Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Active Directory

75K

Solutions

38K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have 2 DC's running win 2008 32bit also Running DNS, DHCP with Domain Functional Level of Windows Server 2008.
I want to introduce a Windows Server 2012 as a DC and transfer the FSMO but I still want to keep running DNS and DHCP on th eolde 2008 32bit servers. ANY recommendation as of what steps should I take and should I also move DNS and DHCP to the new server?
0
Upgrade your Question Security!
LVL 11
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Does PTA simply round-robin between each PTA Agent.  PTA does not do Deterministic Load Balancing, then what does it do?
0
Hi Experts!!!!!
I have 100 number of Apple laptop, i need to manage the laptop using active directory Group policy. Is this is possible??
0
Hi All,

I recently had to rebuild a Windows Server 2k12R2 Server. Current Set-Up

2 x Windows Server 2k12R2

DC01 has all the FSMO roles
DC02 (before rebuilt) - kicked it off the domain, demoted the server
DC02 (rebuilt) - I gave it the same name and IP address as the one that I demoted.

Issues:
  • I'm unable to replicate, when I do repadmin /syncall, it says that the RPC server is unavailable
  • I am able to ping the rebuilt DC02 by IP
  • I have attached a screen shot of dcdiag
  • It says no host record, but when I check the DNS manager of DC01 and DC02, I do see it
0
Hi Everyone

yesterday my Domain controller that hold FSMO was shutdown unexpected. After start again some domains controllers started appear event id 4 and when i ran dcdiag and repadmin i get "the target principal name incorret". I tried execute de following steps:

1. Stop kdc in the domain controller affected (i.e DC2) and flag the service with manual status
2. Restart DC2
3. On DC1 (that hold FSMO) i ran the command:
    netdom resetpwd /server:DC2 /UserD:domain\administrator /PasswordD:**
4. After command execute with success i restarted the DC2
5. When DC2 started i start kdc service.

But the problem still in many domain controller from in my envioriment. I forgot execute anything???
0
Hi,

Please I need a script "vbscript" to export the following attribute from two "OU" in active directory,
After to run the script we obtein a output file .csv (encode in UTF-8 )

I want to display in the output file the following fields:
"Account","Disabled","First Name","Last Name","Mail"

*Disable = True or False
"""ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local"",""DC1Serv.dom.local"""
"""ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local"",""DC1Serv.dom.local"""

Best regards,
0
I ran DC Diag and have errors.  We started with one central office.  Over time with several branches, I created sites, and place backup DC's in those offices.  

Here is the error.

None of the directory servers in the following site that replicate the
following directory partition are configured to use the following transport,
even though the site itself is configured to allow replication over this transport.

 An error event occurred.  EventID: 0xC0000620
    Time Generated: 01/13/2018   12:19:02
    Event String:

I have looked at Sites and Services.  I have looked at all the NTDS of all the DC's and they show the transport is IP.

I forced Replication between the DC's the to the box that holds FSMO.  I get the same error.

My servers are Server 2012 R2.
0
Looking for a script to generate a list of Computers and IP in the entire domain, preferably in a delimited format.
Thanks in advance.
0
Please provide me with instructions on wow to create an Active Directory federation between two Server 2016 Active Directory forests that are connected with a WAN link.

I need the AD domains within each forest to be able to trust each other and share resources such as file shares.
0
Hi,

Please I need a script (vbscript or Powershell)  to export the following attribute from two "OU" in active directory,
After to run the script we obtein a output file .csv (encode in UTF-8 )

I want to display in the output file the following fields:
"Account","Disabled","First Name","Last Name","Mail"

*Disable = True or False
"""ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local"",""DC1Serv.dom.local"""
"""ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local"",""DC1Serv.dom.local"""

Best regards,
0
Simplify Active Directory Administration
LVL 7
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Hi Looking to update the msDS-SupportedEncryptionTypes attribute for a trusted domain object on a 2016 Server

Get-ADObject -Filter {trustPartner -eq "test.com"} -Properties "msDS-SupportedEncryptionTypes" | Set-ADObject –replace @{ "msDS-SupportedEncryptionTypes"='24'}

Getting back Set-ADObject : Illegal modify operation. Some aspect of the modification is not permitted

Any help much appreciated
0
Hi guys,

I got roaming profiles deployed using AD profile path. not using folder redirection.

Profile all saving in a server- network shared folder. inside the folder, for each user, it has many versions. what does it mean ? why it is creating many versions ? is it ok to delete old versions ?

For eg. for userA, there are folders like.   userA.v1 , userA.v2, userA.v3

right now drive in the server is running out of space, i need to clear some space straightaway, so is it ok to delete userA.V1 ? i mean ok to delete all versions except latest version number.

Could anyone plz help me with this.

Thank you
0
Greetings,
I am looking for the necessary detailed steps to take prior to converting my physical Active Directory Server/Domain Controler to a Hyper-V Virtual Machine.
I want to be able to create my Hyper-V VM , Attach the VHDX, and be up and running as soon as possible in the event of a Server failure.
I have successfully created  bootable Server 2008 and Server 2012 VM's,  but each VM brings up a "Directory Services Restore Mode" prompt prior to allowing me to log into the newly created VM.
I would like to avoid DSRM all together.
Thank you in advance.
0
Hi Guys,

I have an asp.net application and I authenticate users by using <authentication mode="Windows">.

The users are active directory users and they are login to their machine with the same credentials they log in to the asp.net application.

My question is how can I check in my asp.net application that user already login to his machine and let him login automatically to the application.

Thanks.
0
Hello Group Policy Experts,

I'm trying to create a registry key on a test PC through group policy.  The group policy object is configured as in the screen shot:

Screen shot of GPO
I apply the GPO to the OU where my test computer is located.  I do a gpupdate on my test PC and I see the policy being applied, but my registry is not updated with the new key.

What could I be missing?  My test PC is Windows 7 Pro.

Thanks,
Nick
0
Hi,
We have are having an issue with SYSVOL replication, we believe that it is related to a couple of things:

- domain/forest functional levels were set to 2003 even though there are NO 2003 servers/DC's in the environment
- using FRS versus DFS replication as it should be

I have raised the domain/forest functional levels from "Windows Server 2003" to "Windows Server 2008"

I am now looking at migrating from FRS to DFS Replication.

It should be mentioned that both DC's are running Server 2012 and Server 2012 R2 Standard editions

Thoughts on this as I have never attempted this before...

Mike
0
There are two sites - both are in the same domain.
There are two domain controllers in site A - only one in site B.
The one DC in Site B has a corrupt AD database and is no longer syncing with Site A.

I will replace it with a new DC and plan to demote the old DC and then promote the new one.
I am worried about what could happen if there are any problems promoting the new DC.
With the old DC demoted at that point, would users in B still be able to log in using the DC's at Site A?
Is there something I can check first to confirm if user logins will work even with no DC on that site?
0
Hi All,
 
I have a head office with many satellite locations. The root DC server is at the Head Office and each of the locations has its own DC server. The Domain Controllers are running windows server 2008 R2

My main question is:
- Are log events, specifically security log events, that are registered at a specific domain controller replicated on other domain controllers, or at least to root DC? and would the root DC server be the central repository of all these logs or would every DC server have the same set of logs.

I have a less important question:
- if the logs are replicated, are all event types replicated or just some event types. Is there a reference explaining this?

Many thanks
0
Please advise how do I avoid GPO3 to be applied to OUIII - please see below.   Thanks.  

Mydomain.com
      |___GPO1
      |___GPO2
      |___GPO3
      |___OU1
      |___OU2
      |___OU3
           |___OUI
           |___OUII
           |___OUIII
0
Industry Leaders: We Want Your Opinion!
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

We have a client who we added 4 new domain computers to over the weekend (they had an existing 6 on the domain) to an existing domain control virtual machine running Windows 2012 Standard R2. Ever since the users started working on Monday the files on the server and network shares are opening as "Read-Only". We've checked the shares and they are set to Full Access, we've checked subfolders and they have full access and aren't locked for read only. We have checked for files being open on different workstations causing the issue and all files are closed. This issue did not exist before adding these users and the issue is being experienced by all users (all on Windows 10 pro), those who were on the domain before as well as new users.
0
Hi Guys

I have had this script that works fine to query AD for users that exist in AD and or Not and if they are enabled or Disabled.


#Create a txt file with the AD usernames inside a txt file c:\Temp\userstatus\ named Balh.txt
#TXT FILE WOULD INCLUDE SAMACCOUNTNAME FROM AD ENVIRONMENT FOR EXAMPLE
#Blah01
#Blah02
#Blah03

$user = get-content C:\Temp\Blah.txt
$user | foreach {
$Name = "$_"
 $Searcher = [ADSISearcher]"(sAMAccountName=$Name)"
 $Results = $Searcher.FindOne()
 If ($Results -eq $Null) {"$Name not in AD" >> C:\Temp\userstatusblah.txt}
 Else {
 $status = (get-aduser $Name).enabled
 if ($status -eq "True"){
 
 "$Name is Enabled" >> C:\Temp\Blahuserstatus.txt}
 else{
 "$Name is Disabled" >> C:\Temp\Blahuserstatus.txt}
 }}
#If you want to check only enabled accounts delete the "#" below
 #get-content C:\userstatus\userstatus.txt | select-string "is Enabled" >> C:\userstatus\userstatus_enabled.txt
#If you want to check only disabled accounts delete the "#" below
get-content C:\Temp\Blahuserstatus.txt | select-string "is Disabled" >> C:\Temp\Blah_users_disabled_in_AD.txt
#If you want to check only accounts not in AD delete the "#" below
get-content C:\Temp\userstatusBlah.txt | select-string "not in AD" >> C:\Temp\Blah_users_not_in_AD.txt


This script works fine
However I need now read in the email address from the txt and have some code to lookup SAMaccountName from email address read in  to then resolve the SAMaccountName , to then …
0
I am looking to give my remote offices a better experience with one of our primary applications that sites on top of a MSSQL 2005 Server.  If I setup a Peer to Peer transactional replication will users in Site A talk to Site A Peer server and Site B users talk to it's Site Peer?
0
I need to know how azure active directory works.

any good article  will suffice
0
I am way behind on cleaning up active directory computers.  I know there are many in there that are not around anymore.  How do I determine if they are active or not?
0
I have a department folder named Marketing. The Marketing group has the following permissions on the Marketing folder:

Traverse folder/execute file
list Folder /read data
Read attributes
Read extended attributes
Create files/write data
create folders/append data
write attributes
write extended attributes
delete subfolders and files

However if user1 from Marketing group create a file or folder under Marketing folder, user2 from the same group(Marketing) will be able to delete the file or folder create by User1
how can I prevent that ?

Thank you
0

Active Directory

75K

Solutions

38K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Vendor Experts

Kevin StanushSystemTools Software Learn more about SystemTools Software