Search Results

Search found 28603 results on 1145 pages for 'active users'.

Page 94/1145 | < Previous Page | 90 91 92 93 94 95 96 97 98 99 100 101 | Next Page >

Putting a Windows DC, Exchange in a DMZ

- by blsub6

I have one guy at my company telling me that I should put FF:TMG in between my main Internet-facing firewall (Cisco 5510) and put my Exchange server and DC on the internal network. I have another guy telling me that I should put the Exchange server and DC in a DMZ I don't particularly like the idea of having my mailboxes and DC's usernames/passwords in a DMZ and I think that Windows authentication would require me opening up so many ports between my DMZ and my internal network that it would be a moot point to have it out there anyways. What are some thoughts? How do you have it set up?

Read the article
ActiveDirectory - LDAP query for objectCategory unexpected results

- by FinalizedFrustration

AD is at 2003 functional level, some of our DC's are running Windows Server 2003, some are 2008, some are 2008 R2. When using the following query: (objectCategory=user) I do not expect to see any result where the objectCategory attribute is equal to 'CN=Person,CN=Schema,CN=Configuration,DC=Contoso' I expect only objects where the objectCategory attribute is equal to 'CN=User,CN=Schema,CN=Configuration,DC=Contoso' However, the query does indeed return all objects with the objectCategory attribute equal to 'CN=Person,CN=Schema,CN=Configuration,DC=Contoso' My question then is this: Why do I see the search results that I do? Does AD actively translate queries that include (objectCategory=user) to (objectCategory=Person)? I have looked at the schema definitions for both the Person and the User class, but I cannot see any reason for the query results as I am experiencing them. I know that the User class is a subclass of the organizationalPerson class, which is a subclass of Person, but I can't see an attribute value that would explain this translation.

Read the article
How do I login once I promote my Windows Server 2012 to domain controller in my Amazon VPC?

- by Developr

I am following this guide: http://d36cz9buwru1tt.cloudfront.net/pdf/EC2_AD_How_to.pdf to setup my domain controller. I get AD installed correctly, but when I do the promotion to DC, the server restarts and when I try to access it, I am unable to login using any of the local system accounts. I even created my own separate user account, but that did not help. I made sure to disable the amazon settings for renaming the machine, the machine has a static ip and has been renamed.

Read the article
TLS_REQCERT and PHP with LDAPS

- by John

Problem: Secure LDAP queries via command-line and PHP to an AD domain controller with a self-signed certificate. Background: I am working on a project where I need to enable LDAP look-ups from a PHP web application to a MS AD domain controller that is using a self-signed certificate. This self-signed certificate is also using a domain name that is not a FQDN - think of something like people.campus as the domain name. The web application would take the user's credentials and pass them on to the AD domain controller to verify if the credntials are a match or not. This seems simple, but I am having problems trying to get PHP and the self-signed certificate to work. Some people have suggested that I changed the TLS_REQCERT variable from "request" to "never" within the OpenLDAP configuration. I am concerned that this might have larger implications such as a man-in-the-middle attack and I am not comfortable changing this setting to never. I have also read some places online where one can take a certificate and place it as a trusted source within the openldap configuration file. I am curious if that is something that I could do for the situation that I have? Can I, from the command line, obtain the self-signed certificate that the AD domain controller is using, save it to a file, and then have openldap use that file for the trust that it needs so that I do not need to adjust the variable from request to never? I do not have access to the AD domain controller and as a result cannot export the certificate. If there is a way to obtain the certificate from the command line, what commands do I need to use? Is there an alternate method of handling this issue that would be better in the long run? I have some CentOS servers and some Ubuntu servers that I am working with to try and get this going on. Thanks in advance for your help and ideas.

Read the article
Running 1 DC physically and a second virtually

- by stead1984

I plan to create my first DC and forest on a physical server, then I want to run a second DC on a virtual server that will replicate the first DC. I understand that this will provide redundancy for AD that if the first domain controller went down the second would resume until the first is back online. Would this work and how?

Read the article
How to change the default domain controller when querying AD in a different site ?

- by Linefeed

We have 2 different locations, and at both site we have multiple domain controllers (Win2008). In our application we use Serverless Binding to execute our LDAP queries http://msdn.microsoft.com/en-us/library/ms677945(v=vs.85).aspx. If we look at de DnsHostName of the LDAP://RootDse on site B we always get the default domain controller of site A. Therefor all LDAP queries go much slower. Is there a way to change the default domain controller per site ?

