I'll try to make this as brief as I can!

The domain in question has one physical 2008 R2 fileserver/DC (call it DC1), which seems fine, and one virtualised domain controller (DC2).
There was an old virtual DC. We found replication had stopped long ago with journal wrap errors. It was past tombstone date. We manually demoted it and cleaned up DNS and AD.

A clean virtual 2008 R2 DC (DC2) was installed. It joined the domain, and AD is fine on it. DNS appears fine. The sysvol folders have been created, but not populated or shared.

 I think we need to fix the current NTFRS connection first before migrating to DFS.

dcdiag shows no errors on DC1 (apart from failed replication from DC2)  and dcdiag on dc2 shows failure to advertise but is otherwise ok.
repadmin /showreps shows all successes .

I have gone through DNS repeatedly and can't see a problem (maybe I've missed it).
I have tried both non-authoritative and then authoritative Burflags restores of FRS - no change.

DC1(good server) has event id13508
DC2 (no sysvol shared) has event 13565

But I must be missing something!
in NTFRS logs:

On DC2 (the one without sysvol shares), ntfrs.log includes numerous lines like this:
<FrsIssueJournalAsyncRead:      3256:  9340: S4: 11:27:13> ReadUsnJournalData  - NTStatus 00000103, USN = 00000000 2b630e60  WStatus: ERROR_IO_PENDING

it also has:
<FrsDsConvertName:              1384:  4689: S4: 11:27:13> :DS: Convert Name DC1$ From 00000008 To 00000002
…

Hello,

I want to run an LDAP query on AD server to retrieve and export a list of users who are part of a security group.

I know that when I go to find in AD I can change the find criteria to Custom Search. in here I can enter an LDAP query and I know this can also be done via powershell/CMD

but how can I run an LDAP query without using commands? is it even possible. all google searches just show using commands.

Hello,

we try to config a linked server to connect to another SQL Server windows integration ("Be made using  the login's current security context"). The issue is sometimes the linked server works and sometimes not, very strange.

SQL ServerA with a linked server to SQL ServerB. Server A is SQL 2012, Server B is SQL 2008 R2. The SQL services on Server A run with domain\userA and on B with domain\userB. We did define SPN's for A and B as follows:

The output of setspn -l userA is as follows:
MSSQLSvc/ServerA
MSSQLSvc/ServerA.domain.com
MSSQLSvc/ServerA:1433
MSSQLSvc/ServerA.domain.com:1433

The output of setspn -l userB is as follows:

MSSQLSvc/ServerB
MSSQLSvc/ServerB.domain.com
MSSQLSvc/ServerB:1433
MSSQLSvc/ServerB.domain.com:1433

Also we did define in Active Directory for UserA:
"Trust this user for delegation to specified services Only" and defined the services of there.
For debug we did temporary use the setting:
"Trust this user for delegation to any services (kerebros only)", but it didn't help

What else need to do? And why does it sometimes work and sometimes not?

The error message on the linked server is "Login failed for user "NT Authority\Anonymous Logon". (Microsoft SQL Server, Error:18456)

It falls back to NTLM authentication, but Why?


thanks,
Immanuel

Our new server is having security issues.  I got a message that it couldn't be refreshed because event viewer service wasn't started.  I tried to start it manually and got the attached error.  I tried to change the log on permissions, but they are grayed out.

How do I fix this

So I've inherited a somewhat small environment where I manage Active Directory but the former DBA apparently had all these scripts doing tons of things against AD and everything else in the environment.  
Problem is one of the things that's happening is we have students and alumni in this small campus. Well the script, which I believe is the one below, is moving people to the Alumni OU even though they are a student.
I can ascertain that some of this is partially SQL query but I was hoping someone with a bit of experience could help translate what is going on here and what criteria/reason is moving someone from one OU to another OU or vice versa.

From the script, I see that one important variable appears to be:
$StudentsThatShouldMove = Fill-Dataset $IntegrationConnString $Sql_StudentsThatShouldMove
   
Does that mean I have to look to the SQL side to see what's going on?

#. \\scorch01.VelCollegenet.edu\C$\Users\Public\Documents\Scripts\_CreateAcctsAndDistGroupsV4.ps1
# .\_CreateAcctsAndDistGroupsV4.ps1
#########0#########0#########0#########0#########0#########0#########0#########0
#
# # Description: Move students and alumni accounts to the correct OUs
#
# History:
#	???????? EWM Initial Creation
#   20111213 EWM Sql Server Agent Job 
#				 [Active Directory NEW students daily].[Shell Game (move stuff around where it goes)]
#				 Occurs daily at 9:00:00 PM with no end date
#
#########0#########0#########0#########0#########0#########0#########0#########0

Select all Open in new window

…

If configure Azure AD Sync tool in one user profile, it does not seem like you can start it or view or change the settings from another user profile, in a case where we have multiple admins that may need to manege that whats the best way to do it? Can this be managed from multiple profiles or multiple admins must access that one user profile where it was originally installed under and configured?

Thanks

I'm trying to install an msi through GPO. It fails on my test box with error code 1274 in the event log. DC is 2008r2, test box is Windows 7. Any ideas?

Trying to secure my RDP connection so we are using TLS. Have create a template and a group policy to deploy it.

When I logon to the server i get the following error:

The terminal server cannot install a new template-based certificate to be used for Transport Layer Security (TLS) 1.0\Secure Sockets Layer (SSL) authentication and encryption. The following error occurred: The permissions on the certificate template do not allow the current user to enroll for this type of certificate.

Domain computer on the template has read and enroll right. It did have only enroll but I added read as well. Not sure If i have to push this change through?

I see in the logs the following error for lot of different workstations joined the domain

The session setup from the computer xxxxxxx$ failed to authenticate. The name(s) of the account(s) referenced in the security database is xxxxxx$.  The following error occurred:
Access is denied.

NETLOGON event ID 5722

Server 2008

Please help

Has anyone run Symantec Exec on a file server during production hours?  My backups seem to run into the next day, is this normal? Im backing up about 1 TB.

One of our customers DC's has died, the motherboard went on it and they have replaced it with a brand new server.

I have the pleasure of rebuilding this machine, I have the HDD from the old DC and am in the process of building the new server, windows 2016 (they previously used 2003 I think) and rather than setup a new domain and new AD structure I was wondering if I could somehow pull the old data from the HDD and import it into the new AD?

We have windows server image backups of the old machine, does anyone know if it's possible import the old data (users mainly) so as I don't have to setup an entirely new domain, new users and then manually get all of their machines moved over to the newly built domain?