Search Results

Search found 6976 results on 280 pages for 'active'.

Page 48/280 | < Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >

  • "The zone can be scavenged after" keeps incrementing

    - by kce
    What are you trying to do? I'm trying to enable DNS scavenging on a DNS zone that has about a hundred stale DNS records. What have you tried in order to make it happen? I setup DNS Scavenging per everyone's favorite TechNet Blog post: Don't be afraid of DNS Scavenging. Just be patient. I first disabled scavenging on all of our domain controllers: DNSCmd . /ZoneResetScavengeServers contoso.com 192.168.1.1 192.168.1.2 I then enabled automatic scavenging on the DNS zone: I then enabled DNS scavenging on one of the domain controllers: I then found a few records that I expected to get delete with timstamps from a few years ago and ensured that that the Delete this record when it becomes stale and that time stamp was actually set: Finally I reloaded the zone and waited 14 days (the sum of the Refresh + No-Refresh periods). What results did you expect? I expected to see a 2501 Event in the DNS server logs noting the deletion of a bunch of DNS records. What actually happened? Nothing happened. The Zone Aging/Scavenging Properties showed that the zone could be scavenged after 6/12/2014 10:00:00 AM last week. No 2501/2502 events were recorded. All of the records with "aged" time stamps are still present. The date at which the zone can be scavenged after incremented another seven days to ?6/?18/?2014 10:00:00 AM. As I understand it until that date stays at least 14 days in the past nothing will ever even be eligible for scavenging let alone actually be scavenged. The only 2501 events recorded in the event logs are ones that I have triggered by right clicking and selecting "Scavenge Stale Resource Records". They note that scavenging will try to run again in 168 hours which was this morning. I have DNS scavenging enabled for a few months and have waited patiently for something to happen. I have reloaded the zone multiple times (which resets this timestamp). What am I missing here?

    Read the article

  • Unable to Mange DNS via MMC

    - by IT Helpdesk Team Manager
    When trying to access the DNS service on Microsoft Windows Server 2003 (Build 3790) domain controller/schema master via the MMC DNS snap in or locally via the DNS MMC from Administrative tools I'm getting a red "X" through the icon for the DNS Server. The inability to access DNS management via MMC happens on all domain controllers as well. We've looked at items such as the DHCP client not being started, incorrect DNS setup ( the machine points at itself and another DC ), the DNS service not running ( it is and all DNS queries via NSLOOKUP work correctly ), dslint returns the correct information and functions as expected. There is the following entry in the DNS event log: The DNS server could not initialize the remote procedure call (RPC) service. If it is not running, start the RPC service or reboot the computer. The event data is the error code. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. 0000: 0000051b dnscmd fails with RPC server unavailable yet RPC is started: C:\Documents and Settings\Administrator.DOMAIN>dnscmd /Info Info query failed status = 1722 (0x000006ba) Command failed: RPC_S_SERVER_UNAVAILABLE 1722 (000006ba) DCDIAG /TEST:DNS /V /E produces the following errors: Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running) [Error details: 1753 (Type: Win32 - Description: There are no more endpoints available from the endpoint mapper.)] Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running) [Error details: 1722 (Type: Win32 - Description: The RPC server is unavailable.)] The DNS server could not initialize the remote procedure call (RPC) service. If it is not running, start the RPC service or reboot the computer. The event data is the error code. A DNS query for _ldap._tcp.dc._msdcs. returns the correct results. All domain and ADS related activities are working except that I can't manage my DNS via MMC or dnscmd. Any thoughts or solutions would be greatly appreciated. EDIT: Adding Registry export per request: Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc Class Name: <NO CLASS> Last Write Time: 10/18/2012 - 2:29 PM Value 0 Name: DCOM Protocols Type: REG_MULTI_SZ Data: ncacn_ip_tcp Value 1 Name: UuidSequenceNumber Type: REG_DWORD Data: 0xb19bd0f Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols Class Name: <NO CLASS> Last Write Time: 3/9/2007 - 12:11 PM Value 0 Name: ncacn_np Type: REG_SZ Data: rpcrt4.dll Value 1 Name: ncacn_ip_tcp Type: REG_SZ Data: rpcrt4.dll Value 2 Name: ncadg_ip_udp Type: REG_SZ Data: rpcrt4.dll Value 3 Name: ncacn_http Type: REG_SZ Data: rpcrt4.dll Value 4 Name: ncacn_at_dsp Type: REG_SZ Data: rpcrt4.dll Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\NameService Class Name: <NO CLASS> Last Write Time: 2/20/2006 - 4:48 PM Value 0 Name: DefaultSyntax Type: REG_SZ Data: 3 Value 1 Name: Endpoint Type: REG_SZ Data: \pipe\locator Value 2 Name: NetworkAddress Type: REG_SZ Data: \\. Value 3 Name: Protocol Type: REG_SZ Data: ncacn_np Value 4 Name: ServerNetworkAddress Type: REG_SZ Data: \\. Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\NetBios Class Name: <NO CLASS> Last Write Time: 2/20/2006 - 4:48 PM Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy Class Name: <NO CLASS> Last Write Time: 3/9/2007 - 12:11 PM Value 0 Name: Enabled Type: REG_DWORD Data: 0x1 Value 1 Name: ValidPorts Type: REG_SZ Data: pdc:100-5000 Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService Class Name: <NO CLASS> Last Write Time: 2/20/2006 - 4:48 PM Value 0 Name: 9 Type: REG_SZ Data: secur32.dll Value 1 Name: 10 Type: REG_SZ Data: secur32.dll Value 2 Name: 14 Type: REG_SZ Data: schannel.dll Value 3 Name: 16 Type: REG_SZ Data: secur32.dll Value 4 Name: 1 Type: REG_SZ Data: secur32.dll Value 5 Name: 18 Type: REG_SZ Data: secur32.dll Value 6 Name: 68 Type: REG_SZ Data: netlogon.dll

