Search Results

Search found 21334 results on 854 pages for 'active directory'.

Page 10/854 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • What permissions are needed to do an LDAP bind to an Active Directory Server

    - by DrStalker
    What permissions are needed to perform an LDAP bind to an active directory server? I have a central domain (call it MAIN) that has two-way trusts to domains in other forests (call then REMOTE and FARAWAY) Using MAIN\myaccount as the username and my password I can bind to REMOTE fine, but not to FARAWAY; I get an invalid credentials response 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 In all other ways the trusts seem to work fine. What permissions do I need to check to figure out why the bind is failing? My understanding is that anyone in AUTHENTICATED USERS should be able to bind to LDAP, but that only seems to hold true for some domaians and not others.

    Read the article

  • How to choose which fields are available via LDAP from an Active Directory

    - by Felix Eve
    I'm using PHP to do an ldap search and then pull the attributes out using ldap_get_attributes. This returns an array of data (that can be seen here) however there are some fields that are missing such as Organization Title, department, company, address and telephone number. How to I make these fields available? There is a similar question here: http://www.petri.co.il/forums/showthread.php?t=15227 I've followed the steps outlined there an tried changing some access permissions but am not really sure what I'm doing and can't see any permissions that directly relate to the fields that I can see when I edit a user in the "Active Directory Users Computers" window. I am a PHP developer, not a Windows server administrator so am finding configuring an AD rather challenging so please don't assume any level of knowledge about AD. I've asked the same question on stack exchange but understand this is a more relevant place to ask.

    Read the article

  • Active Directory replication failing with Access is Denied

    - by Justin Love
    I recently discovered that Active Directory replication started failing about a month ago. If I attempt to Replicate Now from the failing domain controller, I receive The following error occurred during the attempt to synchronize the domain controllers: Access is denied. It is between two servers at a remote site. One is Windows 2003 and the other is Windows 2000; the Windows 2000 machines is experiencing the errors. The domain is older OUR_DOMAIN style. Attempts so far: I disabled Kerberos service on the Windows 2000 server and restarted RPC and RPC locater services have expected settings HKEY_Local_Machine\Software\Microsoft\Rpc\ClientProtocols missing ncacn_nb_tcp on Windows 20003 server (added) Portqry reports okay Firewall disabled netdom resetpwd (and reboot) on Windows 2000 server.

    Read the article

  • Streamline Active Directory account creation via automated web site

    - by SteveM82
    In my company we have high employee turnover, and hence our helpdesk receives about a dozen requests per week for new Active Directory accounts. Currently, we receive these requests simply via e-mail or voice-mail, and rarely do we have all of the information necessary to create the account. I would like to find a web application that can be used by a manager or supervisor to formalize the requests they make for AD accounts for new employees under their command. Ideally, the application would prompt for all of necessary information, and allow the helpdesk to review the requests and approve or deny each one. If approved, the application would take care of creating the account and send an e-mail to the manager. I have found several application on the Internet that handle self-service account management (i.e., password resets or update contact info), which is also nice to have, but nothing that streamlines the new account request and creation part. Can anyone make suggestions on such an application? Thanks.

    Read the article

  • Active Directory Profile Slows down machine

    - by boburob
    I have a strange issue with an Active Directory profile. When the user logs onto a machine with his profile, the whole machine becomes incredibly slow and unresponsive, with programs hanging and taking an age to load everything. If I log into the same machine with any other profile nothing happens. I took a look at his original profile, any start up programs, login scripts, etc and could not see what could be causing this. The machine is not running out of memory or CPU. Nothing strange is appearing in the event log and I can see nothing running under his profile which may cause this. So I created the user a new profile to test this on and exactly the same thing happens on the first login. The only thing which would of been carried across is the security groups the user is assigned to, yet I have other users with the same groups who do not experience these issues so I am now at a complete loss on where to go next!

    Read the article

  • How to configure auto-logon in Active Directory

    - by Jonas Stensved
    I need to improve our account management (using Active Directory) for a customer support site with 50+ computers. The default "AD"-way is to give each user their own account. This adds up with a lot of administration with adding/disabling/enabling user accounts. To avoid this supervisors have started to use shared "general" accounts like domain\callcenter2 etc and I don't like the idea of everyone knowing and sharing accounts and passwords. Our ideal solution would be to create a group with computers which requires no login by the user. I.e. the users just have to start the computer. Should I configure auto-logon with a single user account like domain\agentAccount? Is there anything else to consider if I use the same account for all users? How do I configure the actual auto-logon with a GPO on the group? Is there a "Microsoft way" without 3rd party plugins? Or is there a better solution?

    Read the article

  • How to enable password challenge in Active Directory?

    - by Antonio Laguna
    As IT Support, my team is taking so much time reseting passwords. So, we thought it would be interesting to enable some sort of Password Challenge in Active Directory so users could reset their own passwords, after correctly answering some questions. Despite we alert users by mail when their passwords are going to expire, they just delete the mail and go on so we think it should be a great idea. I've seen some commercial products but I'm not sure if there is something built-in or GPL to enable this kind of feature. Could someone shed some light about it?

    Read the article

  • How to run programs from a different directory in unix

    - by user1067358
    I know this is a very simple question, and that many similar (but more complicated!) questions have been asked- So i wanted to ask this in a very plane manner. Sorry if this voids the rules of conduct on this website! I'm very new to using unix. I have a program that converts a ".evt" file to an .rq1, which is used for data analysis. The command to do so is simple, for example: Convert data.evt (this outputs data.rq1). This program, let's say, is located in directory /A and I have a data file that I want to convert in directory /B. How would I go about executing this program without moving the convert program to directory B?

    Read the article

  • Limit number of concurrent user logins in Windows Server 2008 Active Directory

    - by smhnaji
    Is there the possibility to limit Active Directory users' max concurrent login sessions? I've read many articles and discussions about the solution, but none of them seem to be working. Many had suggested UserLogin script that doesn't work in Windows Server 2008. Some other suggested CConnect that is not good enough. It's also very complicated. Some others have introduced UserLock that should be paid for. It's wondering that Windows Server 2003 DOES have the feature (wile as a third-party), but Windows Server 2008 doesn't have! One of the articles I've read: http://www.edugeek.net/forums/windows-server-2008-r2/61216-multiple-logins.html

    Read the article

  • Samba file shares - ownership of folder accessible for 1 group verified by MS active direcctory

    - by jackweirdy
    I have a machine set up to share a folder /srv/sambashare, here's an exerpt of the config file: [share] path = /srv/sambashare writable = yes The permissions of that folder are set at 700 and it is owned by nobody:nogroup at the moment. The problem I face is probably a simple one but I'm fairly new to Samba so I'm not sure what to do. The contents of the share should be accessible to a particular user who will authenticate with domain credentials, checked against Active Directory by kerberos. I haven't got kerberos configured yet as I wanted to test the share as soon as samba was configured, albeit basically, to ensure that it works. I've noticed that I can only access & write to the share when the folder is either owned by the user logging in or made world writable. The key issues are that this folder can't be world writable as it contains sensitive stuff, but at the same time can't be owned by a user or group since they come from the AD server. Anyone know what I should do?

    Read the article

  • SVN + Active Directory

    - by rudigrobler
    How do I setup SVN (On a linux box - Centos 5.2) to authenticate using Active Directory? Also: Any tips or tricks? What should I watch out for? How fine grain can I set the access? This group have access to these projects, etc? And how does this work if I use something like tortoissvn to access my repository? What I have learned so far: you need the following modules installed for apache mod_ldap mod_authnz_ldap mod_dav mod_dav_svn mod_authz_svn?

    Read the article

  • Local Profile Map to New Active Directory Login

    - by user42937
    Preface: I am sure this has been asked some where on the site before but I couldn't find any questions about it, or maybe I am not using the correct verbiage... Our admins are giving us a new active directory account on different domain. As I am a progammer (a member of IT) we are the group gets assigned new accounts first to test the migration. When I log in to my local machine using the new account I get a new local profile. Not the biggest deal, but on the new profile I am missing mappings, desktop items, wallpaper, etc. Our users I going to throw a fit if there is no way around this. Two Questions: I've seen references to NTUSER.DAT and suggestions to Copy all user files from "Documents and Settings", but is there a good way or is it even possible to associate my local profile with the new AD account? Is there any thing that our admins can do to prevent this from happening?

    Read the article

  • find directories in the current directory, older than 5 days and archive them

    - by user197284
    This is basic questions. I need to find folders in the current working directory(not recursively) and if they are older than 5 days archive them. zip or tar.gz is fine. I can find the folders with following commands find ./ -maxdepth 1 -type d -mtime +5 And i know i can pass this output of the find using xargs. But i do not know how to archive with folder name intact. That is the directory test1 should be archived to test1.zip and directory "test2" should be archived to "test2.zip". Any inputs are welcome. Regards

    Read the article

  • ID Badge Access System for Building with Active Directory Integration [closed]

    - by Alex
    I hope this is the right place for this question. So, we're looking into setting up a building access that uses badges or cards of some kind. I wanted to ask the users on here if they've had to do such setups and/or if they have recommendations? Is there maybe a system that integrates with Active Directory? I know one of the things our managers want to do is to be able to run reports on when people are entering the buildings. I'd appreciate any suggestions and thanks in advance!

    Read the article

  • Active Directory : AdExplorer and LDAP browsers

    - by webwesen
    I can access my corp AD with SysInternals' "AdExplorer" with no problems. however, when I try to use generic LDAP browser (ldp.exe in my example) to access the same AD directory I can't get the required protocol/auth method. I think I have tried them all. what protocol/settings does AdExplorer use by default?

    Read the article

  • IO.Directory.Exists always returns true

    - by roygbiv
    I am executing a IO.Directory.Exists on a network share from an ASP.NET application running under a specific Application Pool with a specific user account. The call always returns true. I have tried several variations: \\server\share$\directory \\192.168.0.1\share$\directory H:\directory I have checked that directory and share permissions are available to the account. The path does have spaces in it \\server\share$\directory\name name\test test, which should make no difference, however I have read otherwise. I will continue to check permissions, as it does work from my local machine (with the built in VS web-server and I am an administrator on the network), but when deployed to the IIS 6.0 virtual directory, and run under the Application Pool, it does not work.

    Read the article

  • Make Directory.GetFiles() ignore protected folders

    - by Kryptic
    Hello Everyone, I'm using the Directory.GetFiles() method to get a list of files to operate on. This method throws an UnauthorizedAccessException for example when trying to access a protected folder. I would like it to simply skip over such folders and continue. How can I accomplish this with either Directory.GetFiles (preferably) or another method? Update: Here is the code that throws the exception. I am asking the user to select a directory and then retrieving the list of files. I commented out the code (so this is now whole method) that iterates through the files and the problem still occurs. The exception is thrown on the Directory.GetFiles() line. FolderBrowserDialog fbd = new FolderBrowserDialog(); DialogResult dr = fbd.ShowDialog(); if (dr == System.Windows.Forms.DialogResult.Cancel) return; string directory = fbd.SelectedPath; string[] files = Directory.GetFiles(directory, "*.html", SearchOption.AllDirectories);

    Read the article

  • Why can't I navigate Active Directory within Powershell?

    - by Myrddin Emrys
    I have an AD: drive, which should allow me to browse active directory from within Powershell. But when I try to use it, it will not let me navigate beyond the root. From what I have read the given commands should work, but they are failing. PS AD:\> ls Name ObjectClass DistinguishedName ---- ----------- ----------------- company domainDNS DC=company,DC=com Configuration configuration CN=Configuration,DC=company,DC=com Schema dMD CN=Schema,CN=Configuration,DC=company,DC=com ForestDnsZones domainDNS DC=ForestDnsZones,DC=company,DC=com DomainDnsZones domainDNS DC=DomainDnsZones,DC=company,DC=com PS AD:\> cd schema Set-Location : Cannot find path 'AD:\schema' because it does not exist. At line:1 char:3 + cd <<<< schema + CategoryInfo : ObjectNotFound: (AD:\schema:String) [Set-Location], ItemNotFoundException + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetLocationCommand PS AD:\> cd Schema Set-Location : Cannot find path 'AD:\Schema' because it does not exist. (duplicate of previous error) PS AD:\> cd company Set-Location : Cannot find path 'AD:\company' because it does not exist. (duplicate of previous error) PS AD:\> ls Schema Get-ChildItem : Cannot find path '//RootDSE/Schema' because it does not exist. (duplicate of previous error) PS AD:\> cd ForestDnsZones Set-Location : Cannot find path 'AD:\ForestDnsZones' because it does not exist. (duplicate of previous error)

    Read the article

  • Joining Samba to Active Directory with local user authentication

    - by Ansel Pol
    I apologise that this is somewhat incoherent, but hopefully someone will be able to make enough sense of this to understand what I'm trying to achieve and provide pointers. I have a machine with two network interfaces connected to two different networks (one of which it's providing several other services for, such as DNS), running two separate instances of Samba, one bound to each interface. One of the instances is just a workgroup-style setup using share-level authentication, which is all working fine. The problem is that I'm looking to join the other instance to an MS Active Directory domain (provided by MS Windows Small Business Server 2003) to enable a subset of the domain users to access the shares from Windows machines on the other network. The users who need access from the domain environment have accounts (whose names are all-lowercase versions of their domain usernames) on the machine running Samba, but I'm not sure about how to map the UIDs and everything I've read concerns authenticating accounts on that machine against either AD or another LDAP server. To clarify: I only want the credentials for AD users accessing the non-workgroup Samba instance to be authenticated against AD, not the accounts on the machine running Samba. I hope this is sufficiently clear. EDIT: In addition to being able to access the Samba shares from AD, I do also need to be able to access a share on the domain from the machine running Samba but would still like everything non-Samba-related to authenticate locally.

    Read the article

  • Joining Samba to Active Directory with local user authentication

    - by Ansel Pol
    I apologise that this is somewhat incoherent, but hopefully someone will be able to make enough sense of this to understand what I'm trying to achieve and provide pointers. I have a machine with two network interfaces connected to two different networks (one of which it's providing several other services for, such as DNS), running two separate instances of Samba, one bound to each interface. One of the instances is just a workgroup-style setup using share-level authentication, which is all working fine. The problem is that I'm looking to join the other instance to an MS Active Directory domain (provided by MS Windows Small Business Server 2003) to enable a subset of the domain users to access the shares from Windows machines on the other network. The users who need access from the domain environment have accounts (whose names are all-lowercase versions of their domain usernames) on the machine running Samba, but I'm not sure about how to map the UIDs and everything I've read concerns authenticating accounts on that machine against either AD or another LDAP server. To clarify: I only want the credentials for AD users accessing the non-workgroup Samba instance to be authenticated against AD, not the accounts on the machine running Samba. I hope this is sufficiently clear. EDIT: In addition to being able to access the Samba shares from AD, I do also need to be able to access a share on the domain from the machine running Samba but would still like everything non-Samba-related to authenticate locally.

    Read the article

  • ldapsearch against Active Directory fails

    - by Guacamole
    I am using ldapsearch from OpenLDAP tools to search our corporate Active Directory for my email and phone number. This query is a test to ensure that I can authenticate against the domain so I can set up a linux wiki with NTLM authentication. My theory is that if I can successfully query the AD for information, then I am a step closer to getting my wiki to authenticate against AD (I have instructions to set up moin wiki under ActiveDirectory). The problem is that I can't seem to get the ldapsearch query right. I have seen many tutorials on the net that indicate that -D should be something like -D "Americas\John_Marsharll"; however, I keep getting ldap_bind: Invalid credentials (49) error messages when I use Americas\John_Marshall. The only time I get sensical results is when I query with the parameters below. However, even then, I can't figure out how to get email and phone number. [John_Marsharll@WN7-BG3YSM1 ~]$ ldapsearch -x -h 10.1.1.1 \ -b "cn=Users,dc=Americas" mail telephonenumber -D "cn=John_Marshall,dc=Americas" # extended LDIF # # LDAPv3 # base <cn=Users,dc=Americas> with scope subtree # filter: (objectclass=*) # requesting: mail telephonenumber -D cn=John_Marshall,dc=Americas # # search result search: 2 result: 32 No such object # numResponses: 1 [John_Marshall@WN7-BG3YSM1 ~]$ Can someone give me pointers on what I'm doing wrong with the ldapsearch query above? Our AD ldap server is 10.1.1.1 and the AD domain is "Americas".

    Read the article

  • Using Active Directory through a Firewall

    - by Adam Brand
    I had kind of a weird setup today where I wanted to enable Windows Firewall on a Windows 2003 R2 SP2 computer that would act as an Active Directory Domain Controller. I didn't see one resource on the Internet that listed what would be required to do this, so I thought I'd list them here and see if anyone has anything to add/sees something that isn't necessary. Ports to Open with "subnet" scope: 42 | TCP | WINS (if you use it) 53 | TCP | DNS 53 | UDP | DNS 88 | TCP | Kerberos 88 | UDP | Kerberos 123 | UDP | NTP 135 | TCP | RPC 135 | UDP | RPC 137 | UDP | NetBIOS 138 | UDP | NetBIOS 139 | TCP | NetBIOS 389 | TCP | LDAP 389 | UDP | LDAP 445 | TCP | SMB 445 | UDP | SMB 636 | TCP | LDAPS 3268 | TCP | GC LDAP 3269 | TCP | GC LDAP Ports to Open with "Any" Scope (for DHCP) 67 | UDP | DHCP 2535 | UDP | DHCP ALSO You need to restrict RPC to use fixed ports instead of everything 1024. For that, you need to add two registry keys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters Registry value: TCP/IP Port Value type: REG_DWORD Value data: <-- pick a port like 1600 and put it here HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters Registry value: DCTcpipPort Value type: REG_DWORD Value data: <-- pick another port like 1650 and put it here ...don't forget to add entries in the firewall to allow those in (TCP, Subnet scope). After doing all that, I was able to add a client computer to the AD domain (behind Windows Firewall) and log in successfully.

    Read the article

  • Active Directory: Determining DN or OU from log in credentials [closed]

    - by Christopher Broome
    I'm updating a PHP login process to leverage active directory on a Windows server. The logging in process seems pretty straight forward via a "ldap_bind", but I also want to pull some profile information from the AD server (first name, last name, etc...) which seems to require a robust distinguished name (DN). When on the windows server I can grab this via 'dsquery user' on the command prompt, but is there a way to get the same value from just the user's login credentials in PHP? I want to avoid getting a list of hundreds of DNs when on-boarding clients and associating each with one of our users, so any means to programmatically determine this would be preferential. Otherwise, I'll know the domain and host for the request so I can at least set the DC portions of the DN, but the organizational units (OU) seem to be pretty important for querying data. If I can find some of the root level OU values associated with the user I can do a ldap_search and crawl. I browsed through the existing questions and found some similar but nothing that really addressed this, so my apologies if the obvious answer is out there. Thanks for the help.

    Read the article

  • Providing access to a no-www website in an active directory environment

    - by oasisbob
    Our website is hosted externally, off our network. The canonical URL is a is intentionally lacking www, and will 301 redirect any requests containing www to the canonical URL. So far, so good. The problem is providing access to the website from within our LAN. In theory, the answer is simple: add a host record in DNS pointing foobarco.org to the external webhost. (eg foobarco.org -- 203.0.113.7) However, Our active directory domain is the same as our public website (foobarco.org), and AD appears to periodically auto-create host (A) records in the domain root corresponding to our domain controllers. This causes obvious problems: users on the LAN attempting to access the website resolve the domain controllers instead. As a stop-gap measure we're overriding DNS using the hosts file on clients, but this is a quick hack that doesn't scale well. The hosts-file hack hasn't broken anything obvious, so I doubt that this behavior is essential to AD operations, but I haven't found a way to disable it. Is it possible to override this behavior?

    Read the article

  • Choosing local versus public domain name for Active Directory

    - by DSO
    What are the pros and cons of choosing a local domain name such as mycompany.local versus a publicly registered domain name such as mycompany.com (assuming that your org has registered the public name)? When would you choose one over the other? UPDATE Thanks to Zoredache and Jay for pointing me to this question, which had the most useful responses. That also led me to find this Microsoft Technet article, which states: It is best to use DNS names that are registered with an Internet authority in the Active Directory namespace. Only registered names are guaranteed to be globally unique. If another organization later registers the same DNS domain name, or if your organization merges with, acquires, or is acquired by other company that uses the same DNS names, then the two infrastructures cannot interact with one another. Note Using single label names or unregistered suffixes, such as .local, is not recommended. Combining this with mrdenny's advice, I think the right approach is to use either: Registered domain name that will never be used publicly (e.g. mycompany.org, mycompany.info, etc). Subdomain of an existing public domain name which will never be used publicly (e.g. corp.mycompany.com). The "never used publicly" part is a business decision so its probably best to get sign off from those in the company authorized to reserve domain names and subdomains. E.g. you don't want to use a registered name or subdomain that the marketing dept later wants to use for some public marketing campaign.

    Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >