Search Results

Search found 17278 results on 692 pages for 'directory conventions'.

Page 75/692 | < Previous Page | 71 72 73 74 75 76 77 78 79 80 81 82  | Next Page >

  • How to handle external and internal DNS on windows 2012

    - by ThePopcorn
    I'm trying to setup an Active Directory network on Server 2012 R2, and want AD's DNS to only be used internally (Ex: domain-controller.company.com) as well as some records that need both internal and external accessibility (Ex: mail.company.com) that use internal IP's on the internal network and finally some records that only need external access. The only solutions i have been able to think of, or look up are to either use a sub domain that handles all internal records, and use the plain company.com domain for all external records. These both seem to mean i have to manage two DNS servers separately. Is either of these the best ways or am i messing up somewhere?

    Read the article

  • Best practice for authenticating DMZ against AD in LAN

    - by Sergei
    We have few customer facing servers in DMZ that also have user accounts , all accounts are in shadow password file. I am trying to consolidate user logons and thinking about letting LAN users to authenticate against Active Directory.Services needing authentication are Apache, Proftpd and ssh. After consulting security team I have setup authentication DMZ that has LDAPS proxy that in turn contacts another LDAPS proxy (proxy2) in LAN and this one passes authentication info via LDAP (as LDAP bind) to AD controller.Second LDAP proxy only needed because AD server refuses speak TLS with our secure LDAP implemetation. This works for Apache using appropriate module.At a later stage I may try to move customer accounts from servers to LDAP proxy so they are not scattered around servers. For SSH I joined proxy2 to Windows domain so users can logon using their windows credentials.Then I created ssh keys and copied them to DMZ servers using ssh-copy, to enable passwordless logon once users are authenticated. Is this a good way to implement this kind of SSO?Did I miss any security issues here or maybe there is a better way ofachieving my goal?

    Read the article

  • Tools for retrieving and modifying multi-value attributes in Microsoft ActiveDirectory

    - by Justin
    Most attributes in MSAD are single-valued and pose no problem. I am familiar with the dsquery user -samid jdoe | dsmod -webpg "http://some.url/" method. However, some attributes are multi-valued, such as telephone number and webpage. These values can be managed through the Active Directory Users & Computers Microsoft Console (dsa.msc) via the dialogue shown by clicking on the "Other..." button, but I'd really rather script the modifications. It seems to me that dsmod & dsget do not support multi-value retrieval and editing; only the first value of the set seems to be accesible. Am I correct? If I am not correct, I would appreciate a syntax example. If I am correct, would you please recommend an alternative scriptable tool that can handle multi-value attributes? The more "official and supported" the tool, the better.

    Read the article

  • How to fix? => Your system administrator does not allow the user of saved credentials to log on to the remote computer

    - by Pure.Krome
    At our office, any of our Windows 7 Clients get this error message when we try and RDP to a remote W2K8 Server outside of the office :- Your system administrator does not allow the user of saved credentials to log on to the remote computer XXX because its identity is not fully verified. Please enter new credentials A quick google search leads to some posts they all suggest I edit group policy, etc. I'm under the impression, that the common fix for this, is to follow those instructions -per Windows7 machine-. Ack :( Is there anyway I can do something via our office Active Directory .. which auto updates all Windows 7 clients in the office LAN?

    Read the article

  • When i log on then i get annyoing cmd windows in windows7

    - by user191542
    I am using windows 7 on my office PC and that is linked with Active directory. I dont't know what happend if installed something few days ago many small softwares. I don't know if there was some virus or something but anti virus didn't tell anything. Now when i log ion then i keep getting many cmd screen opening and closing and i can't do anything. If i switch user and log with my admin acount then it also happens again witha dmin account. Now when again if i go back to old screen by switching user. then annoying cmd windows are not there. i want to know how can i fix that I managed to get print screen of that

    Read the article

  • GPO best practices : Security-Group Filtering Versus OU

    - by Olivier Rochaix
    Good afternoon everyone, I'm quite new to Active Directory stuff. After upgraded Functional level of our AD from 2003 to 2008 R2 (I need it to put fine-grained password policy), I then start to reorganized my OUs. I keep in mind that a good OU organization facilitate application of GPO (and maybe GPP).But in the end, it feels more natural for me to use Security-group filtering (from Scope tab) to apply my policies, instead of direct OU. Do you think it is a good practice or should I stick to OU ? We are a small organisation with 20 users and 30-35 computers. So, we got a simple OU tree, but more subtle split with security-groups. The OU tree doesn't contain any objects except at the bottom level. Each bottom level OU contains Computers,Users, and of course security groups. These security groups contains Users & Computers of the same OU. Thanks for your advices, Olivier

    Read the article

  • Windows 2008 R2 File Sharing - 'Access denied' if groups are specified in ACL

    - by John Smith
    I am trying to move our old Windows 2003 File Server to Windows 2008 R2. What I have noticed, however, is that the entries for groups in the ACL are being ignored. For example, a user is part of a group in active directory. If I create a folder and enable full access for this group, then share this folder (and define sharing permissions for this group), users in that group do not get access to that folder. If I make an entry in the ACL for the user itself, it works perfectly. These even applies to my domain administrator account - If I create a folder and give full control to the local administrators group / domain administrators group, and I physically log on to the server, I still do not get access - I need to explicitly define my name to proceed. I am not sure what the problem is, tried looking it up in Google to no avail Any assistance will be greatly appreciated

    Read the article

  • Default permissions for courier imap folders

    - by JoeCoder
    I'm using courier imap. When a mail client creates a new folder, it's created on the filesystem with 640 permission. I need it to be writable by the group, or 660. I currently have /etc/courier/imapd IMAP_UMASK=007, but that's not enough. I'm not sure what else to try. Any ideas? I'm using ubuntu server 12.04. EDIT: I added a 50pt bounty to this. For an acceptable answer, I need a way to make it work from a package in a standard repo. If I download source and compile it myself, it won't be automatically kept up to date with security fixes. If I don't find a better answer, I'll add code to the admin script to call another sudo approved script to chmod -R the whole directory before every change. But this is kind of hack-ish.

    Read the article

  • Remote desktop to particular server tries to send print job

    - by Jerry Dodge
    We have a domain network with about 30 computers and an active directory on Windows Server SBS 2003 32bit. Whenever I connect to this server from my Windows 7 Pro 32bit client, it automatically attempts to send some sort of print job. It fails to print however and the printer never seems to receive the job. I have been seeing this happen on every computer which connects to this particular server. It seems to send these print jobs repeatedly, and to different printers, if more than one are installed. As soon as I cancel one print job, it starts another, repeats a few times and finally stops. What could be going on here? PS - I originally thought this was related to MS OneNote but this turns out to happen on computers which do not have OneNote.

    Read the article

  • Should I install an AV product on my domain controller?

    - by mhud
    Should I run a server-specific antivirus, regular antivirus, or no antivirus at all on my servers, particularly my Domain Controllers? Here's some background about why I'm asking this question: I've never questioned that antivirus software should be running on all windows machines, period. Lately I've had some obscure Active Directory related issues that I have tracked down to antivirus software running on our domain controllers. The specific issue was that Symantec Endpoint Protection was running on all domain controllers. Occasionally, our Exchange server triggered a false-positive in Symantec's "Network Threat Protection" on each DC in sequence. After exhausting access to all DCs, Exchange began refusing requests, presumably because it could not communicate with any Global Catalog servers or perform any authentication. Outages would last about ten minutes at a time, and would occur once every few days. It took a long time to isolate the problem because it was not easily reproducible and generally investigation was done after the issue resolved itself.

    Read the article

  • Should websites live in /var/ or /usr/ according to recommended usage?

    - by nbolton
    According to a guide on the Linux directory structure, /usr/ is for application files, and /var/ is for files that change (I assume this means "files that belong to the applications"). Is this correct? If this is the case then I'm a little torn between using either. A website is an application (if it's dynamic, so to speak), but in other cases it is just a collection of files used by Apache. The default www dir lives in /var/www/, so should we follow suit by using /var/websites/ (or something similar), or choose /usr/websites/ since they could be applications? This is a very trivial question, but it's bugging me nonetheless. For our case, I'm leaning toward /usr/web or something like that, since our websites are all applications. Update: This is for our company websites; it's not a shared hosting server, so we don't need to worry about separating them in /home/ or anything like that.

    Read the article

  • Linux - How to control Winbind Authentication cache timeout

    - by cybervedaa
    I have configured my linux machines (running CentOS 5.2) to authenticate against a Windows server running Active Directory. I have even enabled winbind offline logon. Everything works as expected, however I'm also looking to impose a TTL for the winbind authentication cache. So far all I found was the below snippet from the samba documentation winbind cache time (G) This parameter specifies the number of seconds the winbindd(8) daemon will cache user and group information before querying a Windows NT server again. **This does not apply to authentication requests**, these are always evaluated in real time unless the winbind offline logon option has been enabled. Default: winbind cache time = 300 Clearly the winbind cache time parameter does not control the cache TTL for authentication requests. Is there any other way I can implement a cache timeout for winbind authentication requests? Thank you

    Read the article

  • Authenticating Linux users against AD without Likewise Open

    - by Graeme Donaldson
    Has anyone got their Linux systems authenticating against Active Directory without using Likewise Open? We are close to implementing Likewise Open, but first we need to rename roughly 70 of 110 Linux servers so that their hostnames are not longer than 15 characters. This is required because Likewise Open actually joins the Linux computer to the domain, and it fails to do so if the hostname is too long due to some legacy NetBIOS naming limitation. Is there a way to authenticate via AD, using only LDAP perhaps? What are the advantages/disadvantages over doing it like that vs just using Likewise?

    Read the article

  • Best way to find the computer a user last logged on from?

    - by Garrett
    I am hoping that somewhere in Active Directory the "last logged on from [computer]" is written/stored, or there is a log I can parse out? The purpose of wanting to know the last PC logged on from is for offering remote support over the network - our users move around pretty infrequently, but I'd like to know that whatever I'm consulting was updating that morning (when they logged in, presumably) at minimum. I'm also considering login scripts that write the user and computer names to a known location I can reference, but some of our users don't like to logout for 15 days at a time. If there is an elegant solution that uses login scripts, definitely mention it - but if it happens to work for merely unlocking the station, that would be even better!

    Read the article

  • Repercussions of Raising Domain Functional Level to 2008 on Mac computers running 10.6.2 with OD

    - by JohnyV
    We have recently replaced all of our 2003 server domain controllers to 2008 r2 and have tried to implement PSO's but have found that the domain functional level must be raised to 2008. We have a mac server in our environment that runs open directory and it is integrated into AD. Does anyone know if I do raise the domain functional level (which makes sense since we only have 2008 r2 domain controllers) what the repercussions (if any) there will be on the macs in the environment? Macs are running 10.6.2 and mac server runs the same. Mac server is running OD and also bound to AD.

    Read the article

  • How to install Microsoft Exchange 2007 as a member server

    - by O_O
    I am trying to install Microsoft Exchange 2007 to a Windows Server 2003 as a member server. I already have a Windows Server 2008 as my domain controller. I'm having a hard time figuring out what is needed to prepare the machine for Exchange 2007 installation. My specific question is: While following the procedures here in the TechNet Library , do I still need to go through with the section "How to Prepare Active Directory and Domains" and do the following commands if I am making it a member server and NOT a domain controller? ie.. setup /ps setup /p /on: setup /PrepareDomain: Thank you.

    Read the article

  • windows 2008 always keep local dns in first

    - by user3085220
    I have a windows 2008 system and it always keep ::1 in first of the dns setting. I can see the following in "ipconfig /all": DNS Servers . . . . . . . . . . . . : ::1 8.8.8.8 8.8.4.4 and "Obtain dns server address automatically" option in network interface setting is disabled. I installed active directory once and uninstalled now, I think it's the reason. But I can't find any answer from google or bing how to fix.

    Read the article

  • Try exchange in real domain

    - by AndreaCi
    We (as a company) 'd like to try exchange server to replace our mail server. I downloaded the demo version from Microsoft website, but during the installation it wants administrator access to domain to edit the Active Directory database structure. The test will last for (at least) a month to see if it will bring real advantages to our management systems. Here is my question: Is it "dangerous"? If I uninstall the exchange server everything will be reverted to previous state? I'm kind of "scared" about the changes he may apply to our domain controllers.

    Read the article

  • Error setting up Data Protection Manager 2010 Agents / Network "Unauthenticated" in network settings

    - by Bowsa
    I'm not sure if the two are connected but i suspect they are. Basically I'm tring to setup Data Protection Manager 2010 on a fresh install of Server 2008 R2 in a SBS 2003 domain. Everything went fine until trying to install agents across the network. Upon clicking add, i get the following error message: Unable to connect to the Active Directory Domain Services Database. Make sure that the DPM server is a member of a domain and that the controller is running. Also verify that there is network connectivity between the DPM server and the domain controller. ID: 7 As usual (worryingly) the MSDN support for 2010 products is nearly non existant, clicking the error ID simply gives a page not found error. So after 2 days of Googling and trying various fixes (DNS settings, adding permissions to GPO objects, rejoining the domain and many more) I thought I'd ask here in the hope that someone out there may have had this issue before. Any help greatly appreciated!

