Search Results

Search found 2907 results on 117 pages for 'ad lds'.

Page 14/117 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • AD User Passwords expiring without any notifications?

    - by scooter133
    We setup password Policies in Active Directory to Expire peoples passwords after so many days. Well it looks like the time has come for the Expiration of the Passwords and people are getting locked out... There has been no warning of user passwords about to expire. They just come in to work and they cannot log in, the phones no longer connect, nothing. Reset the password and all is good. Some of the users are locked out, though most are not, they just cannot log in. On setting the password Expiration, I didn't see anything about nor warning the users of the impending expiration. Seems like it used to warn you 15 days or so before it would expire. Clients range from: WinXP, WinVista, Win7 and Server 2008R2 Remote Desktop Services. How can I make sure my users are warned of the Expiration? Resultant Set of Policy for User that was not prompted: Account Policies/Password Policy Policy Setting Winning GPO Enforce password history 10 passwords remembered Default Domain Policy Maximum password age 270 days Default Domain Policy Minimum password age 0 days Default Domain Policy Minimum password length 4 characters Default Domain Policy Password must meet complexity requirements Disabled Default Domain Policy Store passwords using reversible encryption Disabled Default Domain Policy Account Policies/Account Lockout Policy Policy Setting Winning GPO Account lockout duration 20 minutes Default Domain Policy Account lockout threshold 5 invalid logon attempts Default Domain Policy Reset account lockout counter after 15 minutes Default Domain Policy Local Policies/Audit Policy Policy Setting Winning GPO Audit account logon events Failure Default Domain Policy Audit account management Success, Failure Default Domain Policy Audit directory service access Success, Failure Default Domain Policy Audit logon events Failure Default Domain Policy Audit policy change Success, Failure Default Domain Policy Audit privilege use Failure Default Domain Policy Local Policies/Security Options Interactive Logon Policy Setting Winning GPO Interactive logon: Prompt user to change password before expiration 7 days Default Domain Policy

    Read the article

  • Making Lync option visible in Outlook/GAL/AD

    - by Kjensen
    In a big organization, people are slowly moving towards using Lync and away from using landlines. A handful of times per month, I get a meeting invitation that includes a conference call number and a remark about "not sure if everybody is on Lync". Often everybody is, and we start in a conference call and switch to Lync. Is there a good way to make it visible if a user has access to Lync? Like I can hit the "Online meeting" button in Outlook - and it would be great to see, if everybody invited support Lync. Does something like that exist?

    Read the article

  • The rights needed to change a AD LDAP password

    - by Luuky19
    What are the bare minimum rights you need to change an other persons LDAP password?. I'm working on a tool that allows a user to change his password. as the tool needs to be written in PHP the only problem is that you can't use a user account to change the password. to work around this we want to use an manger/admin account that can only change the passwords of all the other users. now the problem. we could not find the right rights to set so that the account was allowed to change the passwords. the only way it worked for us was if we made him domain-admin and that is something we don't want. So what are the minimum rights that some one needs to change a other person password with PHP? EDIT: Changed the title to fit the question better.

    Read the article

  • AD Users outside the building

    - by gammaRED
    I've never had a customer ask me this, but they keep insisting if they have Active Directory and a Domain, that mobile[road warriors] users will not be able to login to their laptops if they are at home or away from the office. I told them that is would use "cache" creds to do this. Am I right or wrong? I've been told this and found a couple of forums saying the same thing. What is really going on and how are the laptops able to do this?

    Read the article

  • iphone application ad-hoc installation on windows gives invalid certificate error

    - by Lorenzo Boccaccia
    I've an application that need to be deployed to some testers. those with windows machine are reporting that the certificate used for signing the application couldn't be installed because of an unknown critical extension (1.2.840.113635.100.6.1.4) is there a way to make that critical extension known to windows (vista 64bit specifically)? I'm guessing that all this system of extension give user the ability to register callbacks to interpret the various added extensions (it would be totally useless otherwise)

    Read the article

  • Automatically taken out of AD domain

    - by Mattias
    Hi Guys, arrived to work this morning just to find that I couldn't log on to my computer. As it turned out my computer had been "unjoined" from our domain. I am positive that I didn't "unjoin" manually yesterday before I closed the computer down. Have anyone experienced this behavior before and is it even possible? Or should I start getting nervous about anyone playing around on the serverside? I'm running my domaincontroller on a Windows2003 server and the client computer that got "unjoined" is a Windows 7 Ultimate.

    Read the article

  • Why my AD domain doesn't work on my laptop

    - by Frederick Marcoux
    I have installed Windows Server 2008 R2 on a virtual machine with a bridged network card and installed Active Directory. I configured it and when I try to connect my laptop to the domain name, in this case, creationsmicroweb.ca (doesn't exist, don't try, for local only), I can't get connected. My laptop just doesn't see it. I don't know why! There's a resume of my config: Domain Name: creationsmicroweb.ca Forest: new, principal domain controller IP: Fixed (192.168.1.100) DNS Name: none (just for local, I ignored them) NETBIOS name: MICROWEB If someone as found why, please help me! This is for my business that I'm starting and I can't find why it doesn't work!

    Read the article

  • Allow READ access to local folders in 2003SBS AD

    - by Dan M.
    Have a SBS2003 client with a mess of a domain that is in process of being cleaned. But, for the life of me I cannot find a setting that will allow write access to the local hard disk for domain users with redirected profiles(to the server). This is needed only for one program that will not follow a symbolic link to the network path, instead it seems to be hard coded to the %appdata% folder but only on the c: drive.... So question is how can I allow "Domain users" write access to the local %appdata% directory? I have tried setting it manually on a machine but it kept resetting to RO no matter how many times I tried. Everytime I would uncheck the RO property it would reset sometime right after i hit OK. Thanks in advance! Dan

    Read the article

  • Windows 2003 and 2008 AD integrated DNS zones

    - by floyd
    We have a Windows 2003 server DC1 which is our primary DC holding all FSMO roles. It also is a DNS server for our domain domain.local which is an active directory integrated zone. We also have a Windows 2008 DC name DC2 All servers have the correct DNS entries etc. However on all dns servers there are event id 4515 indicating there are duplicate zones in separate directory partitions and only one will be used until the other is removed. And I see these, there is a zone for domain.local under the default naming partition CN=System, CN=MicrosoftDNS, DC=domain.local. As well as the DomainDNSZones partition DC=DomainDNSZones, DC=DOMAIN, DC=local, CN=MicrosoftDNS It seems that the partition in the Default Naming partition is the one which is being used currently. Which one should be in use? How do I make the EventID 4515's go away? EventID 4515: http://support.microsoft.com/kb/867464 Thanks

    Read the article

  • Allow WRITE access to local folders machine in 2003SBS AD

    - by Dan M.
    Have a SBS2003 client with a mess of a domain that is in process of being cleaned. But, for the life of me I cannot find a setting that will allow write access to the local hard disk for domain users with redirected profiles(to the server). This is needed only for one program that will not follow a symbolic link to the network path, instead it seems to be hard coded to the %appdata% folder but only on the c: drive.... So question is how can I allow "Domain users" write access to the local %appdata% directory? I have tried setting it manually on a machine but it kept resetting to RO no matter how many times I tried. Every time I would un-check the RO property it would reset sometime right after i hit OK. Thanks in advance! Dan

    Read the article

  • Grant permission for specific other AD users to unlock/log out user from PC

    - by Simon Needham
    What I'm looking to do is permission a Windows PC (ideally XP but if a later OS version is required so be it) so that a select group of users can unlock the machine, logging the current user out. This something that a Local Admin for the machine would be able to do from a locked screen, however, I'd like to avoid granting Local Admin rights to this group of users if I can. The background here is that this machine is 80% used by one person but is treated as a 'shared machine' on days that the primary user is not around. It's usefull that everybody using the machine can carry on using their own accounts with all the personalisations they are used to. I'd also like to void logging the primary user out every night. No one else in the firm has to put up with that and she does use the machine herself most of the time.