    Read the article

  • ADExplorer, how to search with "distinguishedName contains" condition?

    - by Jimm Chen
    I'm using ADExplorer 1.42 from Microsoft. I'm not very versed at this program so please kindly help me out with a search-related problem. Right click on a node(e.g., CN=NlscanStaff) and select Search Container... , with default search attributes, I can see all objects inside NlscanStaff listed as result. Note that there is a CN=CHJTEST object listed. Now, my question is, how to search for CHJTEST specifically? I tried search condition: Attribute : distinguishedName Relation : contains Value : CN=CHJTEST Click Add , then Search . But no result. Can someone tell me what's going wrong? Thanks.

    Read the article

  • Windows AD, bulk user creation, homedrv creation via commandline

    - by Neil
    I am Bulk creating AD users from the commandline (dsadd) and whilst doing so am setting the homedir and homedrv to a DFS location. I observe when I create the user with all these settings via the GUI (dsa.msc) that the homedrv gets created on the DFS share with all the permissions set correctly. But when using dsadd, the folder is not created. How can I replicate this GUI behaviour via the commandline when creating the user? I don't really want to rely on logon scripts to set it up. Do I have to use mkdir and cacls and something else to give the user Ownership? Or maybe I am missing something easy. Any help much appreciated!

    Read the article

  • Cross domain LDAP

    - by Adam
    For a system we are developing we have 2 domains an internal and an external domain with bi directional trust between them. However the servers are only able to connect to their own DC's. We have an application server on the internal domain which needs to use an LDAP query to gather a list of users from a group on the external domain. How do i go about writing an LDAP query that asks one DC to go ask another DC for a list of users. I tried querying the internal DC with the same LDAP query I would use if it could hit the external DC directly but this does not work. When i use Softerra LDAP Administraor I can view the full hierarchy of the interal domain but despite the trust relationship between domains i am unable to see any of the external doamin. Any suggestions or help would be greatly appreciated

    Read the article

  • Getting Squid to authenticate with kerberos and Windows 2008/2003/7/XP

    - by Harley
    This is something I setup recently and was quite a big pain. My environment was getting squid to authenticate a Windows 7 client against a Windows 2008 Server invisibly. NTLM is not really an option, as using it requires a registry change on each client. MS have been recommending Kerberos since Windows 2000, so it's finally time to get with the program. Many, many thanks to Markus Moeller of the Squid mailing lists for helping to get this working.

