Audit moved computer object?

Tutorials Win: Microsoft Windows Forum

- Previous
  - 1
    - Replication Basic Qs Hi: I have root Domain Windows 2003 and have 7 child domains across geographical locations and have about 12 various sites. I have a hub and spoke environment where The central HUB - "AAA" replicates to Various sites. So If I have a Site called Africa; Example: I have a site link called AAA to Africa and it contains site AAA and Africa.. My question is to monitor it effectively using replication monitor... What is the best way?? like to send me email when replication failed.. thanks Tag: Audit moved computer object? Tag: 125591
  - 2
    - logon script policies we use a combo of batch file and kixtart scripts for our logon process. I'd like to get the logon script process into a GPO as opposed to putting the batch file name in every user profile. First, I just want to confirm this is the best way to do it - I would think so as right now we have many users that don't have the logon script field properly set, most likely because the person who created the account didn't follow the proper steps! Second, Do I need to include all of the logon-script related files in the policy, or is it perfectly acceptable to just add the batch file that does the calling into the policy and include lines like the following in the batch file that calls files in the netlogon share : \\%logonserver%\netlogon\files\kix32.exe \\%logonserver%\netlogon \script.kix or... %0\..\files\kix32.exe %0\..\\netlogon\script.kix ...and speaking of which, are one of the methods better than the other for referring to files in the netlogon share from a logon script?? Thank You!! - JayDee Tag: Audit moved computer object? Tag: 125586
  - 3
    - one big reverse lookup zone Hi! Our AD has about 26,000 computers. Right now we've got a messy mix of Class B and Class C reverse-lookup zones that I want to clean up. At first I was considering changing them all to class B's and getting rid of the Class C's, but then I was thinking.... what about creating one giant Class A reverse-lookup zone? The entire network is on the same first octet, and none of the addresses are routable on the internet, so in essence we own the entire class A range. Thanks for your opinions... - JayDee Tag: Audit moved computer object? Tag: 125585
  - 4
    - 1481,1084, 2108 Error NTDS Replication about 3 months until now I have (occasionally occurs) some NTDS Replication Errors, only on 2 DC in the same site... The objects are always on Deleted Objects and related with printers like "CN=PC1-PrinterP1\0ADEL:87a67f33-5ffe-4484-93c7- f02cc6567121,CN=Deleted Objects,DC=bv,DC=org" 1481,NTDS Replication,Internal error: The operation on the object failed. Additional Data Error value: 5 000020D9: SvcErr: DSID-031B0D6F, problem 5001 (BUSY), data 0 1084,NTDS Replication,Internal event: Active Directory could not update the following object with changes received from the following source domain controller. This is because an error occurred during the application of the changes to Active Directory on the domain controller. Object: CN=PC1-PrinterP1\0ADEL:87a67f33-5ffe-4484-93c7-f02cc6567121,CN=Deleted Objects,DC=bv,DC=org 2108,NTDS Replication,This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged......... help? thkU! Tag: Audit moved computer object? Tag: 125581
  - 5
    - FYI: Remote Server Administration Tools (RSAT) available for Windows Vista SP1 This is a multi-part message in MIME format. ------=_NextPart_000_003C_01C88ECD.499C2970 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable FYI: Remote Server Administration Tools (RSAT) available for Windows = Vista SP1 see: http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/remote-server-adm= inistration-tools-rsat-adminpak-for-windows-vista-sp1.aspx --=20 Cheers,=20 (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Windows Server - Directory Services BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx -------------------------------------------------------------------------= ----------------- * How to ask a question --> http://support.microsoft.com/?id=3D555375 -------------------------------------------------------------------------= ----------------- * This posting is provided "AS IS" with no warranties and confers no = rights!=20 * Always test before implementing! -------------------------------------------------------------------------= ----------------- ################################################# ################################################# -------------------------------------------------------------------------= ----------------- ------=_NextPart_000_003C_01C88ECD.499C2970 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.6001.18000" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DVerdana size=3D2> <DIV><FONT face=3DVerdana size=3D2><FONT size=3D1> <P>FYI: Remote Server Administration Tools (RSAT) available for Windows = Vista=20 SP1</P> <P></FONT></FONT><FONT face=3DVerdana size=3D2>see:</FONT></P></DIV> <DIV><FONT face=3DVerdana size=3D2><A=20 href=3D"">http://blogs.dirteam.com/blogs/jorge/archive/2008/03/26/remote-= server-administration-tools-rsat-adminpak-for-windows-vista-sp1.aspx</A><= /FONT></DIV></FONT></DIV><FONT=20 face=3DVerdana size=3D2> <DIV><BR>-- <BR><BR>Cheers, <BR>(HOPEFULLY THIS INFORMATION HELPS = YOU!)