Search Results

Search found 21348 results on 854 pages for 'active directory lds'.

Page 15/854 | < Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22 | Next Page >

Active Directory Replication across Sites slow or not working

- by neildeadman

I've just inherited (isn't it always the way!) a Windows Domain. The domain is spread across 2 sites. Site01 has 3 DCs & Site02 has 2 DCs. If I create a user in either site, the other DCs in that site, immediately replicate and show the new user. The new user is not shown in the other site though. If I manually run the following command, everything syncs and the new user appears: repadmin /syncall issdc01 /APed In the Inter-Site Transports DEFAULTIPSITELINK the replicate every time value is set to 180 minutes. I thought this was the solution, but on another Windows Domain, this is the same, but replication takes place across sites immediately. What can I check to resolve this issue? We are running Windows Server 2008 Results of dcdiag /test:dns show a server that is no longer part of our domain: TEST: Delegations (Del) Error: DNS server: oldserver.win.domain.com IP: [Missing glue A record]

Read the article
Disable password complexity rule in Active Directory

- by Dan Revell

Where do I go to disable the password complexity policy for the domain. I've logged onto the domain controller (Windows Server 2008) and found the option in local policies which is of course locked from any changes. However I can't find the same sort of policies in the group policy manager. Which nodes do I have to expand out to find it?

Read the article
Synchronize Active Directory to Database

- by Tommy Jakobsen

We are in a situation where we would like to offer our customers to be able to manage their users themselves. It is around 300 customers with up to a total of 10.000 users. Besides creating, updating and removing users, they will very often read information about users for statics and other useful informations available. All this functionality, should be available from an Intranet web page (.NET Framework 4) that the users will access through Citrix or similar. Now the problem is that we would really like the users not to query AD directly for each request, but rather make them hit a database that is synchronized with AD. It would be sufficient to run this synchronization a few time each day (maybe every 5. hour). When they create a user, it should not be available right away, but reviewed and then created within two days (the next step would be to remove this manual review, but that's out of scope for this question). What do you think about this synchronization of AD? Does anyone have any experience with it and is it something that is done in other organizations, where you will have lots of requests which is better handled by a database than AD (I presume)? Are there any techniques out there for writing such a script that synchronizes AD with database tables? My primary concern is the groups/members relations which can be rather complicated. Or are there software that synchronizes AD with a database? Any comments will be much appreciated. Thank you.

Read the article
The function of service principal names in Active Directory

- by boxerbucks

I am thinking about taking a service that runs on multiple servers in my domain currently as "NETWORK SERVICE" and configuring it to run as an AD domain account for various reasons. If I have this one account running the same service under multiple servers, do I need to create SPN's for each of the machines and services it runs? Would I need to worry about creating SPN's at all? If the answer is no, then what is the proper role of an SPN?

Read the article
Active Directory: Find out which users belong to a Group Policy Object

- by gentlesea

Hi, I want to make sure that certain users are available in a group from the windows domain. I installed "Group Policy Management" and can open the Forest, the Domain. But then I am not sure what I am searching. I can select a link to a Group Policy Object (GPO). In Settings i see the Drive Maps and I know them. But how can I display a list of users that use this GPO? Right-click, Edit... is disabled. net group my_gpo does not work since I am not on a Windows Domain Controller. Any possibility to find out anyway?

Read the article
Delegation Permissions to admins in Active Directory/Taskpads

- by user1569537

I am trying to provide taskpads to few admins to operate on few tasks delegated to them at OU level.I ran into the following problem; lets say i delegated access to the admin on OU X and which is ability to modify groups such as sample group X1 , he must be able to add any users from OU X to the group X1. The issue here is while testing i found out the admin can do the above but also can add a user Y1 from the OU Y(which he doesnt have delegated permissions) to the group X1.What am i missing? how to restrict admin from adding users out of OU to the groups he has modify access to? Please ask me if any more details/clarification required.