Read the article
How do I set up a one way trust when some DCs are firewalled off from each other?

- by makerofthings7

I have two Windows 2008 forests in Win2003 mode and I need to set up a one way trust between them. The validation button in Domains And Trusts works in one forest but not in the other. I think this is because not all DCs can see all the other DCs. I'm not sure if I need to set up the hosts file, so I did so with company.com in the respective domain along with the relevant DC. (do I need _msdcs _tcp zones etc) How do I set up a one way trust when some DCs are firewalled off from each other?

Read the article
Windows 7 accounts on a 2008r2 DC keep getting locked out randomly

- by Matt

As the title states, this happens randomly to Windows 7 accounts on our Windows 2008R2 domain controller. We just had this start happening after changing from 123together hosted exchange to Rackspace hosted exchange. Also around this time our passwords on the DC started expiring, but not the exact day, and everyone has different days they need to change it before. It has only affected 10 out of 30 accounts, and I see no link between them. What are some fixes I should run or things to look for?

Read the article
how to create stub DNS zone for emulating my customer production environment ?

- by Albert Widjaja

Hi All, Is it possible to emulate my customer production environment inside my AD domain by just creating the same domain inside my primary DNS server ? Can I created mycustomer.com DNS zone (STUB) just for the sake of listing few database servers and application servers and then for the other DNS records eg. MX, NS and the other refer to the REAL MX record entry so that my Exchange Server email flow is unaffected to mycustomer.com ? because if I just create A record in my current domain for some of the servers, the FQDN is not exactly what I want. Thanks.

Read the article
What alternatives are there to ActiveDirectory to administer a large number of computers?

- by Zubair

I would like to know what the different options are or if ActiveDirectory is the only choice.

Read the article
do I need to create an AD site for VPN network

- by ykyri

I have Windows Domain level 2008 R2. There are four GC DC in four different physical locations. I have Kerio-based VPN network for replication and remote administration. Here is how network configured: dc1: local IP: 192.168.0.10 VPN IP: 192.168.1.10 dc2: local IP: 10.10.8.11 VPN IP: 192.168.1.11 dc3: local IP: 10.10.9.12 VPN IP: 192.168.1.12 dc4: local IP: 10.10.10.13 VPN IP: 192.168.1.13 That's simple, replication and all works fine but when running dcdiag on dc3 I have an error: A warning event occurred. EventID: 0x000016AF During the past 4.12 hours there have been 216 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. <...> The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'. The first word after this string is the client name and the second word is the client IP address. Here is netlogon.log lines example: 05/30 12:07:39 DOMAIN.NAME: NO_CLIENT_SITE: dc2 192.168.1.11 05/31 09:52:11 DOMAIN.NAME: NO_CLIENT_SITE: dc4 192.168.1.13 05/31 19:49:31 DOMAIN.NAME: NO_CLIENT_SITE: adm-note 192.168.1.101 07/01 05:16:26 DOMAIN.NAME: NO_CLIENT_SITE: dc1 192.168.1.10 All VPN-joined computers are generates same log line as above. Computer amd-note is for example administrator's notebook, also have VPN. Question is should I add new AD site and bind VPN subnet 192.168.1.0/24 with that site?

Read the article
How to bulk mail-enable contacts from AD in Exchange 2007?

- by George Hewitt

We have several thousand 'contacts' setup in AD already for a faxing system. We're migrating to an online fax provider that uses e-mail rather than plain old telephone. So, we've bulk edited all the AD records so that the 'mail' attribute is populated with the right e-mail address in the right format. Now, how do we enable these contacts within Exchange 2007? I've looked through http://technet.microsoft.com/en-us/library/bb684891.aspx but that only seems to talk about manually editing the CSV output to specify the external addresses. AD already knows the external e-mail addresses - I just need the info in Exchange! Any thoughts?

Read the article
Is it possible, via GPO or other method, to turn Internet Explorer's intranet compatibility mode OFF across a domain?

