ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA.......

Tutorials Win: Microsoft Windows Forum

- Previous
  - 1
    - How to upgrade windows 2000 domain controller to windows 2008? We are running a simple domain controller on windows 2000 and have a second server that is windows 2000 (backup domain controller) that also runs our exchange server (very old version, 5.5). For us, this is a "once in five year" upgrade. We only do it because all of this technology is becoming end of life. I have been instructed to upgrade our domain controllers to windows 2008 and install the latest exchange server and upgrade that. So first things first, what I want to know is, what is the best path for this? We have about 100 exchange users (so 100 users in active directory). Do I: 1. upgrade the domain controllers to windows 2008, have the exchange server (running 5.5 and windows 2000) use this upgraded domain OR 2. install a fresh domain and fresh exchange server and manually add all the users OR 3. is there a middle ground somewhere here? my concerns: If I upgrade to a 2008 domain and I make a mistake and can not attach the windows2000/exchange5.5 server to the new domain, then I am in big trouble because our mail servers will then be dead. has the domain controller technology evolved that this can be an issue or will the windows2000 server work just fine if i upgrade the domain? What are the steps, i have googled for detailed instructions and can not find any. Does someone have detailed instructions on how I will do this? what happens to the servers that are pointing to the Windows 2000 DC, do they just continue to run and point to the new DC or do they need to be rebooted or reconfigured? We still have a lot of windows 2000 servers that are destined to be upgraded as well. Thanks Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130731
  - 2
    - I think I need URGENT HELP on trusting domains Scenario is: Local Win2k3 domain and WAN domain in different forest .Trusted I made a mistake instead of migrating I created users and machines from scratch on the WAN domain(Users should anyway be different from the local domain) I removed each machine from the local domain and joined to the wan domain. I can logon to the WAN domain and I may even use shared resources from local but when I logon I don't see the local domain as possibility as was at the beginning of the trust. What may happen (if the WAN link go down i.e ) TIA Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130724
  - 3
    - Hiding the domain name from new company We are due to merge with a another company, and due to us having a more complex AD structure we are bringing the new domain into our AD. We want to try and hide our domain.com from the end users of the new company and ours and show a newdom.com (its a bit sensitive as the CEO does not want the users to feel that they now all belong to old domain.com). I have created a new Domain suffix newdom.com so new and migrated users have this account, but on its own this is not enough. is there a way to alias the domain, i did hear about a dname in DNS, but cannot find an real info or if it will hide or alias my existing domain. There are other complications in the form of an extensive DFS namespace but i will post that in the relevant group, but i need something that will also alias the DFS. regards Phil Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130721
  - 4
    - effect of domain upgrade to certificate authority and RRAS one of our domains is due to be upgraded to w2k3: - the domain has two DCs both running windows 2000 SP4; - one member server(windows 2000 SP4) running RRAS and certificate authority, also used as VPN server. question - can this member server continue to operate as RRAS if a third w2k3 DC is added during the upgrade or should RRAS and certificate authority be upgraded as well to w2k3? Thanks in advance for your help Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130719
  - 5
    - Reporting Heirarchy I am trying to reproduce functionality that is available on our company's intranet web site: To traverse the reporting heirarchy. On our web site, a "manager" manages a single group at every level of the tree. (i.e.. each person has opne and only 1 manager. each mgr manages exactly one dept.). Has anyone seen .NET code for displaying the *reporting* heirachy using a treeview display? Perhaps the 1:1 rule above is not standard and thisis the reason I can't find code to do this. Usually codeproject.com has everything Anyone see anything like this? Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130715
  - 6
    - Key Management Servers Is it recommended to install Key Management Server [KMS] for activating Vista & Server 2008 on domain controllers? Typically, it's best to avoid piggy-backing any services on domain controllers, so I was just curious. Any help is appreciated. Tim Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130709
  - 7
