Active Directory

74K

Solutions

38K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have 4 domain controllers and 3 of them are pointing to the fourth as the time server. I am taking this fourth server offline and need to move the time server to one of the other three.  How do I change the time server to another domain controller?
0
PeopleSoft Has Never Been Easier
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

I have 4 domain controllers. 1 is a 2003 dc.  This server has the primary dns. I would like to move the primary dns to one of our 2008 servers.  Can you tell me how to do this?
0
I lost a DC from a domain.  I only have one left.  I'm trying to raise the function of the domain so I can add a 2012 server. It is still looking for the schema master which was a 2003 server.  What can I do to make the current 2008 server the schema master? it's tell me the current server is off line so it will not change.
0
I have 4 domain controllers.  When I run the  "DCDIAG /TEST:DNS /V /E /F:C:\list.txt "  command on each of them 1 of them shows failed results.  The other 3 domain controllers show that everything passed.  

These are the results from the DC that shows failure.
 Summary of DNS test results:
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: domain.us
               morty                       PASS PASS PASS PASS PASS PASS n/a  
               Wally                        PASS WARN n/a  n/a  n/a  n/a  n/a  
               Vinny                        FAIL FAIL n/a  n/a  n/a  n/a  n/a  
               morty2                      FAIL FAIL n/a  n/a  n/a  n/a  n/a  
         
         ......................... domain.us failed test DNS


These are the results from the rest of the domain controllers.  
                                 Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: domain.us

               Wally                        PASS PASS PASS PASS PASS PASS n/a  
               Vinny                     PASS PASS PASS PASS PASS PASS n/a  
               morty2                      PASS PASS PASS PASS PASS PASS n/a  
               morty                       PASS PASS PASS PASS PASS PASS n/a  
         
         ......................... …
0
Hi All,

After installing new CAS role and then configuring the Virtual Directories to use single name space owa.domain.com, I cannot access OWA on my new Exchange Server 2013 Standard edition ?

Error: owa.domain.com is currently unable to handle this request. HTTP ERROR 500

Why is this happening ?
0
Hi

I manage various Active Directory domains that contain Windows servers and am looking for a solution to manage servers on all the domains.  These are separate domains in separate Forests and are on separate VLANs.

I am aware of SCCM but from investigations I would need a Distribution Point on each Domain but that is not practical.  Is there a tool(s) that I should use for the following?:

  • Assist with server deployment by adding roles and installing base applications
  • Manage updates of non Microsoft products (or Microsoft patches not available via Microsoft update), including managing reboots before and after installation
  • [Nice to have]: Ability to roll out a Group policy change to each domain without having to log into it
Thanks
0
Hi Experts

thanks for your in advance.

problem definition:
I have only 1 Active Directory server with DNS integrated in an isolated network and I want all DNS queries to be made to itself only so no DNS queries are broadcasted.
AD is imported from PROD environment and previously serving multiple zones and multiple different VLANs.  I now need to use this imported AD DNS server to not to forward any broadcast queries to different DNS servers.

reasons: Server is imported from PROD  environment so whatever the IP details it has in DNS tab should change I believe. it currently have multiple IP addresses listed primary and secondary DNS

options:  
a)should I only set up one DNS server IP which would be the itself 127.0.0.1 as primary DNS server and that's it leave the rest with no config. only 1 DC in this isolated environment which holds all the FSMO roles and  has no connections to PROD.
b) should set new port forwarding on Pfsense firewall to forward all DNS queries to  127.0.0.1

thanks for the help
0
I currently have domain controllers in common Domain/Forest on subnet 10.2.*.*.  I am adding a new domain controller at a Remote DR site -- remote network is setup to be an extension of our network -- so new domain controller is also on subnet 10.2.*.*.  Clients are in subnet 10.2.*.*.  How do I setup Site so that clients use 'local' DCs - and only remote DR DC if local DCs are down.  It confuses me that the subnet is common - although the one DC will be on a link 100 miles away?

Thanks
0
I have a GPO on a 2012 server for time.  I have the group Authenticated Users as the security filtering but it's not being applied. I tried to create a wmi filtering for all machines but that didn't work either. I used the following for the WMI filtering:
Select * From RSOP_Session Where SOM = 'OU=WEL_COMPUTERS,OU=domain,OU=Facilities,DC=xxx,DC=xxx,DC=xxx'
Now I've created a computer group with all the PC's however, that's going to be hard to keep up with.  How can I get this to work?
0
Hi,

Having trouble adding Win 8.1 PC to domain with 2012 server.

This PC dropped off the network so readding. Get the following error - 'The specified domain either does not exist or could not be contacted'

Server can be pinged via IP & FQDN.

Tried -
Adding fixed IP to PC
Adding via powershell
Changing PC name

Any ideas?

Thanks
0
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Anyone can point out to the right resource for Azure AD deployment?  Got experience in Domain migrations but never worked with Azure.  
Currently using Open LDAP.  
Need to decide how sub-domains should be used, site parameters, etc.   Thanks.
0
Hello

How to check which group policy is applied recently to my machine?

Thanks
0
Hello.

I have a question about my Forest and Child domains infrastructure and the DNS configuration.
First, the infrastructure is a split DNS configuration.
Example : mydomain.com with an external DNS zone hosted by a third party provider and the internal DNS AD integrated.

Now I don't know if a conditional forwarder is needed for the child domain controllers to route the request internally for the parent domain and never by the external hosted dns zone.

Here's my detailed configuration :

Parent Domain Controller
Domain : mydomain.com
Forwarder : 8.8.8.8
DNS IPconfig : 127.0.0.1
Delegation existing in the DNS zone for the child domain ("child").

Child Domain Controller
Domain : child.mydomain.com
Forwarder : 8.8.8.8
DNS IPconfig : 127.0.0.1
No conditional forwarder to request the parent domain.

Note that the configuration works. If I create an host entry (A) in the external DNS with an IP defined at 20.20.20.20 and the same host entry in the parent domain with an IP value of 10.10.10.10, and nslookup from a client in the child domain will return the value 10.10.10.10.  If someone could explain me this and if I need a conditional forwarder.

Thanks.
0
Hi

We are using Exchange 2007 and outlook 2010.In the outlook when the users go a search for an email on the search bar (With a name or subject)
It immediately displays all the emails related to the search.
We recently migrated to outlook 2013 and when searched and doesn’t list all the email, rather it shows only few emails and at the bottom, it says  
Showing recent results….
More
Only when I click More it list all the emails. Is it possible to set outlook 2013 , so that when and email is searched it lists all the email, rather than every time clicking More.

Any help  and suggestions will be great. Thanks in advance.
0
I had this question after viewing Powershell to show mailbox DB .EDB size ?.

Hi,

Can anyone here please assist me in modifying the below PowerShell script to calculate the Exchange Transaction log file size ?

Get-MailboxDatabase | 
    Select Server, 
           Name, 
           @{Name="DB Size (GB)";Expression={$objitem = (Get-MailboxDatabase $_.Identity); $path = "`\`\" + $objitem.server + "`\" + $objItem.EdbFilePath.DriveName.Remove(1).ToString() + "$"+ $objItem.EdbFilePath.PathName.Remove(0,2); $size = ((Get-ChildItem $path).length)/1048576KB; [math]::round($size, 2)}}, 
           @{Name="Number of Mbx";expression={(Get-Mailbox -Database $_.Identity | Measure-Object).Count}},
           EdbFilePath,
           LogFolderPath,
           LogFileSize, 
           CircularLoggingEnabled, 
           IsPublicFolderDatabase | ft -AutoSize

Open in new window


So far it works great, but I cannot get the total Transaction Log size.

Any help would be greatly appreciated.

Thanks,
0
I have been trying to setup NPS for wireless authentication.  I have NPS server set up and the clients set up.  I have registered the NPS server in Active Directory and installed a certificate.   However, I cannot seem to authenticate any users.  I get a error stating username or password is incorrect for client.  In the accounting log I see attempt with group information from active directory.    The client is an extremenetwork wireless controller.  NPS server is 2016.    Is there anything that has to be set on the user directly or what am I missing.  I am a novice at radius so let me know what info you need.  Thanks
0
Hi People,

I'm trying to achieve below with no downtime:

DISABLE Circular Logging
Configure DAG
Allow Database Replication


I've got 2x Exchange Server 2013 Standard Edition SP1 in the two different AD sites:

AD Site: Default-First-Site-Name
PRODMBX20-VM
C:\ 200 GB - OS
P:\ 100 GB - Page File Drive
D:\ 700 GB - PRODMBX20-VM-DB01 [PRIMARY]
E:\ 700 GB - PRODMBX20-VM-DB02 [PRIMARY]

F:\ 700 GB - PRODMBX30-VM-DB01 [SECONDARY]
G:\ 700 GB - PRODMBX30-VM-DB02 [SECONDARY]


AD Site: Head Office
PRODMBX30-VM
C:\ 200 GB - OS
P:\ 100 GB - Page File Drive
F:\ 700 GB - PRODMBX30-VM-DB01 [PRIMARY]
G:\ 700 GB - PRODMBX30-VM-DB02 [PRIMARY]

D:\ 700 GB - PRODMBX20-VM-DB01 [SECONDARY]
E:\ 700 GB - PRODMBX20-VM-DB02 [SECONDARY]

The two mailboxes server will be replicating to each other, so my question is:

1. Can I disable the circular logging after the DAG has been configured on both servers and all mailboxes database successfully replicated?
2. Do I need to disable the circular logging first and then setup the DAG which cause the unwanted outage to the users?
3. Does the DAG can also running fine even with Circular Logging enabled?
0
Greetings experts,

I was going through the event log on our exchange server (as you do) and noticed the following errors for a couple of our domain controllers:

Event ID 2193:

Process Microsoft.Exchange.Directory.TopologyService.exe (PID=2852). Suitability check failed for server dc3.domain.local with an exception. Error: System.InvalidOperationException: GetDomainControllerInfo() called on an invalid handle.
   at Microsoft.Exchange.Win32.SafeDomainControllerInfoHandle.GetDomainControllerInfo()
   at Microsoft.Exchange.Data.Directory.TopologyDiscovery.SuitabilityVerifier.CheckNetLogon(SuitabilityCheckContext context) (in CheckNetLogon).

Event ID 2080:

       Process Microsoft.Exchange.Directory.TopologyService.exe (PID=2852). Exchange Active Directory Provider has discovered the following servers with the following characteristics:      
 (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)      
In-site:
dc1.domain.local              CDG 1 7 7 1 0 1 1 7 1
dc2.domain.local        CDG 1 7 7 1 0 1 1 7 1      
Out-of-site:
dc3.domain.local        CDG 1 7 7 1 0 1 1 0 1
dc4.domain.local        CDG 1 7 7 1 0 1 1 0 1      

You can see in the first error that Netlogon is referenced and in the second error that the only differences between the domain controllers is that the Netlogon column is 7 for the DC's local to the Exchange server and 0 for the DC's at different sites.

I've checked the …
0
I need to create a list of all computers in the AD with exceptions based on name and type.  Generally i assume i will be using get-adcomputer however i am unsure as to how to create a filter to do what i want.  I am in need of only pulling a list of server machines, and then i need to exclude from the list any machine named like %shore% and %sql% and %dc% .. is there any way to accomplish the exclude using wildcards?  In the end i need the script to output to a txt file as a running list.  An example script would be amazing if you could.
0
What does it mean to be "Always On"?
LVL 4
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

I run some power-shell commands against our environment and I noticed this week that the commands do not appear to be pulling data from both of our Domains.

We have an NA domain and an EU domain .. Exchange is installed in the NA domain, but the user accts reside in the EU domain.

When i run for example a report to get users with ActiveSync setup on their devices, the report does not pull from that EU domain.

Do i need to change something in my report?

Any help would be greatly appreciated.
0
I want to ability to message all my 2012r2 active directory users. Is there a simple powershell script I can put together that only requires me to change a variable each time I want to run it? If so I would appreciate an example
0
We have a client who's Office 365 directory sync is working fine for all users except really old accounts that came from Windows NT days and were upgraded along the way to current Active Directory.

When the sync occurs and I check the Miisclient (Synchronization Service Manager) it shows successful with zero errors. If you check one of these accounts you see it just didn't sync to Azure AD with no errors.

Does anyone have a suggestion on what to do to trace this issue down?
0
Hello all,

We are trying to manage machines which are on VPC. but thereis no manage option in Ad for them.
Is there any thing else we can do
0
Hello - I have a DC that has become inaccessible and I need to remove it from my domain. I have already seized FSMO roles from this domain.

I have attempted to do the removal from CMD prompt.


To clean up server metadata by using Ntdsutil

--------------------------------------------------------------------------------



1.Open a command prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Enterprise Admins credentials, if required, and then click Continue.


2.At the command prompt, type the following command, and then press ENTER:

ntdsutil


3.At the ntdsutil: prompt, type the following command, and then press ENTER:

metadata cleanup


4.At the metadata cleanup: prompt, type the following command, and then press ENTER:

remove selected server mydc2

I get this error message:

PS C:\Windows\system32> ntdsutil
C:\Windows\system32\ntdsutil.exe: metadata cleanup
metadata cleanup: remove selected server mydc2
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
        'CN=Ntds Settings,mydc2'

Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the …
0
Greetings,

Please could someone help to generate a report of Computer accounts not logged in for over 365 days in AD. I need to clean up our AD and this report will help us.

Thanks.
0

Active Directory

74K

Solutions

38K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Vendor Experts

Kevin StanushSystemTools Software Learn more about SystemTools Software