- by dunc

Our school's VLE has a few problems when running in IE8/IE9's Compatibility View. Mainly it causes difficulties with uploading files. This problem is easily remedied by un-ticking the Display intranet sites in Compatibility View option from Internet Explorer's Compatibility View options. However, I'm unable to find a way of doing this en masse. I can't find anything regarding this in GPO - would a registry hack or similar do the trick? Thanks in advance,

Read the article
Moved servers running Windows Server 2003

- by Charles

Our company has two locations and each location has a Windows Server 2003 machine as the DC and several servers, running on two different sub-nets. We are consolidating the locations. I changed the IP address on one of the web servers prior to moving to the main location. I didn't change the IP address on either the DC or the other web servers prior to moving to the main location. Now, only the web server whose IP was changed is able to serve pages. The other web servers are not able to serve pages, cannot be pinged, or be accessed via RDP. Since we don't need the second DC, it has been powered down. When I tried to ping it, the previous IP address was received. My colleague changed the IP address in the DC's DNS, but when I ping it, a timeout error is received. I know that I should have read a lot more before doing this. What can I do to fix it? Thanks, in advance, for your help! Update MarkM, thanks for the info on demoting a DC. That's one of the things I want to do after everything is working. Is there a good, clear article you recommend? Rusty, there are no DMZs involved at this point. I need to set up a DMZ, but that's another project.

Read the article
Using Folder Redirection GPO and Offline Files and Folders

- by user132844

I want to use Folder Redirection to redirect user's My Documents to a network share. First question is: What is best practices for mapping the drive? Should I use the profile tab in AD with the %username% variable, or a net use logon script, or something else? Second question is: How do I deal with laptops and syncing the network with the local storage? I want to have 2-way syncing so if they manually map their networked home drive and edit it from a different computer, it will sync the newer version to their My Documents folder the next time they connect their normal work computer. I also want to be sure that if they edit a file offline on their laptop while away from the office, that the network version syncs the changes the next time they connect that laptop. Please advise best practices for this scenario in a 2008 R2/Win7 environment. I am also interested in Mac clients for this environment, and while I am very Mac savvy, I would like to hear what others consider to be best practices for Mac network homedirs in a Win environment.

Read the article
Domain Controller Placement

- by Matt

I've been working through some Exchange training documentation (the official MS e-learning package) and all of the design scenarios allude to placing at least one DC from your forest root domain in every site. I'm not sure whether this just relates to Exchange, but I can think of a number of issues we experience in our forest that would be resolved by this. For example, a Microsoft support engineer has stated that EVERY client in a child domain (i.e. all workstations and member servers) need access to a forest root DC to check certificate/template permissions, even on a subordinate CA. I have attempted to locate documentation or guidelines from Microsoft on this, but have not been able to find anything. I found the Domain Controller Placement guide, but it's only a form - you would use it to document where you will place your DCs, but it doesn't give any guidance on where you should deploy them. Does anyone know where, or if, I can find any such documentation?

Read the article
How to bulk mail-enable contacts from AD in Exchange 2007?

- by George Hewitt

Hello, We have several thousand 'contacts' setup in AD already for a faxing system. We're migrating to an online fax provider that uses e-mail rather than plain old telephone. So, we've bulk edited all the AD records so that the 'mail' attribute is populated with the right e-mail address in the right format. Now, how do we enable these contacts within Exchange 2007? I've looked through http://technet.microsoft.com/en-us/library/bb684891.aspx but that only seems to talk about manually editing the CSV output to specify the external addresses. AD already knows the external e-mail addresses - I just need the info in Exchange! Any thoughts?

Read the article
How to bypass Forefront TMG for downloading from Adobe Cloud

- by user1006272

I hope that this question has not been asked as I've spent a couple of days googling around trying to find a solution. I have one computer that needs to download from Adobe Cloud to install applications like Photoshop etc... The issue I'm having is that Adobe uses a download manager program (AdobeApplicationManager.exe) that just keeps incrementing the time left on the download of any app like Photoshop. Is there a way to allow just the download manager from that one computer to bypass any filtering settings in Forefront TMG 2010? I have very little knowledge of servers / ISA servers / Forefront TMG and have been thrown into this position by luck I guess. Any help with this would be highly appreciated. Thanks in advance.

Read the article
Cannot add Windows 7 client to SBS 2008

- by Sandokan

I have just installed SBS 2008 R2 Standard on VMware Workstation 9 along with Windows 7 Pro N. Both are activated and running fine. I have followed the steps to configure SBS 2008 and am now at the point where I'm to add a computer to the domain. Here is where the problem begins. I have gone through the steps of using the webinterface. On the client I downloaded Launcher.exe. I then run it and get the error "Check computer requirements - Failed" (translated from swedish): "This computer doesn't reach the requirements for connecting to the network." "The computer doesn't reach the maximum requirements for the operating system with regards to connect to the network" The provided link for More information only leads to a general supportpage and doesn't handle this specific error. I have also checked the time settings and they are correct. Any clue as to what this problem could be?

Read the article
Can't find windows 2000 domain after PDC Change

- by Mark A Kruger

This is a windows 2000 domain issue. I had an old win2000 PDC that was beginning to fail. So, trying to be pre-emptive, I installed a new BDC, then "demoted" the old PDC and took it off the network. Now it appears that no member server can "find" the domain anymore. No logins work (for services or a RDP or anything). What I've tried (based on googling): Verified sysvol is shared on all servers. Used nslookup to verify that DC's are being found. netdiag /fix meta data cleanup routines. verified no firewall issues (port 389 etc) seizing all roles to new PDC (I did that as part of the original promotion). LMHOST file and Netbios settings. At the moment it seems like I can get the DC's returned but cannot contact them. I'm at a loss. My latest attempt was to remove a member server from the domain and try to "re-add" it. When I do that I get this message: The query was for the SRV record for _ldap._tcp.dc._msdcs.cfwebtools.com The following domain controllers were identified by the query: db-dev1.cfwebtools.com file-prod1.cfwebtools.com cfwt-pdc2.cfwebtools.com However no domain controllers could be contacted. It then goes on to ask if I've checked my A record and made sure they are running. Is there a way to force this domain to be seen? I also shared sysvol (or double checked it) and restarted the dfsr service. More information. I got looking at sysvol and found it was not shared on 2 of these servers. Only one of them (db-dev1) has a "good" or at least "populated" sys vol store. So I tried doing a "d2" recovery of my PDC against that good sysvol. But it never synchs - or at least it does not seem to synch. I'm guessing if I could get sysvol and netlogin to kick in and replicate that would fix my issue. I think these DC's aren't responding because they are waiting for replication which is broken somehow. Would taking down all the DC's except for db-dev1 fix the issue - at least temporarily? I know I can't just copy the sysvol stuff over to the other 2 can I?

Read the article
Time until Members added to Group Policy is Replicated

- by Kyle Brandt

If I have a group policy, and add a group/user/machine etc to that group policy, how long is it until all domain controllers have that change in effect? This is a Windows 2003 Domain set up with controllers at different geographic locations (Each with a different L3 network). I realize it probably depends, but how do I figure out how long it generally takes for my given setup? Also, is there an event I can check to see if it has a reached a particular domain controller?

Read the article
How to collect Security Event Logs for a single category via Powershell

- by Darktux

I am trying to write a script which collects security log from all of our domain controllers hourly and stores them remotely; i can collect the security logs , but is there a way to collect the security logs by category or event number from the DC? please do let me know if any additional questions. My Code: $Eventlogs = Get-WmiObject -Class Win32_NTEventLogFile -ComputerName $computer Foreach($log in $EventLogs) { if($Log.LogFileName -eq "Security") { $Now = [DateTime]::Now $FileName = "Security" +"_"+$Now.Month+$Now.Day+$Now.Year+"_"+$Now.Hour+$Now.Minute+$Now.Second $path = "\\{0}\c$\LogFolder\$folder\$FileName.evt" -f $Computer $ErrBackup = ($log.BackupEventLog($path)).ReturnValue if($clear) { if($ErrBackup -ne 0) { "Backup failed" "Backup Error was " + $ErrBackup } } } } Copy-EventLogsToArchive -path $path -Folder $Folder }

Read the article
Scripting help - need to get phone number of AD accounts and then add them to contacts in trusted domain

- by TheCleaner

I have domain accounts that I have created as contacts in another trusted domain so that they can see them in their Exchange GAL. I need a way to extract the phone number field from UserA (user account) in DomainA and import it into UserA (contact) in DomainB. I get the logic, it's just the code (vbscript/powershell/whatever) that eludes me. The logic as I see it: Connect to source AD (ou/subtree) Extract user accounts from OU and subcontainers including first name, last name, display name, and phone number Connect to target AD (ou/subtree) Verify/match contact with extract in #2 above based on display name Update phone field with phone number in extract Write log of success and failures Anybody able to help?

Read the article
Where are AD registry settings

- by erdogany

As you might already know AD does not let you change the password through LDAP if you don't have a secure connection to AD. I heard that there is a registry setting to change this behavior but so far couldn't find where it is... Anyone of you know how can I can change this behavior?

Read the article
How to export AD security list to Excel

- by r0ca

How can I export the security member's list from a security group to an excel sheet. I've found some code on the web but I would need an UI or a software that can do this. I'm open to Powershell tho... Regards, D.

Read the article

< Previous Page | 90 91 92 93 94 95 96 97 98 99 100 101 | Next Page >