Home All Groups Group Topic Archive Search About

Windows Server Active Directory

microsoft.public.windows.server.active_directory
Score DCpromo issue. Health check on AD and group policy.
IT Team @ Queensbridge.bham.sch.uk - 27 Jun 2009 9:07 PM - 17 messages
Hi Folks we have 3 domain controllers all running windows 2003 (DC with FMSO roles has SP1 and the other 2 have SP2). One of the SP2 DC's is about to suffer an imminent hard drive failure and I wanted to decommission it before it dies. ...
Score Sharing FSMO roles between 2 DC's?
Gonzo - 27 Jun 2009 11:31 AM - 6 messages
Hi, We have 2 windows 2003 DC's (500 users).  The FSMo roles are shared as follows, is this ok? DC2 - Domain Naming Operations Master DC1 - RID DC1 - PDC DC1 - Infrastructure DC1 - Schema Master Thanks in advance for your time. ...
Score dsacls
Kerry - 27 Jun 2009 7:04 AM - 3 messages
I am currently running seperate commands and am looking at running all at one time, how can this be achieved? dsacls CN=Computers,DC=Testsrc,DC=Com /G testsrc\ComputerAdmins-Computers:CC;computer /I:t dsacls CN=Computers,DC=Testsrc,DC=Com /G ...
Score LSASS Bleeding Over
JoshP - 26 Jun 2009 9:59 PM - 8 messages
Would anyone have a clue as to why I am having this particular issue with LSASS?  What happens is that LSASS process (CPU) on one domain controller spikes up to 80% and rides there.  Within 30 seconds of the first DC LSASS ...
Score Inconstant netlogon folders
Andrew Dodd - 26 Jun 2009 7:38 PM - 7 messages
Hi All, We have a small issue that I have been fighting with for the last 3 days and getting nowhere. Background. I want to add a domain wide MSI file for desktop tattooing but the only domain wide share is the netlogon folder. So created the desktop ...
Score any effect on this change?
ed - 26 Jun 2009 5:59 PM - 3 messages
Hi all, The previous admin left and I just checked the active directory integrated zone in the DNS console.  In the general tab, the "Nonsecure and secure" dynamic updates is chosen.  will it be better and more secure to use "secure" ...
Score Relative Distinguished Name maximum length?
jmedd - 26 Jun 2009 2:34 PM - 3 messages
Hi, I'm creating some new groups in AD 2003 R2, some of which have particularly long names. I'm having an issue creating those who have a Relative Distinguished Name (aka the ldap property 'name') which is greater than 64 characters. ...
Score Permissions to Delegate User For Netdom
Charles - 26 Jun 2009 2:09 PM - 4 messages
Hi All: I need to know what permission to delegate so a user so this user will be able to add/join computer accounts back into the domain that already exist.  Netdom works fine with the computer does not exist when this user runs it.  ...
Score W2K3 / W2K8 DCDIAG
FUTURIST - 26 Jun 2009 6:36 AM - 4 messages
Hi! I have 2 DCs on my network, One Windows Server 2003 R2 and one Windows Server 2008. When I run a DCDIAG on W2K3 it seems to be OK but when I try to run DCDIAG on W2K8 it shows me the following messages: ...
Score wWin2008 DC local area connection> Link layers
southpaw - 26 Jun 2009 2:27 AM - 9 messages
I read somewhere that both Link layer discovery mapper and responder should be disabled on DCs since they are used for network discovery layout and is not a task you  want your domain controller to perform .Are there any other ...
Score Win2k3 R2 AD to W2K8 R2
fixthisbox - 25 Jun 2009 8:16 PM - 4 messages
Just to verify...... Currently, I performed... Win2k8 adprep /forestprep & /domainprep in my Win2k3 R2 Active Directory enviroment. My question is, do I have to rerun these tools if I install Win2k8 R2 as a domain controller????? (Currently, there are NO WIN2k8 DC's) ...
Score LDAP issues - mimesweeper for web & Active Directory
Emma K - 25 Jun 2009 3:43 PM - 7 messages
Wondering if anyone could help... I'm having trouble with some LDAP connections for Mimesweeper for Web and wondering if i've missed something in AD... AD - Version: 5.2.3790.3959 / Machine environment - XP SP3 Created a test OU under the Accounts root folder and linked my new GPO's to ...
Score Local Administrator Rights
user - 25 Jun 2009 2:03 PM - 7 messages
AD Pros, please help me here. What is the best way to give local admin rights to all users in the domain (XP & 2003 AD).  (I know its not good, but I have to).  Someone pointed I ...
Score Migrating from AD 2000 to 2003
Rodney84 - 25 Jun 2009 2:00 PM - 10 messages
Hello, Question. I have two domain controllers. One is a Windows 2000 Server (this was the first domain controller to be installed on the network). The other DC is Windows Server 2003. Both Domain controllers are replicating nicely. The only thing at the moment is that when I create a new user, I do not get ...
Score sysvol folders missing
Taz1972 - 25 Jun 2009 12:45 PM - 11 messages
Hi, I found out that in the sysvol\domain folder, everything is gone except the folder DO_NOT_REMOVE_NtFrs_PreInstall_Directory, which is itself empty. The sysvol share itself is still there though. This occurs on most DC's including the root which holds the fsmo roles (all ...
Score AD Attribute query!
UselessUser - 25 Jun 2009 10:52 AM - 5 messages
Hi, We have a large group, which recently needed major editing, so I handed it over to another person who asked me a very simple question.. How come when looking at this group, members appeared as one of these types: ...
Score Event ID 1058 & 1030 Error
Libyan_SA - 25 Jun 2009 9:19 AM - 14 messages
hello everyone i'm haveing a little problem here i did check the event log, and i found this error, ===== i did take a print screen for the error [image: [link]] [image: [link]] ...
Score A directory Service error has occured
Kreshiv - 24 Jun 2009 9:36 PM - 8 messages
For giving READER access to ASPNET Account in ADAM dn: CN=Readers,CN=Roles,DC=SyncTargetDC,DC=com changetype: modify add: member (local system)\ASPNET prompted this error. This is in Windows 2003 Server machine. Dev server. I am able to add aspnet account as reader in AzMan. ...
Score Do I need a CA server?
Elwin - 24 Jun 2009 8:46 PM - 6 messages
The non-domain controller certificate authority server crashed.  The CA database is lost and unrecoverable, no backup. I only had one or two in-house servers that used the certs from it anyway, so I was thinking no big deal, ...
Score Mapped Drives using Group Policy Issue
Jetson - 24 Jun 2009 6:58 PM - 3 messages
I have tried mapping drives from a Win 2008 domain on XP clients w/some success using both a logon script and "drive maps" in a GP on the server.  I was using the "drive maps" option 1st and whenever i change the description ...
Score Win2008 DC checklist
southpaw - 24 Jun 2009 6:06 PM - 3 messages
Hi all,, I have successfully  added my first Win2008 DC into our single forest/domain w2k3 environment and have reviewed all logs and ran all the AD health checks and so far so good. I've also disabled IPv6 and windows firewall and  wanted ...
Score need LDAP query to capture nested group ?
vivekmohan - 24 Jun 2009 7:18 AM - 5 messages
hi all, i need LDAP query to capture the nested group for identified server (s) per identified domain..? i have assigned permission list of server (list of server with permission assigned) for that server(s) i need to capture nested group for each unique domain need LDAP query to reslove this........ -- vivekmohan ------------------------------------------------------------------------ vivekmohan's Profile: [link] View this thread: [link][link] ...
Score Publishing LDAPS
Marcel - 24 Jun 2009 5:44 AM - 5 messages
Hi all, We're currently investigating the possibility for mac and linux users to securely access AD so they can use the address book. Unfortunately they need to specify a single DC in their application. Since we do want to share the load to all DC's but also need availability, if for ...
Score How to backup/restore adam ?
Avi - 24 Jun 2009 3:28 AM - 2 messages
Hello I want to take backup adam from 1 server and restore it to another server. Currently I have 700+ adam users in different OU. I know I can use ldif, but it wont export password of adam users. What is the best way to do this? Currently it is 1 time job? ...
Score Applying Computer Settings
gulerayh - 23 Jun 2009 11:17 PM - 5 messages
Hello i have a domain controller and pretty much domain member computers on Active directory. i create some group policies and apply them to domain member pcs. but this domain member pcs are opening very slowly especially while applying computer settings at startup. is there anything i can do to solve this ...
Score New AD tree or AD forest?
KJ - 23 Jun 2009 9:33 PM - 10 messages
I am trying to understand the differences between forests, trees and child domains to determine the best scenario for a project. Here is the request that's been presented to our IT team: 1. external clients need to access reports via the web that are created by ...
Score AD Site Replication links for redundant VPN's
Brandon I.T. - 23 Jun 2009 8:44 PM - 2 messages
I have a question regarding how to setup a redundant VPN connection for replication.  Below is a very simplified description, the actual network has many more sites. I have the following SITES defined in Sites & Services: NEW ORLEANS (main site) ...
Score Population of child domain in parent dc/dns server
gokussx4 - 23 Jun 2009 7:35 PM - 2 messages
When my unattended install of a new child domain occurs it takes up to 20 mins for the child domain partition to populate into the parent dns server records. So its eventually successful but for purposes of software automation testing I need to find a method to speed up this process and make it more ...
Score On one PC no user runs logon script
MC Murphy - 23 Jun 2009 7:13 PM - 8 messages
Windows Server 2003 domain and servers.  Users and computers in an OU.  Logon script in a GPO linked to the OU.  On almost all PCs anyone logs on, the logon script runs (drives and printers).  On one PC anyone logs on, no logon ...
Score windows 2008
Raul - 23 Jun 2009 6:30 PM - 4 messages
Just got a Win2008 machine - when I try to run DCPROMO and choose "create a new domain in a new forest" I get "the local admin account becomes the administrator account when you create a new domain. The new domain cannot be created because the local ...
Score All new users have no access to "my docs"
samotech - 23 Jun 2009 5:49 PM - 4 messages
okay i receive a call from a student who cant access her my documents folder , she has access to her desktop , redircted start menu  and program files just not her my documents folder. i checked all permissions and they are fine i set them to FC under her login, and still no good. ...
Score Windows Server 2008 DCPROMO
southpaw - 23 Jun 2009 2:05 PM - 7 messages
Hi , I am trying to add my first Win2008 DC in my W2K3 domain and I  receive a message that indicates that a DNS delegation for the DNS server could not be created and I should manually create a DNS delegation to the DNS server to ...
Score Restore W2k3 DC terminal license server to a Win2008 DC
southpaw - 23 Jun 2009 8:15 AM - 3 messages
Hi all, I am about to add my first Win2008 DC in my W2K3 forest . I have extended the schema and did all the prep work for add a new Win2008 DC .However, I have a question about terminal server, one of our W2K3 DC lets call it DC1 ...
Score IE proxy settings are not applied from GPO
Lubos J. - 23 Jun 2009 7:44 AM - 6 messages
HI, suddenly from last week, my proxy settings distributed via GPO are not applied to users. Simply, I can check all the things like RSOP, gpresult, gpotool...etc, everything seems to be ok, it shows that settings was correctly apllied, but they were not. ("Use of proxy" is not check, ...
Score Password Change - Users unable to login
microsoft - 23 Jun 2009 2:22 AM - 15 messages
Hi I am running a Windows 2000 Server Domain Controller.  I have approximately 30 users who are running Windows XP. The issue: No GP is defined for password or account policy.  However users cannot change their passwords at will.  To make matters worse, when I login to the ...
Score Logoff on idle with lock already active
DavidIT - 22 Jun 2009 7:34 PM - 10 messages
Hi, I would like to implement a logoff script or feature to my domain's user after 15 minutes of inactivity.  I've been searching around the internet and I have found a tool called winexit.scr BUT the problem is I already use a screen saver to lock stations after 5 minutes of inactivity so my question is simple : ...
Score Default Group Membership
Kerry - 22 Jun 2009 5:56 PM - 3 messages
Team, We have ~60 Accounts in Backup Operators and ~45 in Network Confugartion Operators. Before i remove these accounts want to know if these accounts are safe to be removed from the said group?? What are the groups meant for and can such a function be delegated??  think it should be possible ...
Score single logon
dlee12 - 22 Jun 2009 5:26 PM - 3 messages
hi! i;ve just established a one way domain trust between my AD forest with my corporate AD forest. Currently, we've 2 AD logons one for the branch office and another one for the corporate office. My question is that, with this one ...
Score Re Create one DC
Sarfraz Malik - 22 Jun 2009 4:41 PM - 7 messages
We have a domain with 2 DC. One of the DC crash and have to reinstall OS windows 2003 standard edition. Name the computer same as before, join the domain, made it a DC and also a DNS server. It will not replicate with the ...
Score My Network Places - Across WAN
RandyH - 22 Jun 2009 4:39 PM - 10 messages
Recently we opened a new office in another city. This is office is part of our MPLS WAN and I can ping servers by name, browse to servers, etc . . . but in My Network Places or Network Neighborhood or Network whatever it's ...
Score How to create custom attribues in ADAM/LDAP?
Avi - 22 Jun 2009 4:35 PM - 2 messages
I have followig attributes, which I would like to add in adam. I will be thankful if someonce can tell me step-by-step instructions? Attributes 1 - Security Questions (Multiple Value - String Field) Attributes 2 - Security Answer (SIngle Value - String Field) ...
Score Change ADAM Service A/c Password
Avi - 22 Jun 2009 4:31 PM - 8 messages
Hello I would like to change my ADAM Service A/c Password. IF I change in in services.msc and update ADAM Instance  and then password. Will this work or anywhere else I need to change this? This ADAM Instance user is a member of Built-In Administrator group. I know ...
Score Active Directory Groups question
Andy Siegel - 22 Jun 2009 2:50 PM - 5 messages
I have a few groups that I would like to clean up, but I want to make sure that my understanding is correct. I have a couple Global Security Groups called Elec Admin and Electric Admin. I also have a Universal Security Group called Public Utilities.  All the ...
Score Share EFS protected folder
aconti - 22 Jun 2009 8:07 AM - 5 messages
Hello if I have a folder with a test file and the folder is encrypted with EFS. Lets say that I want to share it and give share and NTFS permissions to another user on the domain. A different user from the one who originally encrypted the folder. To be able to open the text file inside the other user has to be added to the Details tab next to the encryption checkbox right and it does not make any difference whether the user is trying to access the text file from the network or locally from the same pc which has the encrypted file. ...
Score how to identify infrastructure master is down
Praveen P - 22 Jun 2009 4:15 AM - 3 messages
how to identify infrastructure master is down What will be the serious impact if it is down? ...
Score GINA - Windows Domain Authetication Versus Application Authentication
Kerry - 22 Jun 2009 2:00 AM - 4 messages
Can you point me to some information which will help me understand more about the process of authentication (general and not specific to AD only). Here is our problem: We have an application (DB2) which runs perfectly in Windows Workgroup (XP SP2 Machine). In Windows Workgroup, when the application is executed there is a application specific Credentials UI which POPs up within 2 Seconds. ...
Score secured connection with the DNS
gira - 22 Jun 2009 12:52 AM - 2 messages
Recently, I've been seeing the following even being logged on my computer, ID: 40961 The Security System could not establish a secured connection with the server DNS/nameofthednsserver.  No authentication protocol was available. The odd thing is that our DNS is not even Windows, it's BIND DNS. ...
Next » 2 3 4 5 6 7 8 9 10