Home All Groups Group Topic Archive Search About

Windows Server Active Directory

microsoft.public.windows.server.active_directory
Score Deploying .MSI, .MSP via GPO
Dev 8008 - 6 Jan 2007 8:15 PM - 2 messages
Hello, I want to deploy a software by using GPO.  The software has one .msi file, one .mst file, and several patches in .msp format. How do I deploy all of them by GPO? The GPO supports only .MSI type of ...
Score Trying to enable "Trust this computer for delegation (Kerberos only)
CucKo0 - 6 Jan 2007 12:22 PM - 2 messages
Here is the layout and problem: I have an AD domain consisting of about 20 AD servers I have an additional 20 application servers that are in the domain as well The domain function level is set to 2003 The forest function level is set to 2000 ...
Score View Changes Made to Active Directory
albertsoncookmcse - 6 Jan 2007 4:23 AM - 3 messages
Only failure audits were turned on for AD (before my time).  Someone made two serious changes to our main security groups.  Is there an easy microsoft solution to go back and look at changes made to any security groups?  We have ...
Score Setting Default Printer for Workstations
Carlis Burns - 5 Jan 2007 10:02 PM - 7 messages
Is there a way to set a default printer for a workstation in AD? We do not have roaming profiles, but students do have AD accounts. If not, is there a way to set a default printer locally for all users? ...
Score The name "Donaminname :1d" could not be registered
Sade - 5 Jan 2007 9:42 PM - 4 messages
The name "Donaminname     :1d" could not be registered on the Interface with IP address 10.6.70.52(windows 2003 DC or server). The machine with the IP address 10.6.70.51(PDC emulator) did not allow the name to be claimed by this ...
Score Cached credentials not working
John C - 5 Jan 2007 9:19 PM - 4 messages
I have 2 DC's in an administrative VLAN, in a separate subnet from our member servers VLAN.  They are all connected to the switch fabric and can communicate each way with no issues.  We had an incident recently where ...
Score Users
Salomon - 5 Jan 2007 6:11 PM - 2 messages
Hi everybody. Well I Have a question, How can I do to configure in Active Directory, the next: I have the users in Active Directory like for example Ivan Hernandez to logged a windows xp, and I have an aplication where the user to authenticate ...
Score Adding pc to the domain
SEgerton - 5 Jan 2007 5:12 PM - 4 messages
How do you only allow the domain admin the rights to add a pc to the domain. I've realized that a user that has admin rights to his pc can add that pc to the domain; even though they are only domain users on the domain. ...
Score User Profile Logon Scripts
Donovan - 5 Jan 2007 4:25 PM - 4 messages
I am running in a Windows Server 2003 native Active Directory environment.  I do not have folder access to a Domain Controller, but I do have access to a member server where I can place logon scripts.  Users are assigned a logon ...
Score ADFS with ASP application
viveque.kumar - 5 Jan 2007 3:55 PM - 7 messages
Hi, We have a legacy ASP application and we are looking at SSO for an integration project. Our application works on Integrated authentication mechanism and the requirement is that users from other domains when accessing this application need not sign in again. ...
Score ADFS: tokens, claims, policy, AZMAN,etc...
Dom Williams - 5 Jan 2007 3:03 PM - 2 messages
I've got a few questions regarding ADFS and I'm hoping someone might have some insight. In no particular order of importance: 1. Claims... how are they built? there seems to be little documentation on this (unless i'm just not finding it!) :) ...
Score Security Permission Required to Disable Computer Object
Gary - 5 Jan 2007 2:41 PM - 2 messages
Hi there I'm struggling to track down the security permission that gives a user the rights to disable or enable an object. In particularly a Computer object. What I would like to do is remove account operators ability to enable ...
Score REPADMIN Command to Force Replication to ALL servers?
TB - 5 Jan 2007 2:17 PM - 4 messages
Hi, Is there any command I can use with REPADMIN in order to force replication to occur throughout the domain? For example, I'm looking for something similar to REPLMON to push schynchronise ALL partitions with ALL servers, crossing site boundaries. ...
