Quantcast
Channel: Directory Services Forum
Viewing all 2536 articles
Browse latest View live

Is there any good way to make test AD/Exchange environment from production environment ?

January 12, 2013, 12:28 am
$
0
0
Is there any good way to make test AD/Exchange environment from production environment ?

I know I could add guest-OS as DC and disconnect it and ntdsutil to delete that DC information.
Is there any impact on production environment ?
Search

Can I install Active Direcory on a Public Web Server

January 11, 2013, 6:45 pm
$
0
0

Hi all,

I have little experience with AD. I have installed AD on our local DC in the office LAN but not much else.

We lease a remote dedicated Web Server from HostGator. This is the first ever situation I have ever had dealing with a server directly facing the internet with a valid public IP on its NIC and not a local IP.

This server does not manage any local PCs locally. It has 2 NICs, one of them is unplugged from the network and the other one is facing the Internet. To explain a bit, this is basically a single web server which currently hosts a dozen of websites and I maintain it using remote desktop.

 The OS is Windows Server 2008 R2 Standard (not Web Edition). We have several ASP.NET websites and applications running on the server in production mode. One website is a busy eCommerce site.

We would also like to host our custom Visual Basic Desktop Applications in a Cloud Environment using Remote Desktop Services. In fact we are currently offering a legacy VB6 app via RDWeb Access.

I have discovered that to properly assign Users and Groups to specific Apps that are displayed in RDWeb Access, I must install Active Directory. Can I do this without causing problems with the functioning of the Web Server?

We are a small company and can't at this time afford another separate box for Application Hosting.

Thanks for any help.


DCs and WSUS

January 12, 2013, 6:52 am
$
0
0

Maybe it's  wrong theme, but........

In production i have domain on Windows Server 2008 R2 (forest level 2008 R2) and WSUS on different servers. My network doesn't have connection to the internet. WSUS is updated manually through the VM.

My question is: Do i need to update DCs from WSUS??? Will it be a correct decision?

Thx for replies.

Script for rotating multiple IP address every 30 minutes?

January 12, 2013, 5:28 am
$
0
0

hello sir,

Just to clarify...You want to reconfigure each mail server every hour to cycle through the static list of 10 IP's? Is this correct?

i am waiting  for your reply....... Plz

N.SATHISHKUMAR, MICROSOFT STUDENT PARTNER, INDIA.

How to add Samaccountname or userprincipalname to contact object

January 12, 2013, 3:37 am
$
0
0

We are implementing Voip on our network.  We have AD running on Forest Function Level 2008 R2.  Our Voip installers are requesting that we create contact objects in our directory for our conference room phones so that these phones will be searchable in the Voip database (being that they are not real users). 

The voip system downloads the user information from our directory into its database periodically.  To do this it searches for objects containing the following attributes:

samaccountname

userprinciplename

The issue is that the contact object does not have these attributes. 

Is it possible to add these attributes to the contact object without "breaking" anything or any other functionality in AD?

If so, how should this be done.

server 2008 enterprise - AD LSD

January 7, 2013, 7:34 am
$
0
0
i have windows server 2008 enterprise r2 x64 sp1 and i'm trying to install AD LSD. i added the role successfully but when i click on AD LSD setup wizard i get this error : 

AD LSD cannot be installed on this version of the windows operating system

so any help plz 

Moving all objects in AD across domains in separate forests

January 12, 2013, 2:13 pm
$
0
0

Hi,

I have two seperate, disparate AD single-domain forests. Completely different networks, but public (a vpn and firewall is going to be put in place!).

I want to move all the objects in one domain (not just users, but OUs, and other things too) to the other domain. What's the best option to do this.

I believe creating a trust is one such option? But this may be a bit complex?

As both forests use Windows Server 2012, Powershell is an option.

Thanks

Link for branch down - AD

January 9, 2013, 9:07 am
$
0
0

Hello all,

I have AD running Windows 2000 !!...(upgrading sooon..;-). I have several branches....whereby in each branch i have a DC. PDC is in the main office.

sometimes we encounter issues over the network whereby the link between the main office and one of our branches is down. This affect the operations, business...etc because users are not able to login on their PCs using their domain credentials.

I want that when the link is down (bet the main and branch)...users are still able to authenticate and login using their domain credentials.

When the issue occurs, i have tested the followings in one branch:

- From a PC (either XP or Win 7) in the branch, PING the PDC in the main office = TIMEOUT, it's expected as the link is down.

- From a PC in the branch, PING the DC in the branch office, = reply OK from ping.

- I have checked the DNS entries on the PCs, it's ok. that the primary is the DC in the branch and alternate is the DNS server in the main office.

How to resolve this? that is allow the users to login/authenticate via the DC in the branch office when the link bet the branch and the main office is down.

Enabling Cache Logon will resolve this issue?? that enabling cache logon for the PC in the branches.

Great to help asap...

Search

adminsdholder and account lockout (password attempts)

January 9, 2013, 8:23 am
$
0
0

Server 2008 R2

Will the adminsdholder function unlock a privileged account that has been locked out due to maximum password attempts?

Delegation Permission issue in AD

January 9, 2013, 10:58 am
$
0
0

Hi

I have delegated helpdesk group on one OU in AD 2008R2 with user account management.

But I can see in  in that OU, some users are not gettting inherited delegation permission.

I found on user account that "Include inheritable permissions from this objects parent" check box is not showing.

How can I force this on every user object in the OU?

Password policy is active but .......

January 9, 2013, 9:05 am
$
0
0

Hi

In our company domain, we have implemented password policy for particular group.In the password policy , password should not expire setting is set.And found the same policy is effective for the users in that group but when we check through command prompt by executing netuser /dom abc where in this instance abc is the username ,in the command prompt it is listed that the password expires on some date.

when we check the user account abc in the dc , the password never expires tab in the properties of the particular user account is not greyed out

We are sure that this group is having the particular password policy implemented and found working too.But why in the command prompt it is listed that the password expires?

Please help me in getting the facts.

Regards

S.Swaminathan

Thanks & Regards S.Swaminathan Live & let others live!!!

Rename a Single DC without ADC

January 9, 2013, 8:34 am
$
0
0

HI!

We need to rename a single Windows 2003 R2 DC without transferring its roles to an ADC because we are preparing a new windows 2012 DC with the same Netbios name as the current one but the difference between these two DCs is:

Current DC: domain.local

New DC: domain.com

Is it possible to change the netbios name only on the current DC?

Thanks.

Which Computer Object attribute can tell me when the object was placed in an OU?

January 9, 2013, 1:05 pm
$
0
0

Hello,

Its there an attribute of the Computer object in AD which can tell us when the object was 'placed' in a OU?  When-Created and CreateTimeStamp indicates the date the object was created, so this would help when an object is first placed in an OU, but if the object is moved to a different OU and back to the original OU, these attributes would not help.  Any suggestions?

Thanks for your help! SdeDot

Time sync 2mins delay with external source timeanddate.com

January 9, 2013, 1:56 am
$
0
0

Hi 

  our primary DC sync with external time source,  today we  noticed that it was 2 mins delay   with timeanddate.com

our primary DC was a Hyper V Host machine,  any boady help me to  sync  my DC with external time source.

Regards

JAGS

Jags

What is AD attribute of Protect Delete of OU and user ?

January 9, 2013, 8:22 pm
$
0
0

In windows 2008 , there is Protect Delete function of AD object.

What is AD attribute of Protect Delete of OU and user ?

Search

ADFS 2.0 "time window" configuration question

January 8, 2013, 6:51 am
$
0
0

We have problems with ADFS SSO to a cloudservice, it seems like their clock/time sometimes is "earlier" that ours and we get an error:

Assertion condition was not fulfilled 2013-01-08T15:19:15.393+01:00 must not be before 2013-01-08T14:19:15.814Z, issueInstant in assertion = 2013-01-08T14:19:15.814Z

Sometimes it works and sometimes not...

Is there a way to configure ADFS to be more "forgiving" or if not, make set the ADFS servers clocks at -x seconds/minutes?

Not sure if the above qustions would be a good solution... any sugestions would be very welcome!

How do I know if a domain controller has tombstoned?

January 10, 2013, 6:56 am
$
0
0

Sorry if this is a stupid question, but I tried googleing this and didn't find a definitive answer.

If I suspect a DC may be tombstoned how can I definitively check for that?

From what I have read it seems as long as I can replicate to the DC with repadmin or sites and services successfully the DC is not tombstoned- is this correct?

From what I have read on the internet the only definitive way to know a domain controller is tombstoned is to receive the "The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime." message when forcing replication.

So my next question is what actually happens when a domain controller is tombstoned? 

Do other DCs mark a DC as tombstoned?

Do other DCs eventually delete the tombstoned DC's computer account?

Is there some attribute set on the tombstoned DC's computer account?

Thanks for any responses.

upgrade from Windows 2003 Enterprise to Windows 2008 Enterprise SP2?

January 10, 2013, 6:57 am
$
0
0

Current clients of the network include Windows XP Pro and Windows 7 clients.  There are three Windows 2003 SP2 Enterprise domain controllers.  I need to move to a Windows 2008 AD environment.

1) Is it very difficult to do an in-place upgrade of a Windows 2003 Server domain controller to Windows 2008 SP2 domain controller?  Will the forest and domain need any sort of prepping?  Can I have two Windows 2008 DCs and one Windows 2003 DC coexist?

2) Windows XP and Windows 7 clients shouldn't have any problems working in Windows 2008 AD right?

3) What are the advantages/disadvantages between Windows 2008 SP2 and Windows 2008 R2 64-bit?  Will I lose out on anything crucial if I just stayed with Windows 2008 SP2?


DCs on VMs and HyperV Host as Members

January 6, 2013, 10:22 pm
$
0
0

Hi,

I have got two Physical Servers which will be running Windows 2008 R2 - HyperV and i will be hosting one VM on each Host.

VM1 on Host1 - The VM1 will be configured as Main Domain Controller 

VM2 on Host2 - The VM2 will be configured as Additional Domain Controller

So once i have the Domain and Domain Controllers ready i want to join the HyperV hosts to the same domain eventually Host1 and Host2 will also be part of same domain which is created on VMs.

Is this setup acceptable and supported? Please suggest.

Note: I will surely disable time syn on the VMs with Host machines.

Regards,

Maqsood

Maqsood Mohammed Senior Systems Engineer MCITP-Enterprise Admin & ITILv3 Foundation Certified

ADFS SSL certificate replacement

January 10, 2013, 2:26 pm
$
0
0

Hi guys,

Not sure if I have the correct forum, but I have a simple ADFS question.  We have ADFS working with Office365 and we need to replace our public SSL certificate for fs.contoso.com.  When we replace the cert, we are also having to replace the entire certificate chain(verisign).  What concerns should we have about changing the certificate chain?  Is it just that the redirection back to fs.contoso.com might give cert errors on older clients that do not have those certificates?  Should we push the new certificates through AD to help smooth things for older clients?  What about Outlook?  When Outlook connects it authenticates through ADFS and I think all that traffic is over 443, so are there any concerns there?

Thanks,

Dan

Dan Heim

Viewing all 2536 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>