Home All Groups Group Topic Archive Search About

Windows Server Active Directory

microsoft.public.windows.server.active_directory
Score reset GPO and update the schema
Andrea - 6 Dec 2008 12:06 PM - 6 messages
Hi guys, I've installed Windows srv 2008 32bit and make it a DC on SBS domain, after this I've demote SBS moving any FSMO roles (and GC) on new 2008 server. Now there is 2008 only dc. I would like to reset GPO settings (because they was inherit from SBS) so i ...
Score GPO weird behaviour:Public Key Policies settings applied automatic
trhacker - 6 Dec 2008 10:08 AM - 3 messages
Hello all, I've just configured a new GPO in my domain. I've done several configuration settings, but I've NOT configured Public Key Policies. After finished editing and applying the new policies, I've opened Group Policy Management, to view a report of the settings created (in the GPO ...
Score "The time at the Primary Domain Controller is different than the time at the Backup Domain Controlle
Spin - 6 Dec 2008 12:57 AM - 3 messages
Gurus, Running Windows Server 2003 Active Directory.  Once in a while, I will see a message in the event log similar to the following: "The Security System detected an authentication error for the server ldap/DC01.mycomp.com.  The failure code from authentication protocol ...
Score Library Not Registered
POB - 5 Dec 2008 11:24 PM - 12 messages
Our secondary AD Server has started to act up, giving the following error messages: - This error is given when AD Users and Computers is launched, "Naming information cannot be located: Library Not Registered" - When you enter a URL in IE, an error says, "[link] is currently ...
Score Questions about domain time source
MyGposts - 5 Dec 2008 10:25 PM - 5 messages
In a 2003 domain, should clients always sync time with only the PDCe or should they sync time with any available domain controller? I looked into the log of an XP client and could see that it was getting time from various domain controllers, but the PDCe domain ...
Score Trust, domain without suffix
eporz - 5 Dec 2008 9:55 PM - 2 messages
Hi, do you kwon, if it's possible put two domain without suffix in trust ? Thanks ...
Score Trusts with external domain and Domain/Forest Functional Levels
MyGposts - 5 Dec 2008 5:09 PM - 10 messages
When you have a trust with an external domain, do your forest and domain functional levelsa need to match? We are wondering if raising our forest and domain functional levels could break trusts with other domain if our local domain is at a ...
Score Missing Domain Resources
Dennis Backherms - 5 Dec 2008 3:18 PM - 4 messages
Hello all, I have been experiencing some really strange behavior domain wide concerning resources allocated to domain users and computers. Domain users currently have a script that maps drives for them when they login. The script file (bat) has worked successfully since inception a ...
Score Applying GPO in W2K3 and W2K8 - Admin Question
Luiz - 5 Dec 2008 12:11 PM - 7 messages
Hi, I have a question about applying policy in W2K3 and W2K8 an its action in administrator account, if anyone could help me I appreciate: - I have applyed a GPO in an OU and in Security Filtering I put the Security ...
Score GPO Not Applying Proxy Settings
waynegillard - 5 Dec 2008 10:23 AM - 2 messages
Hi Everyone, I have an Issue where I am applying proxy settings to all machines so the users go through a new websense box, however the settings are not being applied to the client machines. Anyone have any ideas why this might be, I attach a gpresult.txt file and also screen shots from the actual gpo and from the gpo modelling! ...
Score GPO Not Applying Proxy Settings
waynegillard - 5 Dec 2008 10:16 AM - 7 messages
Hi Everyone, I have an Issue where I am applying proxy settings to all machines so the users go through a new websense box, however the settings are not being applied to the client machines. Anyone have any ideas why this might be, I attach a gpresult.txt file and also screen shots from the actual gpo and from the gpo modelling! ...
Score Upgrading from windows 2000 to windows 2003
Alexyy - 5 Dec 2008 6:31 AM - 11 messages
Dear All, I am having windows 2000(standard edition) domain controller , iam tryingto uprade my  domain controller from windows 2000 to windwos 2003 enterprise edition. iam facing error message. I am trying to upgrade windows 2003 by adding additonal domain controller to ...
Score LDAP Simple Bind with trusted domain user credentials
Cameron Murray - 5 Dec 2008 5:32 AM - 10 messages
Two forests with two way trusts, Forest1 is at Server 2008 level, Forest2 is at Server 2003 level. We are trying to support a LDAP client that only allows for a simple bind against Active Directory. It is used to look up contacts/emails. All of the ...
