Hi
I have Windows 2012 server DC, witch is also client acces point for exchange 2013.
The machine has two ip addressen 172.32.2.1 and 172.32.2.11 on the same interface, i don''t want the 172.32.2.11 to be registerd in dns. Because this ip is not reacebol from a difrent site. How can prevent registeration of this ip.
Hope some knows the answer?
With kind regards, Bas van den Dikkenberg
My infraestruture is:
5 Domain controller Windows 2008 R2 standart, and One windows 2003 R2 standart
2 Exchange server 2003
my domais is 2003 level
when a try to prepare th Domian to migrate to exchange 2010, I run the command from the Exchange 2010 CD:
setup /prepareschema
and I recived a error code 8202, then I looked in ldif.err file:
---------------------
Entry DN: CN=ms-Exch-Resource-Schema,CN=Schema,CN=Configuration,DC=dalton,DC=com,DC=mx,DC=local
Agregar error en la entrada que empieza en la línea 447: No existe tal atributo
El error del lado del servidor es: 0x57 El parámetro no es correcto.
El error extendido del servidor es:
00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1
Error en el programa
-----------------------
when a search for the value and try to change with adsiedit.msc console (falowing the articulehttp://support.microsoft.com/kb/948214/en-us , gived me the same error I can't change tomsExchResourcePropertySchema value.
I used a mmc console with schema-AD snap-in and found the ms-Exch-Resource-Schemaclass and then I tried to change the value to msExchResourcePropertySchema but only accept values of attribu that are showing, Then I searched it in attribut tree and I fount it but with wrong display name:
DUM-msExchResourcePropertySchema-0ef4bfdd-43d5-43f2-845c-81b823079e45
and I can only change the description !! (I can't change the display name)
I thing that the Active Directory was corrupted, but I don't know how happend it.
Perhaps some Chinese speakers could help me out with this question.
Our current naming standard uses the initial letter of the first name and the entire last name, so for "Winston Churchill" you would have:
wchurchill
We will soon have a number of users with Chinese names. I believe first name last name order is reversed in Chinese.
Using another government official example, what would be the user name for "Hu Jintao" (with our current naming protocol)???
huj
???
Are there any Chinese AD admins who could advise me on this?
What's the preferred way to do this?
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
We have an application from Custom Canada that installed on Terminal Server.
If user is in local admin group on this server there is no problem.
As soon regular user tring to open application he got an error:
Error during Entrast login
70 Permission denied
The right on teh folder and data file are fine.
Can I change local policy for this user insted adding him to admin group to avoid this error.
Please advise.
Thansk
I inherited management of an AD forest some time ago, and as there were never any issues with authentication or other AD-dependent services (which weren't operator error), I never made any changes. The site arrangement is now in flux as we're migrating out of one of our data centers.
We have multiple child domains off the forest root. They're all co-located physically in the same site, and will be moving forward, with the root domain. The previous administrator set up separate AD sites for each child domain. The child domains have their own subnets, and these are associated with the domain-specific sites.
In other words, we have these AD sites:
Location1-rootDomain
Location1-ChildDomain1
Location1-ChildDomain2
Location2-rootDomain
Location2-ChildDomain1
and so forth. I believe the thinking was this was somehow supposed to prevent root clients from authenticating against child DCs, or something. I really don't see the purpose. I only see it as unnecessarily delaying replication among different-domain DCs in the same physical location.
Is there any valid reason not to consolidate AD sites and put all the DCs in the same location in the same AD site? We only do TS licensing in the root domain, and we don't have software dependent on site (aside from Exchange, where nothing will be moving anyway).
Thanks
Bill
Hi All,
I have around 350 AD 2008 R2 servers in my environment which are in different physical locations, all the active directory servers are working fine, but there is only one RODC server which is causing alot of 445 and 139 port traffic from different AD sites, there is only one subnet mapped to this AD Site, I have observed that there are many \PIPE\smar open sessions, i have googled alot but could not find a solution for this issue, even though i have recreated a new RODC but still the same problem exists.
Following links have been already followed but they all are for 2000 and NT environment:
http://support.microsoft.com/kb/189356
http://support.microsoft.com/kb/178640
I would highly appreciate if someone would assist me in solving this issue.
Regards,
Adeel Khan
Adeel Khan
Hi,
Currently my only Windows Server 2003 R2 Domain controller PC had dead and not able to start up. I needed to buy a replacement PC to replace it and i only able to get Windows server 2003 R2 for the replacement PC. What should i do to migrate the whole domain controller from Old PC to this replacement PC and connect it into the network and run it as the domain controller? Thank you.
Hello all,
I'm trying to use ADFS as a brand new install to authenticate us to our webscanning provider. I have setup ADFS with a relying party trust and I can access my xml path using
https://myserver.domain.com/adfs/ls/federationserverservice.asmx
this displays my xml file as it should. I've got this running internally and then published through TMG in our DMZ. I've setup TMG with the correct copies of the certificate and everything seems fine. I've also followed the setup of the relying party trust to the letter. However, when I try an authentication effort using their software I get the generic 'there was a problem accessing the site. try to browse the site again, if the problem persists' etc etc.
I take a look on my event log for ADFS and I've turned tracing on. What's happening is that the relying party trust certificate I installed (and is marked as 'this certificate is OK' is continually spitting out the following errors below.
I do know that the certificate is actually good, but something is going strange here with the CRL. This certificate for the relying party trust was NOT imported to my TMG box at all (because I find no articles anywhere that suggests it should be). I have also not imported my token signing certificate for the same reason. The web server certificate itself of the ADFS box has been added to TMG and when I access the ADFS xml path it reports as having a signed cert, so I presume that is OK.
A certificate used while validating the token is invalid.
Exception details:
MSIS3015: The signing certificate of the claims provider trust 'zscaler.net' identified by thumbprint 'FED50D8B82FBCA3F37823704BD2D46D08909D7F6' is not valid. It might indicate that the certificate has been revoked, has expired, or that the certificate chain is not trusted.
followed by
Microsoft.IdentityServer.Service.SecurityTokenService.RevocationValidationException: MSIS3015: The signing certificate of the claims provider trust 'zscaler.net' identified by thumbprint 'FED50D8B82FBCA3F37823704BD2D46D08909D7F6' is not valid. It might indicate that the certificate has been revoked, has expired, or that the certificate chain is not trusted.
Any help would be great, I'm going crazy staring at this now.
Hi,
Can some one tell me what is the significance of UPN , Universal Principal Name? how it works on a user account ? can it be changed? what are the differences it has on win 2000, win 2003 and 2008 ?
Thanks,
Noufal
Hello all,
I've originally posted this in the Exchange 2007 forum and it was suggest I post here instead:
Recently strted with these event ID 2105's on my front end exchange 2007 servers in an NLB cluster. Any ideas?
Process MSEXCHANGEOWAAPPPOOL.CONFIG" -W "" -M 1 (PID=4496). Exchange Active Directory Provider failed to obtain DNS records for domain domain.co.uk. DNS Priority and Weight for the Domain Controllers in this domain will be set to the default
values 0 (priority) and 100 (weight).
Exchange is working fine so I'm not sure what's happened. The error suggests DNS but I can't see any issues there.
Any ideas?
Cheers, Andy andrewDOTstoryATjameswalkerDOTbiz
Hi,
I am having replication issue with Sysvol not getting replicated between AD Servers. I have 2 Windows 2008R2DNS/DHCP Servers. I ran dcdiag and I found that I have DFSR issue.
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various important DN references. Note, that these problems can be reported because of latency in replication. So follow up to resolve the following problems, only if the same problem is reported on all DCs for a given domain or if the problem persists after replication has had reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object:
CN=RA,CN=Topology,CN=Domain System Volume,CN=DFSR-
GlobalSettings,CN=System,DC=office,DC=apption,DC=com
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: serverReference
Value Object Description: "DC Account Object"
Recommended Action: Check if this server is deleted, and if so clean up this DCs SYSVOL FRS Member Object. Also see Knowledge Base Article: Q312862
I found this link from the Q312862 http://technet.microsoft.com/en-us/library/cc794759(WS.10).aspx and notice that under the MyDomain\System\File Replication Service I have no Servers in the right pane. Also under MyDomain\DFRS-GlobalSettings\Domain System Volume\Topology I have 3 Servers listed. One being the "RA" that is from the error above.
How should I proceed in fixing this problem?
Thank you
Hi,
I'm unable to join a domain from a different subnet with the following setup:
Active directory with DNS installed. DNS Server for the AD server points to itself (not loopback, but actual ip).
There are no firewalls activated on the client or the AD server.
Dns for the client on the different subnet (windows 7 pro) that's unable to join is set to the IP of the AD server.
I'm getting the following error:
The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)
I'm unable to ping the domain name, nor do a nslookup (it times out).
If i try the above steps from the same subnet, everything works fine.
Am I missing something here?
Thanks
-Kjartan
Hi,
We have a mix of 2003/2008 R2 DC's. We are experiencing the following issue :
AD accounts that have been set up to never expire are expiring. Seems that users were contractors now permanent or are contractors. When looking at these accounts on the "account"
tab on AD the account is showing to expire on the 24/1/2013 Although expiry is ticked to "never" and the date is greyed out, it seems as though it has still
used this date to expire. Users are getting an error message when logging into the PC "Account has expired".
Cheers
HA