active attr - Page 58 - Developer IT

How do I set up a one way trust when some DCs are firewalled off from each other?

- by makerofthings7

I have two Windows 2008 forests in Win2003 mode and I need to set up a one way trust between them. The validation button in Domains And Trusts works in one forest but not in the other. I think this is because not all DCs can see all the other DCs. I'm not sure if I need to set up the hosts file, so I did so with company.com in the respective domain along with the relevant DC. (do I need _msdcs _tcp zones etc) How do I set up a one way trust when some DCs are firewalled off from each other?

Read the article

What's the meaning of logging in as "[email protected]:something"

- by Harvey Kwok

My Windows 2008 R2 machine is joined to a domain. In the logon screen, if I type in "[email protected]:something" as the username, I can still logon properly, what's the meaning of ":something" appended at the end? I can even see the current user is displayed as "[email protected]:something" in the switch user screen. Is it a feature in Windows? Or is it just a bug? If it is a feature, what's the difference between logging in as "[email protected]" and logging in as "[email protected]:something"? Note that I tried different combinations like "mydomain\username:something" and "mydomain.com:something\username". None of them work except "[email protected]:something".

Read the article

locally logged on a domain joined Win 7 = no authentication prompt so no printing

- by lyngsie

We have problems with Win 7 PC's when the user only log on locally on (a domain joined) PC, but still use the Windows printserver. Installed printers suddently stop working and seem to appear offline. In Windows XP the (logged on locally) user would be prompted to autheticate to the domain when printing, but in Windows 7 this feature seem to be faulty or not implemented. I assume the problem is a timeout on the Kerberos ticket. Of course the user has to authenticate to install the printer from the printserver, and that works fine, but in time the authenticaton stops, and no prompt appear. Any suggestions how we can "force" a prompt to authenticate like it happened in XP?

Read the article

Password recovery of a Windows 2003 DNS server.

- by KronoS

I'm not going to lie, I feel like an idiot and would probably downvote this myself if I could, but here's my problem. I've just setup a Windows 2003 server as the DNS/AD for a replace of an old server. However, it appears that I don't know the password for the Administrator account. I entered the password and I setup the role, but apparently what I remember/wrote down and what I typed in are different. How do I recover a password? I can't log-on locally as it will only allow to log-on to the newly created domain.

Read the article

Add Bookmark to IE automatically for new users on a computer

- by Kyle Brandt

When I set up a PC, I would like to be able to have it so when anyone logs into that PC from the domain a couple of IT bookmarks will be in IE. I read I can do this with a Domain-Level group policy, but unfortunately, with my current domain group policies have not gone well, so I have fear (Rather not get into this in this question). Can I do this at the PC level when I deploy a new computer? So any domain users who log into the PC will have these bookmarks added when their profile is created (no roaming profiles). These are XP machines, and the domain is run by 2003 controllers.

Read the article

Error when adding to the domain : the specified server cannot perform the requested operation

- by James

When we add computers to the domain in Windows 7, we get the error: Changing the Primary Domain DNS name of this computer to "" failed. The name will remain "domain.com". The error was: The specified server cannot perform the requested operation. This happens on multiple computers and retrying yields the same result. Despite the error, the computer is still able to login to the domain ok. The DCs are windows 2003. Has anyone found a way to get rid of this error? Any help is appreciated.

Read the article

ActiveDirectory - LDAP query for objectCategory unexpected results

- by FinalizedFrustration

AD is at 2003 functional level, some of our DC's are running Windows Server 2003, some are 2008, some are 2008 R2. When using the following query: (objectCategory=user) I do not expect to see any result where the objectCategory attribute is equal to 'CN=Person,CN=Schema,CN=Configuration,DC=Contoso' I expect only objects where the objectCategory attribute is equal to 'CN=User,CN=Schema,CN=Configuration,DC=Contoso' However, the query does indeed return all objects with the objectCategory attribute equal to 'CN=Person,CN=Schema,CN=Configuration,DC=Contoso' My question then is this: Why do I see the search results that I do? Does AD actively translate queries that include (objectCategory=user) to (objectCategory=Person)? I have looked at the schema definitions for both the Person and the User class, but I cannot see any reason for the query results as I am experiencing them. I know that the User class is a subclass of the organizationalPerson class, which is a subclass of Person, but I can't see an attribute value that would explain this translation.

Read the article

How to bulk mail-enable contacts from AD in Exchange 2007?

- by George Hewitt

Hello, We have several thousand 'contacts' setup in AD already for a faxing system. We're migrating to an online fax provider that uses e-mail rather than plain old telephone. So, we've bulk edited all the AD records so that the 'mail' attribute is populated with the right e-mail address in the right format. Now, how do we enable these contacts within Exchange 2007? I've looked through http://technet.microsoft.com/en-us/library/bb684891.aspx but that only seems to talk about manually editing the CSV output to specify the external addresses. AD already knows the external e-mail addresses - I just need the info in Exchange! Any thoughts?

Read the article

netlogon errors

- by rorr

I have two instances of mssql 2005 and am using CA XOSoft replication. The master is a failover cluster and the replica is a standalone server. They are all running Server 2003 sp2 x64. Same patch levels on all servers. This setup has worked great for several months until we recently restricted the RPC ports on both nodes of the master(5000 - 6000 using rpccfg.exe). We have to implement egress filtering, thus the limiting of the ports. We began receiving login errors for sql windows authentication and NETLOGON Event ID: 5719: This computer was not able to set up a secure session with a domain controller in domain due to the following: Not enough storage is available to process this command. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. We also see group policies failing to update and cluster file shares go offline at the same time. The RPC ports were set back to default when we started seeing these problems and the servers rebooted, but the problems persist. The domain controllers are not showing any errors. Running dcdiag and netdiag shows everything is fine. We have noticed that the XOSoft service ws_rep.exe is using a lot of handles(8 - 9k), about the same number that sqlserver is using. As soon as xosoft replication is stopped the login errors cease and everything functions correctly. I have opened a ticket with CA for XOSoft, but I'm not sure that the problem is actually xosoft, but that it is the one bringing the problem to light. I'm looking for tips on debugging RPC problems. Specifically on limiting the ports and then reverting the changes.

Read the article

Reverse DNS for two ADs in the same subnet

- by SpacemanSpiff

I currently have two separate AD forests that exist within the same subnet. The two forests have independent copies of the reverse lookup zone for that subnet. Example: Domain A DC1: 10.1.1.1/24 Domain A DC2: 10.1.1.2/24 Domain A AppServer1:10.1.1.3/24 Domain B DC1: 10.1.1.11/24 Domain B DC2: 10.1.1.12/24 Domain B Appserver1:10.1.1.13/24 What I'm after, is a configuration that allows this reverse zone to be shared between them so that both sets of DNS servers can make updates to the zone. This kind of thing is a little far from my everday work, so a kick in the right direction is a welcome suggestion as well. Decoupling one AD into new segments is a possibility I'm open to but would like to avoid if possible. If there is a DNS related solution I'd prefer that.

Read the article

LdapErr: DSID-0C0903AA, data 52e: authenticating against AD '08 with pam_ldap

- by Stefan M

I have full admin access to the AD '08 server I'm trying to authenticate towards. The error code means invalid credentials, but I wish this was as simple as me typing in the wrong password. First of all, I have a working Apache mod_ldap configuration against the same domain. AuthType basic AuthName "MYDOMAIN" AuthBasicProvider ldap AuthLDAPUrl "ldap://10.220.100.10/OU=Companies,MYCOMPANY,DC=southit,DC=inet?sAMAccountName?sub?(objectClass=user)" AuthLDAPBindDN svc_webaccess_auth AuthLDAPBindPassword mySvcWebAccessPassword Require ldap-group CN=Service_WebAccess,OU=Groups,OU=MYCOMPANY,DC=southit,DC=inet I'm showing this because it works without the use of any Kerberos, as so many other guides out there recommend for system authentication to AD. Now I want to translate this into pam_ldap.conf for use with OpenSSH. The /etc/pam.d/common-auth part is simple. auth sufficient pam_ldap.so debug This line is processed before any other. I believe the real issue is configuring pam_ldap.conf. host 10.220.100.10 base OU=Companies,MYCOMPANY,DC=southit,DC=inet ldap_version 3 binddn svc_webaccess_auth bindpw mySvcWebAccessPassword scope sub timelimit 30 pam_filter objectclass=User nss_map_attribute uid sAMAccountName pam_login_attribute sAMAccountName pam_password ad Now I've been monitoring ldap traffic on the AD host using wireshark. I've captured a successful session from Apache's mod_ldap and compared it to a failed session from pam_ldap. The first bindrequest is a success using the svc_webaccess_auth account, the searchrequest is a success and returns a result of 1. The last bindrequest using my user is a failure and returns the above error code. Everything looks identical except for this one line in the filter for the searchrequest, here showing mod_ldap. Filter: (&(objectClass=user)(sAMAccountName=ivasta)) The second one is pam_ldap. Filter: (&(&(objectclass=User)(objectclass=User))(sAMAccountName=ivasta)) My user is named ivasta. However, the searchrequest does not return failure, it does return 1 result. I've also tried this with ldapsearch on the cli. It's the bindrequest that follows the searchrequest that fails with the above error code 52e. Here is the failure message of the final bindrequest. resultcode: invalidcredentials (49) 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772 This should mean invalid password but I've tried with other users and with very simple passwords. Does anyone recognize this from their own struggles with pam_ldap and AD? Edit: Worth noting is that I've also tried pam_password crypt, and pam_filter sAMAccountName=User because this worked when using ldapsearch. ldapsearch -LLL -h 10.220.100.10 -x -b "ou=Users,ou=mycompany,dc=southit,dc=inet" -v -s sub -D svc_webaccess_auth -W '(sAMAccountName=ivasta)' This works using the svc_webaccess_auth account password. This account has scan access to that OU for use with apache's mod_ldap.

Read the article

Encrypt shared files on AD Domain.

- by Walter

Can I encrypt shared files on windows server and allow only authenticated domain users have access to these files? The scenario as follows: I have a software development company, and I would like to protect my source code from being copied by my programmers. One problem is that some programmers use their own laptops to developing the company's software. In this scenario it's impossible to prevent developers from copying the source code for their laptops. In this case I thought about the following solution, but i don't know if it's possible to implement. The idea is to encrypt the source code and they are accessible (decrypted) only when developers are logged into the AD domain, ie if they are not logged into the AD domain, the source code would be encrypted be useless. Can be implemented this ? What technology should be used?

Read the article

Encrypt shared files on AD Domain.

- by Walter

Can I encrypt shared files on windows server and allow only authenticated domain users have access to these files? The scenario as follows: I have a software development company, and I would like to protect my source code from being copied by my programmers. One problem is that some programmers use their own laptops to developing the company's software. In this scenario it's impossible to prevent developers from copying the source code for their laptops. In this case I thought about the following solution, but i don't know if it's possible to implement. The idea is to encrypt the source code and they are accessible (decrypted) only when developers are logged into the AD domain, ie if they are not logged into the AD domain, the source code would be encrypted be useless. How can be implemented this using EFS?

Read the article

Permissions required to look up a domain user's group memberships

- by adrianbanks

I am writing some code to look up the members of particular domain groups. Does the user that this application runs as need any particular permissions on the domain to get this information? Background: I have already determined that the application needs to be run as a domain user to be able to query information from the domain. I have a list of group names and for each group, I need to look up the members of that group on the domain and get their names/usernames.

Read the article

Can a Windows Domain play along with a Hosted Exchange service?

- by benzado

I'm setting up a computer network for a small (10-20 people) company. They are currently using a Hosted Exchange service they are totally happy with. Other than that, they are starting from scratch (office doesn't even have furniture yet). They will need some kind of file sharing server set up in their office. If I set up a machine as a file server and nothing more, users will have three passwords to deal with: local machine, file server, and email. If I set up a Domain Controller, identities for local machine and file server will be the same. But what about the Hosted Exchange server? Must the users have a separate email password, or is it possible to combine the two? (I realize it might depend on the specific hosting provider, but is it possible?) If not, it seems like I have these options: Deal with it: users have a separate email password. Host Exchange on the local server: more than they want to manage in-house? Purchase a hosted VPS, make it part of the domain, and host Exchange there. (Or can/should a VPS be a domain controller?) I realize I have a lot of questions in there. The main one: is there any reason to use a Hosted Exchange service if I'm setting up other Windows services?

Read the article

SQL Server, ad group as a user: dropping many users at once

- by jrara

I have an AD group as a database user. When I try to drop this group from the database users, using DROP USER [this_is_the_ad_group] the group will be dropped but all the individual users in this group will not. How to delete this group and all its users at once?

Read the article

Why does Windows share permissions change file permissions?

- by Andrew Rump

When you create a (file system) share (on windows 2008R2) with access for specific users does it changes the access rights to the files to match the access rights to the share? We just killed our intranet web site when sharing the INetPub folder (to a few specified users). It removed the file access rights for authenticated users, i.e., the user could not log in using single signon (using IE & AD)! Could someone please tell me why it behaves like this? We now have to reapply the access right every time we change the users in the share killing the site in the process every time!

Read the article

Time until Members added to Group Policy is Replicated

- by Kyle Brandt

If I have a group policy, and add a group/user/machine etc to that group policy, how long is it until all domain controllers have that change in effect? This is a Windows 2003 Domain set up with controllers at different geographic locations (Each with a different L3 network). I realize it probably depends, but how do I figure out how long it generally takes for my given setup? Also, is there an event I can check to see if it has a reached a particular domain controller?

Read the article

how to create stub DNS zone for emulating my customer production environment ?

- by Albert Widjaja

Hi All, Is it possible to emulate my customer production environment inside my AD domain by just creating the same domain inside my primary DNS server ? Can I created mycustomer.com DNS zone (STUB) just for the sake of listing few database servers and application servers and then for the other DNS records eg. MX, NS and the other refer to the REAL MX record entry so that my Exchange Server email flow is unaffected to mycustomer.com ? because if I just create A record in my current domain for some of the servers, the FQDN is not exactly what I want. Thanks.

Read the article

How do I login once I promote my Windows Server 2012 to domain controller in my Amazon VPC?

- by Developr

I am following this guide: http://d36cz9buwru1tt.cloudfront.net/pdf/EC2_AD_How_to.pdf to setup my domain controller. I get AD installed correctly, but when I do the promotion to DC, the server restarts and when I try to access it, I am unable to login using any of the local system accounts. I even created my own separate user account, but that did not help. I made sure to disable the amazon settings for renaming the machine, the machine has a static ip and has been renamed.

Read the article

Moved servers running Windows Server 2003

- by Charles

Our company has two locations and each location has a Windows Server 2003 machine as the DC and several servers, running on two different sub-nets. We are consolidating the locations. I changed the IP address on one of the web servers prior to moving to the main location. I didn't change the IP address on either the DC or the other web servers prior to moving to the main location. Now, only the web server whose IP was changed is able to serve pages. The other web servers are not able to serve pages, cannot be pinged, or be accessed via RDP. Since we don't need the second DC, it has been powered down. When I tried to ping it, the previous IP address was received. My colleague changed the IP address in the DC's DNS, but when I ping it, a timeout error is received. I know that I should have read a lot more before doing this. What can I do to fix it? Thanks, in advance, for your help! Update MarkM, thanks for the info on demoting a DC. That's one of the things I want to do after everything is working. Is there a good, clear article you recommend? Rusty, there are no DMZs involved at this point. I need to set up a DMZ, but that's another project.

Read the article

Computers on preexisting Windows 2008 domain accepting accounts from Samba3/4 domain

- by Ivan Vucica

I have a web application written in PHP where I would like to allow existing users to log into Windows computers, too. Re-hash of their passwords is doable (by requesting them to change the password). And to solve desync of passwords, I intend to have webapp authenticate users primarily against the domain. I don't want to give webapp users accounts on the existing domain, which we can call example.local. Instead, I want to provide them accounts on a new domain, let's call it webapp.example.local. From some research I have done, setting up a Samba4 domain and joining computers into this webapp.example.local domain would be one way to allow webapp users to log in. But, the computers should be members of the example.local domain. How can I get computers that are members of and are authenticating against Windows 2008-based example.local to also authenticate users against webapp.example.local? Magic keywords seem to be "trust relationship", "forest", etc, but at this point I haven't found a concrete example on how to establish this trust.

Read the article

When is a domain computer account scheduled to change the password?

- by Jason Stangroome

I understand domain-joined computers have machine accounts in AD and these accounts have passwords that expire (apparently every 30 days by default) and those passwords are automatically changed without user intervention. Given that this is known to cause issues when restoring snapshots of domain-joined virtual machines, is it possible to query the domain-joined computer or AD to determine when the machine account password is next scheduled to be changed?

Read the article

WSS audiences dont show all AD Groups

- by Mike

Not all of my AD Groups are showing in the Audience list. I want to create a new audience based on if the user is in a group. Some AD groups show up, and others don't. Many the newer ones do not show up. My connection is pulling (im pretty sure) the whole AD via primary domain controller. MOS2007 win2003 Any ideas?

Read the article

Users are getting a temporary profile

- by Serhiy

A bit about current setup: It is windows 2008 R2 AD servers (all of them are 2008R2) and couple locations which set as Sites. Each location has DFS on AD server. Roaming profiles are not used nor configured. Users have their home folder configured as mapped S: drive to DFS shared folder. For example: in profile tab user has: Home Folder - connect - S: to \\domain.com\dc\users\%username% We also have redirected Desktop, Documents and Downloads folders to \\domain.com\dc\users. Everything was fine. Suddenly (today), users in most locations lost their local profile (both XP and W7 desktops) and got temporary profiles. Also, it looks like local profile was created today (from folder properties). I checked events at couple machines and there is not errors related to profiles or logon process. I do not see issues in event logs at servers as well. Basically, I run out of ideas what is wrong and why machines lost their local profiles. PS: Laptop users do not have their folders redirected, but lost profiles as well.

Search Results

Search found 8983 results on 360 pages for 'active attr'.

Page 58/360 | < Previous Page | 54 55 56 57 58 59 60 61 62 63 64 65 | Next Page >

- by makerofthings7

- by Harvey Kwok

- by lyngsie

- by KronoS

- by Kyle Brandt

- by James

- by FinalizedFrustration

- by George Hewitt

- by rorr

- by SpacemanSpiff

- by Stefan M

- by Walter

- by Walter

- by adrianbanks

- by benzado

- by jrara

- by Andrew Rump

- by Kyle Brandt

- by Albert Widjaja

- by Developr

- by Charles

- by Ivan Vucica

- by Jason Stangroome

- by Mike

- by Serhiy

< Previous Page | 54 55 56 57 58 59 60 61 62 63 64 65 | Next Page >