Read the article
Active Directory - Join domain in specific OU when its a workstation

- by Jonathan Rioux

I would like to know how can I accomplish the following: When I join a workstation (with Windows 7) in the domain, I want that computer to be put into a specific OU. Only when its a workstation with Windows 7. This is because I have GPOs that must apply to all workstations in the domain. Can I only accomplish this using a script? Or can I set a rule like if the computers has Windows 7, put that computer into this specific OU.

Read the article
Apache and Active Directory authentication

- by synapse

I'm having trouble with LDAP authentication in Apache 2.2. Here's the excerpt from httpd.conf <Location /folder> AuthType Basic AuthName "Project" AuthBasicProvider ldap AuthLDAPBindDN "user@domain" AuthLDAPBindPassword "my_password" AuthLDAPURL "ldap://my_domain_controller/?samAccountName?sub?(objectClass=user)" Require valid-user </Location> I keep getting "ldap_search_ext_s() for user failed" in error.log. I tried using my quoted DN as AuthLDAPBindDN but results were the same. What could be the problem?

Read the article
Samba 4 or Active Directory

- by Jon Rhoades

Now that Samba 4 has finally been released we find ourselves in new position of having a choice of of either upgrading our Samba 3 domain to either a Samba 4 domain on Linux or a Windows AD domain on Windows 2012. Given that we are equally expert at managing Windows and Linux servers, is there any reason not to use Samba 4 over AD on Windows; specifically: Are there functional differences from a Windows/OS X client perspective? Are there issues with other services that use AD, such as storage appliances that use AD/Kerberos for authentication/authorisation. Will the Microsoft "System Centre" suite of tools and other similar products work seamlessly? How will Samba 4 handle AD's Multimaster DC model and FMSO roles. Are there any other issues to be aware of, such as vendor support?

Read the article
Delete a windows group in Active Directory

- by Jim

I am doing a cleanup of some AD groups that are no longer used. One of the AD groups I could not delete because it seems that a member has this group set as the primary group (which I assume someone did by accident). Is there an easy way to find out who has this group set as primary?

Read the article
Issues related to storing photos in Active Directory?

- by Joe_Jones_442Hemi

Are their any known issues with storing employee photos in AD provided you store them in the compliant sizes and formats? Is there a critical mass that you break or could corrupt AD databases? I'm trying to understand some of the server teams deep concerns with our intent to store employee photos in AD... they fear it will corrupt the database or replication issues will occur globally, etc. We're about a 3,000 employee company.

Read the article
Active Directory Account Always Locked

- by Joel

My account in the domain at work comes up locked every morning and it's turning out to be unbearable. The domain admins have no clue as to what could be causing it and therefore I must call evey morning to have my account unlocked. I normally don't log off when leaving for the day, next morning I can unlock my computer and access my workstation but when I try to do anything domain-related I realize my account is locked. This is what I've tried so far: Deleted all network drives Made sure all the servers I remotely access neither have a session with my account or a service running under my account. No service is locally running with my account in my workstation. What else can I try?

Read the article
SVN Active Directory authentication with ProxyPass redirect in the mix

- by Jason B. Standing

We have a BitNami SVN stack running on a Windows machine which holds our SVN repository. It's set up to authenticate against our AD server and uses authz to control rights. Everything works perfectly if Tortoise points at http://[machine name]/svn However - we need to be able to access it from http://[domain]/svn. The domain name points to a linux environment that we're decommissioning, but until we do, other systems on that box prevent us from just re-pointing the domain record. Currently, we've got a ProxyPass record on the linux machine to forward requests through to http://[machine name]/svn - it seems to work fine, and the endpoint machine asks for credentials, then authenticates: but when that happens, the access attempt is logged as coming from the linux box, rather than from the user who has authenticated. It's almost like some element of the credentials aren't being passed through to the endpoint machine. Has anyone done this before, or is there other info I can give to try to make sense of this problem, and figure out a way to solve it? Thankyou!

Read the article
Back up and restore Active Directory password per user

- by Robert Perlberg

For administrative purposes, I sometimes need to log in as another user to diagnose a problem with their account. I'd like to be able to do this without having to change their password so I don't have to keep bothering them. Under Unix, I can just save the encrypted password from the passwd file, change the password, then edit the old encrypted password back into the passwd file. Is there a way of doing something similar in AD?

Read the article
Samba/Winbind issues joing to Active directory domain

- by Frap

I'm currently in the process of setting up winbind/samba and getting a few issues. I can test connectivity with wbinfo fine: [root@buildmirror ~]# wbinfo -u hostname username administrator guest krbtgt username [root@buildmirror ~]# wbinfo -a username%password plaintext password authentication succeeded challenge/response password authentication succeeded however when I do a getent I don't get any AD accounts returned [root@buildmirror ~]# getent passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin my nsswitch looks like this: passwd: files winbind shadow: files winbind group: files winbind #hosts: db files nisplus nis dns hosts: files dns and I'm definitely joined to the domain: [root@buildmirror ~]# net ads info LDAP server: 192.168.4.4 LDAP server name: pdc.domain.local Realm: domain.local Bind Path: dc=DOMAIN,dc=LOCAL LDAP port: 389 Server time: Sun, 05 Aug 2012 17:11:27 BST KDC server: 192.168.4.4 Server time offset: -1 So what am I missing?

Read the article
Best way to backup Active Directory with a single domain controller

- by John Hall

I have a domain with about 15 users and a single Windows Server 2008 domain controller. Some recent issues with my RAID controller have made me reconsider how I go about securing the AD data. Currently I run a System State Backup nightly. However, it seems that it is impossible (or at least difficult and unsupported) to restore that to any other machine than the one from which it was taken. Adding a second DC to the domain seems expensive and overkill for such a small network. Is there no other way to backup the AD data?

Read the article
Error getting PAM / Linux integrated with Active Directory

- by topper

I'm trying to add a Linux server to a network which is controlled by AD. The aim is that users of the server will be able to authenticate against the AD domain. I have Kerberos working, but NSS / PAM are more problematic. I'm trying to debug with a simple command such as the following, please see the error. Can anyone assist me to debug? root@antonyg04:~# ldapsearch -H ldap://raadc04.corp.MUNGED.com/ -x -D "cn=MUNGED,ou=Users,dc=corp,dc=MUNGED,dc=com" -W uid=MUNGED Enter LDAP Password: ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece I have had to munge some details, but I can tell you that cn=MUNGED is my username for logging into the AD domain, and the password that I typed was the password for said domain. I don't know why it says "Invalid credentials", and the rest of the error is so cryptic, I have no idea. Is my approach somehow flawed? Is my DN obviously wrong? How can I confirm the correct DN? There was a tool online but I can't find it. NB I have no access to the AD Server for administration or configuration.

Read the article
Share folder with active directory group permissions

- by Hihui

I have a Debian as a member of our AD (which is a 2k3). I want to share 2 folders from our Debian. 1 with full access for everyone, the second only readable by group "ADM", and "PROD". Part of smb.conf: [global] workgroup = MYDOMAIN realm = MYDOMAIN.LOCAL netbios name = SERV-FTP wins server = "IP serv 2k3" security = domain [JUKEBOX] // full access path = /media/JUKEBOX/JUKEBOX comment = sharing writable = yes browsable = yes public = yes read only = no valid users = @ASYLUM\prod_std admin users = @ASYLUM\ADM [SOFTWARE] comment = Software path = /media/JUKEBOX/SOFTWARE valid users = @ASYLUM\prod_adv, @ASYLUM\ADM writable = yes read only = no My log : [2013/10/25 09:24:37.316643, 0] smbd/service.c:1055(make_connection_snum) canonicalize_connect_path failed for service SOFTWARE, path /media/JUKEBOX/SOFTWARE And, from my Windows's client, if i want to access on that folder : Windows can't access to \serv-ftp\software Where is the problem ... ? Thx !

Read the article
cd (change directory) to my home directory on Windows [closed]

- by deostroll

Possible Duplicate: Is there a short cut command in Windows command prompt to get to the current users home directory like there is in Linux? Any short way to cd to the user specific directories in the command prompt. Like for e.g. in linux shell (debian based) we do a cd ~ and it instantly takes to the current logged user's directory /home/<username>. Anything to this effect on windows? ps: currently trying to do this on xp machines. If it differs for other machines, mention that too.

Read the article
Read access to Active Directory property (uSNChanged)

- by Tom Ligda

I have an issue with read access to the uSNChanged property when doing LDAP searches. If I do an LDAP search with a user that is a member of the Domain Admins group (UserA), I can see the uSNChanged property for every user. The problem is that if I do an LDAP search with a user (UserB) that is not a member of the Domain Admins group, I can see the uSNChanged property for some users (UserGroupA) and not for some users (UserGroupB). When I look at the users in UserGroupA and compare them to the users in UserGroupB, I see a crucial difference in the "Security" tab. The users in UserGroupA have the "Include inheritable permissions from this object's parent" unchecked. The users in UserGroupB have that option checked. I also noticed that the users in UserGroupA are users that were created earlier. The users in UserGroupB are users created recently. It's difficult to quantify, but I estimate the border between creation time between the users in UserGroupA and UserGroupB is about 6 months ago. What can cause the user creation to default to having that security property checked as opposed to unchecked? A while back (maybe around 6 months ago?) I changed the domain functional level from Windows Server 2003 to Windows Server 2008 R2. Would that have had this effect? (I can't exactly downgrade the domain functional level to test it out.) Is this security property actually the cause of the issue with read access to the uSNChanged property on LDAP searches? It seems correlated, but I'm not sure about causation. What I want in the end is for all authenticated users to have read access to the uSNChanged property for all users when doing an LDAP search. I would also be OK if I could grant read access for that property to an AD group. Then I can control access by adding members to the group.

Read the article
How to Register Multiple Host Names for Server in Active Directory

- by DSO

I have a Windows 2008 server in our corp network which hosts multiple IIS applications. I want to have users access it via multiple names, e.g. http://app1, http://app2. How do I register multiple host names in AD to point to this server? Can I do this myself on the server, or do I need to have a domain admin do this?

Read the article
Refreshing user's group membership in active directory without log-off/log-on

- by Serge

So, when user logs in to their workstation, they receive SIDs of groups they are members of, and this is used for the length of the session, until logging off. Is there a way to refresh membership SIDs information without actually having to log off and log on again? I've added myself to a group, but can't log off without interrupting running process that requires these permissions. Don't want to have to go through these steps again...

Read the article
Active Directory - User cannot change password

- by JacksOrBetter99

We are setting up a Windows Server 2008 R2 domain. When we create a user within AD, the checkbox labeled "User cannot change password" in the Account tab is unchecked for every user we create. Can this be changed so for each user we create this is checked by default?

Read the article
Using LDAP/Active Directory with PIN based authentication

- by nishantjr

We'd like to integrate our service with LDAP, but because of hardware constraints, we're only allow 4 digit user ids and passwords. What would be the best practice for performing such an authetication? We've considered adding User ID and PIN attributes to the LDAP user schema, but we're not sure how happy people would be with modifying their schema to interact with our service. The PIN attribute would have to have the same support that native user passwords have. (hashing and salting etc.) UPDATE Another consideration is how ldap_bind works with this scenario. How do we get it to use an alternate authentication method? Can this even be done without affecting other services that use the same LDAP server?

Read the article
How does Windows handle Time? Updating RTC, etc. (Active Directory and Novell E-Directory)

- by bshacklett

I'm troubleshooting some time issues in my domain and before making any big changes I want to have a thorough understanding of what's going on. I've got a few lingering questions at the moment: What sources (rtc, ntp, etc.) are queried by Windows to keep time? How does this differ in a mixed Active Directory / Novell environment? What is the order that each source is queried in? How does Windows decide whether to act as an NTP client, peer or server? In what situations will Windows update the RTC, if ever?

Read the article

< Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22 | Next Page >