The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
 
Additional Information:
Error: 160 (One or more arguments are not correct.)

Hi all i would like to have a user account in one domain and use it with another domain. If possible i would like to only have one account for each user but have access to both domain.

what would be the best way to configure

many thanks

Regarding the issue is that there is a domain name called "outlook.office365.com" and for that the name resolution we have pointed out to our local ISP(india) using conditional forwarder in our dns and also in forwarders tab\list we have pointed out to our head office dns server ip which is in US.

As per configuration if we nslookup on the mentioned address "outlook.office365.com" we should have get response from our local ISP(india) which is in conditional forwarder however that is not the case instead we are getting response from US IP which is in forwarders list.

So that clients getting delay response.

As per dns default behaoviour is that any query comes from dns it will go to check first conditional forwarder and then only go to check in the forwarders list in dns. I do not know why our dns server is not working properly.

Please help us to fix this issue, Please help and do the needful. i do not know how to overcome this issue. please help.

Hello Everyone and as always thank you in advance for your time and insights.
We are about to integrate two new 2016 domain controllers to eventually replace our current two 2008R2 domain controllers with the intention of also leveraging them to raise our current Forest and Domain Function Level from 2008R2 to 2016. We have around 30 MEMBER servers running a mix of
2003 (3 of them on physical servers that are being decommissioned)
and the rest are all 2008R2, 2012, 2012R2 of which about 1/2 are virtual machines hosted on a 3 host ESX VMware 6.0 infrastructure.
I had not come across or read about any issues for only member servers (physical or virtual) when it comes to raising the FFL or DFL to 2016, but then I saw this article (see below) and now I am a bit confused and need to make sure that I am interpreting that correctly. I am assuming they are referring to Domain Controllers running 2016 O/S and 2016 AD (FFL/DFL) being incompatible with VMware hosts of all versions at this point and not merely member servers with 2008R2 or 2012R (running on VMware 6.0) having an issue with functioning with a 2016 AD FFL/DFL because the member servers are virtual and are hosted through a VMware ESX 6.0 environment or am I reading that wrong?
https://kb.vmware.com/s/article/2071592

Hi,

I have a question regarding GPOs.

Is it possible to force a GPO in a sub OU even if the parents OUs GPO has other settings set? So, I want to overwrite a parents GPOs setting within a sub OU.

Thank you in advance!

Hi,

I am not sure if that doable in window server 2008 enterprise x86 but I will post this question. Can I customize a profile for Active directory user based on her/his name? So, the user when log on to the domain her/his picture will show up on the start screen for Windows 7 and the login screen.

I have all user pictures in the shared folder on the server.

Thx

Hello Experts, I have a strange issue. I am working on a migration of company A to company B for AD. Company A is currently part of their on-prem AD which is company.local, and they also leverage O365 for E-mail, SharePoint, onedrive... for which they have separate accounts which only reside in Azure AD. Once I join the user machine from company A to company B domain, and the user logs into the machine using their new company B domain user account, the user is no longer able to access their onedrive files via Office Client. they cannot activate Office client, and cannot register their device with Azure AD. The attached error is received.

When the user is part of Company B domain, we are not creating new user profiles for them, we are simply using regedit to point the new UserProfile to the older UserProfile so they do not lose any data. I have done some testing, and the issue seems to be related to the users profile on the machine. if I log in as the user on a different machine which is part of the new domain (using the users new Company B AD User account), then I am able to activate office client...hence i believe this issue is related to the User profile. I have removed the device from Azure AD, cleared creds, re-installed Office client, and cleared all activation keys cached on the machine and un-licensed, re-licensed the user in O365, but nothings seems to have done the trick. creating a brand new profile for each user we migrate is not feasible, too much work.

…

Dear experts, how can we collect users' activities on web browsers? Assuming that this is domain environment and we prefer free solution, script or Gpo settings. Many thanks!

I need to create a script to get SamAccountName from users's name csv file on several domains
Actually my script look like this
$PathFile = "C:\CSV\UsersINSPQ.csv"
Import-Csv -Path $PathFile | ForEach {
 $User = $_.User
Get-ADuser -Filter {Name -eq $User} -Properties Name -Server "dc01.domainA.com" | Select Name, SamAccountName}

It works well, but i need to do it on 7 domains like domain A,B,C,... and G. So how to make a loop to have a single result for all domains with this script, and yes all domains trust each others.
Thanks

Hi,

I have a problem with our roaming profiles ntfs permissions. We backup our users profiles daily, but when I create a new AD account and the user logs on, the users profile directory (Profiles.V2, V5, V6) created, do not inherit the folder permissions which should contain the backup service account read permissions for this folder. The permissions on the parent folder are correctly set. How can i enable inheritance without the need to do this manually for each user profile directory?

Thank you in advance.

I'm deploying WSUS via GPO.
- WSUS is working well including ccorrespondig download packages.
- GPO for Automatic Update on Domain controler setting as following :
  1) Configure automatic updating: 4- Auto download and schedule the install
  2) Schedule install day: 0- Every day, Schedule time: 10:00
  RESULT: ALL clients was affected/managed by GPO, but the TIME check update incorrect. They always showed last checked update at 7:50 AM everyday. (See attached file)
What am i missing ?
Anyone can help me ? Thanks.

Enviroment:
DC and WSUS: Windows Server 2012 Std
Clients: Windows 10, 7 and Server 2012 Std.

I have a hyper V lab environment setup. I originally had it setup to a internal switch but wanted to change it to a external switch so I can get out to the internet.
 I can get out to the internet if I set that machines to automatically get a ip address but I need to be able to communicate between the machine in the lab.

At my work place they have it setup so all the machines use the DC for DNS resolution and they set forwarders on the DNS server to get out to the internet. This doesnt seem to work in my lab envir. Is there a way to get the machines to see each other and get out to the internet as well?

I had to configure ADFS server for chrome

 I ran this command :

Import-module adfs  ( by opening windows powershell and not azure windows power shell

 2)Set-AdfsProperties –WIASupportedUserAgents @("MSAuthHost/1.0/In-Domain","MSIE 6.0","MSIE 7.0","MSIE 8.0","MSIE 9.0","MSIE 10.0","Trident/7.0", "MSIPC","Windows Rights Management Client","MS_WorkFoldersClient","=~Windows\s*NT.*Edge","Mozilla/5.0","Edge/12")

 3) reboot


everything worked fine

but there is one workday  mailbox xxx@domain.com which before running the command , IT work day people used chrome and then typed portal.office.com, it used to ask the email address of shared mailbox and then password  and user were getting directed to that shared mailbox ,this mailbox is not allowed to be configured in their respective outlook

but now when they type the same workday mailbox email address when they type portal.office.com and put in email address , it is doing 2 things

1) not asking the password
2) user instead of getting into that workday mailbox are getting apps page on 365 portal and when they open outlook, their mailbox is opening up instead of that shared mail box

hope I put the question correctly , so question is that shared mail box is not opening or showing up

from my personal computer when i type portal.office.com and put the workday mailbox email address it gives me a prompt sts.domain.com and username and pasword

but when i am in my network the above issue is happening