    Read the article

  • How to execute everything in the Local Area Network

    - by matnagel
    We have a very small LAN here, but some peolpe here think we need Active Directory, though nobody knows how to maintain it. I am not in the position to change this. How can I get full access (on Linux it would be "execute" rights) also for files on network drives (the files are just on another machine next room) My account is in the group Administrators on a windows 2003 server Domain Controller. I cannot open simple MS Access 2000 Databases or CHM Files from network drives in the lan How to do that? Some policy setting? I want to change that once. It is useless. We have no distinction between local or network files here. I would have to copy everything to a local drive and then do what I want.

    Read the article

  • PKI Issuing CA on Domain Controllers

    - by dunxd
    I am setting up a PKI which will initially be used internally. As we may grow our use of this I have opted for a three tier hierarchy - Offline Root and Policy CAs (one Policy CA at the moment for internal use), and online issuing CAs. We had initially discussed using our Domain Controllers as the Issuing CAs rather than setting up dedicated ones. I am now starting to have doubts about whether it is a good idea to have our DCs do certificate issuing. We have less than 1000 users, so our DCs aren't hugely taxed. Does anyone have any suggestions for or against doing this? We are currently running Windows 2003 Active Directory, but will be upgrading to Windows 2008 in the coming year. I'm setting up Windows 2008 PKI.

    Read the article

  • ISC Bind support for GSS-TSIG DDNS Updates?

    - by netlinxman
    First, has anyone EVER configured ISC bind 9.5.0 OR greater with support for GSS-TSIG Dynamic DNS Updates AND gotten it to work? If so, what is the configuration that was used to make that happen? I feel close to having this working. I see that GSS cred passes w/o apparent error during the TKEY negotiation with an Active Directory DC and the BIND DNS server: client 192.168.0.30#52314: query gss cred: "DNS/[email protected]", GSS_C_ACCEPT, 4294967256 gss-api source name (accept) is [email protected] process_gsstkey(): dns_tsigerror_noerror client 192.168.0.30#52314: send But, when the Update is sent, it is refused: client 192.168.0.30#58330: update client 192.168.0.30#58330: updating zone 'example.com/IN': update failed: rejected by secure update (REFUSED) client 192.168.0.30#58330: send Does anyone have this working in the real world?

    Read the article

  • How to deploy SQL Server 2005 Reporting Services on a network without a domain server?

    - by ti
    I have a small Windows network (~30 machines) and I need to deploy SQL Server 2005 Reporting Services. Because I use SQL Server Standard Edition and not Enterprise, I am forced to use Windows Authentication to the users. I am a Linux admin, and have near zero knowledge on Active Directory. As deep as my shallow knowledge goes, I think that I would need to invest in a domain server, a mirrored backup of that domain server. I think that I need to change every computer to use this domain too, and if the domain server goes down, every computer will be unavailable. Is there a easier way to deploy Windows Authentication so that users can access Reporting Services from their computers without changing the infra-structure that much? Thanks!

    Read the article

  • Can't make updates with LDAP from Linux box to Windows AD

    - by amburnside
    I have a webapp (built using Zend Framework - PHP) that runs on a Linux environment which needs to authenticate against Active Directory on a Windows server. So far my webapp can authenticate with LDAPS, but cannot perform any kind of write operation (add/update/delete). It can only read. I have configured my server as follows: I have exported the CA Certificate from my Windows AD server to /etc/opendldap/certs I have created a pem file based on this certificate using openssl I have update /etc/openldap/ldap.conf so that it knows where to look for the pem certificate: TLS_CACERT /etc/openldap/certs/xyz.internal.pem When I run my script, I get the following error: 0x35 (Server is unwilling to perform; 0000209A: SvcErr: DSID-031A1021, problem 5003 (WILL_NOT_PERFORM), data 0 ): Have I missed something with my configuration, which is causing the server to reject making updates to AD?

    Read the article

  • Service Accounts LastLogonTimestamp

    - by Ryan Ries
    In an Active Directory domain, if I configure a Windows service on a domain member computer to start with an AD user account (aka "ye olde service account",) and the then the service stays running but I don't restart the service or reboot the machine for a year... does the LastLogonTimestamp of the service account's user object continue to update? Edit: If you say "it depends on the service," then use MS SQL Server as an example. I set MSSQL Engine to run as contoso\sql-service. Then I leave it alone for a year.

    Read the article

< Previous Page | 71 72 73 74 75 76 77 78 79 80 81 82  | Next Page >