Search Results

Search found 16602 results on 665 pages for 'directory'.

Page 85/665 | < Previous Page | 81 82 83 84 85 86 87 88 89 90 91 92 | Next Page >

Why is GPO Tool reporting a GPO version mismatch when the GPO version #'s do match?

- by SturdyErde

Any ideas why the group policy diagnostic utility GPOTool would report a GPO version mismatch between two domain controllers if the version numbers are a match? Policy {GUID} Error: Version mismatch on dc1.domain.org, DS=65580, sysvol=65576 Friendly name: Default Domain Controllers Policy Error: Version mismatch on dc2.domain.org, DS=65580, sysvol=65576 Details: ------------------------------------------------------------ DC: dc1.domain.org Friendly name: Default Domain Controllers Policy Created: 7/7/2005 6:39:33 PM Changed: 6/18/2012 12:33:04 PM DS version: 1(user) 44(machine) Sysvol version: 1(user) 40(machine) Flags: 0 (user side enabled; machine side enabled) User extensions: not found Machine extensions: [{GUID}] Functionality version: 2 ------------------------------------------------------------ DC: dc2.domain.org Friendly name: Default Domain Controllers Policy Created: 7/7/2005 6:39:33 PM Changed: 6/18/2012 12:33:05 PM DS version: 1(user) 44(machine) Sysvol version: 1(user) 40(machine) Flags: 0 (user side enabled; machine side enabled) User extensions: not found Machine extensions: [{GUID}] Functionality version: 2

Read the article
SQL Server Windows Auth Login sees Domain as untrusted...

- by Mr Shoubs

I've had someone set up a domain controller on windows 2008 on one server, and sql server 2008 on another. The domain seems to be working fine, I'm logged on as a domain user on both servers, nothing seems to be a problem there. However, when I try to add a domain user/group to SQL Server Security (e.g. clicking ok from the create login screen) it says it can't find it (even though I've used the search to find the correct account in the first place), when I try to logon (even though I haven't added it yet) it says something about the account being part of an untrusted domain instead of saying I don't have permission to log on. Anyone have any ideas on what is set up incorrectly?

Read the article
SQL Server Windows Auth Login not working

- by Mr Shoubs

I've had someone set up a domain controller on windows 2008 on one server, and sql server 2008 on another. The domain seems to be working fine, I'm logged on as a domain user on both servers, nothing seems to be a problem there. However, when I try to add a domain user/group to SQL Server Security (e.g. clicking ok from the create login screen) it says it can't find it (even though I've used the search to find the correct account in the first place), when I try to logon (even though I haven't added it yet) it says something about the account being part of an untrusted domain instead of saying I don't have permission to log on. Anyone have any ideas on what is set up incorrectly?

Read the article
Blocking password policy (expiry) for a particular OU in AD

- by Kip

Hey SF Folks, Situation is this: I need to have a particular container in my AD environment which blocks password expiry policy, but accepts all other policies. Is this something that would work by simply adding in a GPO at the sub-ou level (the ou in question is a child of ou's where GPO's including password stuff is set). These accounts (and this ou) already exist and will have the default domain policy as well as other policies applied and they should continue to receive policy settings as per those GPO's, with the exception of the Password Expiry. We have tried the password do not expire tickbox and that seems not to have worked. Thanks in advance. Kip

Read the article
gpupdate failing when using Samba 4 AD DC

- by darthfoolish

I have a Samba 4 AD domain running with 2 DCs on Centos 6.5, with a named DNS backend. I have multiple Windows 7 machines joined to this domain, which is fine. However, I can't get GPOs to apply. When running gpupdate, I get the following output The processing of Group Policy failed. Windows attempted to read the file \\sysvol\\Policies{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini Obviously, you don't normally see what it's trying to connect to when it's successful, but I would have thought the first place shows up, I should be seeing So, what governs what data gets put in between those angle brackets? If it is just supposed to be the domain, then what else could be going wrong? Thanks in advance for any help.

Read the article
Read Only Domain Controllers and DNS zone updates

- by Mike M

I have a Windows 2003 domain and just added a new DC that runs 2008 R2. I updated the schema accordingly for both forest and domain levels. I also made sure to run /rodcprep at the time I did this. I have a branch office with a 2008 R2 file/print server that is a read-only domain controller (DC). The one problem I have been having is with AD-integrated DNS records updates. In the data center, we had to make an IP address change on a particular server. All our other sites' DCs (2003) updated the record fine. The 2008 R2 DC in the data center also updates its record fine. However, the RODC in the branch office does not. So if I nslookup the target server on a 2003 DC, the IP address is correct. Same with the 2008 R2 DC in the data center. But an nslookup on the branch office RODC still pulls in the old IP address. Moreover, any new records we've created (e.g., just added a new terminal server) do not get updated on the branch RODC either. Is there something simple I'm missing? How do I get the RODC to sync its AD-integrated DNS records with the rest of my world? Thank you in advance for your responses. Mike

Read the article
Slow logins with roaming profiles

- by tliff

We are running an ActiveDirectory environment with Windows 2008 as DC and Samba 3.3 as fileserver, using roaming profiles. Some of our offices are connected to HQ via slowish links (1/2 Mbit). Naturally this is not very fast but that was expected. What I do not understand is, that if a user logs out (taking a long time to sync, as expected) and then logs in again the next day it also takes a long time to login. And that is what I don't understand. Shouldn't the sync recognize that nothing has changed rather quickly? Also: Is there any decent docu on how the synchronization is implemented?

Read the article
How to find last login user on given computer name on AD

- by user1215305

If anyone could help, it would be appreciated. I am trying to audit the network. I have list of computers that are active in last 3 months in domain. I have little script that run when user login to the computer and writes the file with computer name. I have 39 computers and only on 23 computers the script was run. So I am chasing up with other 16 computers. My question is how can I find out who has last login to the given computer name? Many thanks in advance

Read the article
How to change the default domain controller when querying AD in a different site?

- by Linefeed

We have 2 different locations, and at both site we have multiple domain controllers (Win2008). In our application we use Serverless Binding to execute our LDAP queries http://msdn.microsoft.com/en-us/library/ms677945(v=vs.85).aspx. If we look at de DnsHostName of the LDAP://RootDse on site B we always get the default domain controller of site A. Therefor all LDAP queries go much slower. Is there a way to change the default domain controller per site ?

Read the article
GPO refresh error - Policy Refresh has not completed in the expected time. Exiting...

- by Albert Widjaja

Hi All, I'm having problem with my GPO changes, that I'd like to force to my terminal server users here's what I've done: I've made some necessary changes in one of the Domain Controllers to disable the GPO which applies to my Terminal Server user OU and then I go to the Terminal Server mstsc /admin console to perform the GPo refresh by using /force parameter, however I got this error instead: C:\Documents and Settings\Adminisratorgpupdate /force Refreshing Policy... User Policy Refresh has not completed in the expected time. Exiting... User Policy Refresh has completed. Computer Policy Refresh has not completed in the expected time. Exiting... Computer Policy Refresh has completed. but then the changes still got no effect yet as I logged in to the terminal server ? is there any way of how to make it in effect immediately please ? Thanks

Read the article
How do I use Group Policy on a domain to delete Temporary Internet Files?

- by Muhammad Ali

I have a domain controller running on Windows 2008 Server R2 and users login to application servers on which Windows 2003 Server SP2 is installed. I have applied a Group Policy to clean temporary internet files on exit i.e to delete all temporary internet files when users close the browser. But the group policy doesn't seem to work as user profile size keeps on increasing and the major space is occupied by temporary internet files therefore increasing the disk usage. How can i enforce automatic deletion of temporary internet files?

Read the article
Hide notification area GPO not applying

- by Richard

I have created a GPO to hide the notification area on Windows XP SP3. The GPO must apply to all students but only in certain rooms so I've also enabled loopback processing on the GPO and linked to the OUs the computers are in. I've then added a group to the security filter that contains all student accounts. This is not applying. It doesn't even show up in gpresult. I have also tried linking it in the Students OU which contains all student accounts and applying a security filter with a group of the computers I want it to apply to. This didn't work either. It's possible I'm missing something straightforward. Would a WMI filter do the job, and if so how would I go about writing one so that it'll only apply to computers whose name begins with XX-RT for example.

Read the article
Windows NT workstation on AD domain

- by Tom

We run a Windows NT workstation connected to special manufacturing equipment, that everyone is deathly afraid to touch. It has custom software and special cards inside of the machine, making a rebuild impossible. The problem is, we are migrating to an AD domain from an NT domain, and this workstation stills needs access to storage on the network (AD computers). How should I go about doing this, after we get rid of our NT Domain controller? Upgrading to 2000 is not an option (so says management). I know, I know, if it dies we are in trouble. But that's managements choice, we just need to get rid of this NT domain.

Read the article
How to logon with local account? RODC "There are no logon servers to process your request"

- by g18c

I have a site-to-site VPN, writeable DC in main office, Read-only DC. Today the VPN went down, but i couldnt log in to the read-only DC - the error message came up There are no logon servers to process your request. Since the RODC is a domain controller, there is no local administrator. How can i ensure that i am always able to log on to the RODC with a known account in an emergency if the writeable DC is not available?

Read the article
Powershell script for setting password expiry

- by Pierre E

Due to mistakes by the helpdesk staff, I found that over a 100 user accounts in my company AD have been set so that their passwords never expire. To avoid the situation in which all these users suddenly find themselves unable to log in, I want to run a script to set the password expiry to a specified date. I'm using Quest AD cmdlets, but I've only used powershell for simple scripts to get lists of users. The attribute I'm trying to modify is 'PasswordStatus' and I want to set those with this attribute set as "password never expires' to a specific date. Not much of a scripting guy, so any help in this would be most welcome.

Read the article
Temporarily disable an AD server

- by 3molo

Topology and setup We have main office A, and branch office (abroad) B. Our ISP somehow messed up the MPLS, and office A<B will not be connected until a few days. At location B, we have an AD (and the other two ADs at location A). Location A also have an exchange server. The problems A few users at A have problem to login to their computers running Windows XP, the logon process kind of hangs where "Applying computer policies". Additionally, I can't start the Exchange management shell, it fails on get-recipient because the AD abroad (location B) is unreachable. Solution? I could delete the AD at B, but Im pretty sure it will be a hazzle to re-join it, and since the office is abroad it's not an option to just go there and re-install it - re join, I now wonder how I in location As primary and secondary ADs can temporarily disable AD at location B.

Read the article
"The zone can be scavenged after" keeps incrementing

- by kce

What are you trying to do? I'm trying to enable DNS scavenging on a DNS zone that has about a hundred stale DNS records. What have you tried in order to make it happen? I setup DNS Scavenging per everyone's favorite TechNet Blog post: Don't be afraid of DNS Scavenging. Just be patient. I first disabled scavenging on all of our domain controllers: DNSCmd . /ZoneResetScavengeServers contoso.com 192.168.1.1 192.168.1.2 I then enabled automatic scavenging on the DNS zone: I then enabled DNS scavenging on one of the domain controllers: I then found a few records that I expected to get delete with timstamps from a few years ago and ensured that that the Delete this record when it becomes stale and that time stamp was actually set: Finally I reloaded the zone and waited 14 days (the sum of the Refresh + No-Refresh periods). What results did you expect? I expected to see a 2501 Event in the DNS server logs noting the deletion of a bunch of DNS records. What actually happened? Nothing happened. The Zone Aging/Scavenging Properties showed that the zone could be scavenged after 6/12/2014 10:00:00 AM last week. No 2501/2502 events were recorded. All of the records with "aged" time stamps are still present. The date at which the zone can be scavenged after incremented another seven days to ?6/?18/?2014 10:00:00 AM. As I understand it until that date stays at least 14 days in the past nothing will ever even be eligible for scavenging let alone actually be scavenged. The only 2501 events recorded in the event logs are ones that I have triggered by right clicking and selecting "Scavenge Stale Resource Records". They note that scavenging will try to run again in 168 hours which was this morning. I have DNS scavenging enabled for a few months and have waited patiently for something to happen. I have reloaded the zone multiple times (which resets this timestamp). What am I missing here?

Read the article
Netdom to restore machine secret

- by icelava

I have a number of virtual machines that have not been switched on for over a month, and some others which have been rolled back to an older state. They are members of a domain, and have expired their machine secrets; thus unable to authenticate with the domain any longer. Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 14/05/2009 Time: 10:24:54 AM User: N/A Computer: TFS2008WDATA Description: The Security System detected an authentication error for the server ldap/iceland.icelava.home. The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)". For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: c000006d Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 14/05/2009 Time: 10:24:54 AM User: N/A Computer: TFS2008WDATA Description: The Security System detected an authentication error for the server cifs/iceland.icelava.home. The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)". For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: c000006d Event Type: Error Event Source: NETLOGON Event Category: None Event ID: 3210 Date: 14/05/2009 Time: 10:24:54 AM User: N/A Computer: TFS2008WDATA Description: This computer could not authenticate with \\iceland.icelava.home, a Windows domain controller for domain ICELAVA, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: c0000022 So I try to use netdom to re-register the machine back to the domain C:\Documents and Settings\Administrator>netdom reset tfs2008wdata /domain:icelava /UserO:enterpriseadmin /PasswordO:mypassword Logon Failure: The target account name is incorrect. The command failed to complete successfully. But have not been successful. I wonder what else needs to be done?

Read the article
Send mail from a distrobution groups email address

- by Campo

A user has send permission on a distro group on a WINDOWS SERVER 2003 domain. I am the admin. When either of us send email using the distrobution groups email adress we get a non delivery report Your message did not reach some or all of the intended recipients. Subject: TEST Sent: 4/19/2010 4:46 PM The following recipient(s) cannot be reached: [email protected] on 4/19/2010 4:46 PM You do not have permission to send to this recipient. For assistance, contact your system administrator. MSEXCH:MSExchangeIS:/DC=local/DC=DOMAIN:SERVERNAME Thanks, JC

Read the article
Does an ADFS v2 server have to be on the actual domain server?

- by Carl Hörberg

Can an ADFS v2 server be installed stand-alone, or is it tightly coupled with the AD server?

Read the article
Setting user calendar permissions on Exchange 2007

- by blizz

We have Exchange 2007 with about 100 users. I would like to change everyone's free/busy permissions to grant Reviewer status to a specific AD group. I have tried PFDAVAdmin tool but when I commit any changes, they do not affect the users. If I grant myself Reviewer permissions to another user's calendar using the tool, I still cannot view that user's free/busy details, and I also don't show up on the list of people with permissions on that user's Outlook calendar options. It seems like PFDAVAdmin simply appears to do something, but doesn't actually change anything. Is there any other way for me to accomplish what I need to do? Or is there something I may not be doing right with PFDAVAdmin? FYI I have followed directions from this link: http://exchangeshare.wordpress.com/2008/05/27/faq-give-calendar-read-permission-on-all-mailboxes-pfdavadmin/

Read the article
How to set common NTP server for all computers in AD

- by abatishchev

I want to set default NTP server to pool.ntp.org to all computers joining my domain. How can I force this using AD MMC console? Or I have to setup this using DHCP server?

Read the article
Cross domain LDAP

- by Adam

For a system we are developing we have 2 domains an internal and an external domain with bi directional trust between them. However the servers are only able to connect to their own DC's. We have an application server on the internal domain which needs to use an LDAP query to gather a list of users from a group on the external domain. How do i go about writing an LDAP query that asks one DC to go ask another DC for a list of users. I tried querying the internal DC with the same LDAP query I would use if it could hit the external DC directly but this does not work. When i use Softerra LDAP Administraor I can view the full hierarchy of the interal domain but despite the trust relationship between domains i am unable to see any of the external doamin. Any suggestions or help would be greatly appreciated

Read the article
Mac Share Points automatically authenticate with matching Windows AD credentials from Windows

- by Ron L

I recently started administering an OS X server (10.8) that is on the same network as our AD domain. While setting up Mac Share Points, I encountered some odd behavior that I hope someone can explain. For the purposes of this example assume the following: 1) Local User on OS X Server: frank, password: Help.2012 2) AD Domain User: frank, password: Help.2012 3) AD Domain: mycompany 4) OS X Server hostname: macserver (not bound to AD, not running OD) When joined to the domain on a a Win 7 computer and logged in as frank and accessing the shares at \\macserver, it automatically authenticates using frank's OS X credentials (because they are the same). However, if I change frank's OS X password, the standard Windows authentication dialog pops-up preset to use frank's AD domain (my company\frank). However, after entering the new OS X password, it will not authenticate without changing the domain to local (.\frank). Basically, if a user in AD has the same User name and password in OS X, it will authenticate automatically regardless of the domain. If the passwords differ, authenticating to the OS X shares must be done from the local machine. (and slightly off topic - how come an OS X administrator can access the root drives on the Mac server from Windows when accessing the Mac shares even when they aren't shared? In other words, it will show all the shared folders from "File Sharing" plus whatever drives are mounted in OS X)

Read the article
How to setup a 1 way trust, Windows Server 2008 R2

- by MichaelOz

I am on my home network and connect to workplace via a VPN. I have a DC on my home network (DC1 , domain = home). How can I setup a 1 way trust, so that I am able to run executables, such as SQL Management Studio using RunAs - then type in credentials for work domain? First question is, will a 1 way trust solve this, and can I set this up without bothering a network admin at workplace (assuming I have a domain account with enough permissions on work domain) If yes - any good step by step guide to setup 1 way trust? Server is Windows Server 2008 R2. As mentioned its DC running DNS Role too. Thanks in advance

Read the article

< Previous Page | 81 82 83 84 85 86 87 88 89 90 91 92 | Next Page >