host A record creation for the same Domain Controllers.
↧
Exporting users, groups and their members from a currently installed and importing them to a new active directory (server 2003)
Hi,
I have a problematic active directory currently installed and I need to establish a news dc and reconstruct the current objects in current active directory in it. Since the current AD has lots of problem I absolutely cannot relay on ADMT and use it and its procedures to move objects to new active directory. Is there another alternative to do the job?
Thanks in advance
Bijan
↧
Help with ldifde export/import
Hi folks,
I need some help with ldifde export/import.
The goal is to export users, groups, and OU and import them to a test domain (in 2003 native mode dc's running win 2008r2).
I have been using ldifde for exporting users, and OU and have imported them and that seems ok.
I exportet the groups with members and got error on that. Then I exportet the groups without members and that seems ok.
Now I have to import the export of the groups with the members in change mode I belive. I have not have a asuccess with that. Can anyone give me the ldifde string fot thar and how the import file should look like?
Also, what would be your best practise in doing this? Domain names are like domain.local and testomain.local.
Thanks for any suggestions/help with this.
regards,
Bjarni
↧