Our default domain controller policy has the "Audit Directory Service Access" enabled and log all success events for group EVERYONE.

We have some missing production DNS records. Exactly where do I look in the event log and what event I can look for in order to determine who removed the DNS records?

Someone who knows please advise.

Hello,

We have a vendor that has a DNS issue with their domain which they have not resolved in a week. Some of our users had sent them emails this week and keep getting Delivery failed notifications over and over, how do I stop this to just those particular emails. We are on Exchange 2013 with a 3 server DAG.

Website Hijack? or Something similar happening on our website.  Our home page on website shows weird page that looks like hijacked only on mobile. All of desktop whether it is PC or Mac shows correct website but the website on mobile shows different page. If I turn on WIFI on mobile device, I got correct webpage, the same phone, if i turn off the WIFI, i got other webpage. It seems that mostly on Verizon mobile but just for some of them. Some of the Verizon phone shows up correctly on other such as T-mobile device correctly.  it happend once on one of our campus and I resolved by flush the DNS, but this time it won't worked. i followed https://www.techwalla.com/articles/how-to-flush-the-dns-on-an-android-phone
to flush dns on android and still not working.  This happening on Andriod and iOS device.

Hello,

I'm looking for FREE management tool or grograms for items as the following,
1) Windows Active Directory audit including User, Group, OU, GPO, DNS, etc..
2) Microsoft Exchange Report
Enviroment: Windows Server 2012 std R2, Exchange 2016

Could you please advise me ?
Thank you !

Hi I have 2 iis instalations on different servers within same network. 1 x iis is hosting rdweb, 1 x iis has a website. I would like users to connect via vpn and be able to access the website. Ports 80, 443 are currently forwarded to the rdweb iis server. I'll have a dns entry remote.domain.com pointing to the external IP for the RDWEB. how do i get differentdomain.com to point to the second IIS server? Read some things about IIS redirect, not sure that if thats the way to do this? IF it is detailed instructions would be helpful :)

Thanks,

We have a Windows 2012 DNS server that is not behaving they way I had thought it would based on the MS documentation I found.
Round robin is disabled, and subnet prioritization is on.  
There are 2 local subnets (192.168.0.x/24 and 172.28.1.x/24), and one remote subnet of 172.28.150.x/24
DNS entries:
ServerA  192.168.0.20
ServerA   172.28.1.20

Name resolution works as expected (no round robin), and query return matches the IP of the local subnet it originated from.  For example:
DNS query for ServerA from host 192.168.0.100 always returns 192.168.0.20
DNS query for ServerA from host 172.28.1.100 always returns 172.28.1.20

But, DNS queries for ServerA from the 172.28.150.x network still return in a round-robin fashion, alternating between 192.168.0.20 and 172.28.1.20.
The 172.28.150.x network cannot route to the 192.168.0.x network, and so the query fails 50% of the time.  Or, I guess to be more accurate, the query doesn't fail, it just returns an IP that is not contactable by the requesting host on the 150.x network.  EDITED for clarity - I need the query from the 172.28.150.x network to return the address in the 127.28.1.x range.  There is not an option at the moment for a route to the 192.168.0.x network.

Based on the docs I found, I was expecting and hoping that the DNS server would return the "closest match" that it could find to the IP of the originating requester, starting with the left-most octet.  But this doesn't seem to work.  I have confirmed with …

hi guys

All of our PC records in DNS are showing as Static in the timestamp. So now, when I use a person's PC name to connect to them, it takes me to a totally different PC. Is that related?

Last week, someone at work deleted a DNS zone. We exported the DNS records from another server before they updated too and salvaged them by re-importing them using the DNSCMD.exe command. But now, all records have static timestamps.

Do I need to do something with DNS record aging etc? If so, what would you recommend?

Thanks for helping
Yashy

i have a hyper v host with 2 server 2012 guests. dc1 and dc2. dc1 holds the roles and dc2 is the rdp server. a few days ago rdweb stopped working. looking into that i noticed that the server is not replicating. when i log into dc1 it logs in as a temp profile. If I launch DNS console I get a access denied. I tried to demote dc2 and that failed.  this is really messed up. I also noticed that the nic is setup for public not domain local. I tried disabling and re enabling  the nic no luck im wondering if this is the reason for all this mess. any help is appreciated.

I may want to give up/abandon a Domain Name that has old Nameserver names assigned to it.
How can I start with that domain (example.com) and find out:
1) What name servers EXIST (ns1.example.com etc)
2) Of these name servers, which ones are in use ... meaning, I want to know if I delete all name servers for this domain, and even give up the domain, what Websites might stop working
Any Mac, Linux, or online/server-side solution would be wonderful, though if you only have a Windows solution, I am sure I could find a Windows PC around here somewhere

Thx in advance all!

- B

blocking webmail on Cisco Umbrella but allowing gmail, office365 links

the problem is i am allowing gmail.com and mail.google.com but when i block the webmail category it also blocks gmail. can idea what other url i need to allow?

I have at least 7 laptops. All are on WIFI. These have been joined to the domain. I am unable to ping from one laptop to the other. I am able to ping to DC. From DC I am able to ping PC.

Once the laptops were joined to my domain x.local. I saw that the domain name is x.local 2. I am using eset and the firewall is off for this as well

Why would this happen? How can I solve this?

This only happens on WIFI

Log Name:      System
Source:        NETLOGON
Date:          5/11/2018 3:17:37 PM
Event ID:      5722
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      01.x.local
Description:
The session setup from the computer LP-18-16 failed to authenticate. The name(s) of the account(s) referenced in the security database is LP-18-16$.  The following error occurred:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5722</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-05-11T03:17:37.000000000Z" />
    <EventRecordID>135343</EventRecordID>
    <Channel>System</Channel>
    <Computer>01.x.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>LP-18-16</Data>
    <Data>LP-18-16$</Data>
    <Data>%%5</Data>
    <Binary>220000C0</Binary>
  </EventData>
</Event>

We're a WIndows network with a standard range of 192.168.0.1-254. DHCP, DNS are on a server and I have a few wireless nodes on static IPs acting in bridge mode.

For quite a few clients, they will login, be assigned an IP, can access internal network utilities, but can't access the internet. The only way I can get them on is to assign them a static IP in an excluded range within their network settings. Primarily happens on the wireless networks but those get the most traffic and has happened wired in.

What could be going on that they'd be assigned an IP from DHCP, can access internal network utilities (email, shared drive, printers) but can't get an outside connect to the internet?

Unable to visit website without 'www' before the site name. The site works fine when I enter 'www' before hand.

What sort of record must I create on my hosting service? A? CNAME? I've done this a million times but for some reason it doesn't seem to be working. I must be overlooking something.

This is not an IIS or GoDaddy. The company name is Site5.