    - domain controller can not be recognized as domain controller Hi all, The domain controller of root domain has been crashed. I do not know how long it has been down. Finally, I rebooted the server and came online. I tried to add the second domain controller but can not. then I tried to join the PC to this domain and can not which no domain controller found. I got these events in the direcory services: event id 1645 with source NTDS replication, event id 1126 with source global catalog,....I run dcdiag and fsmo failed check. Is there a way I can make this domain controller recognized by this domain without wiping out everything? (windows 2003 R2 SP2) Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130707
  - 8
    - Migrate ADAM instance to new domain and don't lose info I have an issue that seems a little tricky. We are having to migrate our severs to a new domain- and for this we are using NetIQ DMA tool with works great, However we also use Passlogix SSO application which stores users credentials in an ADAM instance. We are trying to make this migration appear invisible to the desktop user, and for this happen, the old adam instance would have to have all its DACLS update to allow access for the user id in the new domain (user id's are not changing only domain membership) and we think we need to get update the ADAM schema of that instance to remove the old domain and insert the new one. Is this even realisticaly possible? or just wishfull thinking? Thanks Patrick -- dragon3085 ------------------------------------------------------------------------ dragon3085's Profile: http://forums.techarena.in/member.php?userid=51476 View this thread: http://forums.techarena.in/showthread.php?t=985837 http://forums.techarena.in Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130700
  - 9
    - machine authentications vs user authentication - NEWBIE Hello, sorry if my English is bad spelled. I am learning all about Windows server 2003. I am new to this but I am OK at networking. I have set up a small network of 1 server 2003 (running AD, DNS and DHCP on the same box). I also have two XP clients. Everything seems to work OK but I am wondering why...?? I thought I would have to authenticate the XP machines first of all. However, I have found that I do not need to. When one of the clients tries to join the domain, I can type in any name as the system name and when the login box pops up, as long as I enter admin credentials the machine is welcomed to the network. Why? Why donlt I have to set up the machine under the active directory "computers" first? i.e why is not the machine itself authentiacted? I then log in as a user. This is all ok. However, when I first log in as the user, would the machine have been authentiacted first at boot up time? Or is this where dot1x comes in? Any user can log in from any machine right? Can this be ties down? So that user dave can only log in from machine A but nit machine B? I am a bit confused... Any wlakthough docs on this guys? Thanks, Steve Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130699
  - 10
    - Defragmenting Client PCs Windows 2003 server We want to set up disk defragmentation of our client machines from active directory for Windows 2003 server. Does microsoft have an add in to do this? I don't want to spend the money for diskeeper if Microsoft already had an adm or other way of doing this. Thanks. -- Valerie Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130698
  - 11
    - SYSVOL not replicating Hi there, I have a problem with my domain controllers. I have two, dep-s-dc(Win 2k3 Ent) and dep-s-004(Win 2k8 Ent) dep-s-dc was our main server when the company started out and as such hosted nearly everything, DNS, DHCP, Exchange, AD and DC Over time we have got bigger and bought more servers. I installed dep-s-004 as a domain secondary controller. recently we have had problems with dep-s-dc and it was looking bad so I moved the FSMO roles to dep-s-004 making this the primary. All roles were transfered without problems. I have now noticed however that new client when logging on take an age to populate the domain list. Also group policy has stopped working. When you click on a policy you get the following message "The network name cannot be found". You get this message on dep-s-dc and dep-s-004. There are also errors relating to NTfrs in the event logs on both machines. I have done a lot of research and can't seem to pinpoint the error. Replication does seem to be working. If I create an account on dep-s-004 and check dep-s-dc it appears. ping and nslookup are ok between the two servers. It just seems to be the sysvol and netlogon that are not being replicated. they are on dep-s-dc but not on dep-s-004 How can I solve this? Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130690
  - 12
    - AD Home Folder We were having problems with performance for some Citrix users. After removing the home folder settings on their AD account their performance improved drastically. Now I realize this may be a very basic question but I really can't seem to find anything about this. What exactly does the home folder setting do, and why would it impact user performance? Thanks in advance! Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130674
  - 13
    - Password Length I have changed the password length from Min 6 characters to 8 Characters.but somehow it id not working can set password for 6 characters..Can someone guide what needds to be checked and where to enforce this policy... Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130663
  - 14