</DIV> <DIV> </DIV> <DIV># Jorge de Almeida Pinto # MVP Windows Server - Directory = Services</DIV> <DIV> </DIV> <DIV>BLOG (WEB-BASED)--> <A=20 href=3D"http://blogs.dirteam.com/blogs/jorge/default.aspx">http://blogs.d= irteam.com/blogs/jorge/default.aspx</A><BR>BLOG=20 (RSS-FEEDS)--> <A=20 href=3D"http://blogs.dirteam.com/blogs/jorge/rss.aspx">http://blogs.dirte= am.com/blogs/jorge/rss.aspx</A><BR>--------------------------------------= ----------------------------------------------------<BR>*=20 How to ask a question --> <A=20 href=3D"http://support.microsoft.com/?id=3D555375">http://support.microso= ft.com/?id=3D555375</A><BR>----------------------------------------------= --------------------------------------------<BR>*=20 This posting is provided "AS IS" with no warranties and confers no = rights! <BR>*=20 Always test before=20 implementing!<BR>--------------------------------------------------------= ----------------------------------<BR>###################################= ##############<BR>#################################################<BR>--= -------------------------------------------------------------------------= ---------------</FONT></DIV></BODY></HTML> ------=_NextPart_000_003C_01C88ECD.499C2970-- Tag: Audit moved computer object? Tag: 125578
  - 6
    - Active Directory Specialist position available in Gaithersburg MD Hi My name is Firdosh Bhathena and I am a Technical Recruiter with Altek Information Technology Inc. We are looking for acandidate to fill the Active Directory Specialist position in Gaithersburg MD for our client Marriott International This is a long term contract position working for one of our direct clients. Attached is the job description for your reference ,please review the job description and let me know if you are interested . Job Description: *****WE ARE LOOKING FOR AN ENGINEER AS THIS POSITION IS NOT GEARED TOWARDS AN ADMINISTRATOR***** Experience: -Significant experience Administering Active Directory, with very large, multi-domained networks. -Significant experience Programming custom Maintenance/Migration/ Disaster Recovery Scripts and Tools for Active Directory. Core Skills: -VBScript (core language) -ADSI (Active Directory Services Interface, the primary API) -Automation of windows 2000 AD functions (user populations, group/ domain maintenance, bulk loading, DR) -Exchange (Scripting, troubleshooting, integration) -Knowledge of Meta directory structure and JNDI scripting -LDAP protocol (operations and syntax) (Non-proprietary protocol) Kerberos (Architecture, understanding) Please call me when you can to discuss this position in further details and email me a word copy of your resume at the earliest . Thanks Firdosh Bhathena Technical Recruiter ALTEK Information Technology, Inc. Main Number: 301-695-4440, Ext: 108 Cell Phone: 240-447-7742 Fax: 301-695-9390 Email: fbhathena@al-tekinc.com Website: http://al-tekinc.com "ALTEK is a WBENC Certified Women Owned Firm" Tag: Audit moved computer object? Tag: 125575
  - 7
    - Allow access to registry key Hello, Windows 2003 Active directory Windows XP Pro I want to allow the standard user group be able to have access to a certain key in the registry. Currently Im getting an error "Access to the registry key 'HKEY_LOCAL_MACHINE\Software......' When I change the user access to power user group i dont get this error. Thanks for you help in advaance. Tag: Audit moved computer object? Tag: 125573
  - 8
    - Query DHCP Lease Duration Information Hi, We want to query for the lease duration of a subnet scope on DHCP server remotely in our product. We don't have clue from where we can read this information in case DHCP server is present on windows 2003 platform. On windows 2000 server we read registry to find all the DHCP subnet information, but that information in not present in registry if DHCP server is on windows 2003 platform. Following things which we tried returned only half information. 1) DhcpGetSubnetInfo API returns only some information like subnet name, comment, and subnet mask. It doesn't give other information like IP range and Lease duration. 2) We tried using COM (DHCPObjs) object (present in Windows 2000 resource toolkit). But it doesn't give Lease duration. Is there any other way to find Lease Duration either through Registry, WMI, dhcp.mdb(DHCP database) or any other source? Any help would be appreciated. Thanks in advance. ~Somesh Tag: Audit moved computer object? Tag: 125572
  - 9
    - Query DHCP Lease Duration Information Hi, We want to query for the lease duration of a subnet scope on DHCP server remotely in our product. We don't have clue from where we can read this information in case DHCP server is present on windows 2003 platform. On windows 2000 server we read registry to find all the DHCP subnet information, but that information in not present in registry if DHCP server is on windows 2003 platform. Following things which we tried returned only half information. 1) DhcpGetSubnetInfo API returns only some information like subnet name, comment, and subnet mask. It doesn't give other information like IP range and Lease duration. 2) We tried using COM (DHCPObjs) object (present in Windows 2000 resource toolkit). But it doesn't give Lease duration. Is there any other way to find Lease Duration either through Registry, WMI, dhcp.mdb(DHCP database) or any other source? Any help would be appreciated. Thanks in advance. ~Somesh Tag: Audit moved computer object? Tag: 125571
  - 10
    - There must be an easy answer to this one.. How would i export all avilable attributes (be they populated or not) for a user object? I can view them by scrolling through an accounts properties in ADSI Edit, but i'd like to have them in a single list i can view and make notations on. Even better would be a link that lists all the attributes along with an explanation for each one. ..But i'm not greedy, i'll settle for only the list at this point. Thanks in advance. Tag: Audit moved computer object? Tag: 125563
  - 11
    - Error lsasvr 40690 Hi all, I have been having this error on one of our domain controler (cut and paste of the event at the end of the post). It's repeated every 1:30 to 2 hours and has been going on for 2 weeks. I have made an extensibe search both on microsoft website and google (web) and I couldn't find anything that apply to this error. I have also made a complete diagnostic of the server with dsdiag, netdiag, nltest and nothing comes out, all diagnostics indicate that the server is fonctionning correctly without any error. The IP configuration is correct, the account is not disabled or erase and at this point I can't figure out what is wrong or if I even need to be worriedÂ. One last thing, it as been a while since the server has been rebooted. I plan on doing it this afternoon and see if it makes a difference. Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 3/25/2008 Time: 1:20:41 PM User: N/A Computer: SHSJDC02 Description: The Security System detected an authentication error for the server ldap/shsjdc02.somewhere.intranet/somewhere.intranet@somewhere.intranet. The failure code from authentication protocol Kerberos was "The referenced account is currently disabled and may not be logged on to. (0xc0000072)". For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 72 00 00 c0 r..Ã? Tag: Audit moved computer object? Tag: 125561
  - 12
    - export a list of all users including the value of the "pager" field Hi everyone, I want to export a list of all users including the value of the "pager" field, so that I can edit it with Excel for example. Does anyone know how to? Ithink it can be done with an LDAP query? Many thanks, Remco. Tag: Audit moved computer object? Tag: 125560
  - 13
    - Adding Win2003 Server R2 to Non-SP Win2003 Server Domain Our sole DC is a W2003 Server without any service packs. The system partition is too small to allow me to SP this machine. I am planning on taking this machine down and replacing drives after I get this new machine up and running. OS on new machine is W2003 Server R2. The AD schema on the existing DC needs to be extended via ADPREP. Questions I have are can the AD Schema be extended regardless of the lack of SP's and does the server require a reboot after running ADPREP? Tag: Audit moved computer object? Tag: 125553
  - 14
    - Are there any known problems making an existing fileserver second Helllo, i'm want to make my existing fileserver (Windows Server 2003) to a second domain controller. The first domain controller is a Windows Server 2003 R2. Are there any known problems in making an fileserver to a domain controller? Something i should keep an eye on making the fileserver to another DC? -- Thanks & Regards btbadmin Tag: Audit moved computer object? Tag: 125551
  - 15
