Newest 'active-directory' Questions

Q&A for system and network administrators

How to find AD user Login details

I have active directory configured in windows server 2012 r2. I want to collect logs of a particular user or Multiple users. The logs must show the login time, logout time, system operating system, IP ...

Migrate AD DHCP

Soon, I will need to migrate my domain controller server with AD DHCP 2012 R2 from a PowerEdge R430 to a virtual machine on Windows server 2016 based on VMware vSphere 6. Can anybody post a step-by-...

GPO Allowing Domain-User to Install Softwares on Local Machines Without Being Administrator

I have a specific OU with several machines in it. I just created a domain-user who is meant to have normal standard-rights like an absolutely normal local-user on all the machines - the only thing he ...

Windows sharing folders appears to user without access

I have some shared folders SharedA, SharedB and SharedC, over a resource called WIN-RGHXXXXXX. Also have some users: UserA, UserB, UserC. Each user has it's own access to it's own shared folder in the ...

Server not appearing in Shares for Active Directory

I am trying to create a file share for a server in Active Directory, but I cannot see the server I want to use. I have two servers, one is Windows Server 2012 R2-GUI and the other is Core. The GUI is ...

Only use cached login if active directory isn't available

Is it possible to set up my clients so that they can login at any time, always asking Active Directory first and if it isn't available use Windows cache? Thanks for the help!

Understanding exactly why the timestamp was not affected of ad objects

I made a script that takes data from an HR database and populates correlating attributes in AD e.g department, title, manager, location. Since people change titles, departements and/or locations on ...

Disaster Recovery Site with DC's from two sites

SiteA = primary SiteB = DR Can I have two DC's in the DR location, but have one in SiteA and one in SiteB, but both on the same network? Each site has it's own subnets. I could add the /32 (part of ...

Constant Audit Failures in Event Viewer from Users not logged on

Let me start off with some details on my environment: Windows Active Directory Domain Environment Domain Controller: Windows Server 2003 R2 Problem Workstation: Windows 7 Professional 64-bit Lately ...

How to block local ns records to the public?

I have a DNS and active directory server behind NAT (I have to). On DNS server AD automatically adds a NS record for private ip address. How can I set a policy to response local NS record for a ...

LDAP Active Directory find all users from two OU

I want to find all users which are contained in two OUs, but not in the other ones. Basically, this is the same issue as in https://ldapwiki.com/wiki/ExtensibleMatch#section-ExtensibleMatch-...

how to allow one specific application to access command-prompt?

is there a workaround to allow only one specific application to access command prompt (java application) in a disabled command prompt active directory environment without enabling command prompt for ...

User account with limited admin rights win server 2012

0 down vote favorite I am having a situation where I have to create an admin account that can do all the maintenance on clients computers(add to server, install software and all client computer ...

NTDS connection missed while site link exists

Here is my scenario: There are site A and site Z, they are designed to backup each other. One DC in each site. Hub A and Hub B, they are also designed to backup each other There are 6 site links. ...

SSH login using SSSD (Windows Server 2016)

I'm testing SSSD RedHat 7.2 integration with Windows Server 2016 (AD). I want to access through SSH using AD users in a specific group (allow_ssh_admin). I've configured some files and I can see the ...

GPO says Version Mismatch on Domain Controller when Versions appear to Match

On my primary domain controller, the AD and Syslog version of each of my GPO policies appears to match correctly: However, when I run a Group Policy Results report, it says that their is an "AD / ...

Windows SBS 08 domain controller is missing \\Localhost\NETLOGON share

One and only working logon server in the domain. When I run DCDIAG, it returns: Starting test: NetLogons * Network Logons Privileges Check Unable to connect to the NETLOGON ...

Active Directory Security Identifier

What is meant by an "Identifier Authority" in the SID in Active Directory? In an object's SID in my domain controller denotes 5 which is an NT-Authority. So what actually meant by the Identifier ...

server 2012R2 missing HTTP service. WinRM fails to start

after uninstalling IIS. I made the mistake of also removing HTTP from it. this caused the entire service to be removed. and WinRM failing to start. which is needed to make any meaningful changes to ...

How to Apply Computer Configuration Group Policy to a Remote Desk server based on user security group

We are trying to figure out how to have a computer policy apply for only users in a specific security group. Essentially we have a group of users where we want to lock down things like server manager ...

problems with printing out from a program that are on networkdrive

we have a issue with 4 of our computers can not print out from our program that are on a network drive an is giving us a definition invalid exception \\SINDALSQL\app\Resources\rdls\tntexpresslabel....

GPO applied to server when logged on with a local ID

I have servers in my domain, and have GPOs created for it. Question is if I log on to the server using the server's local ID and not the domain ID, will the GPO still be applied?

import list of pcs using import-Csv and change attribute using powershell script

Im trying to write a powershell script to change attribute called "comment" in a list of pcs using csv and import-Csv. Here is my script $computers=Import-Csv -Path "C:\sds.csv" foreach ($...

Samba member server - is user disabled?

I have a Debian Samba file server bound to Active Directory as a member server. We create a staff folder for each employee matching their username on this server. When employees quit, their Active ...

Creating transportable servers (Windows Server 2008 R2)

Question: What would be the best way to achieve the desired situation? RODC's? Current situation: We have two domain controllers both with OS in RAID1 and DATA in RAID5. We also have two extra HP ...

Group Policy is not applying or being dected by certain users on the same doman

I have recently been experiencing an issue when attempting to push out Group Policy updates. The updates I am attempting to apply are basically just updating parameters in .txt file that resides on a ...

How to recover FSMO Schema master

I am trying to raise a secondary "AD DC" server on a WIN 2012. My primary server is a Win 2008. While going through the Add feature process, I got the error message: error determining whether the ...

How to debug SSL handshake on a AD domain controller? Having > 10 second delay on some cases

We have a component in our architecture that is in charge of authentications flows for some websites, and at some point is has to go and make some LDAPS connection to a domain controller to validate ...

Deleted AD user, Mailbox in Limbo - Exchange 2016

Short of the long I deleted an AD user and their Exch2016 mailbox has not been marked as disconnected. Long of the short I migrated a test user from an old forest to a new forest, and then migrated ...

Samba AD Groups different permissions to same share

I am trying to configure a samba shares using samba4 version on Linux machine (which is joined to AD DOmain). My question is is there any way to configure two different AD Groups different access to ...

Can you create a DC replication partner with different versions of Windows Server?

We currently have three servers, two running 2008 r2 and one running 2012. These servers currently run separate Domains. I would like to operate a single domain across a VPN. Is it possible to have ...

Cannot contact any KDC for requested realm in log.winbindd-dc-connect every 10 seconds

I have a Ubuntu box, used for cifs file shares, that is using Samba. It is joined to an Active Directory Domain. We are using trusted domains. We have a pretty large AD infrastructure with many child ...

Samba AD: Bind can not load the Zone File because of “Empty Label”

I am currently running Samba 4.5.4 as AC DC with Bind 9.11 as DNS Backend on Arch Linux. Now my Problem is: Bind won't start because of the following Error: dns_rdata_fromtext: buffer-0x74b85f34:1: ...

Converting Active Directory dnshostname attribute to FQDN

I am using ldapsearch to retrieve hostnames of virtual machines managed by a certain Active Directory server. The dnshostname attribute comes back in the form hostname.adserver.domain. For instance, ...

Windows Server 2016 + CIS security benchmarks: “access denied” on GP objects, locked out of all shares incl. SYSVOL

We have got an Active Directory domain with Windows Server 2016 on the domain controller and up-to-date Windows 10 on all clients. Not long ago I began deploying the Center for Internet Security (CIS) ...

Kerberos authentication ticket - Event ID 4768 - Audit failure

I am using kerberos to authenticate a user and its failing. Audit failure details in event viewer are following A Kerberos authentication ticket (TGT) was requested. Account Information: Account ...

How do I get Samba to use a specific domain controller?

Currently, I have Samba on Ubunut Linux 16.04 connecting to a domain controller. When I joined, I joined to ad-1.example.com; however, after two weeks, it found read-only-adc.example.com on its own ...

Is it possible to use AWS Microsoft AD as one DC in a multi-master setup?

Have an on-premise network with two AD servers already. Want to add one more AD server to the AWS cloud. Instead of setting up a Windows VM running AD, I'm wondering if I can use AWS Microsoft AD ...

how to auto sync data from Active directory to Active Directory lightweight?

our company decided to implement active directory lightweight just for authentication and security purpose they want to separate ACTIVE DIRECTORY and active directory lightweight but with same data i ...

Active Directory - Account exists but cannot find it to remove it

I'm trying to add an AD Managed Service Account and my first attempt was as follows: New-ADServiceAccount -DNSHostName VM-Backup-Service -Name "VM Backup" -samAccountName VM_Backup -Path "OU=...

After Domain Upgrade, why can't 2008R2 servers connect to one of the new DCs?

we recently upgraded our domain to Windows Server 2016. We have two new DCs running on domain functional level 2016, removed the old DCs and now we seem to have a strange issue. Our old servers with ...

AD Administrator account logon mystery - last logon timestamp

We've found the domain Administrator account - which we do not use except in the event of a disaster recovery scenario - has a recent date in the LastLogonTimeStamp attribute. As far as I am aware, no-...

DFS-R issues ID 4008/2008/4010/4606

For the past couple of days I seem to have a problem with the DFSR replication on my domain controllers. Event ID 4008/2008/4010 and 4606 are constantly logged each night. I have 4 domain controllers ...

Separating an Active Directory Domain

The company I am employed by is currently working toward separating our Active Directory domain in half. Now, this is due to a pretty lengthy history; allow me to explain. When the company (Company ...

Local domain controller is .com not .local possible problems?

I am taking over a project and the local domain is domain.com they also have a website domain.com I have always used domain.local for AD and am wondering is that just best practice or is there a ...

Investigating Sysvol Replication Issues

We're using PowerShell DSC to automate the deployment of a number of small self contained environments, in these environments we are deploying 2 domain controllers and use DSC to setup the domain etc. ...

iPhone Email Does Not Update After Active Directory Password Change

Scenario: End user is traveling. Uses a laptop, Windows 7 Professional in an active directory environment. Changed their AD Password via VPN. This worked just fine. Business Email is via Office365. ...

Policy Management

i have a domain controller and i have added a ADMX file in :/Windows/PolicyDefinitions and a ADMl file in :/Windows/PolicyDefinitions/en-US and when i am opening the policy manager and editing the ...

Server 2016 ADFS 3.0 and Azure AD update password url not working

I am trying to enable users to update their password. I have a Server 2016 with Active Directory and ADFS configured for SSO. SSO works fine and Active Directory is synced with Azure AD. We use ...

Migrate Windows Server 2008 configuration to Windows Server 2008

I've already taken a look at these questions: Migrate Windows Server 2008 to another server Migrate Windows Server 2008 to a new hard disk Migrate Windows Server 2008 to a new hard disk 2 But I don'...
Translating... 0%