    - Domain Controller Reinstall I have a domain controller which has Enterprise edition win2k3 installed..need to reinstall it wih win2k3 r2.It has Wins DHCP,DNS installed.Can anyone suggest a method wherin i can reinstall without impacting the enviroment or users..Step by step method is what is required .Help will be apprceiated in this... Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130662
  - 15
    - Property sheet not visible when using Find in ADUC Hello, I have made a property sheet extensions for ADUC, which shows some data from MIIS. Everything is fine and my property sheets are visible for Users and Groups when using browser in ADUC, but when I use Find from ADUC context menu and search for the same Users or Groups to see theirs properties, my property sheet is missing. This is how it looks using ADUC browser (MIIS tab is visible) http://img179.imageshack.us/img179/1627/usingbrowseree0.png This is how it looks using ADUC Find (MIIS tab is not visible) http://img340.imageshack.us/img340/3456/usingfindzu3.png Do you have any ideas? Regards Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130654
  - 16
    - Slow authetication and GPO processing for remote site that without DC Need some advise, we are running single forest single domain on our Active Directory. Recently we notice our workstation login take very long time in our site that do not have Domain controller. From our investigation, the workstation seems to randomly select any available DC for their login process including the GPO, these has become a problem when the workstation try to connect to a DC that is very far away. I am trying to look for solution on the net on how do I force particular site to use a dedicated remote DC, no luck in getting a solution, appreciate some one could shed some light here ... rgds, Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130648
  - 17
    - Change a field-label in the GUI "Active Directory users and comput I would like to change a field-label in the GUI "Active Directory users and computers". For example: Changing the label "Pager:" to "Short-dial No.:". In Exchange you can modify the adrress templates in the system manager. Is there something similar in AD? Thank you in advance for any help, Simmix -- stephan.simmen -at- martiag.ch Berne, Switzerland Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130646
  - 18
    - Active Directory Domain Services has detected and deleted some possibly corrupted indices as part of initialization Hello, I'm playing around with my first 2008 server setup. So far the only role I've added was AD. It is in a new domain (not a production environment) and is the sole server. It automatically installs DNS during the process. After the AD wizard ran it rebooted and I see this error along with a few others in the server manager under the ad role. The name of my local area domain is abc.lan Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Date: 6/12/2008 4:00:54 PM Event ID: 1463 Task Category: Internal Configuration Level: Warning Keywords: Classic User: ANONYMOUS LOGON Computer: ABC-6700.abc.lan Description: Active Directory Domain Services has detected and deleted some possibly corrupted indices as part of initialization. These deleted indices will be rebuilt. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" /> <EventID Qualifiers="32768">1463</EventID> <Version>0</Version> <Level>3</Level> <Task>7</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2008-06-12T23:00:54.603Z" /> <EventRecordID>48</EventRecordID> <Correlation /> <Execution ProcessID="696" ThreadID="6488" /> <Channel>Directory Service</Channel> <Computer>ABC-6700.abc.lan</Computer> <Security UserID="S-1-5-7" /> </System> <EventData> </EventData> </Event> Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130641
  - 19
    - The local domain controller could not connect with - 2008 Hello, I'm playing around with my first 2008 server setup. So far the only role I've added was AD. It is in a new domain (not a production environment) and is the sole server. It automatically installs DNS during the process. After the AD wizard ran it rebooted and I see this error along with a few others in the server manager under the ad role. The name of my local area domain is abc.lan The local domain controller could not connect with the following domain controller hosting the following directory partition to resolve distinguished names. Domain controller: Directory partition: abc.lan Additional Data Error value: 1355 The specified domain either does not exist or could not be contacted. Internal ID: 3200d50 Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130640
  - 20
    - how to revoke local administrators authority through AD Hi: I want to revoke local administrators authority from domain users. How can I do through AD group policy? Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130639
  - 21
    - AD users export I need to export the usernames of an AD server to put at a spreadsheet. IÂ´m having some dificulties at using the comand ldifde. How can I use this comand to export the whole list os user and groups to a file? Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130624
  - 22
    - 2003 Active Directory Services and 2008 Terminal Services I currently have a Server 2003 Active Directory domain environment. I would like to introduce Terminal Server 2008 into that environment. Are their any incompatibility issues I should be concenred about between TS2008 and AD2003? Do I have to upgrade my 2003 AD domain controllers in order to run TS2008? Any information you can provide is greatly appreciated. -- Paul D. Oneill, CISSP, MCSA Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130612
  - 23
    - No external time source for Windows Time Service We're a multi-domain environment with one root domain and several child domains. The root domain's DC that's also a PDCE operations master is the authoritative time server for the whole forest right? -What happens if you don't set up the external time source on the root domain's DC that's also a PDCE master? Does it just rely on itself then for the time or does it use MS's NTP by defalut? -If there are 2 DCs in the root domain, is it recommended to set up the external time source on both of them even though one of them is not a PDCE master in case the one with PDCE master goes down and seize the PDCE master role when this happens? Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130600
  - 24
    - Need script to list various groups and there users Hello, I was hoping to get a script that can scan AD for any groups that have "admin" the name, but then I also need it to list the members of the groups it finds. I was hoping t modify this script to do what I want: On Error Resume Next Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.CommandText = _ "SELECT Name FROM 'LDAP://DC=fabrikam,DC=com' WHERE objectCategory='group' " & _ "AND Name='*admin*'" Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF Wscript.Echo objRecordSet.Fields("Name").Value objRecordSet.MoveNext Loop Would it be very easy to add the user membership lookup to this script? If so, how and if not, then what is a good script that will? Thanks! Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130596
  - 25
    - EFS MS¹¤³ÌÊ¦£¬ÄúºÃ£¡ ÎÒÔÚÎ¢ÈíÍøÕ¾ÉÏ¿´µ½¹ØÓÚEFSµÄÃèÊö£ºµ±Ò»¸ö±»EFS¼ÓÃÜ¹ýµÄÎÄµµ£¬±»´«Êäµ½±¾µØ»òÕßÁíÒ»Ì¨Ã»ÓÐÊ¹ÓÃEFSµÄ·þÎñÆ÷ÉÏÊ±£¬Õâ¸öÎÄµµ½«±»×Ô¶¯½âÃÜ¡£ ÕâÊÇ²»ÊÇ¾ÍÊÇËµ£¬Èç¹ûÕâ¸öÎÄµµÀë¿ªÁËÔÀ´¼ÓÃÜµÄÎÄ¼þ¼Ðºó£¬¾Í²»ÔÙ±»±£»¤£¿ÄÇEFSÏµÍ³Ö÷ÒªÊÇÓÃÀ´×öÊ²Ã´µÄÄØ£¿ Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130591
- Next
  - 1
    - how to create a new AD tree or forest? win2k3 At home here I have a little network consisting of a winXPpro machine and another machine running win2k3 (evaluation). I've configured the win2k3 machine to be the domain controller in my AD. I'm doing this for the purpose of learning AD. Now I want to create another tree or another forest in my AD... when I run dcpromo on the win2k3 machine, the only option I got is to remove the AD... And all the info I've come a cross on the Internet says I should use dcpromo to create a new tree or forest.... I'm a bit confused here.... any suggestions? Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130582
  - 2
    - TO KNOW LATEST UPDATES OF MICROSOFT CLICK HERE TO DOWNLOADS LATEST UPDATES HERE http://polticsinfs.blogspot.com/ Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130576
  - 3
    - Prevent users from joining Computers to domain? I am planning to rework how our users join PC's to our domain for security/management purposes. I know that by default users can join up to 10 workstations to the domain without any special permissions required. I am guessing that as a first step I would need to use ADSI Edit on the PDC and change the "ms-DS-MachineAccountQuota" value to "0". This would then allow only the Account Operators group (and higher) to join PC's to the domain. Ultimately, we would like the process to be as follows: 1 - User requests to helpdesk to join a PC to the domain (user cannot join the PC to the domain on their own). 2 - Helpdesk creates the Computer object with specified name in AD and assigns domain join permissions to the specific user. ("the following user or group can join this computer to a domain"). 3 - User then joins the Computer with the same name to the domain. I would appreciate any feedback and/or sound advice on this. Thanks very much. Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130568
  - 4
    - specifying DC to use during a promo? I have an issue with a remote site where it complains about a schema update needed.. i'd like to force this machine when it promo's to use my FSMO dc as its original replication point. I understand theres an /adv switch with DCPROMO.. I ran it in my test environment but I didn't see a place where I could specify which DC to replicate from. I saw that I could pick either replication from a DC or from a file backup.. so I chose DC.. but was never able to specify.. anyone have any idea? Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130563
  - 5
    - GUI folders missing in \\sysvol\domain\policies Long short story. One domain - 1 DC 1 month ago created the 2nd DC -> 1 domain 2 DCs One of the DC become hw unstable (the 1st dc in the domain - old machine) and I had to demote it using /forcedemote switch. Cleaned up AD using ntdsutil. status: 1 domain - 1 DC 1 week ago promoted another DC -> 1 domain - 2 DCs Immediately after I found out that sysvol folder was missing. I've recreated the sysvol folder and subfolders using the D2 and D4 reg values. Yesterday after I checked the sysvol folder and I noticed that under \\sysvol\domain\policies there were no folders (GUI with brackets). I checked the advanced tab in AD\users and computers\system\default domain policy also nothing there but tones of event id :1030 source:usernv. "Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this." GPMC cannot find path in group policy objects for DC policy, domain policy and sp users logon deny. At this point I do have only a copy of the sysvol folder that was taken 1 month ago from the 1st DC that has been forcedemoted. The GUI folders all three of them are there. They seem to be intact. 1. Is there any possibility to restore those policies having those folders from backup? 2. If not what would be the consequences if I use dcgpofix? Thank you very much in advance. Andrei Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130560
  - 6
    - Mass update of sapUsername attribute Hi there, I have a list of users (not all) in one of my OUs that I need to updat by adding the attribute sapUsername with the value specific for them. e.g. sAMAccountName is Test.User1 then sapUsername is TUSER1 sAMAccountName is Test.User2 then sapUsername is TUSER2 However, i have over 300 users to update and doing this manually is no an ideal situation! Is their any way i can mass upload these? Thanks, Boul -- sin.e.boul ----------------------------------------------------------------------- sin.e.bouli's Profile: http://forums.techarena.in/member.php?userid=5142 View this thread: http://forums.techarena.in/showthread.php?t=98465 http://forums.techarena.i Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130559
  - 7
    - clean up old DHCP server entries we replaced some old DHCP servers. But when trying to add new DHCP servers into AD console we still can see those old DHCP server names onthe "authorized DHCP server" list. How to remove them from AD? Also, is there a way to remove it automatically when shutdown a DHCP server? Thanks. Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130550
  - 8
    - GPO to Disable a Computer at a Future Date Is there any way via a GPO to disable a computer on a specified future date? We have students that are issued laptops and if they do not return the laptop we are looking for a way to disable the machine on a given future date. Any thoughts/help would be much appreciated. Thanks. Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130544
  - 9
    - Forcing replication after tombstone cleanup Hi all, Does anyone have any experience of getting site replication working again once two DC's have exceeded their tombstone life? I have inherited a network where the replication was a real mess and several servers were not replicating properly. I have set this all up now and got everything working except for one site as it had been disconnected so long it had exceeded it's tombstone life and so would not replicate. All servers are running 2003. I have run repadmin /removelingeringobjects to sync the two AD's again and have got replication working one way, ie, from HQ to Site1 however I can't get it to replicate the other way. I get; "The following error occurred during the attempt to synchronize naming content siteaddress.co.uk from domain controller SITE1 to domain controller HQ: The naming context is in the process of being removed or is not replicated from the specified server." Also if I run repadmin /showreps I get: "Source: Site\Server ******* 1 CONSECUTIVE FAILURES since 2008-06-11 15:18:02 Last error: 8614 (0x21a6): Can't retrieve message string 8614 (0x21a6), error 1815." Error 8614 appears to be linked to the tombstone life so even though I have run repadmin /removelingeringobjects it still will not play ball. I tried the registry key HKLM\System\CurrentControlSet\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner, but that didn't allow it to work either. Anyone got any idea how I force replication in this case? I am happy there are no lingering objects remaining so I don't believe there should be an issue with these replicating again if only I could get it to happen. Many thanks Dave Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130542
  - 10
    - link down to trusted DC causes netlogon failure? scenario: two domains, production and corporate, linked via a tree-root trust. Production has two sites, one DC each, linked via a VPN. Production and corporate also linked via VPN. The tree-root trust allows the convenience of managing production servers from the corporate network without entering a separate set of credentials, but none of the non-management functions in production require credentials from coporate. In other words, production should continue to work completely, evn if corporate totally disappeared. Production is primarily housed in a datacenter which has been having some power issues of late, as in there are UPS and generator issues which have caused all our servers to power off. During these events, the co-lo's upstream network equipment isn't fully back online until after our servers are back up. The production DC, which is the only one in this site, comes back up before it can see either the DC in the second production site, or the corporate site. This DC owns all the FSMO roles. The problem we're having is that, on startup, the netologon process appears to start, but fails to service any logon requests. It logs the following in the system event log with ID 5719 and source NETLOGON: "This computer was not able to set up a secure session with a domain controller in the domain CORPORATE due to the following: There are currently no logon servers available to service the logon request." That much is true, but the DC fails to process any authentication requests for either its own services, or any other service accounts in the production domain. LsaSrv throws a good many SPNEGO/40960 errors for the succeeding ten minutes. Then netlogon seems to recover and authentication works. Of course, by this point, all the services on the non-DC servers have tried and failed to start, meaning we have to touch 20+ servers to manually bring them online. Is this normal behavior for a tree-root trust? Should the DC be more resilient than this, and at least authenticate its own domain's accounts? If this is the normal behavior, can it be altered though anything other than breaking the trust? Is having a corporate DC in the production network required? Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130540
  - 11
    - Home directory - Windows\system folders appear? Hi, When I create a home folder for a user, Windows and System folders (empty) are created within it. Is this expected behaviour? Can it be prevented or is it required? Thanks -- Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130535
  - 12
    - Computer Attribute? Is there a way to find out who joined a computer to the domain? Thank you in advance. Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130527
  - 13
    - docs on AD authentication process Any suggestions on docs that have clear and detailed explanations on how a member in the process from power on to sucdcessfully log into AD, and roles played by DNS (SRV), Netlogon, GC, Site, DC, etc? Thanks! Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130520
  - 14
    - Windows 2008: Can't create new GPOs Hello NG, in my Windows 2008 domain (2008 native mode) I'm not able to create any new GPOs using the GPMC. I receive the error message "data present in the reparse point buffer is invalid". I already checked the reparse points like described on http://forums.technet.microsoft.com/cs-CZ/winserverGP/thread/191f7695-5af9-49af-9b3c-4bf90c4ecbcd/ Everything is correct. The creation of GPOs doesn't work neither on the DC locally nor on any other server. All FSMOs are working well. Has anyone an idea to solve that? Regards Marc Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130515
  - 15
    - Domain Group backup Operators Hello, just a small question, because I did not find the answer on the net: Is the built-in Domain group "backup-Operators" by default added to the local "backup-operators" group on every server on the domain or do I have to manually create a group an add it via GPO to the "backup- operators"-group on every server? Thanx in advance PR Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130510
  - 16
    - problem with child domain hello i have a win2003SP2-- DC to manage my domain "mycompany.com" in which i have created my users and joined some clients PC Users can regularly logon to that domain from clients Pc Now i have created a child Domain on a new server win2003SP2 named "test.mycompany.com" and i have noticed that users at "mycompany.com" domain can't logon now to that doman from the same clients PC if i disconnect a client Pc from "mycompany.com" and join it to "test.mycompany.com" users can regularly logon to "mycompany.com" anyone knows why? i am forgotting something? thank you Mmc Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130505
  - 17
    - NTDS event id 509 For the past week I am getting a " NTDS (412) NTDSA: A request to read from the file "C:\WINDOWS\NTDS\ntds.dit" at offset 24190976 (0x0000000001712000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (94 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 58919 seconds ago. " and some of the same error for other files in that directory from a windows sbs 2003 sp2 server. Users also get disconnected from the server ( offline files/folders ) and after one minute or so everything is back to normal. The disk drives are consisted from a Raid-5 with and Intel SRCS16 and there are no errors whatsoever in the event logs of the controller.... Could it be that the files are corrupted and just need a defrag? Or should I look for a hardware problem more? Thanks in advance Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130500
  - 18
    - Can I use ADAM in this scenario Hi, I have one service running on 2003 server. This service talks wit AD and gets the members of some groups from whole forest. This servic gets user attributes also of those members from AD. I want to exten User schema to add this service specific attributes to User objects Whenever there is any change in any user attributes then I need to ge those users list from AD. Now here the extend user schema is the problem as not al administrators allow to touch user schema. So I thought may be I ca ADAM to extend schema and then use the same ADSI calls which I am usin in this service to query users, groups, and their attributes throug ADAM. Please let me know if this is possible? Is ADAM is good choice? If yes, then I have one more question. Right now I am using Active Directory Users and computers snapin. O user properties I have added my custom tab where I allow users to se extended attributes of users. If I use ADAM then can I talk with m ADAM instance from ADUC domain and get the extended attributes of tha user from ADAM and display here in ADUC. And once user sets th attributes, can I set it back to the instance of ADAM? Please help, as depending on your answer I can decide the developmen directio -- asawar ----------------------------------------------------------------------- asawari's Profile: http://forums.techarena.in/member.php?userid=5138 View this thread: http://forums.techarena.in/showthread.php?t=98428 http://forums.techarena.i Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130499
  - 19
    - Folder redirection & offline files Hello I have a single win2003 domain with 2 DCs and 20 winxp clients. Until now clients use DCs just for authentication and some mappings via batch scripts. I want to utilise folder redirection (my documents and desktop only) for the clients so their files will be stored on a single location. My question is: 1. The clients have already files in their my documents folder and some on their desktop.If i activate folder redirection they will be transferred on the server or will remain locally and just the new ones will be redirected there. 2.If for some reason there is a hard disk failure on the server they will lost all these files? Is it better to activate offline files to these folders so they will be kept locally and on the server also? thank you Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130497
  - 20
    - Urgent help needed!! Hi, I have a fully functioning W2K3 domain at our head quarters. Due to a buyout I was asked to build a DC and bring it to the new company. I built the DC at our HQ with our IP scheme and everything was fine. After a week I disconnected the DC and brought it to the new site along with two other member servers. Once we got it to the new company I re-IP'ed the box and updated the DNS server with the new settings My issue is that the DC cannot add new boxes to the domain and Term services to the other member servers doesn't work. The error when adding boxes to the domain says the "server is not capable of this function" or something like that. When I try to term service to the DC it wokrs but the other boxes give me an "RPC server is unavailable error". At this point I'm stumped. There is no connection from our HQ to the new company so I decided to seize all the FSMO roles but that didn't help. Any help is greatly appreciated!! Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130496
  - 21
    - Server 2003 SP 1 adm in a 2003 domain We have a 2003 domain that was upgraded from 2000. Both DC's currently have 2003 SE installed, with no service packs. We have a few 2003 servers with sp1 or sp2 installed that we'd like to administer via group policy and take full advantage of the 2003 sp1 adm file that is available. Is it safe to add the adm template and create a policy or will the DC's have to be upgraded to SP1 first? If the latter is true are there any caveats that I should be aware of prior to upgrading the DC's? Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130490
  - 22
    - extensionAttribute1 field limit Can any one tell me the max character limit on the extensionAttribute1 AD attribute? I found an MSDN article listing various info about AD attributes, but this one was not included. Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130486
  - 23
    - Screen Saver with GP Prefs Having installed Group Policy preferences client-side extension on xp Clients, I added a Vista client for necessary configuration to the domain. Rather than using Policy, the ScreenSaver is being configured through Preferences to afford the user certain priviledges. The idea actually is for user to be able to remove PWD protection when needed, but this setting should be reenabled by default when the user logon again. The problem is I do not see the settings in preferences being applied at all. Is there any additional configuration needed? Thanks topokin Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130471
  - 24
    - Find AD UserName by email address? Is it possible to query AD with an Email address (either primary or alias) and find out what account it is linked to? I have done this the other way many times IE provide Username and retreive all the emails associated with the account. I just have a few emails and I cannot find the correct AD account. Thanks in Advance, ~ck Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130466
  - 25
    - Active Direcory and Domain name Hi All, We have Active Directory Domain Name is mycompany.gr (wrong decision) and also we have a site hosted externally as www.mycompany.gr and finally pop3 to get email from the provider www.mycompany.gr Because mycompany.gr is Act Dir Domain name and web site is not possible to get emails Is there any solution ? Thanks Tag: ALL LATEST DOWNLOAD AND UPDATE OF WINDOWS VISTA....... Tag: 130454

FREE DOWNLOADS FOR VISTA SUPPORTING SOFTWARES
ONLY ON
http://polticsinfs.blogspot.com/

Top