    - "Ghost" DC Still Showing Up I'm trying to eliminate AD replication problems we're having. After searching various forums I ran the LDIFDE utility and came back with the following results. My problem is that this server (ghostserver) does not exist anymore. The machine was demoted and removed from the domain several weeks ago. How can I delete this entry? Any help would great be appreciated. dn: CN=ghostserver\0ACNF:ea976bf3-fb37-4de8-b027-94ee547cfe52,OU=Domain Controllers,DC=child,DC=domain,DC=com changetype: add servicePrincipalName: exchangeAB/ghostserver.child.domain.com servicePrincipalName: exchangeAB/ghostserver servicePrincipalName: ldap/ghostserver.child.domain.com/child servicePrincipalName: ldap/ghostserver servicePrincipalName: ldap/ghostserver.child.domain.com servicePrincipalName: ldap/ghostserver.child.domain.com/child.domain.com servicePrincipalName: ldap/0b91889b-c4e5-4a69-a1e6-8cffd0949456._msdcs.domain.com servicePrincipalName: HOST/ghostserver.child.domain.com/child servicePrincipalName: HOST/ghostserver.child.domain.com/child.domain.com servicePrincipalName: GC/ghostserver.child.domain.com/domain.com servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/0b91889b-c4e5-4a69-a1e6-8cffd0949456/child .domain.comservicePrincipalName: NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/ghostserver.child.domain.comservicePrincipalName: HOST/ghostserverservicePrincipalName: HOST/ghostserver.child.domain.com Tag: Audit moved computer object? Tag: 125546
  - 16
    - How to rename domain.com to domain.local? Hi there, I recently posted about was it wrong to use company-name.com as our Forest/Domain and should company-name.local be used. The suggestions were to use .local where possible but as we already have .com I have decided to leave it as everyone said it is OK if not causing problems. I don't actually want to do this or have any plans to but does anyone know how I would go about changing .com to .local and the impacts of doing so including downtime or problems. Thanks. Tag: Audit moved computer object? Tag: 125532
  - 17
    - demote adc I want to demote my adc, when i try it using dcpromo it gives error like that the operation failed because: Active Directory could not transfer the remianing data in directory partition CN=schema, CN=Configuration, DC=netserv,DC=com to domain controller primaryserver.mydomain.com "The DSA operation is unable to proceed because of a DNS lookup failure" Do you hav any idea why it is caused by? Thanks Tag: Audit moved computer object? Tag: 125516
  - 18
    - AD DNS Zone question - Dynamic Updates I had someone ask me a question the other day that I wasn't totally sure the answer to. Let's say you have an active directory dns zone, either integrated or primary, and you have dynamic updates turned off. So I realize that no clients will be able to update or create host records in the zone. However, let's say you make domain controller changes, such as bringing up a new DC and making it a GC. Will the SRV records be updated within the zone for the domain controller(s)? Tag: Audit moved computer object? Tag: 125511
  - 19
    - Main differences between Enterprise CA and Standalone CA ? Hi, one people in my team has made a project with a standalone CA but we are thinking about installing an Enterprise CA as we are using Active Directory. We don't have any special needs actually but the advantage to have the Enterprise CA is the auto-enrollment so we would like to install it for the project and not anymore the standalone CA. My question is, what differences should we have to know about the installation of an Enterprise CA in place of a Standalone CA ? (or more exactly what default options should I have to change on the Enterprise CA to work as if I was using a Standalone CA?) For example, I am thinking about changing the default value of autoenrollment in the Enterprise CA ( Policy Modules/Properties/Set the certificate request status to pending). But is there anything else ? Thank you -- Pascal Tag: Audit moved computer object? Tag: 125505
  - 20
    - Event ID 8003 on domain controller Hello, every hour i receive eventid 8003 on our domain controller. The master browser has received a server announcement from the computer <NAME OF OUR ISA Server 2006> that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7545DFC-BA6C-4712-81. The master browser is stopping or an election is being forced. The hostname that is displayed in the error description is the hostname of our ISA Server 2006. How can i get rid of the error message? What is wrong here? Tag: Audit moved computer object? Tag: 125504
  - 21
    - Replication NTDS Settings I have added additional DC to my domain. And replication process accomplished well, at least i guess it is well. I can see users, i have checked dns it is updated. Both old and new dns services have all and same entries. 1. But I can not see NTDS Settings entries to replicate now process in Sites and Services for my new server. What may be problem? Is it important? And also i have not checked global catalog server for new server. Can it cause this problem? 2. I want to ask another question. can there be two server which is checked as global catalog server in a single domain? or what should i do for this situation? 3. For last question, can i test for transfer roles from old one to newer one at this question? thanks Tag: Audit moved computer object? Tag: 125500
  - 22
    - Active Directory login seems too fail, shares not corrensponding . Hello people, have abit of a problem, will try to explain below. (I am very new to this so go easy on me). We recently installed a new fiberoptic for WAN communication. In this process we changed our entire network subnet and ip scope. We have a different means of distributing ip-adresses to clients then we had before. Now, everything works fine up to the point when it comes to login in to server from a client. Login scripts, connections to shares - doesn't seem to register upon logon. Running from the server itself it looks fine, no problems there. If one tries to connect to a share from a client the message "networkpath could not be found .. " appears. I can ping the DC, works fine. Run nslookup (dns), works fine and such - but not get the shares to work / run login scripts from clients. Any ideas? I've basically given up on this because I really do not know what to look for or where to start. And it's really not in my job description either. Any help is appreciated. Best regards, T Tag: Audit moved computer object? Tag: 125499
  - 23
    - Certificate Installation Hi I have to install certificates through Group policy in the following authority Trusted Root Certification Authority: Intermediate Certification Authority: Under the Group policy I am able to successfully import certificates in Trusted Root Certification Authority but I could not find the container for Intermediate Certification Authority Can any one suggest me how to import certifcates in Intermediate Certification Authority and apply the same through Group policy?? Thanks in advance regards Tag: Audit moved computer object? Tag: 125498
  - 24
    - Empty Subject in outlook Can I prevent the userâ??s send any outlook mail to otherâ??s without subject by apply a group policy in AD .... Tag: Audit moved computer object? Tag: 125496
  - 25
    - DCDIAG error When I run a DCDIAG on mij W2k3 server I get the following output: Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\ZEUS Starting test: Connectivity The host b6b4dfa9-2dd1-47fd-8a80-24558752ee7f._msdcs.test.local could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (b6b4dfa9-2dd1-47fd-8a80-24558752ee7f._msdcs.test.local) couldn't be resolved, the server name (zeus.test.local) resolved to the IP address (10.31.1.160) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... ZEUS failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\ZEUS Skipping all tests, because server ZEUS is not responding to directory service requests Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : test Starting test: CrossRefValidation ......................... test passed test CrossRefValidation Starting test: CheckSDRefDom ......................... test passed test CheckSDRefDom Running enterprise tests on : test.local Starting test: Intersite ......................... test.local passed test Intersite Starting test: FsmoCheck ......................... test.local passed test FsmoCheck What can/must I do to correct this problem? Tag: Audit moved computer object? Tag: 125493
- Next
  - 1
    - Retrieve Users in AD from SQL server Procedure Is it possible to reteive a group of users(not all ) from AD using an SQL query? The users will be placed under folder structures like F1, F2 and i need to extract only those users in F1 and F2. Thnx Tag: Audit moved computer object? Tag: 125492
  - 2
    - NTDS KCC 1308 Seems like I have some issues with replication... I have an exisiting W2k domain and I have added a secondary DC running W2003 R2 to the domain. Here is the error message I'm receiving on the new secondary DC running Windows 2003. Source: NTDS KCC Category: Knowledge Consistency Event ID: 1308 The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed. Attempts: 20 Domain controller: CN=NTDS Settings,CN=name,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain name,DC=com Period of time (minutes): 129 The Connection object for this domain controller will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this domain controller resumes, the temporary connection will be removed. Any ideas? /Adde -- fantamejthisisgoodvarjedag Tag: Audit moved computer object? Tag: 125489
  - 3
