Should I create a new GPO for a domain password policy
Hello guys and thanks for your time and expertise.My domain/forest functional level is server 2003 - hoping to go to 2008 but never seem to have the time.Iv'e been tasked with creating a domain...
View ArticleDCGPOFIX on RODC
Hi Guys,I am facing similar issue as highlighted in the below article but only on the RODC,http://forums.whirlpool.net.au/archive/1533833Is it fine to execute dcgpofix /ignoreschema on the RODC, Since...
View ArticleUnable to create child domain
I've an existing W2008R2 domain, and I'm trying to create a new child domain using W2012 std. The new server is on a remote subnet, connected via Wan, without any firewall or security filter. It can...
View ArticleComputers not getting AD site configuration
Site A: Writable DC's. Working fine. Site B: Two RODC's. Computers in this site are not recognizing their site. I have applied some site level group policies but they are not getting applied. In my...
View ArticleDCDIAG Test Fails
I just run dcdiag on my 1 of the Domain Controller (Windows 2008 R2) and test has failed with the following data.As you can see Forwarders seems invalid because of they cannot be solved by my TMG 2010...
View Articlehow could I search AD object by ldap query using CN
how could I search AD object by ldap query using CN value ?
View Articledelegate GPO
Hi,I have a 2008 r2 domain with 3 DCHow i can delegate create and edit all GPO in my domain?Thanks in advantage
View ArticleRunning domain controller in virtualization on Windows Server 2012
Hi All,As per Running Domain Controllers in Hyper-V (downloadable Word document) document there are some limitations with virtualized domain controllers. It is recommended to have a physical domain...
View ArticleWin2003 x32 and 2008 R2 x64 with AD synced is not providing...
My goal is to provide redundancy. I did not set up the network this way--the last company was in the process of eliminating DC1 and moving to DC2 the year before I was hired (they had been with us a...
View Articleunable to access server after upgrade to Server2008 R2
I upgraded a 2003 R2 enterprise server, a single domain controller in its own forest (in nutshell one machine in the whole forest) before the upgrade I could ping, remote desktop to it. Everything...
View ArticleIssues with members of account operators group in Active Directory inability...
All: There is a subset of users that belong to a security group that cannot reset their own password. This security group is a member of account operators. They can reset passwords for other users...
View ArticleBrowse groups over trusts.
I'm trying to have a trust between domain A and B. But only user RODC on the Domain BDomain B trusts A. RODC for Domain A have full firewall port access to RW DCs in Domain A.In domain A, theres a site...
View ArticleHow Password Sync
Hi there,we have 2 domains and wat to push the password on the first domain to the second domain.so that the users have the same username and password on the second domain.how can we do that ? Can we...
View ArticleLDAP Client Sessions
HII have several DCs with "LDAP Client Sessions" above 100 and I'd like to know:1) How can I know where that sessions come from2) How can I reset or logoff that sessions.Thank you very much!Alberto
View ArticleLDAP Modify DN, ERROR: Access is denied insufficient rights
I need to modify the DN of an OU I have created on my PDC. Using LDAP.exe connect and bind using current logon credentials. When I attempt to modify the DN of the OU, I receive the following error0x32...
View ArticleCredential roaming and CA Auto enrolment
I have CA template for user certificate with Autoenrolemt setting.I have setup separate GPO object, to activate Credential roaming.Both GPO object are linked to specific OU. In AD I see attribute...
View ArticleRODC trusted domain cannot resolve resources (users/groups)
DomainDMZ one way trust (External with Domain-wide authentication) with DomainLANDomainDMZ sites & servicesSubnets ------- 10.0.20.0/24 10.0.24.0/24 10.0.40.0/24 10.0.41.0/24 10.0.42.0/24Sites...
View ArticleLogon information of service accounts
Hi, Account cleanup process is going on in our system. So we are disabling those accounts who didn’t login from last 395 days. We are fetching login information from lastlogontimestamp in AD. We are...
View ArticleNeed DNS server to respond to queries from a workstation in a different...
Hello,Here is my environment: - Multi-homed DC/DNS server (I know this is not recommended, but there is no way around it to meet the requirements of the system). There is what I will call the "normal"...
View ArticleWhat the Directory Services Group is for
This Directory Services group is intended for questions and discussions on the indentity fearures contained within Windows Server, including Active Directory, ADAM, Infocard, etc. Posts widely off...
View Article