Home All Groups Group Topic Archive Search About



Windows Server Active Directory

microsoft.public.windows.server.active_directory
Score How should we do it with ADFS?
John - 17 Nov 2007 8:20 PM - 12 messages
Hi all, We have in house application to allow external users to access.  Also, we want to allow internal users to access without creating accounts in the app and just using AD users.  (we have windows 2003 R2 active directory with ...
Score Microsoft Hotfix 890953 - Need to deploy via Group Policy
Mike - 17 Nov 2007 6:54 PM - 3 messages
Our organisation is currently experiencing an issue on many machines running Windows XP SP2 on a Windows 2003 Domain.   The problem relates to end users not being able to reset their password and states "The system cannot change ...
Score Automatically Generated Connection
Maverick & Goose - 17 Nov 2007 4:38 PM - 3 messages
Guys, I have a strange scenario where I keep getting an "automatically generated" Active Directory connection in Sites and Services. My environment consists of several branches, of which each has a DC.  I have manually added AD connections in sites and services to point back to our ...
Score The Active Directory is rebuilding indices, please wait
Jimmy Singal - 17 Nov 2007 2:49 PM - 4 messages
Hi I installed a couple of windows security updates last week but only managed to restart/reboot the server this weekend. During the boot up process the windows displaying a message "The Active Directory is rebuilding indices, please wait" I wait very long from morning 10 am until now (10.48 pm), the process still ...
Score Vista Roaming Profile
Suneit - 17 Nov 2007 1:33 PM - 3 messages
Hi I have a Windows 2003 Server with Active Directory setup. I have setup Roaming profiles for users with a mixture of XP clients and Vista clients. The roaming profiles works for XP clients where the profile items such as ...
Score AD Replication
Sukhwinder Singh - 17 Nov 2007 6:55 AM - 4 messages
Dear All, I need a small help from you all, can some give me the link to the good documents regarding the AD replication which should includes the details about the below. AD replication Sysvol replication Difference between the above 2 ...
Score Authentication Role to DC
Denis - 17 Nov 2007 6:03 AM - 3 messages
I have multiple DCs in my domain. Can I assign Authentication Role to a particular DC and the rest DCs work as backup Authentication Servers (in case the Primary Authentication DC is down or unreachable) ? Thanks in Advance, Regards, Denis ...
Score Restoring Domain Controllers Strategy
lozza - 17 Nov 2007 4:44 AM - 7 messages
Hi Guys, I'd like to kick off a discussion around restore strategies for a small environment and get some advice.  I'm trying to foward plan in case the worst happens as I dont feel confident i'd be able to restore my domain if the ...
Score EVERYONE has password change rights, but how?
JayDee - 17 Nov 2007 2:43 AM - 8 messages
If I right-click on any user in our domain and look at the "security" settings, I see the "everyone" group has "change password" rights. However, I do not see this right set on any of the OU's, or even at ...
Score adminCount schema attribute
JayDee - 17 Nov 2007 2:39 AM - 7 messages
I was under the impression this attribute was incremented when a user account had administrative privileges to keep users with loser rights from being able to edit those accounts. So I guess my first question is - is that correct? Here are some things I noticed: ...
Score active directory command line utility
conrad - 17 Nov 2007 1:21 AM - 3 messages
There is a command line utility for active directory, but I forget the name of it. I know it started with an 'r'. It was a generic utility that could be used to modify many properties of users etc in active directory. Does this ...
Score Problem Searching AD
tman - 16 Nov 2007 11:30 PM - 1 message
I have one Windows XP client that is unable to use all the search functions in AD.  He can search for printers and he can gets Entire Directory or our domain to choose from.  When he trys to search for ...
Score AD User Rename
Animatrix1 - 16 Nov 2007 9:39 PM - 11 messages
I have reused a few accounts simply by performing a rename.  Up until today, there didn't seem to be an issue.  Today I added some users to a sharepoint that I created, and low and behold the old users name shows up. ...
Score Expand DHCP Scope
xceleration - 16 Nov 2007 8:20 PM - 3 messages
Hello, I have a DHCP scope of 192.168.0.0 to 192.168.0.125/25.  I want to increase my scope range to 192.168.0.0 to 192.168.0.254/24. All my servers addresses ...
Score ADSI
Ed Wyche - 16 Nov 2007 7:25 PM - 2 messages
I would like to change the userWorkstations property in ADSI using the steps in KB938458.  I do not see the userWorkstations property in there. ...
Score One sole user in AD, not being authenticated properly by our IPSec VPN appliance?
Robert Gordon - 16 Nov 2007 5:46 PM - 1 message
I am having a very strange issue regarding ONE user not being properly authenticated by AD when trying to use our IPSec VPN client. We use a Cisco VPN 3000 Concentrator for remote access, which in turn uses Kerberos/AD as it's authentication database.  We are running Active ...
Score Inactive users
ZIDAC - 16 Nov 2007 4:13 PM - 3 messages
Hello, i am from Spain, excuse me my inglish. Through this forum I have seen solutions to detect users Inactive in AD, that is, those who do not log for X days. What I want is, in addition to identifying these accounts, and pass to ...
Score GPO: Password Policy Enforcement Question
Paul - 16 Nov 2007 4:00 PM - 2 messages
Greetings, I am about to implement a strict password policy on my Windows 2003 AD domain.  I was wondering if this takes effect immediately and will lock out all users without "strong" passwords, or if it will allow the ...
Score error message trying to log into dc after rebooting dc
Frank - 16 Nov 2007 3:45 PM - 2 messages
I am getting the following error message when I reboot either of my domain controllers and try to log into that dc. The system cannot log you on due to the following error: the specified domain either does not exist or could not be contacted. ...
Score AD Locked Out
Eddie - 16 Nov 2007 3:40 PM - 2 messages
I have a user who keeps getting locked out in AD. I have checked scheduled tasks and services looking for his accoun but nothing. how can I find out the root casue of this? i have looked through my event logs but nothing really ...
Score ntfs permissions and AD restore password
Paul - 16 Nov 2007 2:58 PM - 3 messages
Two questions: 1. When changing the password of the AD restore account from ntdsutil on a domain controller, does this change only affect the DC where the change was made or is the change replicated to all the DC's in the same domain? ...
Score Unable to join an AD domain from Vista
Oriane - 16 Nov 2007 1:04 PM - 6 messages
Hi, I intend to join a AD domain from a Vista Pro computer, currently in a workgroup. Once I've filled in the account/password credentials  dialog box with a system account, I can see a pop up window with this error message: ...
Score Can not Disable Computer Account
Clayton - 16 Nov 2007 12:53 PM - 2 messages
Hello All I recently discovered that after Disabling one of my Computer accounts...it was not? Now then I am going with the assumption that after you Disable a computer account it should not let anyone login, or login to the Network? Yes or No? ...
Score Single server single domain in journal wrap
centra - 16 Nov 2007 10:29 AM - 2 messages
Hi Guys, I have the following error on a server that is the only server in a 2003 domain. Noticed that this has been happening for a couple of months now and we have no backup that pre-dates the error, any suggestions on how we can go ...
Score MrxSmb Error
Leezy - 16 Nov 2007 9:33 AM - 4 messages
Hi all, i am getting this error everyday from DC. i do not seems to get rid of it. any one could help? Event Type: Error Event Source: MRxSmb Event Category: None Event ID: 8003 Date:  11/16/2007 ...
Score Distribution List Owner
Tariq - 16 Nov 2007 6:41 AM - 1 message
Hi, Is there a way to find or list the Distribution List' Owner. I have a ticket where I need to find the DL name from the DL owner's name. They have forgotten the DL name. Regards, tariq ...
Score Windows 2k migrate to Windows 2k3
Teddy - 16 Nov 2007 2:39 AM - 4 messages
Hi Folks, bg: ServerA (win2k - AD,DNS,DHCP, File server) ServerB (win2k - DCExchange 2k) ServerC (win2k - DC,Terminal Server) Goal Setup a new ServerD (win2k364 - Exchange2k7) Question 1. I would like to upgrade the AD to windowsk3 mode,  ServerD surely will ...
Score Edit Registry Values under Local Policies\Security Options
MrMako - 15 Nov 2007 9:30 PM - 1 message
When looking at a GPO in the GPMC using the Settings tab, I see a section called Registry Values under Windows Settings\Security Settings\Local Policies\Security Options. I am not referring to the section where you set Registry permissions in a GPO, these are extra security registry settings. I ...
Score Problems with Disabled Computer Accounts
Clayton - 15 Nov 2007 9:08 PM - 3 messages
Hello, Recently I discovered that after Disabling one of my computer accounts in active directory, it in fact was not. I have tested several computers and get the same result. So just to clarify, if I disable a Computer account I should not be able to ...
Score Add PC's back to AD
dhollis - 15 Nov 2007 7:40 PM - 5 messages
Often times our Desktop support folks will have to remove a pc from AD and then add it back.  The reasons are various.  I have given them permission, at the domain level to add and delete computers.  this permission is applied and ...
Score Create account with an Expiration Date
dink337 - 15 Nov 2007 7:33 PM - 11 messages
Hopefully someone here can answer a couple questions for me. I'm working on an application that is designed to create on-demand accounts that are of a temporary nature (they will only be used for a period of 2 ...
Score Server2003 Std and Active Directory and computer access
BrianMultiLanguage - 15 Nov 2007 7:16 PM - 3 messages
Routers (some) have MAC tables to let pcs use the network (deny or access); does Server2003 and/or AD have an ability like that? Thanks. ...
Score Non-synching PST file generates error
justmark - 15 Nov 2007 7:05 PM - 2 messages
I'm not sure if this is the correct forum for this question... We have a GPO configured to NOT synchronize our users' PST files (which reside on a network share with their other profile files).  When they log off ...
Score Adding Contacts
Eric - 15 Nov 2007 5:35 PM - 2 messages
We were asked to create a group in AD and the group will contain contacts/email addresses outside of our Domain.  The only way we see to accomplish this is by creating a New Contact in AD.  We are concerned about ...
Score Forgot the passwod
millin - 15 Nov 2007 4:28 PM - 2 messages
Hi All, I have encrypted one of the word document long time ago using a pass-phrase but I can't remember it now. Anybody tell me a solution how I can re-open it? thanks in advance, With Regards ...
Score Vista Workstation on Windows 2000 Server AD
Dave Yates - 15 Nov 2007 2:48 PM - 1 message
Afternoon All,     I wonder if someone can help me. We currently run 3 X Windows 2000 Server SP4 servers with Active Directory. The clients are a mixture of Windows XP SP1 and SP2 clients. We have just bought 3 new PC's with Windows ...
Score Problems with Joining Domain from desktop station to Domain contro
Jannarko - 15 Nov 2007 2:43 PM - 6 messages
Hi, I am having big trouble to join most of the user's PC to their domain controller. I have just join this new company and found out that they have one domain controller: "thedomainname.local". However, most of the users are ...
Score 64 bit edition
paulh - 15 Nov 2007 2:25 PM - 2 messages
I currently have a x32 2003 domain, and want to introduce a x64 2003 R2 domain controller.  Are there any replication/other Acitive directory issues to be aware of.  When I tried to run dcpromo on the x64 box it made reference ...
Score Lost restore mode password how to restore AD
SPRaval - 15 Nov 2007 1:48 PM - 4 messages
Hi, i have only one DC and it was down as abnormally shutdown because of power failure. Now DC is unable to start. I lost restore mode password but have a latest system state backup. How to restore AD? please help. ...
Score GPO Content Advisor IE6 vs IE7
Jonathan - 15 Nov 2007 1:45 PM - 8 messages
Hi all. I have a problem. My company asked me to enable the content advisor in Internet Explorer to block the internet to some people. I have approximatly 20-30 computers to enable that feature, so I decided to do that by Group Policy. ...
Score How to stop avi and mp3 (and other like these) from sync when redirecting My Documents?
Tor-Magne - 15 Nov 2007 1:30 PM - 5 messages
Hi Server: Win2003 with sp2, not R2. Clients: most WinXP with sp2 I have redirected My Documents to the server in AD long ago - and now I the server don't have much disk space left. Any ideas how to not sync some filetypes like avi and mp3 to the server? ...
Score Upgrading Windows 2000 Server
JG - 15 Nov 2007 1:24 PM - 3 messages
We have 1 Windows 2000 Server left in our network.  It happens to be a domain controller.  All our other domain controllers are running Windows Server 2003. We want to perform a clean installation of Server.  Since the domain is ...
Score Domain Controllers and POP3
CK - 15 Nov 2007 11:39 AM - 4 messages
Hi.... Please help If we installed 1 domain controller, and had no back one, and it went down, would this effect any pc's in the company that were using pop3 for e-mail. I understand it would effect them been logged on the nextwork in that they ...
Score Migrating From Novell Netware directory services to Windows 2003
Khalid - 15 Nov 2007 11:35 AM - 3 messages
Hi. I have a Novel Netware directory services with 50 desktops connected to it.There are 50 user accounts in Netware directory services.I want to migrate the Novel Netware directory services to Windows 2003 Active directory.Novel Netware Server is also running Group wise 7.0 that has to be migrated to ...
Score Getting list of users and group membership
Claire Stevens - 15 Nov 2007 9:12 AM - 4 messages
Hello, Can anyone tell me the easiest way of getting a list of all users and their group membership from AD (Windows Server 2003)? Thanks - Claire. ...
Score Setup Additional DC
DenPau2007 - 15 Nov 2007 5:46 AM - 6 messages
I have one(1) Windows Server DC/AD currently running on X32 Standard Edition - R2. Company purchased a new server X64 bit including the Windows 2003 X64 Enterprise Edition R2 license before I got hired/employed by the company. They want me to install this server as additional domain controller on the ...
Score Exchange Server + recieve email problem
harrytran - 15 Nov 2007 3:27 AM - 2 messages
I have 1 FrontEnd and 1 Back End Exchange Server . after config , I can send email to external email , such as gmail , but I can not reciep email from external email . Is it problem with DNS ? how I can config it ? Thank you ...
Score AD group
Steve A - 15 Nov 2007 2:44 AM - 4 messages
Ok here is a strange one hopefully someone can point me in the right direction. I have a group called ABC add users to the group. some time later all the users are missing from the group and the group is now a member of itself. ...
Score Printer AD publication problem
Stephane M - 15 Nov 2007 1:28 AM - 2 messages
Voila mon problème. Je dispose d'un serveur principal windows 2000 server, qui est mon serveur DHCP, de données et de softs, et a côté d'un poste windows 2000 professionnel ...
Score Domain Trusts
Sal - 15 Nov 2007 12:51 AM - 5 messages
We have created a Forest1 to Forest2 trust.  My thought was that creating a 2way forest trust all child domains in forest1 would be included, but when I am on a computer in the child domain of forest1 I don't see the domain in ...
Score Using JNDI to bind to ADAM with a Windows Local (LSA) User Account
crstop - 14 Nov 2007 11:14 PM - 5 messages
I am trying to bind to ADAM (Active Directory Application Mode) using jndi with a local Windows account. I don't want to use AD or ADAM proxy accounts. I would rather not use simple authentication but can deal with it because everything will be on the local machine for now. ...
Score exchange/ad topology issue
seth - 14 Nov 2007 11:01 PM - 8 messages
I have an issue here that I think I know the solution, but wanted to run it by all of you for an suggestions or concerns. Here is what I inherited: 2 physical sites, we'll call it Site1 and Site2 ...
Score NTDS KCC Event ID: 1311
Anderson - 14 Nov 2007 10:05 PM - 5 messages
Hi All, I have recently added a 2nd site to our network, with a DC in each location. The setup seemed to be correct, but users were taking a long time to login. After a reboot of one of our DCs, I have now started to receive the ...
Score Password Notification
JoeBhoy - 14 Nov 2007 9:45 PM - 3 messages
Hi All, We have a remote site with 5 users. On site ther is only a MS ISA server. It connects to our main site using VPN. The problem is that none of the users are getting the password expiry notification when they login to the domain? ...
Score Transtivie Trusts
Tesdall - 14 Nov 2007 9:32 PM - 5 messages
I have two Domains and they are all w2k servers.  Domain A trusts B and B trusts A. But it shows up as following; Relationship - External, Transitive - No. How do i turn on transitive trusts? I used NETDOM but couldn't get it to ...
Score Best practise for handling external users
Raj - 14 Nov 2007 8:48 PM - 2 messages
Hi all, I'm hoping for some advice on handling the following scenario - We have a sector authentication scheme based on Sun Access Manager to handle external authentication. For Windows IIS apps there is an AM agent to handle the authentication - however for SharePoint there will still need to be a ...
Score Migrate from nt 4.0 to MS2003 R@, standard x64 edition
lynn - 14 Nov 2007 8:25 PM - 8 messages
I have three servers left to upgrade to MS2003.  One is the pdc, bdc, and exchange 5.5 all running on NT 4.0 servers.  The company purchased new equipment and its not compatible with NT drivers.  Therefore, I can not use ...
Score DNS
Pigskin - 14 Nov 2007 7:48 PM - 3 messages
One of our web programmers was tasked with pulling our corporate sharepoint sites onto one server.  In the past, each sharepoint site had a virtual server dedicated to it.  It was registered in DNS as a cname pointing to the ...
Score Print Server Printer Driver Upgrade
Masitpro_mcse - 14 Nov 2007 7:07 PM - 6 messages
Upgraded Xerox M20i printer driver on Server 2003 print server. Problem is the driver did not trickle down properly and there are different versions of the driver on workstations. They have various features or options that are missing, mis-configured or garbled settings. Ran gpupdate and forced policy ...
Score Single Server 2003 DC migration to new Server 2003 DC
Burns Street - 14 Nov 2007 7:07 PM - 12 messages
We purchased a new replacement server and I may have screwed up in the initial installation.  When configuring the AD, the wizard asked if I wanted to join an existing domain or create a new one.  I created a new one and ...
Score AD group goes missing on profile!!!
ktm99 - 14 Nov 2007 4:55 PM - 8 messages
I have a I.T. group policy for the I.T. dept.  When I add a group to the security tab on a user profile in this group it disappears in 30 min. I can add this to any other group under different ou's and group policies and is ok. ...
Score ADAM setup with Active directory
imranaziz - 14 Nov 2007 4:48 PM - 5 messages
I am trying to use ADAM for SSO in my .net application, after configuring ADAM according to the step by setup configuration docs, I can query ADAM fine using windows address book, but how does the authentication work with the ...
Score dsquery issue
kadydawg - 14 Nov 2007 4:45 PM - 4 messages
dsquery has been working great for me but need a little hand at trying to make this one work. What I am trying to do is list all users in an particular ou which are part of a specific department.  This works fine but I also want to know which groups they are a part of. ...
Score IIS ftp server on windows XP (not windows server)
zubi - 14 Nov 2007 3:28 PM - 3 messages
We've installed/enabled IIS to get us an FTP server site on a windows XP pro. This machine has local accounts for remote users to connect to. Thus they can remotely "window" in, be prompted to change their password the first time and use their local accounts to ftp ...
Score Inaccessible shares
GreyDay - 14 Nov 2007 12:52 PM - 6 messages
After installing SP2 on our win2003 server (Standard Edition) all shares are inaccessible, including all system shares such as NETLOGON and SYSVOL. De-installing SP2 doesn't help. DHCP and DNS are functioning properly: clients are provided with an IP-address and are able to access the ...
Score Inter-forest migration
MMR - 14 Nov 2007 12:12 PM - 4 messages
We have a requirement to migrate users, groups, computers, mailboxes & file servers from one AD forest to another AD forest following a company aquisition. However trust relationship cannot be created. Is it possible to perform a migration without trust. If yes, what tools can be used -- MMR ------------------------------------------------------------------------ MMR's Profile: [link] View this thread: [link][link] ...
Score Disable removable drives
joker197cinque - 14 Nov 2007 11:07 AM - 5 messages
I'm trying to disable removable devices (USB Drives, CDROM...) on clients via GPO. I found this adm template: [link] It works well for cdrw/dvdrw but not for USB drives... Can you please give me some advice to strongly disable removable ...
Score Schema Conflict
Matty - 14 Nov 2007 6:06 AM - 2 messages
I have a windows 2000 domain with a single server running Exchange 2000. I plan to introduce a Windows 2003 Exchange server so went and proceeded to upgrade the domian to W2k3. I ran the adprep /forestprep command from the Windows 2003 R2 disk. ...
Score LDAP - Query AD for accounts on trusted domains
Jason - 13 Nov 2007 9:56 PM - 7 messages
I have a Window NT & LDAP compatible application. I would like to be able to query the domain for users both on the actual domain and on trusted domains. The trust is a one-way non-transitive trust. How would I structure my ...
Score File Access denied for new security group
Apollo71 - 13 Nov 2007 3:52 PM - 3 messages
I've just created a new global security group and added it to the security tab of an existing folder, yet i get file access denied when i try to open the folder from a client. If I add an existing group then it works ok of even ...
Score pc's obtaining DNS address not set in DHCP scope
guyla50 - 13 Nov 2007 2:00 PM - 5 messages
Hi, We have a very weird problem.  Our network range is 130.1.*.* and we have 2 dns servers in this range which are set in DHCP. Users have complained they can't get to the internet, when I ...
Score Force clients in DC-less sites to get sensible Sysvol and Netlogon
Nicky Burn - 13 Nov 2007 12:14 PM - 6 messages
Background: We are consolidating 70 small AD sites into 20 larger ones.  During implementation, we will have a temporary stage where there are a number of sites with no DCs, and will be relying on automatic site coverage from the ...
Score Mass addition of user accounts
Blackberry - 13 Nov 2007 11:20 AM - 2 messages
Hi All Just been asked to add user accounts to our Win2k3 server AD setup for each child rather than each class so I have a list of 300-odd kids to enter - is there a way I can automate this process as don't think my digits can handle ...
Score Alternative adding printer script ?
Blackberry - 13 Nov 2007 11:18 AM - 4 messages
Hi All Been using a BAT file script to 'push' printers through to clients using the standard rundll lines, etc, but been told that this is not a robust and reliable method and should be looking at an alternative.  Something about ...
Score Same My Documents/Home Folder for different users
millin - 13 Nov 2007 9:17 AM - 8 messages
Hi All, I want to find a solution for a couple of users to keep the same folder while they are working in an AD Domain. eg:) User 1 User 2 User 3 User 4 while they do the changes save it into one "MyDocuments" or "XYZ Folder" and ...
Score HP2600N Nightmare on Win2k3 server
Blackberry - 12 Nov 2007 7:58 PM - 3 messages
Hi All Been installing HP2600N's at schools no problem in a server environment. Installed 2 today (ie configured static ip on each (school rule), installed the driver on the Win2k3 server via the installer cd, restarted the server (mandatory), shared the printers and config'd GPO to 'push' these printers ...
Score Default User Profile on \\MyServer\NETLOGON
Bob - 12 Nov 2007 7:55 PM - 3 messages
I've two Default User profiles on my servers NETLOGON share.  One for XP and a version 2 for Vista. I created both on their respective machines and I'm running into a problem with the desktop.ini. The desktop.ini for "My Documents" in XP is this: ...
Score Domain Controller Renaming
ebferro - 12 Nov 2007 3:56 PM - 3 messages
We're upgrading hardware at our company.  We currently have two domain controllers and are upgrading to new hardware on both.  We're also going from 32 bit W2K3 to 64 bit W2K3R2.  Jorge Silva posted a response to a previous ...
Score Certificate templates
Louis - 12 Nov 2007 3:05 PM - 5 messages
Hi, Certificate services are now installed on a new server in our domain. Old certificate server was removed. Everything looks correct on the new certificate server but we have the following error on certificate templates in certification authority mmc "Template ...
Score Question about Identity Management for Unix and adding additonal DCs
Robert Gordon - 11 Nov 2007 6:37 PM - 1 message
We have two Windows 2003 R2 SP2 domain controllers running Identity Management for Unix, that are integrated with a number of Linux servers (all variants on the Red Hat kernel) so that the Linux NIS accounts synchronize with the user's AD account for single password maintenance. ...
Next »