    - Network Infrastructure Hi Guys, Hope Im in the right group. Im in a stage of fixing my network. This is my current setup. 1. I have an active directory server, which is mydomain.com, wherein also my DNS and DHCP is located. 2. My subnet is 255.255.255.0 This is my idea. 1. Have these servers: (Need suggestions on these) a. AD Server with DNS Server - is this a good practice? b. DHCP Server with ISA Server - is this a good practice? Other concern: I want my network to have access limitations. Here is a scenario. 1. In our network, only managers can use their laptop to access our network and internet. It can be wired or wireless. Unauthorized laptop should or must not access our network. But from the way the network was setup, they can access it through wire. I can filter the wireless using MAC Address filter from the routers. But if they connect through wire and know how to config TCP/IP they can easily access our network. Can this be avoided through ISA? Is there a way to filter MAC Address through Active Directory? Hope you can help me on this. Thanks in advance. Allan Tag: Audit moved computer object? Tag: 125487
  - 4
    - Logon as a service, batch job, and act as part of the operating system? Gurus, You know when you install a third-party application which need a domain-level service account to run, and you install the service and then during or after the installation when you tell the service who to log on as, a dialog box pops up and says "XXX service has been given the following rights: ..." I forgot what those rights were. Aren't they: Logon as a service Logon as a batch job Act as part of the operating system? -- Spin Tag: Audit moved computer object? Tag: 125483
  - 5
    - Parent - Child Domain Trust Relationship - Cannot modify trust Hello, I am not able to modify my trust relationship between a child and parent domain. AD Domains and Trusts setup a two-way Transitive trust - shortcut relationship. I do not want the parent domain trust the child, I do not want users in the child domain to have access to the parent (one-way trust), but the Remove button is grey out and I cann't add a trust because one already exits. There appears to be no option to modify the settings. Second, I attempted three times to create this child domain using Microsoft Docs, it never worked. It doesn't create the child domain zone file, Even though the DNS test during the Child's dcpromo tested good. http://technet2.microsoft.com/windowsserver/en/library/e3f241b5-82a0-4c24-a56a-bfc00ce1b5c21033.mspx?mfr=true After the child domain was created, replication failed due to DNS failure. I ended up manually configuring DNS an setup the Child with DNS delegation. I assume this the only way it will work? I don't know if the problems are related to modifing my trust relationship now. My DNS and DS error event logs went away. http://support.microsoft.com/kb/255248 Thank you for your help. Don Tag: Audit moved computer object? Tag: 125482
  - 6
    - .adm file Can anyone explain how to create a .adm file? I tried to follow text on: http://download.microsoft.com/download/1/7/2/1725520f-1228-4dff-9c5d-594042475844/regpolicy.doc but it does not make sense. Ehat I have tried so far is to copy and paste from: http://support.microsoft.com/kb/555324 and save it as .adm. But it does import in Group Policy Editor. Tag: Audit moved computer object? Tag: 125476
  - 7
    - AD/LDAP without the DC? Is it possible to have a live replica of an AD domain without serving as a domain controller? For various reasons (mostly management concerns) we would like to dedicate a server for LDAP queries, but not have the system availble for authentication. We thought about using a DC in a seperate site, but with replication taking 15 minutes between sites (we're still in a Win2K functional level), mgt really didn't like that option. Thanks in advance. Tag: Audit moved computer object? Tag: 125474
  - 8
    - Lose Authentication Hey, A small problem I've been having lately is that users who are logged on to the domain seem to lose their authentication randomly. They'll suddenly be asked for their password when viewing their e-mail (exchange setup), they can no longer access network drives, and need to reboot 3 times or so until they can even log back into windows after logging out. We have a very simple setup, 2 AD servers with about 20 client machines. I don't beleive is a replication issue or anything like that, but I'm not sure where to even start checking for this issue. Does anybody have any ideas? The server is running Windows 2k3 and the client machines are running Windows XP SP2 (both have the latest updates/hot fixes). Any guidance on where to start trouble shooting would be really appreciated! -Prateek Tag: Audit moved computer object? Tag: 125462
  - 9
    - Is it possible to add the Domain "Administrators" group to a local Is it possible to add the Domain "Administrators" group to a local adminstratos group on a server? If not, what is the best we to create a group that we can add to local administrators groups on our servers for users who are in a trusted domain? Tag: Audit moved computer object? Tag: 125461
  - 10
    - Rename DC Hi, The Windows 2003 MCSE Self Paced Training Kit says in order to rename a domain controller you have to use NETDOM.EXE (p.4-19). Is this necessary or can I just rename the DC and reboot? When it comes back up and starts the netlogon service won't it just re-register its SRV records in DNS/AD? Thanks. Riley Tag: Audit moved computer object? Tag: 125460
  - 11
    - Disaster I redirected My Doc and Desktop folders of my users on my server but faced problems and then i redirected them back to the local user profile but now there is no option in their computers to change the path of My Documents to another drive. "Grant the user Exclusive Rights" option is still selected. Can anybody tell me what is the proper way to revert all the settings? Thanks! Tag: Audit moved computer object? Tag: 125447
  - 12
    - Domain Controller backup This is a multi-part message in MIME format. ------=_NextPart_000_02C0_01C88DBC.1CF44E00 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: quoted-printable Hi All I know this may not be practical but I hope someone can advise on my = issue. What has to be backed up from a DC if the domain only has a = single DC in order to recover in case of any failure to that only DC ? = Can a daily backup fully recover the AD at a restore point ? Thanks Johnny ------=_NextPart_000_02C0_01C88DBC.1CF44E00 Content-Type: text/html; charset="big5" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dbig5"> <META content=3D"MSHTML 6.00.6000.16609" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Hi All</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>I know this may not be practical but I = hope someone=20 can advise on my issue.  What has to be backed up from a DC if the = domain=20 only has a single DC in order to recover in case of any failure to that = only DC=20 ?  Can a daily backup fully recover the AD at a restore point=20 ?</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Thanks</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Johnny</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV></BODY></HTML> ------=_NextPart_000_02C0_01C88DBC.1CF44E00-- Tag: Audit moved computer object? Tag: 125443
  - 13
    - how to check if the drive mapping is persistent? Is there a way to find out if the current drive mapping is persistent or not by using net use or some other commands from the client workstation? Thanks Tag: Audit moved computer object? Tag: 125442
  - 14
    - HELP - Cannot run DCPROMO... I'm trying to add a secondary DC to my existing domain. The existing DC is running W2k Server with SP4 and all patches. The new server is running W2003 Server R2 Standard edition with SP2 and all patches. I have successfully run adprep /forestprep and adprep /domainprep on my W2K server but I still am getting an error message that the forest is NOT prepared!!! Error message: "The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Use the Adprep command-line tool to prepare both the forest and the domain. For more information about using the Adprep, see Active Directory Help. The version of the Active Directory schema of the source forest is not compatible with the version of the Active Directory on this computer." Any ideas what might be the issue here? Thanks, /Adde -- fantamejthisisgoodvarjedag Tag: Audit moved computer object? Tag: 125433
  - 15
    - Share folder issue in ad environment Two PCs:A & B A for DC running win2003 B for client running winxp I shared one folder on both pcs B can access A but A can not access B anyone can help me to solve this problem! Thank u in advance! Tag: Audit moved computer object? Tag: 125419
  - 16
    - Windows 2003 and Windows 2008 Domain Controller I have an existing single 2003 Domain Controller. I want to add an additional domain controller to replicate AD with the 2003 domain controller for fault tolerance. Can I have a 2003 domain controller and a 2008 domain controller(operating as a secondary) or do I have to upgrade the 2003 Domain Controller to Windows 2008 server, etc. ? Tag: Audit moved computer object? Tag: 125404
  - 17
    - "An operations error occurred" Hi, I'm having a problem querying active directory. It happens so far only on one computer under a particular user account. Things seem to work fine for that user on another computer, and if I logon to her computer the query works fine as well. here is the C# code I'm using to do the query: private static DirectoryEntry GetUserEntry( WindowsIdentity ident ) { string directoryServer; DirectorySearcher searcher; DirectoryEntry domainEntry, result; SearchResult results; string userName; result = null; using ( domainEntry = new DirectoryEntry( "LDAP://rootdse" ) ) { directoryServer = domainEntry.Invoke( "GET", "defaultNamingContext" ).ToString(); } if ( string.IsNullOrEmpty( directoryServer ) ) { throw new InvalidOperationException( Properties.Resources.CannotDetermineDirectoryServer ); } if ( directoryServer.StartsWith( @"\\" ) ) { directoryServer = directoryServer.Substring( 2 ); } using ( domainEntry = new DirectoryEntry( string.Format( "LDAP://{0}", directoryServer ) ) ) { userName = ident.Name; if ( userName.IndexOf( @"\" ) > -1 ) { userName = userName.Substring( userName.IndexOf( @"\" ) + 1 ); } using ( searcher = new DirectorySearcher( domainEntry, string.Format( "SAMAccountName={0}", userName ) ) ) { results = searcher.FindOne(); result = results.GetDirectoryEntry(); } } return result; } The initial part seems to succeed (querying for the rootdse), but finding the SAMAccount is failing for some reason. Any ideas? Here's the exception: System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindOne() at MyCompan.Application.UserInfo.GetUserEntry(WindowsIdentity ident) Tag: Audit moved computer object? Tag: 125373
  - 18
    - Lsass terminating unexpectedly I've been getting plagued with restarts on my domain controllers for the past 5-6 weeks. Specifically, the two events that are written to the logs are: First, Application Log: evt 1015; A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted. ...and about 5 seconds later, followed by... App Log : evt 1074; The process winlogon.exe has initiated the restart of [domain controller] for the following reason: No title for this reason could be found Reason: 0x50006 Shutdown Type: restart Comment: The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart. Has anyone seen this behavior lately (other than the infamous sasser outbreak of years past)? Or know what steps I can take to isolate the culprit? Tag: Audit moved computer object? Tag: 125370
  - 19
    - Add 2003 R2 64 to 2000 AD I am unable to add my new 2003 box as a secondary DC to the existing 2000 DC. I keep getting the message ADPREP should be run. I did run ADPREP on my 2000 DC, it ran with NO errors. I need some help any one have a suggestion? Thanks, Paul Tag: Audit moved computer object? Tag: 125362
  - 20
    - 2003 R2 server attempts to join 2003 domain Hi, Is there something I need to be aware of before I join 2003 R2 server to 2003 domain (DC is running 2003 with SP2 not 2003 R2)? Not sure if I need to modify schema on DC before 2003 R2 to join the domain or I just don't have additional features if I don't have to modify DC. I just want to make sure there is no compatibility issue for 2003 R2 server to join 2003 DC domain without changing anything. Any hints? Thanks Char Tag: Audit moved computer object? Tag: 125361
  - 21
    - 2008 RODC Is it possible to promote a W2K8 RODC to a full DC? Tag: Audit moved computer object? Tag: 125351
  - 22
    - What should forest/domain be called - questions on name usage Hi there. We've got an AD domain whch is named after our company name. So it is COMPANY-NAME.COM (I did not set this up). This is our forest and domain name that we use for users and computers. The NETBIOS name is COMPNAME. We host our own DNS but internal only. We own Company-name.com but the DNS is hosted elsewhere for that. My question is...what are the problems with calling your AD like this? What is best. Should it be Company-Name.local? We don't appear to have any problems at all. Is it security problems may occur or may we run in to trouble in the future? Should we be running at the forest level? Thanks Tag: Audit moved computer object? Tag: 125347
  - 23
    - High availibity I have a DC on windows 2003 server, and i want to add a new additional domain for high availibity. At Some forums I have read we should transfer roles from one to another. Can we do it by other way to make it HA, i mean when one dc fails, the other one takes all services manually or automatically. I need help about this subject urgently. Thanks you Tag: Audit moved computer object? Tag: 125337
  - 24
    - Remove Dc from active directory, after DC has crashed We are running Windows Server 2003, we have a domain controller (not the first DC, but it's a global catalog server) that is broken (cannot start anymore), i want to remove it from our Active Directory... I need some help, please... thanks Tag: Audit moved computer object? Tag: 125336
  - 25
    - admt error when i try to run active directory migration tool, it gives me an error like this Snap-in failed to initialize Name:<unkonwn> CLSID: {E1975d70-3f8e-11d3-99ee-00c04f39bd92} Do you have an idea about what the problem is? Thank you. Tag: Audit moved computer object? Tag: 125335

In terms of auditing, can I find out which user moved a computer object from
one container/OU to another?

Is this type of object auditing turned on if I have audit directory service
access turned on in the Default DC Policy or do I have to enable it
separately?

Is this logged on all DCs or do I have to search each DC individually for
the event ID? What event ID would it be?

Top