Score 2003 Domain Controller Powerd Off for 24 hours, then demoted
MyGposts - 4 Dec 2008 10:38 PM - 12 messages
We are retiring a domain controller and giving its IP address to a new DC witha different name. To verify that everything is working fine without this domain controller, it will be turned off for the next day to see if any ...
Score Deploy to Mobile Workforce
Dave Roberts - 4 Dec 2008 9:13 PM - 4 messages
We need to deploy a 3MB MSI to 250 laptops that connect via a wireless WAN connection (cellular on a VPN).  The wireless connection is not started until after the computer configuration is complete which makes deployment via computer configuration in Group Policy ineffective.  Is there any way to ...
Score AD sites and services confussion:
Goku 316 - 4 Dec 2008 8:46 PM - 13 messages
Hello all. Background: We have 6 sites all located within a few blocks from each other. An AD environment with a mixture of 2003 and 2000 domain controllers. Single forest single domain. On an average each site has 3 DC (2 2003 and 1 2000). ...
Score weird perms on \\DC\Netlogon
BFH - 4 Dec 2008 7:47 PM - 3 messages
Windows 2003 domain and DCs.  The perms on \\DC\Netlogon are as follows: Share: Everyone Read, DOMAIN\Administrators Full Control File: Authenticated Users Read, DOMAIN\Server Operators Read, SYSTEM Full Control, DOMAIN\Administrators Full Control, CREATOR OWNER Full Control on ...
Score group membership between different forests
Blake - 4 Dec 2008 7:13 PM - 8 messages
I have two forests - corporate (over which I have no control) and mine. corporate is trusted by my domain. I'd like to create a group in my domain and populate it with users from the corporate domain - is this possible? ...
Score Restore Active Directory New Netbios Domain Name
da crusher - 4 Dec 2008 5:02 PM - 6 messages
Hi Everyone, I am running Win 2k3 SP2 native mode and would like to restore my AD to a lab environment (100% isolated).  For certain reasons, they would like the lab env to have a different NETBIOS domain name than production.  ...
Score User Group Membership through nested Groups
Ale - 4 Dec 2008 1:04 PM - 6 messages
Hi to all, is there a way to retrieve the group membership through nested groups? I'm using the dsget command but as i read on the web there is no possibility to do it: dsget group "CN=Domain Admins,CN=Users,DC=contoso,DC=com" -members - ...
Score Trust Problem In Forest - Advice or Help
Simon - 4 Dec 2008 11:25 AM - 4 messages
Hi All Wonder if I can get some assistance.... Domain name = Domain.corp (Root) Child Domain = UK.Domain.corp We have other child domains, but as far as I can tell, there are no problem issues with these. Problem: If we get a small minor outage on a Network, the trust between UK ...
Score Metaclean
DD - 4 Dec 2008 8:46 AM - 7 messages
I tried the metaclean today , when i do the the list domain , found 1 domain 0=dc=ocba,dc=co,dc=sg . can't find the  "select domain number " command. same for list site select site number. can;t find site select ...
Score Need to Keep Resetting Windows 2K3 Server Computer Password - - He
CompDigit44 - 4 Dec 2008 1:44 AM - 4 messages
My company is currently running a Windows 2000 Active Directory domain that has 500+ clients. Anyway our domain as I inherited it is setup as follows: (company.com) which is our parent domain . This domain is the name for our ...
Score Builtin Administrator Account Question
seamus151 - 4 Dec 2008 1:35 AM - 5 messages
I have just recently setup a DC with AD.  I am the domain admin and I added four people to the "built-in administrator" account within AD under the domain OU.  We put one client on the domain and I had one of the four admins test his privileges.  He had no more privileges then a domain user. On the client I opened the "Local Users and Groups" and under administrators group the only account listed was local Administrator and XXdomainXX\Domain Admins. ...
Score AD Auditing tools
BH337 - 3 Dec 2008 8:20 PM - 12 messages
Is anyone familiar with any Active Directory auditing tools?  I would like to be able to track any changes to the domain, when those changes were made, and what was done.  We are looking for very detailed information. ...
Score 4321, 4319 and 8003 error in the systems log
DonnaJ@abbe-lib.org - 3 Dec 2008 6:36 PM - 2 messages
I keep getting 4321, 4319 and 8003 error in the systems log. They show up on different DC's, at different site randomly. How do I troubleshoot this? I don't believe it's causing any problems, but I'd like to figure out what's ...
Score limit user to a subfolder only...not parent and other subfolders
Pearl - 3 Dec 2008 5:10 PM - 4 messages
how can I limit a user from viewing and accessing folders/files under a parent folder other than the one he needs?  I do not want this user to see or access files in other subfolders of a parent folder other than the one he ...
Score Query other active directory
Eusebiu - 3 Dec 2008 2:49 PM - 3 messages
Hello... I have a Windows Server 2003 standard edition SP2 with it's own domain and a Active Directory. I can connect to this machine using Remote Descktop Connection but I can't use the .NET class DirectoryEntry. DirectoryEntry de = new DirectoryEntry("LDAP://192.168.79.169/"); ...
Score "Active Directory Health Check" (ADHC) tool available to public?
Spin - 3 Dec 2008 2:18 PM - 3 messages
Gurus, I heard there's an "Active Directory Health Check" (ADHC) tool available only to Microsoft employees used on consulting missions to scan companies networks.  Figuring this tool might be available online, I googled and came up with a lot of hits, but not sure if these are copycats or near-direct ...
Score GPRESULT + ERROR: ACCESS DENIED
Raju Nair - 3 Dec 2008 12:53 PM - 2 messages
This solution tested & works at Windows 2003. Go to Command Prompt --> Copy Paste the below lines cd /d %windir%\system32 regsvr32 /n /I userenv.dll cd wbem mofcomp scersop.mof gpupdate /force gpresult Thanks Regards RAju Nair ...
Score Password replication
Tony L - 3 Dec 2008 10:38 AM - 7 messages
Is it possible to replicate a password for a user from one domain to an untrusted domain? the user appears on both domains and connects to the Exchange server for email. ...
Score subdomain setup
Taz1972 - 3 Dec 2008 10:13 AM - 6 messages
Hi, I am an admin of a server 2003 domain called <company>.local. We have a site where we have two admin secretaries who handle highly confidential data such as company salaries etc. For this reason, we want to separate this into a subdomain that will have ...
Score WDS "stuff"
Don - 3 Dec 2008 2:06 AM - 8 messages
Would this scenario work? Setup a lab environemt with RIS utilizing a Windows 2000 domain & server. RIS client PC's in that lab, remove the client PC from the lab domain, and then join the PC into the work domain with the 2003 Servers? ...
Score Another problem with Adding the Second DC
vdz - 3 Dec 2008 12:47 AM - 3 messages
Hi all I've added the second DC (DC2) for couple of hours. I only ran DCPROMO, and it installed DNS and AD at the same time. And I just checked to see if everything is replicated from DC1, everything ...
Score Remote Domain Controllers and replication
physikal - 2 Dec 2008 10:52 PM - 3 messages
Hello all, I'm having a real issue deciding on what route to take for 2 remote sites that we have. I'll layout our setup and give my thoughts and theories on it, then if you could, give me your input and hopefully share your better ideas! ...
Score AD Get Username Script
lunarpc - 2 Dec 2008 10:25 PM - 9 messages
Hi, I found this script on the web. It technically does everything I need it to, except its not working. I really want to use the Display Name to get the email address. For some reason it is not getting the email address. If any of ...
Score A g;lobal catalog cannot be located to retrieve the icons from the member list
Nik - 2 Dec 2008 7:36 PM - 24 messages
Guys, I'm running Win2K sp4 and am getting this error "A g;lobal catalog cannot be located to retrieve the icons from the member list" when I try to vew the members listed in a group object. I know my ...
Score Allow User to Remote Desktop to DC, Member Server?
Scott Townsend - 2 Dec 2008 5:19 PM - 3 messages
Is there a way to do this via Group Policy? I dont want to have to do this to every Server... 1. Using an admin account open a remote admin session to the server in question. 2. Click Start->Programs->Administrative Tools->Terminal Services ...
Score Group Policy to allow stopping a service
Sam - 2 Dec 2008 5:01 PM - 5 messages
I am trying to allow my users to stop a specific service of a third party app. I have that app installed on my Domain Controller as well. I went to Group Policy and under Computer Configuration > Windows Settings > ...
