Newest 'active-directory' Questions

Q&A for system and network administrators

CentOS 7 LDAP Authentication: “Permission denied”

I'm running a CentOS 7 VirtualBox instance. I am trying to set up LDAP authentication through our company Active Directory server. Note: The AD server DOES NOT have Unix extensions installed. Setup: ...

What will happen if I enable LDAP authenticaion on pfsense and LDAP server will fail?

Currently I am using local database for authentication on my pfsense. I know that Cisco's IOS has backup authentication methods for the cases when primary one fails. You can even not to authenticate ...

May be using wrong terminology; but need to validate a password after I set it via code [duplicate]

Situation: I'm setting local user passwords remotely in my environment across multiple domains and storing in a password vault. For reason difficult to articulate, I need to be able to validate that ...

Server 2012 Mapped Drives using Samba and Linux User Accounts

Afternoon all, I am in the process of building an Active Directory Domain to be placed into our workplace. I have come to the point of setting up the shared drives that each of the staff members use ...

Syncing on-prem subdomain AD to Azure AD

I've been looking for an answer to this here and in other places, but I can't seem to find one. I have a client with a single on-prem Active Directory domain. One forest, one domain. There are ...

Local Administrators group in AD

I have a bunch of PCs in my company AD and I want to give the person who most uses one given PC access to local Administrators group. I know, not the best idea but still I sometimes need my employees ...

Is it possible to give an AD user 'write personal information' permissions without making them domain admin?

I would like to allow a specific user the ability to update photos in AD, for example using a 3rd party utility that will be installed on their computer. To do this I believe they must have the '...

Powershell: setting owner for AD DS objects fails

I want to run a Set-ACL on an AD DS object1 with "Domain Admins" set as the owner in my constructed ACL object. The code looks basically like this2: Function SetDSAcl { Param ( [...

Bringing back falied AD DC, what happens to the changes mades on antoher DC?

For some reason, our "primary" DC failed and I could not make it back for a little while (let's say 2 weeks). In the meantime, I had to create some GPOs, groups and users on a second, backup DC (same ...

DNS/WINS - having to define when joining to our domain

We have an AD environment all linked together to domain controllers in a datacentre via ipsec tunnels - the DNS appears to work perfectly, they're all set to 127.0.0.1 with forwarding addresses and ...

How to verify external trust between two domains is working

In my environment I have two separate forests FA.COM and FB.COM and two child domains DA.FA.COM and DB.FB.com. There is no forest trust but two-way external trust between DA.FA.COM and DB.FB.com. Are ...

Existing Azure AD Connect / existing AD on premises: sync?

We're trying to link an existing on premises AD with an existing Office 365 (only mail). We installed Azure AD Connect and went through the steps, we'd like our local AD passwords to be synced with ...

Need CentOS VPS to connect to Microsoft AD server via VPN

I've got a CentOS 6 VPS up and running with several websites managed by WHM/cPanel. One of those is to be an intranet site, and I need to connect it to our network over VPN. We're using IKEv1 with ...

Can Alfresco join a domain (or use cifs without typing passwords)?

I have a windows 2012 domain. I am trying Alfresco 5.1 COMMUNITY that should be able to show windows servers a passwordless cifs share. I first would like to ask if it is really possible. Then I would ...

AD short name lookup errors after disabling 'append parent suffixes'

I manage an AD domain, let's call it "example.local". Its short netbios name is "EXAMPLE". The former shows up in reverse dns lookups and in AD configuration tools. The latter is seen whenever ...

Windows 10, RSAT tools missing functionality

On my Surface Pro 4 I'm missing a good bit of the functionality of RSAT. Here is what I'm seeing: ADUC Variety of tabs missing from the properties windows. I've turned on "Advanced Features": But ...

Adding root named DNS zone in AD environment

We have a test environment with root AD domain named corp.testdomain.net with AD integrated DNS. For Exchange tests, messaging team has asked if we can create testdomain.net zone on DNS server. Surely ...

Hosted network policy location in local Registry

Possibility of creating a "Hosted network" by the virtual WiFi Adapter has been introduced by Windows 7. There is a Group Policy which this can be controlled by, on this screenshot you can see where ...

fedora 25 sssd active directory user cannot logon

I have a Fedora 25 workstation (Korora 25 actually). I have configured and joined to my Active Directory domain with sssd/realmd as I have done many times before. I have successfully done this with ...

Changing the AD RMS Service Account

When I tried to Change the AD RMS Service Account (on a Server 2016 test environment without SLQ Server)... I got the following error... You are currently logged on with a user account that does not ...

Active Directory Administrative Center (Server 2012 R2) crashes frequently upon updating user [duplicate]

Is this the same error referenced here: Active Directory Administrative Center Crashes when updating object ? I tried posting this image IN THE SAME THREAD, which seems to make the most logical sense ...

Script to export many AD Groups' Properties/Attributes to csv

I have a list of about 1,000 Active Directory security groups (the list is in Excel, but I can save as csv or copy and paste into a txt file). I would use it to get the following properties/...

“Permission Denied” creating a new domain-based Dfs root as non-Administrator

I have been tasked to delegate a number of everyday tasks in our domain to a group of technicians which does not have Domain Admins membership. One of these tasks is the creation of new domain-based ...

Best Practice for creating a Vendor account on AD for RDP into a single server?

I have been tasked with creating an account on our Domain for an outside vendor to RDP into a single server with Admin access and have access to nothing else. I've spent a whole day spinning my ...

Is it possible to prompt users to update their Phone number on Login, using Active Directory?

I know via AD it is possible to get a used to update their password on next log in. Is it possible to do the same thing to the other fields of a user? Eg prompt them to update their phone number, ...

Azure Active Directory Sync Health - “Latest data is not available”

Anyone uing AD Connect Sync Health in a non-Express setup yet? I have a the Sync Health agent installed, and connected to AAD, but am getting an error - in the Sync Error applet it shows "Latest data ...

Authentication of Linux machines over the internet in a Windows only shop

Our company is a Windows shop with Windows Active Directory deployed full time. We have a mix of Windows 7 and Windows 10 machines. I understand authentication of Linux machines when I am inside the ...

Giving permissions to Virtual Service Accounts on domain controllers

The service I'm implementing will run on a domain controller, so I'd like it to have minimal privileges. Ideally, it would simply run as Local Service. However, it needs to be able to: monitor ...

ID mapping with SSSD and SMB

I'm trying to get a samba share working with correct IDs on Windows (SID) and Linux (uid/gid) clients. The problem is that the uids and gids are not properly mapped back to SIDs and SIDs are not ...

directory service event log

Situation: I have a need to examine Directory Service event logs for multiple servers once an hour. In order to do this without crushing the DCs and not be bound by network speed I am copying the ...

CMD User Active Directory

I'm working in a small business and I am the administrator of the Active Directory using Windows Server 2012 R2 and Windows 7 machines. I want to create a user who can only access the CMD (find the ...

RADIUS timeout on try on openvpn

I have configured AD RADIUS server to authenticate Openvpn, using the below doc. But i am getting the below error which says "incorrect secret" even i have configured same secrete. https://docs....

do I have to upgrade all servers to 2016 at once?

Do I? Currently, we have a mix of 2003, 2008, 2008R2 and 2012. I want to move to 2016 AD for DCs only. I'm going to purchase CALs and Server 2016 Standard licenses. I assume not? Thanks for any ...

IT helpdesk - remote management of user profiles

I have a question. I wonder what is the best approach for managing user profile enviroment on their computers? For example if there is an task for administrator to solve a problem on users profile on ...

CentOS 7 LDAP SSH Error “cannot find name for group ID”

I'm running a CentOS 7 VirtualBox instance. I have LDAP authentication set up through our company Active Directory server. Note: The AD server DOES NOT have Unix extensions installed. What I'm ...

The processing of Group Policy failed

One of the AD servers has been decommissioned. There is currently only one left (Windows Server 2016). We do have an error when trying to deploy group policies. The processing of Group Policy failed....

WMI-filter on GPO evaluates contradictory

Background information I have got several, very basic, WMI filters that I use for my GPOs. All they do is check for the running operating system version and the value of an environment variable. ...

Getting all users specific info from active directory using script

I need to acquire following information from the Windows 2008 Active Directory Domain Controller Server. a) User name b) User ID / O.U c) User Status (Disabled/Enabled) d) User Creation ...

Hyper-V Manager - Windows 10 & Server 2016 & Activer Directory - Cannot connect Local W10 Account to Hyper-V running on Server 2016

I have a server running server 2016 for my Hyper-V Role and the server is domain joined. My PC is Domain Joined but I run using a local account most of the time. I cannot connect my Hyper-V Manager ...

Is it possible to enforce a specific Credential Provider per Active Directory user?

I have a credential provider that does not act the way I want it to. It provides secondary authentication, but it's scope is for all interactive Windows logins host-wide, not for a specific user. In ...

restrict access to specific attributes openldap proxy

I try to config OpendLdap in proxy mode of Active Directory to browse specific attributes and not all. When I browse my AD with ldapsearch, it works, but it displayed all of attributes, I just want ...

Minimum delegation needed in AD for reading Scheduled tasks and Services info

I am trying to monitor Scheduled tasks and Services remotely(from a different domain) on windows servers (domain controllers) ; we are planning to implement a minimum required delegation model for ...

Can Linux machines joined to active directory update its DNS records?

Well question is above, but to explain my setup: Mikrotik as gateway running DHCP (DNS set to AD) Windows 2012 as Active Directory and DNS CentOs7 as client I let CentOs pickup IP from DHCP on ...

Computer GPOs not being applied - SYSVOL issue

I noticed on some (not all) of my workstations, changes to GPOs were not being applied. I logged into a couple and ran gpupdate /force. I got "The processing of Group Policy Failed. Windows attempted ...

Office 365 domain alias mail flow rule?

Is there a way to globally route incoming secondary domain mail to a primary domain for all users without having to list every possible combination of account alias and domain alias in each users AD ...

Configuring software on multiple computers [on hold]

Hey guys im trying to do things the right way and save as much time as possible (like a professional would). When a company has many many computers you first create a computer with everything ...

A linked mailbox user sometimes connects to wrong Exchange organization

Configuration is as follows: Domain hosting.contoso.com hosts an on-premises Exchange 2013 organization, that hosts several second level domains, including the contoso.com domain. The domain is in a ...

Access CIFS share using short username and not UPN

I'm trying to configure CIFS share on my NetApp FAS2554 (NetApp Release 8.3.2P2). And I have 2 shares created. One allows accessing it using short username i.e. and another one for some reason ...

Modify Active Directory attribute max length

I'd like to change the max length of the department attribute from 64 to 150. Is it wise to modify core active directory attributes ? or should I create another attribute with my length requirements ?...

Applying same wallpaper on several clients using Group Policy not working

I have a 2 domain controllers. The clients can login to the AD normally and everything works fine. I want to accomplish the task of unifying all the Desktop Wallpaper Backgrounds of all the user ...
Translating... 0%