Score Global policies are not applied at all sites
Alex - 5 Jan 2007 2:00 PM - 3 messages
Hello, We have a two-site windows 2003 domain with 2 DC´s in one site (default-first) and 1 DC in the remote site (remote), all three DC´s are global catalogs. Global policies are applied correctly to computers in the ...
Score rIDNextRID - should it be on every DC
laser - 5 Jan 2007 12:53 PM - 10 messages
Hi there , quick question should the above attribute be on every domain controller? I have looked in are domain and it seems to be only on one random DC (not the RID master) Thanks Chris ...
Score Server 2003 SP1 and R2 ???
Gary D - 5 Jan 2007 9:19 AM - 5 messages
Hi I have a sole W2K3 SP1 DC which has all the FSMO roles. I intend to add another DC which has R2 installed. I intend to make the new W2K3 R2 server the one which holds all the FSMO Roles. ...
Score User Profile settings in user account: connect drive to path
NZSchoolTech - 5 Jan 2007 8:02 AM - 12 messages
My server has a share for home directories called "homes" e.g. path \\server1\homes In the Profile tab of the user account properties there is an option to connect a drive letter to a specified path. I want to use this setting to connect drive letter H to path ...
Score delegation enabled on DC
Pankaj - 5 Jan 2007 7:04 AM - 3 messages
Dear All, On one of my DC I can see Trust this computer for delegation (for kerberos only) enabled. Does it a default nature or does it requires for replication. Why is it required to be enabled on DC. Any help from any of u will be great. ...
Score GC single point of failure.
J.K.D - 5 Jan 2007 6:17 AM - 5 messages
Hi , New year greetings. I am in the process of designing our company AD infra. I read that there can be always only one FSMO Manager in the forest. In case the GC , which is holding the FSMO roles fails, what are the procedures to designate another ...
Score Move User and users Mailbox between different domains
Khang - 5 Jan 2007 5:56 AM - 2 messages
We have two domains - one for europe and one for north america.  A user is moving office from europe to north america.  My question is if it's safe for me to use ADMT to move user account in AD and Exchange System Manager to move ...
Score inconsistent results from LDIFDE export
Hong - 5 Jan 2007 2:14 AM - 2 messages
The same LDIFDE  command supposed to pick up those AD accounts with OWA access enabled ldifde -f c:\temp\all.txt -d "OU=Users,DC=...,DC=..." -r "(protocolSettings=HTTP§1§1§§§§§§)" ...
Score Issue with GPOs
Gibraltar - 5 Jan 2007 1:48 AM - 3 messages
Hi, I have a Windows Server 2003 Active Directory Domain. I configured couple of GPOs in the domain. Recently, some IT guys found that if I make a change to one of the GPOs, on the client machine all the GPOs are getting downloaded on ...
Score Reload DNS from AD recovers wrong IP address for host - pls help
Jools - 5 Jan 2007 12:33 AM - 2 messages
Hello, This problem is driving me nuts. Any help gratefully received :-) My "active directory" and "AD integrated DNS" server recently got a new  static IP address reserved in the router's DHCP table. Periodically the  servers DNS record for itself gets its IP address changed to the old one,  ...
Score AD Script to set passwords to expire in 10 days
Andrea - 4 Jan 2007 10:17 PM - 9 messages
Good Afternoon, I have been asked to write an AD script that will set the user accounts of an OU to expire in 10 days.  I found a script that showed how to set a password to expire now, but I need the 10 day warning.  Does anyone ...
Score removing a computer from a domain does not remove object from AD
Hectorb911 - 4 Jan 2007 7:59 PM - 5 messages
I was under the impression that removing a computer from a domain deletes the computer object fom active directory. I find that computer objects are remaining in active directory and are not moved to hidden deleted objects folder and tombstoned unless I use ADUC. ...
Score 2089 warning in directory service log
Jim Dykes - 4 Jan 2007 7:37 PM - 3 messages
We're getting this warning (see detail below) on 1 of our 2 domain controllers, even though system state is being backed up daily using Veritas Backup Exec 9.1.  The backup jobs are configured identically on our other ...
Score 2089 warning in Directory Service log
Jim Dykes - 4 Jan 2007 7:32 PM - 2 messages
Event Type:    Warning Event Source:    NTDS Replication Event Category:    Backup Event ID:    2089 Date:        12/10/2006 Time:        11:08:36 PM ...
Score New domain contoller troubleshooting GPO access
sami ghourabi - 4 Jan 2007 6:27 PM - 5 messages
hi, We are trying to setup an Active Directory infrastructure for testing purposes, before considering an entreprise wide deployment. We are running a Windows 2003 server SP1 standard edition. Unfortunately, we encoutered problems with the first domain controller configuration, it seems that during the DC and DNS rôle configuration ...
Score XP workstation getting LDAP traffic from Windows network?
Craig - 4 Jan 2007 5:59 PM - 3 messages
We have an XP workstation that is getting hammered by TCP and UDP packets on port 389 (LDAP) for some reason.  This traffic is coming from other workstations running AD Users and Computers (Exchange version) and our Outlook Web Access machine as well. ...
Score Server, but not Domain is listed in My Network Places
Steve Wood - 4 Jan 2007 4:22 PM - 11 messages
I just installed and configured a new Win 2003 server in a new Forest with DNS and print server roles.  It works nicely; however, the domain name of RocknServer.net does not appear in the Microsoft Windows Network of My ...
Score Computers disappearing from "Entire Network" on Domain
Brad Quade - 4 Jan 2007 4:20 PM - 6 messages
Hi, we are having network browsing issues on our domain. Office A in one city usually shows the computers on the network here. Office B in another city usually sees its computers on the network there. Sometimes you see both ...
Score Ports require to open to allow communications between AD 2003 and
Shann Lim - 4 Jan 2007 4:18 PM - 10 messages
Hi all, May I noe what ports require to open in the firewall to allow communications between AD 2003 and XP?  My AD and XP clients are separated by a hardware fw. Please help!  Thanks. rgds, Shann ...
Score DC Failover
Brian - 4 Jan 2007 4:05 PM - 2 messages
We are having a problem with all the DCs in our network. Suddenly one or two of them will stop replicating. There are no errors recorded in the logs, other than those saying that replication failed. Rather than another DC ...
Score Publish CRL's
p.o - 4 Jan 2007 3:50 PM - 2 messages
Hi I've problem with publish crl's. I've 2003 domain with enterprise root ca, afther rename domain I can publish crl's only to CA. I've other CDP whitch I can see at ad site and services, but there are no object. How can I publish ...
Score Offline Files problem
Snake86 - 4 Jan 2007 3:35 PM - 5 messages
Hi all, We have a small AD here, with a few mobile users. We're using roaming profiles and Offline Files. My Documents and the Application Data folder are re-directed to the server. Synchronization manager must synchronize the files at logon and logoff, but ...
Score Active Directory Capacity Planning
Gis Bun - 4 Jan 2007 3:01 PM - 6 messages
Hi, We are migrating over from NetWare [yeeesh!] to Server 2003. Is there a document which can assist us in the capacity planning? We have around 500 users [each with a PC], maybe [in the end] 2 dozen servers, 60 networked ...
Score Administrator account does not have suficent privileges to create
Craig Dunn - 4 Jan 2007 2:52 PM - 7 messages
Hi, we are a small company and have recently purchased a new server, on which we are re-installing our windows 2000 server software. When i try to use DCpromo to create an additional domain controller so that ultimatly i can promote ...
Score correct temperature for server room
softtrain - 4 Jan 2007 2:06 PM - 7 messages
Hi I'm having a battle with our physical ops person.  They're telling me that if my server room runs at 80 or 90 degrees my servers will be fine.  apparently, he has gone someplace on the internet to confirm this. ...
Score Disable user account in the future
Don Hollick - 4 Jan 2007 10:48 AM - 4 messages
Hello, Does anyone know a way to schedule the time a user account is disabled. ...
Score Another OU vs Child Domain Question
nospam - 4 Jan 2007 9:00 AM - 3 messages
Hello All:    I have a question.  We have 10 child domains that we are picking up from another forest as the result of a company acquisition.  I was going to bring these domains into our domain and use OU delegation as many here seem to ...
Score Mandatory Profile Problem
Ted Li - 4 Jan 2007 7:05 AM - 4 messages
I create a user profile on a Winxp comptuer and save it to the server. I rename the nt user.dat to ntuser.man, and assign profile path to some users. The workstations pick up the mandatory profile ok, but the problem is if some ...
Score Default Domain Policy is Changed after FSMO Role transfer
SENTHILKUMARAN B - 4 Jan 2007 6:54 AM - 7 messages
Hi, I have two sites, I transferred the FSMO roles to another DC in the second site. I have two GPOs at the domain level; Custom Domain policy and Default domain Policy. After the role is transferred, the Default domain policy settings are ...
Score Help please
tommy2 - 4 Jan 2007 4:24 AM - 4 messages
Please help with an issue I am having. Win 2003 server (AD and DC) 3 xp pc's users are complaining that icons are missing from there desktop. One of the icons is just a shortcut to a program that runs off the server. I ...
Score whenCreated Date Format
Seagull Ng - 3 Jan 2007 10:29 PM - 4 messages
Is there a way I can convert whenCreated value in vb script so that I can calculate the duration? I want to know how many day has the object been created. Thanks. ...
Score Date changed to January 1, 2000 on January 1, 2007 on servers
Sade - 3 Jan 2007 7:58 PM - 14 messages
On January 1 2007, all 6 domain controllers started having errors when the dates on the server changed to January 1 2000 around 6.30pm. After about one hour the time corrected itself to the correct date and time but replication ...
Score Domain Nesting
SD - 3 Jan 2007 7:30 PM - 5 messages
Is there an official number relating to how many nested/child domains one can safely add to  a forest? ...
Score Modify security on multiple objects
Michael - 3 Jan 2007 6:16 PM - 4 messages
Hi, I need to import multiple contacts from csv, which is easy enough. I then need to remove the default ACE for Authenticated Users - Read, and add another ACE for a custom group to give certain users access. I can sort of understand not being able to do it using the ADUC snap-in, but ...
Score virtual replica DC
the_nextman - 3 Jan 2007 6:08 PM - 9 messages
Hi Everyone I am very inexperienced in administering AD so please forgive me if some of this seems obvious to you... We run a medium sized server farm for hosting Sharepoint over the internet (one DC, one application server, one indexing server, one DB, ...
Score 2007 Daylight savings time
Monte W - 3 Jan 2007 5:22 PM - 6 messages
I have windows 2000 computers joined to a windows 2003 domain.  Our 2003 domain controllers have patch KB928388 (Daylight savings time update) as do our XP and 2003 servers.  We have several 2000 servers and hundreds of 2000 ...
Score In domain.company.com "domain" is not technically a child in a single domain 1 DC AD?
samiam - 3 Jan 2007 4:52 PM - 17 messages
Hi, I have taken over an AD install for a company and they want me to revise and restructure according to best practices. One area that seems unclear is the issue of their one and only single root domain - which is  patterned like this in their single AD DNS ...
Score Error Opening Users and Computers
arwen - 3 Jan 2007 3:58 PM - 13 messages
All of a sudden I'm getting this error on one of my DCs 'Naming information cannot be located because:unspecified error. Contact your system administrator to verify that your domain is properly configure and is currently online.' This DC is also running DNS, but I'm getting name ...
Score Morphed folders
ctvader - 3 Jan 2007 3:54 PM - 2 messages
I'm doing a little house keeping and I noticed the following in my sysvol folders under my DC's: \\domain.com\SYSVOL\GCM.COM\DO_NOT_REMOVE_NtFrs_PreInstall_Directory The folder is empty and I'm wondering if its safe to delete. [link] ...
Score Domain name change
Simon - 3 Jan 2007 3:43 PM - 7 messages
Hi This is quite a long question but i'm sure someone can help me. We need to change our domain within our company. We currently have AD with 4 DC's (2 are 2003 R2) and 4 (mostly 2003/2000) member servers. We have DNS and ...
Score Exchange traffic to GC\DCs
Keith - 3 Jan 2007 2:39 PM - 2 messages
Are there specific perfromance counters to measure exchange traffic on my GC\DCs? I found an article once that had some good information on it, but can no longer locate it. Also, is there a way to differentiate between Outlook ...
Score ADAM and IIS auth
Ted - 3 Jan 2007 12:20 PM - 5 messages
A customer is considering using ADAM in conjunction with MOSS 2007. I have adviced against it, but I'm not an ADAM expert. So I need to get this hypothesis confirmed: When authenticating against AD or a local machine account the worker process ...
Score edb.chk edb.log and tmp.edb
Will - 3 Jan 2007 8:29 AM - 8 messages
I have a Windows 2000 system whose security event log is loaded with messages about writing and appending data to the files tmp.edb edb.chk and edb.log.   Some browsing online suggested that these files are related to ...
Score Password policy expired message
Andre Thomasse - 3 Jan 2007 7:11 AM - 3 messages
Hi All, We finally are going to use a password policy in our company. When we activate this policy we don't want the users to have to change their passwords  immidiatly. What we want is that the users get a expired message for 2 weeks and they ...
Score ADFS - true single sign on ?
verukins - 3 Jan 2007 5:30 AM - 5 messages
Hi,     I have recently been playing with ADFS. Firstly with the step by step guide from nick pierson, then in a mock up environment for a large client. this all seems to work reasonably well, with the exception of ...
Score Group size limits
supersonic_oasis - 3 Jan 2007 4:30 AM - 4 messages
Hello, I am running Active Directory on Win 2003 R2 servers.  I was wondering if there is a limit to the number of people you can have in global, and universal groups? Robert ...
Score Extend existing domain to a new DC build at a branch office
snoconegod - 3 Jan 2007 12:34 AM - 18 messages
Hello, I've been all over the internet the last 10 days looking for a solution to my problem.  I've found quite a few useful articles, but nothing that really answers what I need to know in the most efficient, ...
Score Easy DFS question
Dan - 2 Jan 2007 11:56 PM - 5 messages
In a domain based AD DFS is there any server(s) that are more necessary than others?  As an example, with DC's the FSMO role holders are "more important" than others because they do additional things.  I'm going to be taking a ...
Score Deploying software via GPO to Computer
Dave - 2 Jan 2007 11:11 PM - 6 messages
I have set up a GPO to deploy software. For users it works fine For computer it fails with "The installation source for this product is not available. Event ID 102.  I have seen [link] ...
Score nslookup returns global catalog servers in different order
Greg Brown - 2 Jan 2007 9:43 PM - 7 messages
Greetings All, I am writing a short vbscript to run a few AD related commands and then e-mail the results to myself everyday so I can keep an eye on changes that others may have made to the domain.  This is all working well except for one ...
Score SP1 and VSS error
Wayne - 2 Jan 2007 9:12 PM - 3 messages
After installing SP1 on Windows2003 Standard DC NTBackup of system state reports the following error: Event Type:    Error Event Source:    VSS Event Category:    None Event ID:    12289 Date:        1/1/2007 ...
Score Change netbios domain name - single svr w2k3 /w exc2k3
Dean Colpitts - 2 Jan 2007 6:04 PM - 8 messages
I've got a single server 2003 domain with Exchange server 2003 and 10 clients.  The dns domain is correct, but the netbios domain name needs to be changed. I seem to be getting conflicting info as to whether or not this can be ...
Score Tie AD Deleted Objects to User Who Deleted Them
isd503 - 2 Jan 2007 5:28 PM - 2 messages
I am trying to find a software package to meet our needs for auditing purposes.  We have a couple products to track changes in the AD, but nothing I find seems to be able to tell me who made the change. ...
Score ADAM and IIFP
dean - 2 Jan 2007 4:07 PM - 2 messages
I am wondering if the ADAMSync tool should transfer actual values from AD to ADAM?  if so are there special rights and configurations that are necessary to get this to work? Next, does IIFP work with SQL 2005?  if so where would i get a copy of ...
Score Setting of Inheritence flag
kaniajoe - 2 Jan 2007 4:06 PM - 3 messages
Hello, I have a Windows 2003 domain that has been upgraded from NT4 (I know). I am having an issue with the inheritence flag of my user objects. I have delegated an OU for our help desk staff.  They need to reset ...
Score Notified when a machine is added to the Domain
NK - 2 Jan 2007 2:13 PM - 6 messages
We have a test domain and engineers have permission to add machines to it.  At times the number of computers in the domain can be large. Is there a way of being notifed / alerted when a new machine is added to the ...
Score Query to find missing inheritable permission in AD
needlittlehelpwithSMS - 2 Jan 2007 1:34 PM - 2 messages
Hi all, I was wondering if there is a way to query all users in the AD, that dont have the "Allow interhitable permissions from the parent to propagate to this object and all child objects." - check mark checked under the Security > ...
Score Logon to a new domain
jp - 2 Jan 2007 8:22 AM - 2 messages
Hello, I try to explain our situation shortly. Hope you understand. We have an old NT4 Server and nine Windows XP workstations. When we logon to a domain everything goes fine and programs work. Then we added a new Windows 2003 Server + Active Directory. After logon to ...
Score Restricting users logon to specfic workstations
MIke Hatfield - 2 Jan 2007 7:49 AM - 3 messages
I'm not sure if I'm in the right group for this question. Is it possible to restrict who can logon to specific workstations on the domain? IE Users A, B, C and D Workstations 1, 2, 3 and 4 ...
Score AD DNS design question
supersonic_oasis - 2 Jan 2007 7:45 AM - 6 messages
This is a hypothetical AD/DNS question I have that will probably come up at my job sometime soon if we expand our reliance on Active Directory. I have a site (we’ll call it Site1) that is running Active Directory.  The ...
Score Restriction of External Drives through GPO
Karthick - 2 Jan 2007 7:17 AM - 3 messages
Hello friends!          I am using Windows2000 as a domain controller (Not advanced server) . I want to restrict external drives ( CDROM, USB) for group of users in the network. I have searched in google and got the following .adm file. ...
Score Moving objects between OUs
supersonic_oasis - 2 Jan 2007 5:53 AM - 4 messages
Hello, I know there is a way to move users between Organizational Units from the GUI, but I was wondering if there was a way to do it from the command line, so I can script it?  I want to be able to move them from One OU to another ...
Score Help me writing a simple code for login Script !!!
Adnank5 - 1 Jan 2007 9:44 PM - 2 messages
Hello All, Can anyone help me writing a simple vbs script for the following scenario : 2 drive mappings :   1 )  \\db1\personel folder    2)  \\db1\technical 2 printer assigning :   1)  \\db1\HPljet1200   2)  \\db1\hplaserjet5500 ...
Score how to setup ntp server using gpo
top - 1 Jan 2007 9:30 PM - 5 messages
Dear how to setup ntp server(i have  ntp server on network) using gpo. other computers are not menber of AD. How can i do. thanks ...
Score Error Installing additional DC
samir - 1 Jan 2007 7:47 PM - 4 messages
Hi I have one DC and making another server an additional DC I am receiving an error The attempt to join this computer to the ahmedabad.sugar domain failed "There are no more endpoints available from the endpoint mapper" Samir ...
Next » 2 3 4 5 6 7 8 9 10