Score Browse Network
Pat - 2 Dec 2008 4:33 PM - 2 messages
Hello. We just upgraded the functional level from 2000 to 2003 and users are complaining that servers are not showin up in network neighborhood.  The list that shows up is very small looks like the local subnet only. Any Ideas? ...
Score Managing user folders for ~1500 users?
Barkley Bees - 2 Dec 2008 3:41 PM - 7 messages
I will be setting up a  shared 'USERS' folder on a large storage server for ~1500 users. We will be assigning each user a home folder using AD to which they will have modify access (SYSTEM and Administrators will have full ...
Score Hide full path in Windows explorer of mapped drive
Sam - 2 Dec 2008 2:42 PM - 12 messages
I am not sure which group this should go in so forgive me for posting the same question in several groups. I am using net use in the login script to show mapped drives in Windows Explorer for my users. ...
Score How to find user which I've delegated some rights / tasks
NVVN - 2 Dec 2008 10:32 AM - 2 messages
Hi :) How can I find to which user(s) I've delegated some rights / tasks using Delegation Wizard or the only way is to first document delegation. Also, how can I remove delegation of rights / tasks from some user ? ...
Score Migrating to a new server
Paul Smith - 2 Dec 2008 8:17 AM - 2 messages
Migrating to a new server Hi guys/dolls I am on the verge of migrating from my old windows 2000 server to a windows 2003 server (why not 2008?) in a few days. Actually all I will be doing is ...
Score Domain Accounts rights
soregg - 2 Dec 2008 7:54 AM - 3 messages
Hi all, My company wants to control the account rights.  Is there is any best practice of account rights controls/assignment please? Thanks in advances. ...
Score client join domain
Eliah - 2 Dec 2008 7:09 AM - 3 messages
Hi , I want to give my helpdesk team private right They must join a client domain without administrator right wht can i do about it ? thx ...
Score Need to recreate NTDS Settings for DC in Sites and Services
runout74 - 2 Dec 2008 6:20 AM - 13 messages
I am in need of some assistance with an AD problem. It is late and I have been working on this all day so I hope I make sense. Here is the problem.  We have two Server 2003 domain controllers.  DC1 is at the main office.  DC2 was at a remote site that was eventually shut down and DC2 was forgotten for awhile.  Replication was broken since we exceeded the tombstone number of days.  ...
Score Parent Child AD Replication
Andrew - 2 Dec 2008 4:16 AM - 2 messages
Hello, I have a Parent domain with a single child domain. The parent domain is hosted at my corporate office and the child domain is being hosted at a satalite office in another city. I would like to know the best method to connect parent and child for AD ...
Score To find which PC was used to change a password
mtsint - 1 Dec 2008 11:53 PM - 4 messages
Hi gurus I am not an admin on our active directory but manage (Owner) of some test accounts These test accounts are used by many many people and they are NOT suppose to change the password Since I am not the admin on AD, is there a way for me to find out ...
Score Granting "Allow" permission to a user in two user groups
snowrider - 1 Dec 2008 9:28 PM - 2 messages
Say I have a group with users Bob, Alice, Mary, and Joe (in reality we have about 50).  They each have folders "Bob", "Alice", "Mary, and "Joe" inside of "Shared".  I want to give everybody access to everybody else's folders, but I ...
Score changing folder redirection with GP
DDoasis - 1 Dec 2008 8:32 PM - 5 messages
In my network there was a server that died that users were redirected to. The previous admin disabled that gp and created a new one to redirect to the new server. Many users redirection fails because it is looking for the old ...
Score how to remove the gibberish sid after removing the trust
study - 1 Dec 2008 7:28 PM - 8 messages
Hello After completing the domain migration (NT to 2003), and removing the trust, how do I get rid of the gibberish sid from the resources? I tried running the security translation wizard by selecting the option "previous migrated objects" and selecting all the member servers and ...
Score gpo scripts
jonesj - 1 Dec 2008 7:14 PM - 8 messages
I use a login script to map drives for users and an auto-outlook vbs script along with a .prf file for configuring outlook for 1st time logins to a machine.  We have alot of users who get transferred, etc around the city.  ...
Score Demoting a domain controller with an application directory partiti
Greg - 1 Dec 2008 7:05 PM - 3 messages
While demoting a 2003 domain controller from a child domain with two remaining 2000 domain controllers I get a message that says: This domain controller holds the last replica of a partition dc=DomainDnsZones,dc=domain..... Is it safe to allow the deletion of this via the dcpromo wizard? ...
Score Hide logon to trusted Domain
Pat - 1 Dec 2008 6:52 PM - 3 messages
Hello, Is ther a way using group policy to hide the trusted domain from the users. We just set up a trust and we don't want to confuse the users as to where they log onto. Thanks ...
Score Web Login
Rajnish - 1 Dec 2008 6:23 PM - 4 messages
I've Domain with WIN2k3.All times i need to connect to any server i usually do it thru TS.SOmewhere i saw admins logging thru web and logging it on the server.How is this achieved any modifications on the domain..Can anyone guide ...
Score Extending 2003 Schema to support 802.1x wired gpo
MrHusy - 1 Dec 2008 6:06 PM - 5 messages
Hello,     Have been searching in internet, reading articles for a while but couldnt manage to sort this out.     I want to be able to configure the "Authentication" portion of Local Area Network connections of my domain clients to implement 802.1x EAP Over ...
Score password expiry notification and external trust
Greg Stigers - 1 Dec 2008 4:46 PM - 2 messages
Our Domain A trusts their Domain B, in another forest. We've had a user from Domain B ask why when he signed into his Domain B account in Domain A, he is notified that his password expires in nine days, when he is not getting a ...
Score LDAP SASL Bind DIGEST-MD5 with non-ASCII chars in SAM-Account-Name
Michael_Ströder - 1 Dec 2008 4:34 PM - 4 messages
HI! in general LDAP SASL Bind with mechanism DIGEST-MD5 works with AD (tested with W2K3SP2). But if the SAM-Account-Name contains non-ASCII chars (like german umlauts) it does not work. My test script written in Python correctly encodes the SASL username as ...
Score Lockout accounts
pjverweij - 1 Dec 2008 2:04 PM - 10 messages
Hello, My first post so lets see want i can learn. Situation: - WBT workstations - 5 Citrix servers - 1 File server also domaincontroller(VirtualMachine) - 1 mailserver also an domaincontroller(VirtualMachine) Accounts get lockout with the event on the fileserver: 675 This event shows the ip address of the citrix server where the user is logged on to. ...
Score Configure Sites and Services with Sub Domains
Chuck Fazio - 1 Dec 2008 1:33 PM - 6 messages
I am reconfiguring Active Directory from a relitively flat sturcture to adding Sub-Domains to reduce the replication process. I am looking for information on configuring Sites and Services using Sub-Domains from anyont who may have comfigures AD with multiple Sub-Domains. ...
Score DFS questions relating to SIS, VSS, Quotas and more
Barkley Bees - 1 Dec 2008 8:54 AM - 3 messages
I will be deploying two servers at two different offices (80 Mbps dedicated connectivity between offices). Both server builds are identical (Dell head servers and DAS enclosures) and will be installed with "Storage Server 2003 R2 SP2 64-bit". These will be used purely for storing user folders (~1500 ...
Score AD and Hyper-V on same h/w
Elissa - 1 Dec 2008 8:45 AM - 4 messages
Hi all, Just a quick question:... Can a *physical* instance of Windows Server 2008 host an Active Directory domain controller AND Hyper-V host service in the same time? Does this present any significant security issues? Background: We're thinking of hosting Exchange Hub/Cas role in that Hyper-V ...
Score Resolve Printer long names mapping by FQDN name
chua - 1 Dec 2008 8:32 AM - 3 messages
My network is running on AD2003 r2 and XP clients. I'm using .vbs script to map network printers during clients login to network. However, i have errors when the users logon to windows. Error shown on client: Scripts: sysvol\path…. ...
Score Generation of keytab using ktpass in Win 2008
Mike v - 30 Nov 2008 9:06 PM - 7 messages
Hi When I use ktpass to generate a keytab in Win 2008 the application fails Log Name:      Application Source:        Application Error Date:          1/12/2008 7:38:31 a.m. ...
Score GPO issue
goundhog - 30 Nov 2008 8:14 PM - 3 messages
I have a few servers in my W2003 AD which will not release the GPO settings that have been applied to them - e.g. some lockdown settings If I place the server in an OU with blocked inheritance and nor GPO's ...
Next » 2 3 4 5 6 7 8 9 10