    Read the article

  • Multi-Tenant VMWare View Deployment

    - by SimonJGreen
    We have VMWare View 5 set up for a single tenant environment, absolutely brilliant and works perfectly. Two thumbs up there! We're looking at the possibility of deploying this in a multi tenant scenario, where multiple unlinked companies connect to a VDI solution hosted by us but have no visibility of each other. Obviously;y this could be achieved by doubling up on all the components, having a complete VMWare View stack for each tenant, but this seems a little bit messy. Has anyone done this before, and if so how? Googling sheds little light apart from this experts exchange topic.

    Read the article

  • Plugging GlusterFS and Openfiler together

    - by lpfavreau
    Has anyone had experience plugging GlusterFS and Openfiler together or something similar? Here is the motivation: Disk space on multiple server regrouped using GlusterFS Centralized access using LDAP/AD and quota management using Openfiler as the GlusterFS client SMB/CIFS server for easy sharing to multiple users on Mac and Windows I know I can have Gluster installed on Openfiler (rPath Linux) successfully but Openfiler seems to be very picky on what it can use as a shared drive. Mounting the Gluster volume inside an existing share does not seem to allow quotas with the mounted folder free space. If this is not possible, is there any alternative to give the same capabilities?

    Read the article

  • What breaks in a Windows domain if a member has a high time skew?

    - by Ryan Ries
    It's taken for granted by most IT people that in a Windows domain, if a member server's clock is off by more than 5 minutes (or however many minutes you've configured it for) from that of its domain controller - logons and authentications will fail. But that is not necessarily true. At least not for all authentication processes on all versions of Windows. For instance, I can set my time on my Windows 7 client to be skewed all to heck - logoff/logon still works fine. What happens is that my client sends an AS_REQ (with his time stamp) to the domain controller, and the DC responds with KRB_AP_ERR_SKEW. But the magic is that when the DC responds with the aforementioned Kerberos error, the DC also includes his time stamp, which the client in turn uses to adjust his own time and resubmits the AS_REQ, which is then approved. This behavior is not considered a security threat because encryption and secrets are still being used in the communication. This is also not just a Microsoft thing. RFC 4430 describes this behavior. So my question is does anyone know when this changed? And why is it that other things fail? For instance, Office Communicator kicks me off if my clock starts drifting too far out. I really wish to have more detail on this. edit: Here's the bit from RFC 4430 that I'm talking about: If the server clock and the client clock are off by more than the policy-determined clock skew limit (usually 5 minutes), the server MUST return a KRB_AP_ERR_SKEW. The optional client's time in the KRB-ERROR SHOULD be filled out. If the server protects the error by adding the Cksum field and returning the correct client's time, the client SHOULD compute the difference (in seconds) between the two clocks based upon the client and server time contained in the KRB-ERROR message. The client SHOULD store this clock difference and use it to adjust its clock in subsequent messages. If the error is not protected, the client MUST NOT use the difference to adjust subsequent messages, because doing so would allow an attacker to construct authenticators that can be used to mount replay attacks.

    Read the article

  • New AD-DC in a new Site is refusing cross-site IPv4 connections

    - by sysadmin1138
    We just added a new Server 2008 (sp2) Domain Controller in a new Site, our first such config. It's over a VPN gateway WAN (10Mbit). Unfortunately it is displaying a strange network symptom. Connections to the SMB ports (TCP/139 and TCP/445) are being actively refused... if the connection is coming in on pure IPv4. If the incoming connection is coming by way of the 6to4 tunnel those connections establish and work just fine. It isn't the Firewall, since this behavior can be replicated with the firewall turned off. Also, it's actually issuing RST packets to connection attempts; something that only happens with a Windows Firewall if there is a service behind a port and the service itself denies access. I doubt it's some firewall device on the wire, since the server this one replaced was running Samba and access to it from our main network functioned just fine. I'm thinking it might have something to do with the Subnet lists in AD Sites & Services, but I'm not sure. We haven't put any IPv6 addresses in there, just v4, and it's the v4 connections that are being denied. Unfortunately, I can't figure this out. We need to be able to talk to this DC from the main campus. Is there some kind of site-based SMB-level filtering going on? I can talk to the DC's on campus just fine, but that's over that v6 tunnel. I don't have access to a regular machine on that remote subnet, which limits my ability to test.

    Read the article

  • Enabling printing feature within the Terminal Server environment that is published to the internet?

    - by Albert Widjaja
    I got the home and remote office users connect to the Terminal Server on my Windows Server 2003 that I published securely through Juniper SSL VPN client applet, they use normal internet connection to access the link which pop up the Terminal Server Remote Desktop application, so my question is, how can they print out the document from within their terminal server session ? if it is going through the internal office LAN mapping the printer through Remote Desktop connection is the solution but not for this one. Any kind of help and suggestion would be greatly appreciated. Thanks

    Read the article

  • Can I log into a Domain account without pointing DNS to the domain controller?

    - by user72593
    My situation is as follows: I have a Windows 2003 Domain Controller which is also my DNS server. I have 10 Windows XP Pro PC's which all login to domain accounts. I am about the forward my DNS requests to OPENDNS so I can regulate web access but I have (2) PC's that I would like to keep unregulated. I manually changed their DNS server IP to (8.8.8.8) which worked but that caused my login to fail (by creating a 3 minute delay before it would let me get to the desktop) when I change the DNS IP back to the IP of the Domain Controller, everything works smoothly. Question is, how can I continue to login to the domain but have a different DNS path...is this possible ?

    Read the article

  • Remote site AD design (2003)

    - by Boy Mars
    A remote site has about 25 of our 50-ish employees. They have their own AD domain presently (2003) but I want to look at getting them onto the same global domain for ease of access/administration. The remote site has a VPN link but line speeds are very poor. I am already aware of tools like ADMT and have done a few migrations in the past (NT/2003 domains), but this is the first time I have the luxury of designing how this domain is organised. So I'm looking for tips on good AD design; would a remote site be better served as a sub-domain? would this reduce traffic? I am only currently looking at 2003 since only existing machine will be used.

    Read the article

  • Mac Share Points automatically authenticate with matching Windows AD credentials from Windows

    - by Ron L
    I recently started administering an OS X server (10.8) that is on the same network as our AD domain. While setting up Mac Share Points, I encountered some odd behavior that I hope someone can explain. For the purposes of this example assume the following: 1) Local User on OS X Server: frank, password: Help.2012 2) AD Domain User: frank, password: Help.2012 3) AD Domain: mycompany 4) OS X Server hostname: macserver (not bound to AD, not running OD) When joined to the domain on a a Win 7 computer and logged in as frank and accessing the shares at \\macserver, it automatically authenticates using frank's OS X credentials (because they are the same). However, if I change frank's OS X password, the standard Windows authentication dialog pops-up preset to use frank's AD domain (my company\frank). However, after entering the new OS X password, it will not authenticate without changing the domain to local (.\frank). Basically, if a user in AD has the same User name and password in OS X, it will authenticate automatically regardless of the domain. If the passwords differ, authenticating to the OS X shares must be done from the local machine. (and slightly off topic - how come an OS X administrator can access the root drives on the Mac server from Windows when accessing the Mac shares even when they aren't shared? In other words, it will show all the shared folders from "File Sharing" plus whatever drives are mounted in OS X)

    Read the article

  • How to access shared files in two different domains

    - by Sundeep
    There are two internal domains, domainA and domainB at my workplace. I could remote into machines from either domains by using respective credentials. My doubt is if I create a shared folder on domainA with read access to everyone for e.g., \\server1.domainA.net\sharedfolder. Will I be able to access this folder by just entering the path likewise from any machine in domainB without entering credentials.

    Read the article

  • Password Policy seems to be ignored for new Domain on Windows Server 2008 R2

    - by Earl Sven
    I have set up a new Windows Server 2008 R2 domain controller, and have attempted to configure the Default Domain Policy to permit all types of passwords. When I want to create a new user (just a normal user) in the Domain Users and Computers application, I am prevented from doing so because of password complexity/length reasons. The password policy options configured in the Default Domain Policy are not defined in the Default Domain Controllers Policy, but having run the Group Policy Modelling Wizard these settings do not appear to be set for the Domain Controllers OU, should they not be inherited from the Default Domain policy? Additionally, if I link the Default Domain policy to the Domain Controllers OU, the Group Policy Modelling Wizard indicates the expected values for complexity etc, but I still cannot create a new user with my desired password. The domain is running at the Windows Server 2008 R2 functional level. Any thoughts? Thanks! Update: Here is the "Account policy/Password policy" Section from the GPM Wizard: Policy Value Winning GPO Enforce password history 0 Passwords Remembered Default Domain Policy Maximum password age 0 days Default Domain Policy Minimum password age 0 days Default Domain Policy Minimum password length 0 characters Default Domain Policy Passwords must meet complexity Disabled Default Domain Policy These results were taken from running the GPM Wizard at the Domain Controllers OU. I have typed them out by hand as the system I am working on is standalone, this is why the table is not exactly the wording from the Wizard. Are there any other policies that could override the above? Thanks!

    Read the article

  • AD GIT SELinux RHEL 6 : Can not get SELinux to allow connetion to git

    - by Johan Sörell
    I have a problem with SELinux! I have installed git on Red Hat Enterprise 6 with AD group control and SSL Cert . Everything works fine if I do setenforce 0 ( set SELinux in detection only mode ) or if I do semanage permissive -a httpd_t (Set httpd_t in detection only mode) I do not want to use this on my git production server. Is there anyone out there who can help we with SELinux? Below is some info that you might need to be able to help me: All help I can get would be apriciated: This is the output of ls -lZa /preproduction/git/repositories/ ls -lZa /preproduction/git/repositories/ drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 . drwxr-xr-x. apache apache unconfined_u:object_r:file_t:s0 .. drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 playground drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 shamrock.git drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 test Here is the out put of getsebool -a |grep -i httpd getsebool -a |grep -i httpd allow_httpd_anon_write --> off allow_httpd_mod_auth_ntlm_winbind --> off allow_httpd_mod_auth_pam --> off allow_httpd_sys_script_anon_write --> off httpd_builtin_scripting --> on httpd_can_check_spam --> off httpd_can_network_connect --> off httpd_can_network_connect_cobbler --> off httpd_can_network_connect_db --> off httpd_can_network_memcache --> off httpd_can_network_relay --> off httpd_can_sendmail --> off httpd_dbus_avahi --> on httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> off httpd_execmem --> off httpd_read_user_content --> off httpd_setrlimit --> off httpd_ssi_exec --> off httpd_tmp_exec --> off httpd_tty_comm --> on httpd_unified --> on httpd_use_cifs --> off httpd_use_gpg --> off httpd_use_nfs --> off Tis is the status of : sestatus sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted

    Read the article

  • Kerberos Policy section not appearing in RSop / GPResult

    - by Chloraphil
    I am attempting to confirm via RSoP or GPResult that the correct settings for "\Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy" are being applied, however the "Kerberos Policy" node is missing from the treeview / report. These settings are set in the "Default Domain Controllers Policy" which is linked in the "Domain Controllers" OU. Should "Kerberos Policy" appear at all? If not, how can I confirm the correct settings are being applied?

    Read the article

  • How to re-join an AD2003 domain with Samba after deleting the machine account?

    - by Guss
    During some troubleshooting I deleted the machine account for a Linux server running samba from our AD 2003 domain. We are using Kerberos for authentication, and after I deleted the machine account I tried to join the domain again using net ads join -U Administrator But I keep getting Kerberos errors like these: [2009/08/18 16:14:36, 0] libads/kerberos.c:ads_kinit_password(228) kerberos_kinit_password [email protected] failed: Client not found in Kerberos database Failed to join domain: Improperly formed account name It appears as if samba remembers that it once had an account with the AD and keeps trying to reconnect to it, but I want to create a new account from scratch. I tried to delete all the .tdb files I could find as well as everything under /var/cache/samba but to no avail - it still behaves the same. I also tried to create the machine account on the AD side, but then I get a similar error when I try to join, about failure to authenticate with the machine account - it looks like samba tries the previous machine account password and I don't know how to reset it, or even if I could figure out what samba uses - how to set it in the AD. Any help would be greatly appreciated, as at this point the only thing I can think about is to reformat and reinstall the machine, and I would really REALLY love to not do that. Thanks in advance.

    Read the article

  • Repercussions of Raising Domain Functional Level to 2008 on Mac computers running 10.6.2 with OD

    - by JohnyV
    We have recently replaced all of our 2003 server domain controllers to 2008 r2 and have tried to implement PSO's but have found that the domain functional level must be raised to 2008. We have a mac server in our environment that runs open directory and it is integrated into AD. Does anyone know if I do raise the domain functional level (which makes sense since we only have 2008 r2 domain controllers) what the repercussions (if any) there will be on the macs in the environment? Macs are running 10.6.2 and mac server runs the same. Mac server is running OD and also bound to AD.

    Read the article

  • Remote hosts accessing AD's registry

    - by smitty user
    I have a situation here. I have an intrusion detection system and it constantly alerts me that a remote host is accessing our AD's registry remotely. Our remote hosts are mainly Windows XP and our ADs are W2K8. The remote hosts access them over SMB port 445 Is it normal for Windows hosts to access AD's remote registry? My colleagues confirmed with me that both host and AD is clean from virus with endpoint protection enabled. Thanks.

    Read the article

  • Domain restore from RODC

    - by Bump
    Can an AD Domain be restored from a RODC with a copy of the GC? Does an offsite DC replicating the AD need to be a full DC to provide a sufficient up to date AD Backups for disaster recovery?

    Read the article

  • Migrate Domain from Server 2008 R2 to Small Business Server 2011

    - by josecortesp
    I'm looking for some advice here, rather than the big how to do it I'm looking for what do to I have this home server, quad core and 4 GB of ram (I really can't afford more right now). With a Windows Serve 2008 R2 With ActiveDirectory and a Hyper-V-Virtual machine with SharePoint, TFS and a couple of more thigs. I have a least 10 remote users, all of them joined a Hamachi VPN (working great by the way). But I want to migrate that to a Small Business Server 2011 Standard. I tried to make a VM to join the domain and then promote that VM, back up it and then format the physical server, boot up the VM, Promote the Phisical and then erase the VM, but I can't do that because of SBS requiring a least 4 GB of ram to install (so I can't give all the 4 GB of physical ram to a VM). I was thinking in using a laptop (All the clients are laptop) as a temporal server, join the domain, promote it, then format the server and install SBS on the server and do all again. I really need some advice. Thanks in advance. BTW, I know that the software I'm using is kindda expensive, and I can't afford more hardware. I have access to MS downloads by a University partnership so I have all this software for free.

    Read the article

  • Windows server 2008 R2 error :The page file is to small to complete the action

    - by kishore
    I have a windows server 2008 R2 standard edition. The system suddenly stopped accepting remote desktop connections. When I tried to connect directly to the console, I am unable to start any applications. I got errors "The page file is to small to complete the action". Under takmanager in performance the system shows "Commit(GB) 127/127". What does this imply? The system has 32 GB ram, 5 raid disks each 150 Gb

    Read the article

  • In a multi-domain forest, what EXACTLY happens when some, but not all, of the Infrastructure Masters are on Global Catalogs?

    - by MDMarra
    There are plenty of TechNet articles, like this one that say that phantom object don't get updated if an Infrastructure Master is also a Global Catalog, but other than that there isn't a lot of in depth information on what actually happens in this configuration. Imagine a configuration like this: |--------------| | example.com | | | | dedicated IM | |--------------| | | | |-------------------| | child.example.com | | | | IM on a GC | |-------------------| Where child has two DCs that are both global catalogs, meaning that the Infrastructure Master role is on a GC. And, example has three DCs with the Infrastructure Master role on a DC that is not a GC. I understand that it's usually best to just make everything a GC and not have to worry about this sort of thing, but assuming that's not the case - what is the exact error behavior that can be expected from a setup like this, and which domain(s) would this behavior manifest in? The child or the parent?

    Read the article

< Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >