Search Results

Search found 21334 results on 854 pages for 'active directory'.

Page 14/854 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • Grant account write access to specific attributes on Active Directory User object

    - by Patricker
    I am trying to allow an account to update very specific attributes on all User objects. I am setting this security on the "User" object. When I add the account on the security tab, go to advanced, edit the accounts permissions, and start going through the list of attributes I am only able to find a few, like First Name, but most of the attributes I want to let them write to are missing. How can I grant the account write access to these attributes? Attributes I need to grant permission for: First Name (givenName) Last Name (sn) Initials (initials) Department (department) Company (company) Title (title) Manager (manager) Location Info (physicalDeliveryOfficeName, streetAddress, postOfficeBox) Work Phone (telephoneNumber) Pager (pager) IP Phone (ipPhone) IP Phone Other (otherIpPhone) ThumbnailLogo (thumbnailLogo) jpegPhoto (jpegPhoto) Description (displayName) Thanks

    Read the article

  • Creating a new Active Directory account with an InfoPath form

    - by ryan
    I am setting up a business partner portal in our Sharepoint server. There will be an AD group with permissions limited to viewing and possibly contributing to the specific business partner site and employees of our business partners will have accounts created for them as needed. Now we would like to let our business development group(BDG) have control over the partner accounts. Ideally they should be able to add and delete accounts and change permissions on them. The BDG are not domain admins so we don't want to give them access to the domain controller. We want to create an Infopath form that will allow them to do all this. Is it possible to create and manage AD accounts from within an Infopath form on the sharepoint server? I searched this site and MSDN and can not find anything specifically related to my question.

    Read the article

  • Active Directory remote versus local computer logon

    - by Jake
    Hi, Hope some one can help a network/server noob understand how domains work in AD. I am in an organisation with 2 AD servers in 2 different countries, e.g. US and UK, and they set up the US and UK domains respectively. the accounts are set up such that all employees in both countries have a US\user and UK\user account. What is the difference if a UK user logon with US\user from a local UK computer, versus RDP (remote desktop) into a US server with US\user? Thanks for your help.

    Read the article

  • Active Directory - Using GPO To Update Multiple Versions Of .NET

    - by Joe Wilson
    OK, I have searched everywhere for this one. I have all the MSI's and packages I need to deploy .Net 3.5 SP1, and 2.0 and 3.0 (which are prerequisites for 3.5). I can't figure out how to install all of them at once via GPO. Basically, the computers on the network do NOT have any version of .Net installed, and I need them to be at 3.5 SP1. I know I can deploy each version via GPO, force reboot the client, then push the next one, force reboot, and so on. Is there a way to streamline install all 3 at once via GPO? Thanks

    Read the article

  • Active Directory Replication across Sites slow or not working

    - by neildeadman
    I've just inherited (isn't it always the way!) a Windows Domain. The domain is spread across 2 sites. Site01 has 3 DCs & Site02 has 2 DCs. If I create a user in either site, the other DCs in that site, immediately replicate and show the new user. The new user is not shown in the other site though. If I manually run the following command, everything syncs and the new user appears: repadmin /syncall issdc01 /APed In the Inter-Site Transports DEFAULTIPSITELINK the replicate every time value is set to 180 minutes. I thought this was the solution, but on another Windows Domain, this is the same, but replication takes place across sites immediately. What can I check to resolve this issue? We are running Windows Server 2008 Results of dcdiag /test:dns show a server that is no longer part of our domain: TEST: Delegations (Del) Error: DNS server: oldserver.win.domain.com IP: [Missing glue A record]

    Read the article

  • Disable password complexity rule in Active Directory

    - by Dan Revell
    Where do I go to disable the password complexity policy for the domain. I've logged onto the domain controller (Windows Server 2008) and found the option in local policies which is of course locked from any changes. However I can't find the same sort of policies in the group policy manager. Which nodes do I have to expand out to find it?

    Read the article

  • Synchronize Active Directory to Database

    - by Tommy Jakobsen
    We are in a situation where we would like to offer our customers to be able to manage their users themselves. It is around 300 customers with up to a total of 10.000 users. Besides creating, updating and removing users, they will very often read information about users for statics and other useful informations available. All this functionality, should be available from an Intranet web page (.NET Framework 4) that the users will access through Citrix or similar. Now the problem is that we would really like the users not to query AD directly for each request, but rather make them hit a database that is synchronized with AD. It would be sufficient to run this synchronization a few time each day (maybe every 5. hour). When they create a user, it should not be available right away, but reviewed and then created within two days (the next step would be to remove this manual review, but that's out of scope for this question). What do you think about this synchronization of AD? Does anyone have any experience with it and is it something that is done in other organizations, where you will have lots of requests which is better handled by a database than AD (I presume)? Are there any techniques out there for writing such a script that synchronizes AD with database tables? My primary concern is the groups/members relations which can be rather complicated. Or are there software that synchronizes AD with a database? Any comments will be much appreciated. Thank you.

    Read the article

  • The function of service principal names in Active Directory

    - by boxerbucks
    I am thinking about taking a service that runs on multiple servers in my domain currently as "NETWORK SERVICE" and configuring it to run as an AD domain account for various reasons. If I have this one account running the same service under multiple servers, do I need to create SPN's for each of the machines and services it runs? Would I need to worry about creating SPN's at all? If the answer is no, then what is the proper role of an SPN?

    Read the article

  • Active Directory: Find out which users belong to a Group Policy Object

    - by gentlesea
    Hi, I want to make sure that certain users are available in a group from the windows domain. I installed "Group Policy Management" and can open the Forest, the Domain. But then I am not sure what I am searching. I can select a link to a Group Policy Object (GPO). In Settings i see the Drive Maps and I know them. But how can I display a list of users that use this GPO? Right-click, Edit... is disabled. net group my_gpo does not work since I am not on a Windows Domain Controller. Any possibility to find out anyway?

    Read the article

  • Delegation Permissions to admins in Active Directory/Taskpads

    - by user1569537
    I am trying to provide taskpads to few admins to operate on few tasks delegated to them at OU level.I ran into the following problem; lets say i delegated access to the admin on OU X and which is ability to modify groups such as sample group X1 , he must be able to add any users from OU X to the group X1. The issue here is while testing i found out the admin can do the above but also can add a user Y1 from the OU Y(which he doesnt have delegated permissions) to the group X1.What am i missing? how to restrict admin from adding users out of OU to the groups he has modify access to? Please ask me if any more details/clarification required.

    Read the article

  • Active Directory - Join domain in specific OU when its a workstation

    - by Jonathan Rioux
    I would like to know how can I accomplish the following: When I join a workstation (with Windows 7) in the domain, I want that computer to be put into a specific OU. Only when its a workstation with Windows 7. This is because I have GPOs that must apply to all workstations in the domain. Can I only accomplish this using a script? Or can I set a rule like if the computers has Windows 7, put that computer into this specific OU.

    Read the article

  • Apache and Active Directory authentication

    - by synapse
    I'm having trouble with LDAP authentication in Apache 2.2. Here's the excerpt from httpd.conf <Location /folder> AuthType Basic AuthName "Project" AuthBasicProvider ldap AuthLDAPBindDN "user@domain" AuthLDAPBindPassword "my_password" AuthLDAPURL "ldap://my_domain_controller/?samAccountName?sub?(objectClass=user)" Require valid-user </Location> I keep getting "ldap_search_ext_s() for user failed" in error.log. I tried using my quoted DN as AuthLDAPBindDN but results were the same. What could be the problem?

    Read the article

  • Samba 4 or Active Directory

    - by Jon Rhoades
    Now that Samba 4 has finally been released we find ourselves in new position of having a choice of of either upgrading our Samba 3 domain to either a Samba 4 domain on Linux or a Windows AD domain on Windows 2012. Given that we are equally expert at managing Windows and Linux servers, is there any reason not to use Samba 4 over AD on Windows; specifically: Are there functional differences from a Windows/OS X client perspective? Are there issues with other services that use AD, such as storage appliances that use AD/Kerberos for authentication/authorisation. Will the Microsoft "System Centre" suite of tools and other similar products work seamlessly? How will Samba 4 handle AD's Multimaster DC model and FMSO roles. Are there any other issues to be aware of, such as vendor support?

    Read the article

  • Delete a windows group in Active Directory

    - by Jim
    I am doing a cleanup of some AD groups that are no longer used. One of the AD groups I could not delete because it seems that a member has this group set as the primary group (which I assume someone did by accident). Is there an easy way to find out who has this group set as primary?

    Read the article

  • Issues related to storing photos in Active Directory?

    - by Joe_Jones_442Hemi
    Are their any known issues with storing employee photos in AD provided you store them in the compliant sizes and formats? Is there a critical mass that you break or could corrupt AD databases? I'm trying to understand some of the server teams deep concerns with our intent to store employee photos in AD... they fear it will corrupt the database or replication issues will occur globally, etc. We're about a 3,000 employee company.

    Read the article

  • Active Directory Account Always Locked

    - by Joel
    My account in the domain at work comes up locked every morning and it's turning out to be unbearable. The domain admins have no clue as to what could be causing it and therefore I must call evey morning to have my account unlocked. I normally don't log off when leaving for the day, next morning I can unlock my computer and access my workstation but when I try to do anything domain-related I realize my account is locked. This is what I've tried so far: Deleted all network drives Made sure all the servers I remotely access neither have a session with my account or a service running under my account. No service is locally running with my account in my workstation. What else can I try?

    Read the article

  • SVN Active Directory authentication with ProxyPass redirect in the mix

    - by Jason B. Standing
    We have a BitNami SVN stack running on a Windows machine which holds our SVN repository. It's set up to authenticate against our AD server and uses authz to control rights. Everything works perfectly if Tortoise points at http://[machine name]/svn However - we need to be able to access it from http://[domain]/svn. The domain name points to a linux environment that we're decommissioning, but until we do, other systems on that box prevent us from just re-pointing the domain record. Currently, we've got a ProxyPass record on the linux machine to forward requests through to http://[machine name]/svn - it seems to work fine, and the endpoint machine asks for credentials, then authenticates: but when that happens, the access attempt is logged as coming from the linux box, rather than from the user who has authenticated. It's almost like some element of the credentials aren't being passed through to the endpoint machine. Has anyone done this before, or is there other info I can give to try to make sense of this problem, and figure out a way to solve it? Thankyou!

    Read the article

  • Back up and restore Active Directory password per user

    - by Robert Perlberg
    For administrative purposes, I sometimes need to log in as another user to diagnose a problem with their account. I'd like to be able to do this without having to change their password so I don't have to keep bothering them. Under Unix, I can just save the encrypted password from the passwd file, change the password, then edit the old encrypted password back into the passwd file. Is there a way of doing something similar in AD?

    Read the article

  • Samba/Winbind issues joing to Active directory domain

    - by Frap
    I'm currently in the process of setting up winbind/samba and getting a few issues. I can test connectivity with wbinfo fine: [root@buildmirror ~]# wbinfo -u hostname username administrator guest krbtgt username [root@buildmirror ~]# wbinfo -a username%password plaintext password authentication succeeded challenge/response password authentication succeeded however when I do a getent I don't get any AD accounts returned [root@buildmirror ~]# getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin my nsswitch looks like this: passwd: files winbind shadow: files winbind group: files winbind #hosts: db files nisplus nis dns hosts: files dns and I'm definitely joined to the domain: [root@buildmirror ~]# net ads info LDAP server: 192.168.4.4 LDAP server name: pdc.domain.local Realm: domain.local Bind Path: dc=DOMAIN,dc=LOCAL LDAP port: 389 Server time: Sun, 05 Aug 2012 17:11:27 BST KDC server: 192.168.4.4 Server time offset: -1 So what am I missing?

    Read the article

  • Error getting PAM / Linux integrated with Active Directory

    - by topper
    I'm trying to add a Linux server to a network which is controlled by AD. The aim is that users of the server will be able to authenticate against the AD domain. I have Kerberos working, but NSS / PAM are more problematic. I'm trying to debug with a simple command such as the following, please see the error. Can anyone assist me to debug? root@antonyg04:~# ldapsearch -H ldap://raadc04.corp.MUNGED.com/ -x -D "cn=MUNGED,ou=Users,dc=corp,dc=MUNGED,dc=com" -W uid=MUNGED Enter LDAP Password: ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece I have had to munge some details, but I can tell you that cn=MUNGED is my username for logging into the AD domain, and the password that I typed was the password for said domain. I don't know why it says "Invalid credentials", and the rest of the error is so cryptic, I have no idea. Is my approach somehow flawed? Is my DN obviously wrong? How can I confirm the correct DN? There was a tool online but I can't find it. NB I have no access to the AD Server for administration or configuration.

    Read the article

  • Best way to backup Active Directory with a single domain controller

    - by John Hall
    I have a domain with about 15 users and a single Windows Server 2008 domain controller. Some recent issues with my RAID controller have made me reconsider how I go about securing the AD data. Currently I run a System State Backup nightly. However, it seems that it is impossible (or at least difficult and unsupported) to restore that to any other machine than the one from which it was taken. Adding a second DC to the domain seems expensive and overkill for such a small network. Is there no other way to backup the AD data?

    Read the article

  • Share folder with active directory group permissions

    - by Hihui
    I have a Debian as a member of our AD (which is a 2k3). I want to share 2 folders from our Debian. 1 with full access for everyone, the second only readable by group "ADM", and "PROD". Part of smb.conf: [global] workgroup = MYDOMAIN realm = MYDOMAIN.LOCAL netbios name = SERV-FTP wins server = "IP serv 2k3" security = domain [JUKEBOX] // full access path = /media/JUKEBOX/JUKEBOX comment = sharing writable = yes browsable = yes public = yes read only = no valid users = @ASYLUM\prod_std admin users = @ASYLUM\ADM [SOFTWARE] comment = Software path = /media/JUKEBOX/SOFTWARE valid users = @ASYLUM\prod_adv, @ASYLUM\ADM writable = yes read only = no My log : [2013/10/25 09:24:37.316643, 0] smbd/service.c:1055(make_connection_snum) canonicalize_connect_path failed for service SOFTWARE, path /media/JUKEBOX/SOFTWARE And, from my Windows's client, if i want to access on that folder : Windows can't access to \serv-ftp\software Where is the problem ... ? Thx !

    Read the article

  • cd (change directory) to my home directory on Windows [closed]

    - by deostroll
    Possible Duplicate: Is there a short cut command in Windows command prompt to get to the current users home directory like there is in Linux? Any short way to cd to the user specific directories in the command prompt. Like for e.g. in linux shell (debian based) we do a cd ~ and it instantly takes to the current logged user's directory /home/<username>. Anything to this effect on windows? ps: currently trying to do this on xp machines. If it differs for other machines, mention that too.

    Read the article

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >