Active Directory

74K

Solutions

38K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have an SBS Server 2008, Server 2012 R2 Physical (DC) and Server 2012 R2 Virtual (DC) in my environment. I recently converted the SBS server to a virtual machine in order to reuse the hardware. The conversion was successful. I then pulled a full backup of the SBS as a VM BUT I forgot to change the Symantec/Veritas Agent to the virtual machine agent. Now 4 days later (and at least 3 reboots) the SBS VM won't boot. It BSoD in Normal, Safe or Last Known Good modes. Thankfully because I am working on decommissioning the SBS most operations are no longer running on it. I attempted to build another SBS 2008 VM and restore the BE backup but it continues to fail because I cannot name the new SBS machine the same Name/Domain combo, and Backup Exec saying the restore resource cannot be found. So, the real question is: do I really need to worry about bringing the SBS server back online, only to decommission it? Exchange is already Office365, I have another physical DC (now running on the original SBS hardware), my certificate infrastructure was rebuilt using another server and I'll get over not having the SharePoint data (wasn't mission critical). Can I move the forest/domain operations masters with it offline and what other steps am I overlooking? Thank you in advance!
0
What is SQL Server and how does it work?
LVL 1
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

we can deploy software on computers through SCCM but how we can uninstall software from 100 of computers

can we do with SCCM or any other tool is required
0
Hi all,

I have a Powershell script that copies AD group memberships from one user account to another. The script is as follows:

 
Import-Module ActiveDirectory

$copy = Read-host "Enter user to copy from"
$Sam  = Read-host "Enter user to copy to"
 Function Copymembership {

$members = Get-ADUser -Identity $copy -Properties memberof
foreach ($groups in $members.memberof){
if ($members -notcontains $groups.sAMAccountname)
{Add-ADGroupMember -Identity $groups -Member $sam -ErrorAction SilentlyContinue
Write-Output $groups} 
}
}
copymembership

Open in new window



Running the script prompts for both the source account and the target account to be entered, before going off and 'doing the do'.

I now have the requirement to copy AD account memberships for hundreds of users. I have a CSV with the data, an example of the formatting is below...

SourceUser, TargetUser
TestUser1,TestUser1NEW
TestUser2,TestUser2NEW  


I have been trying to find a way to import the CSV into the original script above, and go through the list copying memberships from each source user to their target account.

Any pointers/help/advice would be greatly appreciated.

Cheers
0
how can we migrate applications from windows server 2003 to 2008

or from windows server 2008 to windows 2012, any tools we use.

any examples of application one can give.
0
In this screenshot what is the exact location of the Test Test user (see the bottom of the screenshot)? Is it OU=users,DC=company,DC=com or is it something else?

The domain name for this organization is company.com

ACTIVE-DIRECTORY-USERS-AND-COMPUTERS
0
OK hope I can describe this properly, have a general question I'd like to ask.

We look after 2 companies, "Company 1" have 2 staff who need to access information on both their own server and on the server at Company 2.  Unfortunately at the moment both companies have a single DC (SBS 2011 at Company 1 and Server2012 at Company 2)  both of these servers happen to have the same local IP address and their default gateway LAN address is also the same.  In order for Company 1 staff to access the Company 2 server I've set up a VPN connection so that they can dial in as and when they need access, I've also got a batch file set up which swaps the hosts files around so that the PC's know which server to point to despite them having the same IP address.

The problem with this is that they are now saying that they need to have mapped drives open on the Company 1 server and on the Company 2 server and want to be able to drag and drop between the two (at the moment they are dragging to the desktop, swapping host file, disconnecting from VPN then copying into the other server mapped drive).  

I'm toying with the idea of just advancing the IP address of the DC at Company 2 by 1 digit so I can do away with the need to host switch but what I wanted to ask is how can I be able to access a mapped drive on Company 1 server while connected to Company 2 server via VPN? Is there any easy way to do this at all?

Many thanks

Adam
0
Hi all. Anyone got any ideas about how best to look at 2 Domain Controllers and compare them for configuration?

So something that views LDAP policy, DNS resource weight and priority, a tool perhaps that makes comparisons and spots differences? Or maybe nothing like this exists?
Thanks all
0
I am trying to follow the instructions within the the https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx#Code_Used webpage to import username information from a .CSV file to create usernames within Server 2016 Active Directory but every time I try to do this I receive the following error messages:

When I run the following command within PowerShell (running as an administrator) .\un.ps1 I get the error message

 “ConvertTo-SecureString : Cannot bind argument to parameter 'String' because it is null.
At C:\Support\UN\UN.ps1:12 char:232
+ ... scription" -AccountPassword (ConvertTo-SecureString $Password -AsPlai ...
+                                                         ~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [ConvertTo-SecureString], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

ConvertTo-SecureString : Cannot bind argument to parameter 'String' because it is null.
At C:\Support\UN\UN.ps1:12 char:232
+ ... scription" -AccountPassword (ConvertTo-SecureString $Password -AsPlai ...
+                                                         ~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [ConvertTo-SecureString], ParameterBindingValidationException
    + FullyQualifiedErrorId : …
0
Within the https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx#Code_Used webpage which contains instructions on creating a CSV spreadsheet that contains fields such as the user's firstname, lastname, maildomain, etc. what should be entered within the SAM spreadsheet column?

I understand what all of fields need except for the SAM field. What should be entered within the SAM field?

Firstname | Lastname | Maildomain | SAM | OU | Password | Description

User | Test01 | contoso.com | utest01 | OU=Standard Users,OU=Users,DC=domain,DC=loc | P@ssw0rd| Test User

One of the lines of code explains the syntax as " New-ADUser -Name "$Displayname" -DisplayName "$Displayname" -SamAccountName $SAM -UserPrincipalName $UPN -GivenName "$UserFirstname" -Surname "$UserLastname" -Description "$Description" -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -Enabled $true -Path "$OU" -ChangePasswordAtLogon $false –PasswordNeverExpires $true -server domain"

Please provide me with the correct entry that should be used for SAM.
0
I currently have a spreadsheet that contains all employee first names, last names, & logon user names (see below).

I need to know exactly which rows and columns this information needs to be put within an Excel CSV spreadsheet and where other information such as the user's AD passwords & any other information needs to be put so that these user accounts can be created within Server 2016 Active Directory.

I also need to know the exact command line or power shell command needs to be used that will create these user accounts within Active Directory.

Please provide me with guides or URL resources that explain how this can be done. I have attached an example spreadsheet that contains the user first names, last names, and AD user names for the accounts that need to be created.

AD user namesADusers.csv
0
Free Tool: Site Down Detector
LVL 9
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I had this question after viewing Active Directory PowerShell: Remove manager from User object(s) located in a specified OU folder..

I would like to scan through the users in active OU's and remove the manager attribute of any of those users whose manager is in my Inactive OU.
0
On our Citrix server c:\users, some users have multiple folders.  

What would cause this?

Can the older ones be deleted?

user folders
0
Currently, we migrate our local Active Directory into a large Active Directory structure of our data provider. Sometimes our workstations show strange problems (Explorer.exe crashing, resources unavailable etc.). We found out that those problems don't occur if we put our domain name with an IP address of an available DC in c:\windows\drivers\etc.hosts.

Using Wireshark we found out, that some DNS-queries on DCs were not answered. The clients kept on sending packets on port 53/DNS which were not answered. Just pinging them is possible. The firewall of our data provider just drops IP packets on unavailable ports instead of denying them.

nslookup my.domain.com
   Addresses: 1.1.1.1 (only ping, everything else dropped)
                        2.2.2.2 (only ping, everything else dropped)
                        3.3.3.3 (port 53 available)
                        4.4.4.4 (only ping, everything else dropped)

I would like to convince our data provider, that DCs in the round robin list of the AD domain should either be completely available for AD relevant protocols or otherwise be completely unavailable, so that workstations contact other DCs.

Am I right with this assumption? Is there a whitepaper concerning the availability of DCs in the round robin DNS list of an AD domain name?

Best regards!
Chris
0
We have a large AD environment with 10k devices and have ADCS setup. Earlier in the week we had and issue were devices started to fail to connect the network . After further review we found the CDP location on our root CA which is in a workgroup and one of our SubCA's CDP location changed to something like: ldap://myLDAPServer....What makes this even more odd is the fact we have one other SubCA that does not have anything published to it yet its CDP location was fine.  There was noting in the logs and stumped as to the root cause. I have been dealing with CA servers for the past 10 years on and off and have never seen this before.

Any thoughts???
0
We are in the process of upgrading our DC's from Windows 2008 R2 to 2016 and our FFL and DFL is at Windows 2008 R2. Yesterday and today I used LDP to view the deleted object which I done before to restore and object that was deleted 45 minutes prior. The problem is the object was not list in the deleted items container yet I know it was deleted. I tried created a number of computer account then deleting them and had the same results. What am I missing here?
0
In one remote office, IT needs are being a managed by a third party provider.
Currently, they are using an account which is a Domain Admin in order to do basic PC and printer software installs.

I would like to revoke the Domain Admin membership as this gives them much more access than is necessary.
Is there such a thing as a Windows account that can be configured on the domain to have admin rights for installing PCs, printers but without being Domain Admins?

My first thought was to create a local admin on each PC through GPO (I think this is possible) - is there a better way?
0
Win10 clients previously had GPO applied that made them update using a local WSUS Server, the GPO has now been removed, how do I make those clients update via windows update again? Using GPO preferably.

Thanks
0
I need to export about 300 users from G-Suite.  The most updated list is in G Suite Contacts.  Is there a way to export from there?

I need it in order to import it into the Azure AD.
0
I have a question concerning group managed service accounts.
What is the authentication process for this type of account ?

Like this one for Kerberos maxresdefault.jpg
I don't find resource which describe :
- all exchanges between client and DC for opening this type of session.
- all exchanges for change password
- ....
0
Is Your AD Toolbox Looking More Like a Toybox?
LVL 6
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

we've got a 2008 R2 domain with an RODC deployed in a DMZ and servers wihtin the DMZ connect to this server for authentication, DNS etc.

Recently, we deployed new group policies on the domain, and i noticed the DMZ servers were not receiving these changes.  a quick check of the RODC shows it is unable to receive the updated GPOs (even after a gpupdate /force it reports an error).  In the event log I am seeing multiple event ID 64 about expired certificates, plus Event Ids 6 and 13 regarding failed certificate enrollment and "RPC Unavailable" errors.  nothing has changed with regards to the FW rules recently to cause this.

Opening the FW to allow all traffic between the Root DC and the RODC has resulted in everything now working again, certificates have updates and all new GPOs have been received and a gpupdate now reports successful completion.

I've opened up all the required ports as detailed in the microsoft documents, and assigned two static ports to replace the dynamic port ranges (again as detailed in MS documentation).  Clearly I can't leave all traffic enabled, but am a loss to what i am missing which is causing this failure?
0
Please, can you suggest? We are running 1 x Exchange Server 2016 on Server 2012R2, 1 x Domain Controller 2012R2.

Is there any conflict between Window updates and Exchange?
1
What is the correct process to follow to create a .CSV file containing the first names, last names, usernames, & passwords of users to import into Server 2016 Active Directory?
0
I am looking for an AD script to help us audit our security groups. I would like to be able to get an output of all the Sec groups we have and their members. Is this possible?
0
Dear Teams, I cannot fix the time on Window server 2012R2. Whenever I  restart the server, it shows incorrect time again
0
After reboot, I got this error in Exchange Management Console, also I could not login to OWA, it showed blank page when I entered correct username/password.

All Exchange services are running. Environment: Exchange 2016, Window Server 2012R2

Can anyone help, please?
err2.PNG
err.PNG
0

Active Directory

74K

Solutions

38K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Vendor Experts

Kevin StanushSystemTools Software Learn more about SystemTools Software