Delegation user creating rights
I want to delegate user creating rights to my help desk staff. I want them to be able to create, modify user accounts for a particular OU but I do not want them to be able to create any users to have...
View ArticleTweaking ADFS 2.0 FormsSignIn.aspx fields
Hi everyone. I've been fiddling with FormsSignIn.aspx and just can't get it to act the way I want. I'm no C# guy so there in-lies my problem.I want the form to pre-populate our DOMAIN\ of the username...
View ArticlePlease diaganose the DCdiag
Domain Controller DiagnosisPerforming initial setup: * Connecting to directory service on server DC2.contoso.com. * Collecting site info. * Identifying all servers. * Identifying all NC...
View ArticleHow to get custom Attributes to show up in Users&Computers Attribute Editor
We are running Active Directory on Server 2008R2 with the Forest Function Level Server 2008R2.Some time ago, a prior Administrator added a custom class and custom attributes for the custom class. We...
View ArticleActive directory/Dns server quarrel
Configuration:2 windows server 2012 Domain controllers multiple synology rack storage stations42 work stations connected to domainIssue: The synology storage station can connect to an AD Server and...
View ArticleCannot query users from child domain
Hi,I am almost sure that I have a problem with DNS server, but unfortunately I am not able to clarify where exactly. I have a root domain and three child domains. Problem exists only in one site in one...
View ArticleKerberos: Server 2008R2 requests same TGT every 60 seconds
Hi all,on a Server 2008R2 Sp1 with IIS installed in Netmon trace I see that a new TGT for the IIS WEB Pool account is requested aboutevery 60 seconds. Sometimes also in the range of 100 ms. The WEB...
View ArticleSchannel error, Event ID 36888? - IS there a way to Identify what causes...
Hi, I hope this is the correct forum for this problem,I am seeing a few of these errors (error details below) sporadically throughout the system event log on a windows 2008 R2 server. I have seen a...
View ArticleThe security database on the server does not have a computer account for this...
The issue is the client get an error when user attempts to login in. The error message is "The security database on the server does not have a computer account for this workstation trust...
View ArticleCreating a trust relationship using hosts file instead of DNS ?
Could a hosts file on a DC be used for establishing a trust relationship if nothing else in DNS zone was required ? there are network restrictions in place which only allows certain DCs to talk so...
View ArticleLingering Object deletion ?
Hi Team,In my domain I am facing the replication issue and when I looked into the event viewer, found events are getting filled with 1988 replication error.repadmin /removelingeringobjects ServerName...
View Articlenltest /finduser
Very useful command for finding an user when I have multiple trusts , multiple child domainsnltest /finduser:testuserI have testuser in multiple trusted domains but that command shows only one user. I...
View ArticleFailed to create two-way trust between server 2008 R2 and server 2003
we are trying to create a two-way forest trust between us (server 2008 R2, v.local) and our solutions provider (server 2003, s.com).DNS zone is created, we are able to ping their domain name, nslookup...
View ArticleWorkStation Account Password Changes
Hi all,<o:p></o:p>I'm sure you have been asked very similar questions to this one, so I hope this will be a quick one for you. <o:p></o:p>We are using VMware view 5.0 in a...
View ArticleUPN Login restriction
Is it possible to set AD to only accept UPN logins and not the down level (domain\username), especially when using Exchange (OWA, EWS, Outlook Anywhere) and Sharepoint using Forms base Auth.
View ArticleDoubt about Software Policy Restriction
Hi everybody.I'm with a doubt about software restriction policies. One of my clients asked for a SRP that allows users to remove programs but doesn't allow them to install. As far as i know, that's not...
View ArticlePassword complexity message
Is there a way to change the message when users do not meet the length and complexity requirement when they change their password. All computers are Windows 7 Pro.sp1, and joined to our domain. The...
View ArticleUser keeps getting locked out
A user keeps getting locked out of there account every morning when they come to work, I have to go into our DC and unlock there account. The user is not typing the incorrect password. Please let me...
View ArticleHow to Query LDAP with a list of names for specific properties
I have a list of user names given to me, that I need to query Active directory to see the following:- Account is a valid account in domain x, y or z- Account has the property altsecurityidenties (pki...
View ArticleHow to restore default permissions to Account Operators group?
Hello,We have this DEV domain and when looking through it we notice that "account operators" does not have full control over many user objects. This tells me that someone prior was playing around with...
View Article