    Read the article

  • Locking down remote desktop using AD GPO

    - by Brettski
    I am currently locking down a companies remote desktop access via a VPN. What I need to do is disable remote printing, file transfer and clipboard via active directory for the workstations that will be accessed. I am having trouble figuring out which GPO's are used to restrict this. My basic approach is to restrict VPN users to port 3389 so the will be able to access their work computers remotely but nothing else (I will look into layer 7 scanning later). With this I want to ensure they are unable to transfer and data via files, printing or the clipboard. The environment is Windows Server 2003

    Read the article

  • Delegating account unlock rights in AD

    - by ewall
    I'm trying to delegate the rights to unlock user accounts in our Active Directory domain. This should be easy, and I've done it before... but every time the user tries to unlock an account (using the LockoutStatus tool), he gets denied with the error "You do not have the necessary permissions to unlock this account." Here's what I've done: I created a domain local group and added the members who should have the rights. This was created over a week ago, so the users have logged out and in again. In ADUC, I've used the Delegate Rights wizard on the OU which contains our user accounts to grant permissions to Read lockoutTime and Writer lockoutTime to the group, per MSKB 279723 I have double-checked the permissions were applied correctly in ADSIEdit. I have forced replication between all domain controllers to ensure the permission changes were copied over. The user testing it has logged out and in again to ensure he has any changes applied to his account. ...That covers all the bases I can think of. Anything else I could be missing?

    Read the article

  • XP/Intel wirelss only showing 'hpsetup' ad-hoc network that isn't there

    - by ewall
    Trying to help my friend with her work XP laptop, which recently stopped seeing any wireless SSIDs except the SSID 'hpsetup' (presumably from a wireless-enabled HP printer). Relevant information: The laptop is a Lenovo T500 (Centrino 2 chipset) with XP SP3. The network adapter is Intel WiFi Link 5300 AGN (built-in). The latest version (13.5) of the Intel drivers only are installed, not the Intel config software, so XP is using the Wireless Zero-Config manager. The wireless router is a NetGear WGR614 v7 with 802.11b/g. The SSID is broadcasting, and all the other laptops in the house can see and connect to it. On the laptop, I have tried repairing the network connection, disabling power management, turning off 802.11a & n radio, and more... but it didn't help. Some of the wireless settings are managed by Group Policy from her office (I get the "At least one of your changes was not applied successfully to your wireless configuration" message). It is enforced to connect to "Access point (infrastructure) networks only". The real kicker is that my laptop does not an SSID named 'hpsetup' here, but it can see several broadcasted SSIDs including the one we want, while my friend's laptop doesn't see any SSID except 'hpsetup'. Any suggestions?

    Read the article

  • AD Stopping A script and Adding a Value to A User's Account Attribute

    - by Steven Maxon
    ‘This will launch the PPT in a GPO Dim ppt Set ppt = CreateObject("PowerPoint.Application") ppt.Visible = True ppt.Presentations.Open "C:\Scripts\Test.pptx" ‘This is the batch file at the end of the PPT that records the date, time, computer name and username echo "Logon Date:%date%,Logon Time:%time%,Computer Name:%computername%,User Name:%username%" \servertest\g$\Tracking\LOGON.TXT ‘This is what I need but can’t find: I need the script to check a value in the Active Directory user’s account in the Web page: attribute that would shut off the script if the user has already competed reading the presentation. Could be as simple as writing XXXX. I need the value XXXX written to the Active Directory user’s account in the Web page: attribute when they finish reading the presentation after they click on the bat file so the script will not run again when they log in. Thanks for any help.

    Read the article

  • Adding a Windows Server 2012 Essentials server to an existing domain, without migrating the AD

    - by TiernanO
    I have an existing Active Directory in house, a mix between a Win2K8R2 and Win2K3 domain, and i would like to test out Windows Server 2012 Essentials BETA on the network. When walking though the install, it gives me the option of a new domain, or migrating from an existing domain. when clicking existing, it tells me i can only have one SBS server running on a domain at a time... So, i dont have any existing SBS servers in house (both are full standard or enterprise editions) but i do plan on keeping at least one of these extra servers running... So, how do i get a 2012 Essentials server to join a domain, and not migrate the existing domain? or if i do migrate, can i still get one of the other boxes to act as secondary controllers?

    Read the article

  • AD-hoc Windows Server 2008

    - by Filipe Costa
    Hello. I've installed Windows Server 2008 and i need to share the wireless network. In the old OS, the XP, i have the option to share the internet, but here in Windows Server 2008 i can find that option. How can i solve this? Thank you.

    Read the article

  • AD logon script, how to...

    - by allenskd
    I'm a student, I have this assignment where I need to know how to disable the user from changing the background to a client computer, thing is that I've been looking around to know what language does the logon script use, any site with handy information, tried googling but I really can't find anything useful, don't know if I'm googling the right terms All I've found for now is a lot of tutorials about mapping network drives and so on

    Read the article

  • Is Google DFP a replacement for ad rotate plugin?

    - by EPQRS
    I'm currently using Ad-Rotate WordPress plugin on my WordPress site. I recently came to know of Google DFP. I'm currently adding 1-5 ads per day which will increase soon and am wondering if Google DFP is an alternate solution to Ad Rotate plugin. I want to mainly show ours and clients' ads and not AdSense. I'm just looking for an ad manager and was wondering if Google DFP is the right alternate solution. Where can I find a tutorial on how to use (add ads) Google DFP? (I already have an AdSense account)

    Read the article

  • DNS Issue Windows 2003 AD-The server holding the PDC role is down

    - by Dave M
    Our network of Windows 2003 and Windows 2008 servers suddenly hasDNS issues. There are 7 DCs. Two at our main office and one each at branch sites (one branch has two a 2008R2 and WIN2K3) Only two are WIN2008R2 Running DCDIAG on the WIN2K3 at main site (DC1) reports no issues. Running at any branch site reports two issues All other test pass. The server DC1 can be PINGed by name from any site Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. Starting test: FsmoCheck Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355 A Primary Domain Controller could not be located. The server holding the PDC role is down. Netdom.exe /query DC reports the expected servers. netdom query fsmo This reports the server at the main office holds the following roles: * Schema owner Domain role owner PDC role RID pool manager Infrastructure owner In the DNS management snap-in, DC1 appears as DNS server but does not appear in _msdcs-dc-_sites-Default-First-Site-Name-_TCP There is no _ldap or –kerberos record pointing to DC1 Same issue msdcs-dc-_sites- -_TCP Again there is no _ldap or –kerberos record pointing to DC1 Under Domain DNS Zones there is no entry for the server. This is the case for any _tcp folder in the DNS. The server DC1 appears correctly as a name server in the Reverse Lookup Zone. There is a Host(A) record for DC1 but in the Forward Lookup Zone there is no (same as parent folder) Host(A) for the DC1 server but such an entry exists for the other DCs at branch sites and the other DC at the main office. We have tried stopping and starting the netlogon service, restarting DNS and also dcdiag /fix. Netdiag reports error: Trust relationship test. . . . . . : Failed [FATAL] Secure channel to domain 'XXX' is broken. [ERROR_NO_LOGON_SERVERS] [WARNING] Failed to query SPN registration on DC- One entry for each branch DC All braches lsit the problem server and it can be Pinged by name from any branch Fixing is number one priority but also would like to determine the casue.

    Read the article

  • process running on login: can't find in AD or login batch scripts

    - by tombull89
    Hallo, I'm trying to deploy some classroom control software (NetSupport School) to some of the machines on our network but for some reason when you log off and restart the computer any user who logs on ends up re-installing the software while logging on. I spent two hours on the phone to the complanys support and we eventually nailed it down to most likely a setting in Active Directory or in the login.bat (drive mapping and settings) but we can't find anything in those that would say "run this installer at logon". Is there anywhere else on the system that would set something like this? Server 2003/XP. Ta!

    Read the article

  • AD reset user passwords for a security group

    - by Nathan C
    I'm not quite sure if this is possible or not, but I need to force a certain security group's users to have their passwords expire so they'll be forced to change them on next login. The reason for this is because I applied a FGPP (password policy) to this particular group in order to enforce strong passwords. Well, many users have really weak passwords and they won't be changed unless they're forced. Is there a way to do this without forcing everyone to a single password?

    Read the article

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >