Windows Server Active Directory

I've noticed scavenging stale records is off.  We have 2 DC's in an integrated Active Directory setup.  If I tick enable box for scavenging stale recods it will enable 7 days for each, what should I do? ...

Hi, We have Windows Server 2003 Domain. Users are running Windows 2000 professional. No user have roaming profiles or folder redirection. Users have no problems as such during everyday logons. But sometimes, when a user logs in, a new profile is generated and loaded. As a result, the users do not get ...

Exception information:     Exception type: InvalidOperationException     Exception message: The protocol message in the current request is malformed. The event log on the server contains detailed information. Please suggest solutions for this. ...

Hello Again I with my problem. When I try to join computer in domain sometime I receve this message: "There are no more endpoint available from endpoint mapper." On internet I was found that couse for that message is closed port 1025. I ...

All of our AD/2003 admin groups/user are stored in an Admin container which is outside the delegated control of our ServiceDesk and Desktop Admin teams.  This is done to prevent them adding other accounts to the admin groups and/or ...

Are there sample code examples or informations on creating custom claim transform dlls to add to ADFS server to manipulate claim information. For example if the Account Partner is sending UPN claim (ex: jsm***@ms.com) and I need to convert to ( xxxjsm***@ms.com) to fit my Domain environment and ...

The Active Directory Folder is missing from My Network Places on all of my Windows 2000 Professional and XP clients.  We have a single AD domain of which all clients are members.  There is no local or domain GPO hiding the ...

Is there a way to query or report on the Managed By field for Distribution Lists in AD? ...

We have just moved from Netware file server to Active Directory 2003 Windows file servers. We used microsofts migration utilities and  everything has worked great. One issue i do have is that users can't browse to the directory ...

Hi, I have a single/domain win2003 forest that consist of a number of sites in various locations. However when I enter net time a various clients PC's at different sites I would assume the time server used should be the ...

I have a question.  If John Doe, who is only a Domain User installed AdminPak.msi (users/computers for AD) and then open it up and the domain tree pops up as it should. As a domain user, they should or should NOT be able to ...

Trying to run down a problem connecting I poted about earlier, I've been looking at the Windows Security event log.  I'm a little bewidered. I have the ADAM service account user granted permission to log security events, and when I log in as that user using ADSI edit, I get ...

Hello, my name is marko, and i have to administrate about 70 Active Directoy domain controllers. on every site a dc iss needed because there are a lot of users. my problem is that on about 2 dcs the following event ...

We have 2003 AD in our company.Both PDC,BDC running 2003 Std Server. But when PDC fails or we have to shut it down for admin purposes, the BDC is not able to takeover the PDC roles. So users are not able to ...

The 2000 service is the only Domain controller.  I mapped a drive to the Windows 2003 server I386 directory and ran adprep /forestprep, adprep /domainprep on the 2000 server and it completed succesfully with no errors.  But when I try to dcpromo the 2003 server, it tells me that I need to run ...

Hi All I know its quite a long list, but I didn't want to annoy everybody by posting each query individually.  I'm running Win2003 Server with WinXP Pro clients.  Here goes: 1) Using GPO, is it possible to hide the common tasks 'bar', which resides ...

Before you answer - please read this. I have implemented a web-based tool which allows users to reset their password or unlock their account (Win2K Active Directory, XP Clients). I've got an AD account I'm using as a service account - users can log on anywhere, including their own machine, using this account. I've applied a User-Oriented Group Policy to this account which, upon logon, launches the Password Reset Page in Kiosk mode, prevents users from closing IE, and only allows Log Off when they CTRL+ALT+DEL. I've applied several other sundry security measures to this account which are not directly relevent to this problem I'm presenting. Suffice it to say - if you worked here and locked your account or forgot your network password, you'd be able to log on to your own machine using this account and unlock or reset your password - but other than that you wouldn't be able to do anything but log out again (to subsequently log on using your own credentials). The credentials/instructions to do this are displayed on the security screen after the CTRL+ALT+DEL, so if you've locked yourself out the solution will be right there for you. (Cool, eh?). ...

Hello All, I had a 'string' going earlier, but, I think that conversation dried up, so, I wanted to get a 'professional' opinion on my plans, before moving forward: #1 THE PROBLEM I have 2 active DC's.  DC1 can not be restarted, because it has some ...

Hello Our organization has an new name and the domain should change internally. What sould i do! Should I create an new forest or create an subdomain in the current forest. And if we choose for the second option can i rename the forest domain or ...

Hello Everyone, I have additional site coming up and I have some design questions that I need help answering.  Instead of using mydomain as the domain name, I would like to use either mynewdomain.mydomain or just mynewdomain instead of ...

I work for a company that has just been purchased by another company. As per Microsoft  Technet  “When to create a Forest Trust”  a Forest trust fits our  situation perfectly. We are attempting to create a Forest level-two-way trust. ...

hello everyone I am trying to enable LDAP anonymous access inder windows 2003 I Start adsiedit.msc, Expand the Configuration container. Expand Services - Windows NT. Right-click "CN=Directory Service" and select Properties. Double-click the dSHeuristics attribute. and then set it to 0000002. ...

Hi All Newbie calling!! Having to look after a Win2003 Server after the previous techie has gone. They put all users into 1 OU, but I need to show a different set of desktop backgrounds and start menu icons per user. ...

My AD database has been corrupted, and I have no tape backup.  Is there a way to rebuild this or copy it from an existing, healthy DC.  I have a good copy of the original ntds.dit file, but the original log directory has been ...

Hi all! Hopefully a simple question and answer... I have two user objects, one is a user account the other is a user contact item.... They both have the same legacyExchangeDN Is it save for me to change one of these to reflect the users correct email ...

I want to be able to log when a user logs on to our AD network.  I get 100's of the following events 540,538,680.  But I just want one event showing the AD username and the IP they are coming from.  I think event ID 528 is the ...