Newest 'active-directory' Questions

Q&A for system and network administrators

Managing domain user accounts

i recently upgraded my PC from Windows 10 Home to Pro Edition. It is a Domain PC so different users can access the server with their user accounts registered in the domain. Unfortunately after the ...

Win 2012 domain“The trust relationship between this workstation and the primary domain failed” fixed remotely without local credentials?

We have a workstation that is getting the error "The trust relationship between this workstation and the primary domain failed" on logon. The local logon information is not known on this workstation. ...

How should i synchronise users from a active directory group with my saas service?

We provide a SAAS software for our customers. To improve the usability we would like to synchronise the users (load all users into our system) of our customers with our software. Regarding to the ...

Get-ADGroupMember Get domain of user in select-object

I've searched all over and I think this would be fairly common but maybe not. I want to list the domain of a user with the username via Get-ADGroupMember. So for instance I have this: Get-...

Backup, Modify and Restore of Active Directory

Is there an easy way to do a backup, modify and restore of an active directory instance? More specifically, I'm looking to do a backup, then change all references of DC=foo,DC=com to DC=foo,DC=dev so ...

How does Windows decide which IP address to use with AD DC communication?

I have a weird problem. I am working on setting up "Sites and Subnets" properly, so that my AD clients connect to proper DC (instead of one on opposite side of the globe). To do this, I started ...

Identify the Master Server in an Active Directory listing

I have recently inherited a database server that the previous developers appear to have lost the Admin password for it. Speaking to the hosting providers they keep telling me that as it is a ...

No internet connection on Synology DSM and no connection between diskstations (using active directory)

I have connected our new Synology Diskstation to our active directory according to the FAQ/tutorial. It gets connected and seems to work fine. I can ping the machine in the network and I can see the ...

Ports required for single sign-on to domain web server

I have a IIS on a server which is a member of an AD domain. The app is using Windows Integrated Authentication and users want single sign-on. Besides the web app's port (80) are there additional ...

Debugging a timeout with ldap auth on apache

I'm trying to debug a timeout problem I have with Apache, for some months now. The pattern looks like this: On every first request of a new session (or after some time after the last request) the ...

User can't change password due to complexity

At one of my customer's child domains, he has the problem that a number of (looks like) random users can not change their password due to "complexity blah blah". This is however not true, when: a) An ...

Domain controller not able to join client to domain

This is my environment: DC1 (PDC) - IP: 192.168.1.11/24 DC2 - IP 192.168.1.12/24 DC3 - IP 192.168.2.10/24 Subnet 192.168.1.x/24 is connected to subnet 192.168.2.x/24, and domain controllers are ...

How to make Samba4 Internal DNS resolve names without domain [duplicate]

I have a Samba4 AD-DC configured with internal DNS. I followed the configuration at https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller I use this samba as my ...

Active Directory: proxyaddresses attribute preventing user from receiving mail

To create aliases to mail addresses, some of our users have the "proxyAddresses" attribute set in Active Directory. For example, user John Smith whose mail address is "John.Smith@ourcompany.fr" also ...

HAProxy is it possible to force basic auth then select AD server based on user IP?

Here is my context: I have a web application (using HTTPS) which needs users to be authenticated prior to contacting it The application expects an HTTP header to be set (let's name it HEADER) There ...

Kerberos authentication issues behind RODC

We have a branch office in Costa Rica where, back then, we had implemented a Squid proxy with SSO using AD and it was working perfectly. Just recently we implemented an RODC at the site. Once that ...

IIS 8.5 permission problems

I have a Java program (running on a Windows 7 virtual machine) that uses JAAS and GSSAPI to get a resource (like, index.html etc.) from IIS (running on a Windows 2012 R2 virtual machine) It ...

2012 Server - Destination Host Unreachable

I have a Windows 2012 AD Server. I have successfully joined a Windows 2008 R2 Standard and a Windows 10 Pro without any issues whatsoever. These 2 are on a vSphere box, with the same LAN/WAN setup. ...

LmCompatibilityLevel to be applied to client, domain controller or both?

I'd like to apply LmCompatibilityLevel = 5 to my domain but I am not sure if this is to be applied to all clients (via GPO), domain controllers only or to both. I am a little confused as the TechNet ...

Domain Controller Hyper-V Snapshot usage

I have read a lot about how bad domain controller snaphots are due to possible inconsistencies being created. They all seem to be only related to the case of having multiple DCs, like you have in a ...

What are the risks associated with running Microsoft Azure Active Directory Connect?

I'm getting ready to move my company to the Microsoft 365 cloud services. We have a local AD server on Windows Server 2012 Standard. I'm pretty new to Windows Server management, so running ...

windows 2012 server won't let you login without Kerberos DES checked

Two new Windows Server 2012 R2 installs. One setup as a Domain Server. The other joins the domain. (on an account that is setup with the default stuff, but added to the Domain Admins group. (...

sss_useradd vs useradd with SSSD

I am currently using sssd to authenticate users to active directory. However, I still need to be able to add local users. I noticed SSSD has a local provider and also as a tool to add local users to ...

Active Directory manually reset password validity

I have been asked to put the following one-time password scenario in place for our (small) Active Directory domain: whenever an administrator has to manually reset a user's password, the password ...

Powershell get-aduser not showing all results

I'm trying to pull some data from AD but am getting some confusing results. I'm running: Get-ADUser -Filter * -Properties * | select userPrincipalName, msTSLSProperty01 and it presents me with all ...

MMC, Active Directory Users and Computers, why is properties missing most tabs?

This question has been asked several times on other forums, but most answers I've found are for Windows 7, Windows Vista, or don't apply to my situation at all. My issue is that when I go to the ...

gpresult doesn't show all applied GPOs

Currently, I have 2 GPO's in play for a new machine I just added to the domain. The second GPO (stagingGPO) is not showing up in the gpresult /r. The First (Power SettingGPO) is the only result in the ...
+50

Where are Exchange 2010 System Public Folders stored?

I'm attempting to restore items located in System Public Folders>EFORMS REGISTRY>Organization Forms. I'm backing up my Exchange Servers with Veeam B&R. I can see the mailbox databases and PF ...

Difference between DOMAIN\username and User Logon Name causing problems with .NET Authorization Rule

I am currently having trouble with some IIS .NET Authorization Rules which are restricting access to an site based on the AD Group Membership. The groups are configured as Global Groups, with names ...

Duplicate Ping Responses from single AD Domain Controller

Something I can't wrap my head around is happening with a DC on our network. I am a programmer by trade not a network engineer, but I am 99% sure this is not normal behavior. Anyway when I rebooted ...

Recover from accidental Sysprep on only AD DC

Being total "genius" on newly deployed environment I ran: sysprep /oobe /generalize /mode:vm /shutdown on the wrong VM during creation of a new AD environment. To make matters worse it was run on ...

Exchange 2013 - Grant delegation to security group?

One of our clients needs all users with a mailbox to be granted Full Access and Send on Behalf permissions to another shared mailbox. The easiest way to do this would be to give a security group the ...

Windows user directories have domain suffix?

The users on some of our servers used to have user directories named the following: C:\Users\[username] Since the infrastructure admin did something to "refresh" the user accounts, a bunch of new ...

Upgrading from very ancient AD server (server 2000) to Server 2012 R2 Essentials

We currently have an Active Directory system based around 2 Windows Server 2000 servers. We would like to replace this with a Server 2012 R2 Essentials based AD / file server. Since we cannot simply ...

Unable to authenticate via pam winbind using external domain credentials

I have a Linux server in my DMZ joined to a domain we'll call "DMZ". The "DMZ" domain has an external, outgoing, non-transitive trust with another domain we'll call "INSIDE". Winbind appears to ...

How does DFSR work out costs to other sites?

We have 4 sites - two of which host DFS servers. Site A - DFS Server #1 (namespace member, replication group) Site B - DFS Server #2 (namespace member, replication group) Site C - No servers, just ...

Hyper-V ServiceConnectionPoint Missing

I have a Computer Object in AD representing one of our servers running Hyper-V. While building a script, I suddenly noticed this server was not showing up in my list. The script uses a custom ...

Active Directory USB access disobeying GPO

I am the administrator of a company and recently I created an Active Directory with Windows Server 2012 R2 and windows 7 computers as clients . I have a Group Policy on all users to disable usb ...

Active Directory Administrative Center Crashes when updating object

DSAC.exe crashes every time we try to update a user object. It will crash in every system we try it on including the servers running active directory. It happens in windows 7, windows 10, and windows ...

gpresult /v and rsop.msc shows reverse values for GPO's on windows 10

In our domain we have a situation that keeps us confused: We have created a GPO on our 2012 R2 AD and applied it to our windows 10 workstations. When we examine the workstations with the "gpresult /...

Need Suggestion for settingup AD server on azure cloud with out having onprime AD server

We are planning to setup AD server for our startup organization. We are planning to create it on Azure Virtual Machines and we don't want to maintain any on premise AD server . So my question is -is ...

Azure Active Directory Domain Controller

Currently we have 7 domain controllers, 5 on premise and 2 on Azure environment. The domain controller on premise hold 5 FSMO roles. We're in the process of decomm. DC on premise. What step should I ...

Which Ports need to be accessible on a Domain Controller for Clients to logon? continued

With reference to one of the questions asked "Which Ports need to be accessible on a Domain Controller for Clients to logon?" I have a aligned issue being faced. Please see the following ports which ...

Cannot ping DNS servers

I'm in abit of a situation, here is what I'm up against: So I have two server, on different subnets. Both servers can ping each other. Server one 10.0.1.* Server two 192.168.2.* Server one can ...

Renaming a computer kicks out of domain

I use a powershell script to rename hostname computer from our domain: Rename-Computer -NewName $computername -DomainCredential $mycreds -Force -PassThru Most of the time it works, but in a low % of ...

Find AD Users Who Belong to More Than One Group in a Particular OU

We have an OU of "People Groups" - is there a way to find users who belong to more than one of the People Groups in that OU only? Preferably with AD Manager, but Powershell will work, too... thanks!

How to set desktop background color for all users for domain Windows machines?

I have some Windows Server machines joined to a Active Directory domain. How can I set the desktop background color for all users on selected machines, so that the background color reminds them that ...

radius authentication — spiking load ever two hours on the hour

We're using freeradius & winbindd in order to authenticate our EDUROAM Wifi users against the Active Directory domain. This is working like a charm, but we get load-spikes of 30 and more almost ...

How to authenticate linux users against two different directories simultaneously?

I have a few Linux servers using SSSD integrated with Microsoft AD to authenticate AD users. AD groups are managed by a different department and I'd like to set up another directory to manage my own ...

How to set folder permissions to computer (not user) in Windows domain?

I'm running a Windows Server 2012 R2 domain and I want UserA to be able to open ShareA from the server and modify its content when he's logged on to ComputerA. However, when UserA is logged on to ...
Translating... 0%