Password policy

Tutorials Win: Microsoft Windows Forum

- Previous
 - 1
 - Automate home directory for a new user All, How can I automate the creation of a users home directory, when the user is created in AD? I am not wanting to use the my documents folder redirection, but rather still with standard drive mappings. Thanks! Tag: Password policy Tag: 132077
 - 2
 - LDAP Bind Is it possible to remove anonymous bind in Active Directory? Tag: Password policy Tag: 132073
 - 3
 - LDAP Bind Can you disallow Anonymous Bind in AD? Tag: Password policy Tag: 132072
 - 4
 - idlist error I am thinking this is a possible account error. I have a user who gets the following error no matter what computer she logs onto on our domain : Cannot find/ idlist,:216:4800,//dc01/netlogon/ If other users log onto her computers they dont get this error but this error seems to follow the user. Any ideas ? Cant see anything obvious wrong with the account in AD. Thanks Tag: Password policy Tag: 132067
 - 5
 - Best method for moving 2003 sp2 Domain controller to new hardware. Hi, I need to move a domain controller to faster better hardware. The new hardware will have different drive controllers and most likely a different storage layout. What are best practices to ensure minimum disruption to the network? Max Tag: Password policy Tag: 132066
 - 6
 - Role based administration for password resets Hello, We have a Windows 2003 domain.We are in the process of implementing password policy on the domain. Currently we add helpdesk staff to server operators group for AD administration. Is there a role based administration model in Windows 2003 so that I can add some helpdesk staff to just reset password and not server operators? Thanks Tag: Password policy Tag: 132061
 - 7
 - Get localhost AD folder Hi, I would like to put a row in users loginscript todetermine which OU the localhost is located in. Any idea? Regards Magnus Tag: Password policy Tag: 132048
 - 8
 - Failure login to domain or losing domain membership Server information of each site Site A (Production) Server A1 (Application server - Window cluster) Server B1 (Database Server - Windows/MS SQL cluster) Server C1 (Database Server â?? Windows/MS SQL cluster) Server F0 (Existing Domain controller), F1 (New Domain controller) OS (Windows 2003 server enterprise R2/SP2) OS for Server A1, B1, and C1 are on external SAN volumes OS for Server F1 are on internal disks. Site B (DR â?? Disaster Recovery) Server A2 (Application Server â?? Windows cluster) Server B2 (Database Server â?? Windows/MS SQL cluster) Server C2 (Database Server â?? Windows/MS SQL cluster) Server F2 (Domain Controller â?? Fresh installation OS only) Server D (Fax Server) Server E (Citrix Server) OS (Windows 2003 Server enterprise R2/SP2) OS for Server A2, B2, and C2 are on external SAN volumes. The OS for these servers is replicated from OS of servers (A1, B1& C1). Hence the configuration of server (A2, B2 & C2) is exactly same as servers (A1, B1 & C1). OS for Server F2, D & E are on internal disks. Server F2 is configured with basic OS with the same IP address and Host name as of server F1. Setup & Configure Step (1st time) Site A Configure Server F1 at site A as additional domain controller along with existing domain controller. These domain controllers serves domain â??XYZ.comâ??. The server F1 holds all the FSMO roles except Infrastructure role. Configure Server A1,B1 and C1 server and join to domain â??XYZ.comâ?? Bring servers D & E to Site A(Production) from Site B(DR) Setup and configure servers D & E and join to domain â??XYZ.comâ?? at Site A After joining domainâ??XYZ.comâ?? for servers D & E, move back both servers to Site B(DR). Perform a full or system state backup at site A from existing AD server F1 using â??ntbackupâ?? and copy backup file(.bkf) from domain controller(F1) at site A to domain controller(F2) at site B. Site B Restore backup file (.bkf) on domain controller (F2) at site B. Now server F2 becomes new independent Active Directory server at site B. Replicate OS (using IBM SVC) of servers A1, B1, and C1 at Site A to servers A2, B2 and C2 at site B respectively. Bring up Server A2, B2, and C2 On boot, servers are able to login as domain member. Servers D & E (Fax & Citrix) which were joined at Site A and brought back to site B are now boot up at Site B. Servers D & E (Fax & Citrix) are also ble to login as domain members. Periodic restore (Perform DR restore & Testing â?? Daily or weekly) Note: At DR Site all servers D, E, F2, A2, B2 and C2 were already able to join and login as domain member when first time setup & configuration was done. But to keep the Active Directory server at site B up to date as Active Directory server at site A, we are backing up the Active Directory server (F1) at site A and restoring it on Active Directory server (F2) at site B periodically. Perform a full or system state backup at Site A from existing AD server F1 by using â??ntbackupâ?? and copy backup file(.bkf) from site A to site B. Perform restore on AD at site B using latest backup file. Boot up servers A2, B2, C2 and try to login as domain member, but login fails. Boot up servers D & E server, try to login as domain member, but login fails. It is not necessary that it will fail on second restore. Sometimes it work even if we restore Active Directory server several times in 3-4 days, but after 3-4 days or 1 week when we backup and restore only Active Directory, some of the servers (A2,B2,C2,D & E) are not able to login as domain members. But since OS of servers A2, B2 & C2 are on external SAN disks, we can replicate the OS of servers A1, B1 & C1 to servers A2, and B2 & C2. In this case these servers (A2, B2 & C2) are able to login as domain members. But OS for servers D & E is not on external disk and we can not replicate OS for these two servers. For example, the servers (A2, B2, C2, D & E) were able to login as domain member on 30th June with the backup file of Active Directory also of the same date. So for next few days (1st July and 2nd July) we performed backup of Active Directory server (F1) and restored it on Active Directory server (F2) at site B. We booted the member servers and the servers could join as domain members. But later after few days say 4 th July, we performed backup again of Active Directory (F1) at site A and restored it on Active Directory server(F2) at site B. This time we boot the member servers, but these servers could not login as domain members. So to check whether the newly restored AD server (F2) also requires the OS of servers at the same moment or close to some range of time, we replicated OS of only A2, B2 and C2 on 4th July and boot these servers. Then these serves were able to login as domain members. We have tested the above cycle several times and our observation is same every time. Question: Why servers (A2, B2, C2, D & E) are not able to login as domain members after 3-4days? Why servers A2, B2 & C2 after replicating OS are able to login as domain members? Any permanent solution? Tag: Password policy Tag: 132040
 - 9
 - "Memory Hierarchy Error" from "Microsoft WHEA Logger" after migrating Hello, since we reinstalled our domain Controller in Windows 2008, we have every few minutes a warning from the "Microsoft-Windows-WHEA-Logger", concerning a "Memory Hierarchy Error". The server is a HP DL380 with 4 gigs of RAM, 32 gigabyte SCSI-disk,... I already ran the Memory Diagnostics Tool included in Windows 2008, but it showed me no errors Here is the detail about the event, perhaps some idea what could be the cause: Error Source: Corrected Machine Check Error Type: Memory Hierarchy Error Processor ID Valid: Yes Processor ID: 0x6 Bank Number: 0 Transaction Type: Generic Processor Participation: N/A Request Type: Snoop Memory/Io: N/A Memory Hierarchy Level: Level 1 Timeout: N/A Event Xml: <Event xmlns=3D"http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name=3D"Microsoft-Windows-WHEA-Logger" Guid=3D"{c26c4f3c-3f66-4e99-8f8a-39405cfed220}" /> <EventID>19</EventID> <Version>0</Version> <Level>3</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime=3D"2008-07-08T04:45:38.589Z" /> <EventRecordID>3051</EventRecordID> <Correlation ActivityID=3D"{DBC18E92-DD0E-4B8F-9E77-39CE5828C6B7}" / > <Execution ProcessID=3D"1412" ThreadID=3D"3020" /> <Channel>System</Channel> <Computer> name </Computer> <Security UserID=3D"S-1-5-19" /> </System> <EventData> <Data Name=3D"ApicIdValid">1</Data> <Data Name=3D"ApicId">0x6</Data> <Data Name=3D"MCABank">0</Data> <Data Name=3D"MciStat">0xcc00001f20040189</Data> <Data Name=3D"MciAddr">0x1824100</Data> <Data Name=3D"MciMisc">0x1400002d012a0</Data> <Data Name=3D"ErrorType">9</Data> <Data Name=3D"TransactionType">2</Data> <Data Name=3D"Participation">256</Data> <Data Name=3D"RequestType">8</Data> <Data Name=3D"MemorIO">256</Data> <Data Name=3D"MemHierarchyLvl">1</Data> <Data Name=3D"Timeout">256</Data> <Data Name=3D"Length">1730</Data> <Data Name=3D"RawData">435045520102FFFFFFFF03000200000002000000C2060000242D040008= 0708140000000000000000000000000000000000000000000000000000000000000000BDC40= 7CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBB5739B183AE0C801= 00000000000000000000000000000000000000000000000058010000C000000001020000010= 00000ADCC7698B447DB4BB65E16F193C4F3DB00000000000000000000000000000000020000= 00000000000000000000000000000000000000000018020000920200000102000000000000D= 5560F3986CA494695C473A408AE583400000000000000000000000000000000020000000000= 000000000000000000000000000000000000AA040000180200000102000000000000E95412E= 7B9C14049AB76909703A4320F00000000000000000000000000000000020000000000000000= 000000000000000000000000000000FF01000000000000000001000C010000250F000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000006000000000000000000000000000000000000000= 000000000000000000000000000000000000000070100000000000006000000000000000B08= 020600440000FFFBEBBFB045828100000000000000000000000000000000000000000000000= 00000000000000000F50157A5EFE3DE43AC72249B573FAD2C03000000000000009F00622000= 000000004182010000000000000000000000000000000000000000000000000000000001000= 800800100000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000004572507400000000180200000001000000000000000000000000000000000000000000= 0002000000000000000100000000000000020000000600000000000000FF010000000000000= 00001000C010000250F00000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000600000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 0000000000000000000000000100000092030000010000000100000022A96776B5E0C801010= 00000000000000000000000000000890104201F0000CC0041820100000000A012D002004001= 000C00000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000</ Data> </EventData> </Event> Best regards paulreims Tag: Password policy Tag: 132034
 - 10
 - Problem with Microsoft WHEA Logger after migrating to 2008 Hello, since we reinstalled our domain Controller in Windows 2008, we have every few minutes a warning from the "Microsoft-Windows-WHEA-Logger", concerning a "Memory Hierarchy Error". The server is a HP DL380 with 4 gigs of RAM, 32 gigabyte SCSI-disk,... I already ran the Memory Diagnostics Tool included in Windows 2008, but it showed me no errors Here is the detail about the event, perhaps some idea what could be the cause: Error Source: Corrected Machine Check Error Type: Memory Hierarchy Error Processor ID Valid: Yes Processor ID: 0x6 Bank Number: 0 Transaction Type: Generic Processor Participation: N/A Request Type: Snoop Memory/Io: N/A Memory Hierarchy Level: Level 1 Timeout: N/A Event Xml: <Event xmlns=3D"http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name=3D"Microsoft-Windows-WHEA-Logger" Guid=3D"{c26c4f3c-3f66-4e99-8f8a-39405cfed220}" /> <EventID>19</EventID> <Version>0</Version> <Level>3</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime=3D"2008-07-08T04:45:38.589Z" /> <EventRecordID>3051</EventRecordID> <Correlation ActivityID=3D"{DBC18E92-DD0E-4B8F-9E77-39CE5828C6B7}" / > <Execution ProcessID=3D"1412" ThreadID=3D"3020" /> <Channel>System</Channel> <Computer> name </Computer> <Security UserID=3D"S-1-5-19" /> </System> <EventData> <Data Name=3D"ApicIdValid">1</Data> <Data Name=3D"ApicId">0x6</Data> <Data Name=3D"MCABank">0</Data> <Data Name=3D"MciStat">0xcc00001f20040189</Data> <Data Name=3D"MciAddr">0x1824100</Data> <Data Name=3D"MciMisc">0x1400002d012a0</Data> <Data Name=3D"ErrorType">9</Data> <Data Name=3D"TransactionType">2</Data> <Data Name=3D"Participation">256</Data> <Data Name=3D"RequestType">8</Data> <Data Name=3D"MemorIO">256</Data> <Data Name=3D"MemHierarchyLvl">1</Data> <Data Name=3D"Timeout">256</Data> <Data Name=3D"Length">1730</Data> <Data Name=3D"RawData">435045520102FFFFFFFF03000200000002000000C2060000242D040008= 0708140000000000000000000000000000000000000000000000000000000000000000BDC40= 7CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBB5739B183AE0C801= 00000000000000000000000000000000000000000000000058010000C000000001020000010= 00000ADCC7698B447DB4BB65E16F193C4F3DB00000000000000000000000000000000020000= 00000000000000000000000000000000000000000018020000920200000102000000000000D= 5560F3986CA494695C473A408AE583400000000000000000000000000000000020000000000= 000000000000000000000000000000000000AA040000180200000102000000000000E95412E= 7B9C14049AB76909703A4320F00000000000000000000000000000000020000000000000000= 000000000000000000000000000000FF01000000000000000001000C010000250F000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000006000000000000000000000000000000000000000= 000000000000000000000000000000000000000070100000000000006000000000000000B08= 020600440000FFFBEBBFB045828100000000000000000000000000000000000000000000000= 00000000000000000F50157A5EFE3DE43AC72249B573FAD2C03000000000000009F00622000= 000000004182010000000000000000000000000000000000000000000000000000000001000= 800800100000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000004572507400000000180200000001000000000000000000000000000000000000000000= 0002000000000000000100000000000000020000000600000000000000FF010000000000000= 00001000C010000250F00000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000600000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 0000000000000000000000000100000092030000010000000100000022A96776B5E0C801010= 00000000000000000000000000000890104201F0000CC0041820100000000A012D002004001= 000C00000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000</ Data> </EventData> </Event> Best regards paulreims Tag: Password policy Tag: 132033
 - 11
 - A HOT SHOCKING NEWS FROM MICROSOFT.... TODAY A BIG HOT NEWS FOR EVERYONE FOR MORE DETAILS ON http://polticsinfs.blogspot.com Tag: Password policy Tag: 132031
 - 12
 - Unique time requirement We have an AD 2003 domain which uses the domain hierachy time sync model. There is a developer who is using an application that generates transactions. Before this application hits production they need to confirm that it can log transactions for different times/dates (i dont know why.. they just do) So they have tried changing the system clock, but of course this causes all sorts of problems and they cant access the box. It will then re-sync its clock with a domain controller and the box is back to normal.. Is there some sort of software which can cater for this, ie it interfaces with the system clock and the operating system, so that it can have multiple times. ie the OS communcates with the domain with the correct time, but somehow this app can make available a second time for applications.. strange request.. and I can't see how it can be done but I thought id see if anyone here had come across a similar requirement. They cant do this testing in a workgroup as they need to interface with other apps/boxes on the domain using windows authentication.. any ideas? Tag: Password policy Tag: 132021
 - 13
 - renaming a home directory One of my users just got married and now I want to rename the account. My question is should I just rename the home directory or build another account and migrate to that account. My concern is how LDAP is affected by renaming a home directory . This is a Server 2008 domain Tag: Password policy Tag: 132017
 - 14
 - ADAM Partitions on Separate Servers Is it possible to create an ADAM instance where one or more partitions are on one server and a different partition is on a second server? Tag: Password policy Tag: 132015
 - 15
 - Disabling NETBIOS on windows 2008 server effects group policy I want to avoid NETBIOS traffic in my office ,for that I have disabled "TCP/IP NETBIOS helper" under services of my Windows 2008 std. domain controller.Suddenly, my group policies stopped working and giving me error" failed to open group policies, The network path was not found". If I enable NETBIOS service, group policy works fine. Can anyone suggest me a better way to stop NETBIOS traffic. Thanks Amit Arora amit1982@gmail.com Tag: Password policy Tag: 132008
 - 16
 - lsass.exe terminated - restart of computer I've got several Server 2003 Std SP2 systems running AD that reboot arbitrarily maybe once or twice a week. It seems to be getting more frequent now too. I get the same event IDs every single time in the System and Application event logs. I've run virus scans, used MBSA, ran the Malicious Software Removal Tool, and installed hotfix 927342. Yet, despite everything I've tried, searched endlessly on google for a solution, I cannot seem to figure this problem out. Here's some other info about my environment: * 8 total DCs * 6 sites * 3 GCs (all of the GCs are in the same site - central datacenter) - the other 5 DCs are have Universal group membership cacheing enabled * 2 Exchange Servers - backend cluster and frontend OWA Here's the events I'm seeing and it seems to be related to a problem with lsass.exe: Event Type: Error Event Source: LsaSrv Event Category: Security Package Manager Event ID: 5000 Date: 7/7/2008 Time: 10:10:43 AM User: N/A Computer: Description: The security package Negotiate generated an exception. The exception information is the data. Event Type: Information Event Source: USER32 Event Category: None Event ID: 1074 Date: 7/7/2008 Time: 10:11:31 AM User: NT AUTHORITY\SYSTEM Computer: Description: The process winlogon.exe has initiated the restart of computer on behalf of user for the following reason: No title for this reason could be found Reason Code: 0x50006 Shutdown Type: restart Comment: The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart. Event Type: Error Event Source: Winlogon Event Category: None Event ID: 1015 Date: 7/7/2008 Time: 10:11:25 AM User: N/A Computer: Description: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted. Event Type: Error Event Source: Application Error Event Category: (100) Event ID: 1000 Date: 7/7/2008 Time: 10:10:53 AM User: N/A Computer: Description: Faulting application lsass.exe, version 5.2.3790.0, faulting module ntdll.dll, version 5.2.3790.3959, fault address 0x0001950e. Has anyone else seen or experienced this problem? I'd appreciate your help. Tag: Password policy Tag: 132003
 - 17
 - DCPROMO RPC error I am trying to promote a domain controller on 2008 in a separate site to my domain. The only existing current DCs are in another site. The sites are connected by permanent VPN, and I know it's working because I can log on to the domain perfectly well (a bit slowly) from any computer at the remote site, as well as join the domain as a member server from the computer I am trying to promote. When running DCPROMO, it starts the process then stops with the error: ----- The operation failed because: Active Directory Domain Services could not create the NTDS Settings object for this Active Directory Domain Controller CN=NTDS Settings,CN=ES-SERVER2,CN=SERVERS,CN=ELEMENTARY,CN=SITES,CN=CONFIGURATION,DC=stghs,DC=net on the remote AD DC hs-server2.stghs.net. Ensure the provided network credentials have sufficient permissions. "The RPC Server is unavailable." ----- Any ideas? Thanks for your help. Aaron Stamboulieh - MCSA Tag: Password policy Tag: 131995
 - 18
 - PDC Failing and GP not updating I have a somewhat new additional DC in production however the FSMOCheck is failing for it's PDC and I get an error when trying to access the GP. I have included a DCDiag, I can not determine the cause for this. The DCs are connected across a high speed WAN. Any help is much appreciated, thanks in advance. Domain Controller Diagnosis Performing initial setup: * Connecting to directory service on server DRS-689-10. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 3 DC(s). Testing 3 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\DRS-343-10A Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... DRS-343-10A passed test Connectivity Testing server: Default-First-Site-Name\DRS-343-10B Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... DRS-343-10B passed test Connectivity Testing server: Default-First-Site-Name\DRS-689-10 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... DRS-689-10 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\DRS-343-10A Starting test: Replications * Replications Check * Replication Latency Check The replications latency check is not available on this DC. * Replication Site Latency Check ......................... DRS-343-10A passed test Replications Starting test: Topology * Configuration Topology Integrity Check * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Configuration,DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... DRS-343-10A passed test Topology Starting test: CutoffServers * Configuration Topology Aliveness Check * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Configuration,DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... DRS-343-10A passed test CutoffServers Starting test: NCSecDesc * Security Permissions Check for CN=Schema,CN=Configuration,DC=drs343,DC=drs (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=drs343,DC=drs (Configuration,Version 2) * Security Permissions Check for DC=drs343,DC=drs (Domain,Version 2) ......................... DRS-343-10A passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check ......................... DRS-343-10A passed test NetLogons Starting test: Advertising The DC DRS-343-10A is advertising itself as a DC and having a DS. The DC DRS-343-10A is advertising as an LDAP server The DC DRS-343-10A is advertising as having a writeable directory The DC DRS-343-10A is advertising as a Key Distribution Center The DC DRS-343-10A is advertising as a time server The DS DRS-343-10A is advertising as a GC. ......................... DRS-343-10A passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs Role Domain Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs Role PDC Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs Role Rid Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs Role Infrastructure Update Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs ......................... DRS-343-10A passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 3601 to 1073741823 * drs-343-10a.drs343.drs is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2601 to 3100 * rIDNextRID: 2438 * rIDPreviousAllocationPool is 2101 to 2600 ......................... DRS-343-10A passed test RidManager Starting test: MachineAccount * SPN found :LDAP/drs-343-10a.drs343.drs/drs343.drs * SPN found :LDAP/drs-343-10a.drs343.drs * SPN found :LDAP/DRS-343-10A * SPN found :LDAP/drs-343-10a.drs343.drs/DRS343 * SPN found :LDAP/a37e1493-32f0-407d-b97f-f42c82ec40ee._msdcs.drs343.drs * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a37e1493-32f0-407d-b97f-f42c82ec40ee/drs343.drs * SPN found :HOST/drs-343-10a.drs343.drs/drs343.drs * SPN found :HOST/drs-343-10a.drs343.drs * SPN found :HOST/DRS-343-10A * SPN found :HOST/drs-343-10a.drs343.drs/DRS343 * SPN found :GC/drs-343-10a.drs343.drs/drs343.drs ......................... DRS-343-10A passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... DRS-343-10A passed test Services Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... DRS-343-10A passed test OutboundSecureChannels Starting test: ObjectsReplicated DRS-343-10A is in domain DC=drs343,DC=drs Checking for CN=DRS-343-10A,OU=Domain Controllers,DC=drs343,DC=drs in domain DC=drs343,DC=drs on 3 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs in domain CN=Configuration,DC=drs343,DC=drs on 3 servers Object is up-to-date on all servers. ......................... DRS-343-10A passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... DRS-343-10A passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... DRS-343-10A passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... DRS-343-10A passed test kccevent Starting test: systemlog * The System Event log test Found no errors in System Event log in the last 60 minutes. ......................... DRS-343-10A passed test systemlog Starting test: VerifyReplicas ......................... DRS-343-10A passed test VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=DRS-343-10A,OU=Domain Controllers,DC=drs343,DC=drs and backlink on CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs are correct. The system object reference (frsComputerReferenceBL) CN=DRS-343-10A,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=drs343,DC=drs and backlink on CN=DRS-343-10A,OU=Domain Controllers,DC=drs343,DC=drs are correct. The system object reference (serverReferenceBL) CN=DRS-343-10A,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=drs343,DC=drs and backlink on CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs are correct. ......................... DRS-343-10A passed test VerifyReferences Starting test: VerifyEnterpriseReferences ......................... DRS-343-10A passed test VerifyEnterpriseReferences Testing server: Default-First-Site-Name\DRS-343-10B Starting test: Replications * Replications Check * Replication Latency Check The replications latency check is not available on this DC. * Replication Site Latency Check ......................... DRS-343-10B passed test Replications Starting test: Topology * Configuration Topology Integrity Check * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Configuration,DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... DRS-343-10B passed test Topology Starting test: CutoffServers * Configuration Topology Aliveness Check * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Configuration,DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... DRS-343-10B passed test CutoffServers Starting test: NCSecDesc * Security Permissions Check for CN=Schema,CN=Configuration,DC=drs343,DC=drs (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=drs343,DC=drs (Configuration,Version 2) * Security Permissions Check for DC=drs343,DC=drs (Domain,Version 2) ......................... DRS-343-10B passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check ......................... DRS-343-10B passed test NetLogons Starting test: Advertising The DC DRS-343-10B is advertising itself as a DC and having a DS. The DC DRS-343-10B is advertising as an LDAP server The DC DRS-343-10B is advertising as having a writeable directory The DC DRS-343-10B is advertising as a Key Distribution Center The DC DRS-343-10B is advertising as a time server The DS DRS-343-10B is advertising as a GC. ......................... DRS-343-10B passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs Role Domain Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs Role PDC Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs Role Rid Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs Role Infrastructure Update Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs ......................... DRS-343-10B passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 3601 to 1073741823 * drs-343-10a.drs343.drs is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 1601 to 2100 * rIDNextRID: 1611 * rIDPreviousAllocationPool is 1601 to 2100 ......................... DRS-343-10B passed test RidManager Starting test: MachineAccount * SPN found :LDAP/drs-343-10b.drs343.drs/drs343.drs * SPN found :LDAP/drs-343-10b.drs343.drs * SPN found :LDAP/DRS-343-10B * SPN found :LDAP/drs-343-10b.drs343.drs/DRS343 * SPN found :LDAP/9261c24e-6c89-427d-b152-78381398cde1._msdcs.drs343.drs * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/9261c24e-6c89-427d-b152-78381398cde1/drs343.drs * SPN found :HOST/drs-343-10b.drs343.drs/drs343.drs * SPN found :HOST/drs-343-10b.drs343.drs * SPN found :HOST/DRS-343-10B * SPN found :HOST/drs-343-10b.drs343.drs/DRS343 * SPN found :GC/drs-343-10b.drs343.drs/drs343.drs ......................... DRS-343-10B passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... DRS-343-10B passed test Services Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... DRS-343-10B passed test OutboundSecureChannels Starting test: ObjectsReplicated DRS-343-10B is in domain DC=drs343,DC=drs Checking for CN=DRS-343-10B,OU=Domain Controllers,DC=drs343,DC=drs in domain DC=drs343,DC=drs on 3 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=DRS-343-10B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs in domain CN=Configuration,DC=drs343,DC=drs on 3 servers Object is up-to-date on all servers. ......................... DRS-343-10B passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... DRS-343-10B passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... DRS-343-10B passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... DRS-343-10B passed test kccevent Starting test: systemlog * The System Event log test Found no errors in System Event log in the last 60 minutes. ......................... DRS-343-10B passed test systemlog Starting test: VerifyReplicas ......................... DRS-343-10B passed test VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=DRS-343-10B,OU=Domain Controllers,DC=drs343,DC=drs and backlink on CN=DRS-343-10B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs are correct. The system object reference (frsComputerReferenceBL) CN=DRS-343-10B,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=drs343,DC=drs and backlink on CN=DRS-343-10B,OU=Domain Controllers,DC=drs343,DC=drs are correct. The system object reference (serverReferenceBL) CN=DRS-343-10B,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=drs343,DC=drs and backlink on CN=NTDS Settings,CN=DRS-343-10B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs are correct. ......................... DRS-343-10B passed test VerifyReferences Starting test: VerifyEnterpriseReferences ......................... DRS-343-10B passed test VerifyEnterpriseReferences Testing server: Default-First-Site-Name\DRS-689-10 Starting test: Replications * Replications Check * Replication Latency Check CN=Schema,CN=Configuration,DC=drs343,DC=drs Latency information for 1 entries in the vector were ignored. 0 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 1 had no latency information (Win2K DC). CN=Configuration,DC=drs343,DC=drs Latency information for 1 entries in the vector were ignored. 0 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 1 had no latency information (Win2K DC). DC=drs343,DC=drs Latency information for 1 entries in the vector were ignored. 0 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 1 had no latency information (Win2K DC). * Replication Site Latency Check ......................... DRS-689-10 passed test Replications Starting test: Topology * Configuration Topology Integrity Check * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Configuration,DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... DRS-689-10 passed test Topology Starting test: CutoffServers * Configuration Topology Aliveness Check * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Configuration,DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=drs343,DC=drs. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... DRS-689-10 passed test CutoffServers Starting test: NCSecDesc * Security Permissions Check for CN=Schema,CN=Configuration,DC=drs343,DC=drs (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=drs343,DC=drs (Configuration,Version 2) * Security Permissions Check for DC=drs343,DC=drs (Domain,Version 2) ......................... DRS-689-10 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check ......................... DRS-689-10 passed test NetLogons Starting test: Advertising The DC DRS-689-10 is advertising itself as a DC and having a DS. The DC DRS-689-10 is advertising as an LDAP server The DC DRS-689-10 is advertising as having a writeable directory The DC DRS-689-10 is advertising as a Key Distribution Center The DC DRS-689-10 is advertising as a time server The DS DRS-689-10 is advertising as a GC. ......................... DRS-689-10 passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs Role Domain Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs Role PDC Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs Role Rid Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs Role Infrastructure Update Owner = CN=NTDS Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs ......................... DRS-689-10 passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 3601 to 1073741823 * drs-343-10a.drs343.drs is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 3101 to 3600 * rIDPreviousAllocationPool is 3101 to 3600 * rIDNextRID: 3107 ......................... DRS-689-10 passed test RidManager Starting test: MachineAccount * SPN found :LDAP/drs-689-10.drs343.drs/drs343.drs * SPN found :LDAP/drs-689-10.drs343.drs * SPN found :LDAP/DRS-689-10 * SPN found :LDAP/drs-689-10.drs343.drs/DRS343 * SPN found :LDAP/af71a11f-b6e5-4096-839f-d94bd27c1402._msdcs.drs343.drs * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/af71a11f-b6e5-4096-839f-d94bd27c1402/drs343.drs * SPN found :HOST/drs-689-10.drs343.drs/drs343.drs * SPN found :HOST/drs-689-10.drs343.drs * SPN found :HOST/DRS-689-10 * SPN found :HOST/drs-689-10.drs343.drs/DRS343 * SPN found :GC/drs-689-10.drs343.drs/drs343.drs ......................... DRS-689-10 passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... DRS-689-10 passed test Services Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... DRS-689-10 passed test OutboundSecureChannels Starting test: ObjectsReplicated DRS-689-10 is in domain DC=drs343,DC=drs Checking for CN=DRS-689-10,OU=Domain Controllers,DC=drs343,DC=drs in domain DC=drs343,DC=drs on 3 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=DRS-689-10,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs in domain CN=Configuration,DC=drs343,DC=drs on 3 servers Object is up-to-date on all servers. ......................... DRS-689-10 passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... DRS-689-10 passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... DRS-689-10 passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... DRS-689-10 passed test kccevent Starting test: systemlog * The System Event log test Found no errors in System Event log in the last 60 minutes. ......................... DRS-689-10 passed test systemlog Starting test: VerifyReplicas ......................... DRS-689-10 passed test VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=DRS-689-10,OU=Domain Controllers,DC=drs343,DC=drs and backlink on CN=DRS-689-10,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs are correct. The system object reference (frsComputerReferenceBL) CN=DRS-689-10,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=drs343,DC=drs and backlink on CN=DRS-689-10,OU=Domain Controllers,DC=drs343,DC=drs are correct. The system object reference (serverReferenceBL) CN=DRS-689-10,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=drs343,DC=drs and backlink on CN=NTDS Settings,CN=DRS-689-10,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs are correct. ......................... DRS-689-10 passed test VerifyReferences Starting test: VerifyEnterpriseReferences ......................... DRS-689-10 passed test VerifyEnterpriseReferences Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : drs343 Starting test: CrossRefValidation ......................... drs343 passed test CrossRefValidation Starting test: CheckSDRefDom ......................... drs343 passed test CheckSDRefDom Running enterprise tests on : drs343.drs Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... drs343.drs passed test Intersite Starting test: FsmoCheck GC Name: \\drs-689-10.drs343.drs Locator Flags: 0xe00003fc Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355 A Primary Domain Controller could not be located. The server holding the PDC role is down. Time Server Name: \\drs-689-10.drs343.drs Locator Flags: 0xe00003fc Preferred Time Server Name: \\drs-689-10.drs343.drs Locator Flags: 0xe00003fc KDC Name: \\drs-689-10.drs343.drs Locator Flags: 0xe00003fc ......................... drs343.drs failed test FsmoCheck Tag: Password policy Tag: 131992
 - 19
 - Domain can not be found I'm having a time of things. Recently a domain controller, the first one in the domain, died. I was able to successfully remove the controller from active directory using the Microsoft knowledge base article, but now my domain can not be found. DCDIAG gives errors when run from the current domain controller. I've used the registerdns switch of ipconfig, restarted net logon, and ensured that the old server is not referenced anywhere in DNS. I've also ensured that all of my clients are using this server as the DNS server, but still, I can't find the domain. I can successfully ping the server and all other clients by name, I do not use NetBIOS and I do not use WINS, and I can use nslookup successfully. Plus, the SYSVOL and NETLOGON shares are completely gone. I need serious help. The results of a DCDIAG are below. The site name is HURRICANE, server name is CORUSCANT. Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Hurricane\CORUSCANT Starting test: Connectivity ......................... CORUSCANT passed test Connectivity Doing primary tests Testing server: Hurricane\CORUSCANT Starting test: Replications ......................... CORUSCANT passed test Replications Starting test: NCSecDesc ......................... CORUSCANT passed test NCSecDesc Starting test: NetLogons Unable to connect to the NETLOGON share! (\\CORUSCANT\netlogon) [CORUSCANT] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path.. ......................... CORUSCANT failed test NetLogons Starting test: Advertising ......................... CORUSCANT passed test Advertising Starting test: KnowsOfRoleHolders ......................... CORUSCANT passed test KnowsOfRoleHolders Starting test: RidManager ......................... CORUSCANT passed test RidManager Starting test: MachineAccount ......................... CORUSCANT passed test MachineAccount Starting test: Services ......................... CORUSCANT passed test Services Starting test: ObjectsReplicated ......................... CORUSCANT passed test ObjectsReplicated Starting test: frssysvol ......................... CORUSCANT passed test frssysvol Starting test: frsevent ......................... CORUSCANT passed test frsevent Starting test: kccevent ......................... CORUSCANT passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0x00000457 Time Generated: 07/07/2008 10:35:00 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 07/07/2008 10:35:01 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 07/07/2008 10:35:02 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 07/07/2008 10:35:03 (Event String could not be retrieved) ......................... CORUSCANT failed test systemlog Starting test: VerifyReferences ......................... CORUSCANT passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ccs Starting test: CrossRefValidation ......................... ccs passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ccs passed test CheckSDRefDom Running enterprise tests on : ccs.local Starting test: Intersite ......................... ccs.local passed test Intersite Starting test: FsmoCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 A Global Catalog Server could not be located - All GC's are down. Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355 A Good Time Server could not be located. Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 A KDC could not be located - All the KDCs are down. ......................... ccs.local failed test FsmoCheck Tag: Password policy Tag: 131988
 - 20
 - watch actress sexy photo from movie clips http://priyamaniforyou.blogspot.com/ watch actress sexy photo from movie clips http://priyamaniforyou.blogspot.com/ Tag: Password policy Tag: 131984
 - 21
 - Cached Credentials stop working all of a sudden Hello, we have a Domain built on a mixture of 2003- and 2000-based domain controllers. We have lots of people who are on the road regularly using notebooks. Some people only log on to the domain once every half a year. When they are on the road they log on using cached credentials. They do not have local admin permissions and we do not allow them to use a local user account (this has been dictated by company management). About once every 2 months we have a case where some laptop user all of a sudden cannot use his cached credentials anymore. The system shows a message, that the domain cannot be contacted and that's it. This hits different people on different laptops without any warning. It has actually happened to myself when I was on a one-week-vacation. If we connect the laptop to the network and have the person log on "properly" the problem goes away and cached credentials work. Some people have RAS permissions and we have been able to "solve" the problem by having them log on using RAS. We do not have a GP defining the use of cached credentials so the default of the last 10 logons is in place. We do not tamper with the cahced logons in the registry either. There is no password expiration policy in place. Does anybody have an idea? It's a real pain having to tell someone that he has to mail his notebook back to HQ half way around the world so that we can log him on. Any help or hint would be greatly appreciated! Thanks! HarryH Tag: Password policy Tag: 131981
 - 22
 - Task Scheduler keeps losing passwords Hello, I started having problems with scheduled tasks last weekend. For some reason the Task Scheduler keeps losing the used accounts passwords. The problem is with atleast two of the servers in the domain. The other is Windows 2000 and the other 2003. I don't know if someone has made any changes to GPO. But when I asked about it I got no replies. Any idea what could be causing this? Tag: Password policy Tag: 131978
 - 23
 - adam withou sp1 hi all, I need to know if i can download a msi to install ADAM without SP1. Our cx need to creat a replica between two servers and one of servers has ADAM without SP1 and the other one with SP1. Cx need to have both servers without SP1. What option is better? both with SP1 or Without? it's possible creat the replica with different versions? Thanks. Joan Tag: Password policy Tag: 131976
 - 24
 - Pre-Authentication Failure I have a new exchange 2007 server on 2008 and I am seeing these errors every minute on my 2003r2 DC. It says it's not a problem but every minute seems like a problem. Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 675 Date: 7/6/2008 Time: 10:16:06 PM User: NT AUTHORITY\SYSTEM Computer: FILESERVER Description: Pre-authentication failed: User Name: EXC$ User ID: DOMAIN\EXC$ Service Name: krbtgt/DOMAIN.LOCAL Pre-Authentication Type: 0x0 Failure Code: 0x19 Client Address: 10.1.1.1 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Tag: Password policy Tag: 131974
 - 25
 - Rado Sintra Ladies Watch R13618711, Best Luxury Watch - Rado Sintra Ladies Watch R13618711, Best Luxury Watch - www.luxury-gift.org Luxury Gift : http://www.luxury-gift.org Rado Watches : http://www.luxury-gift.org//rado-watches.html Rado Sintra Ladies Watch R13618711 Link : http://www.luxury-gift.org/Watches/rado-watch-2210.html Rado Sintra Ladies Watch R13618711 Information : Brand : Rado Watches Series : Rado Sintra Code : Rado-Sintra-Ladies-Watch-R13618711 Gender : Ladies Case Material : Black Ceramic and 18kt White Gold Dial Color : Black With 4 Diamonds Bracelet Strap : Black Ceramic and 18kt White Gold Movement : Quartz Clasp Type : Hidden Deployment Bezel : Diamond Crystal : Scratch Resistant Sapphire Case Back : Case Diameter : Case Thickness : Water Resistant : 30m/100ft Black ceramic and 18kt white gold case and bracelet. Black dial with 4 diamond hour markers. Diamond bezel. Scratch resistant sapphire crystal. Hidden deployment clasp. Case size 21mm x 18mm. Quartz movement. Water resistant at 30 meters (100 feet). <table width="100%" border="0"><tr valign="top"><td width="119" nowrap bgcolor="#EFEFF1">Brand</td><td width="641" bgcolor="#EFEFF1"> Rado</td></tr><tr valign="top"><td nowrap bgcolor="#EFEFF1">Series</td><td bgcolor="#EFEFF1"> Rado Sintra</td></tr><tr valign="top"><td nowrap bgcolor="#EFEFF1">Gender</ td><td bgcolor="#EFEFF1"> Ladies</td></tr><tr valign="top"><td nowrap bgcolor="#EFEFF1">Case Material </ td><td bgcolor="#EFEFF1"> Black Ceramic and 18kt White Gold</td></ tr><tr valign="top"><td nowrap bgcolor="#EFEFF1">Dial Color</ td><td bgcolor="#EFEFF1"> Black With 4 Diamonds</td></tr><tr valign="top"><td nowrap bgcolor="#EFEFF1">Bezel</ td><td bgcolor="#EFEFF1"> Diamond</td></tr><tr valign="top"><td nowrap bgcolor="#EFEFF1">Movement</td><td bgcolor="#EFEFF1"> Quartz</td></tr><tr valign="top"><td nowrap bgcolor="#EFEFF1">Clasp</td><td bgcolor="#EFEFF1"> Hidden Deployment</td></tr><tr valign="top"><td nowrap bgcolor="#EFEFF1">Bracelet</ td><td bgcolor="#EFEFF1"> Black Ceramic and 18kt White Gold</td></ tr><tr valign="top"><td nowrap bgcolor="#EFEFF1">Water Resistant</td><td bgcolor="#EFEFF1"> 30m/100ft</td></tr><tr valign="top"><td nowrap bgcolor="#EFEFF1">Crystal</ td><td bgcolor="#EFEFF1"> Scratch Resistant Sapphire</td></tr><tr valign="top"><td nowrap bgcolor="#EFEFF1">Warranty</ td><td bgcolor="#EFEFF1"> 2 Year Jomashop.com Warranty</td></tr></ tr></table> Rado watches are well-known for the highly scratch- resistant materials used in their watch collections. Instead of the easy-tarnished, conventional materials used in other luxury watch brands (such as steel and gold); Rado uses unique materials such as high-tech ceramics, hardmetal, platinum, diamonds, and lanthanum in their watches for superior longevity. Rado watches truly combines exquisite form with function, as the movement accuracy embedded within the watch internally complements its durable exterior. Jomashop.com is proud to offer an extensive line of discounted Rado watches: Rado Integral watches, Rado Ceramica watches, Rado Sintra watches, Rado Couple watches, Rado Ovation watches, Rado Anatom watches, Rado Cerix watches, and other Rado watch series are available Rado Sintra Ladies Watch R13618711 Link : http://www.luxury-gift.org/Watches/rado-watch-2210.html Tag: Password policy Tag: 131964
- Next
 - 1
 - LATEST SHOCKING HOT NEWS FROM MICROSOFT....... YES ITS REALLY HEART BREAKING NEWS FOR EVERYONE http://polticsinfs.blogspot.com/ Tag: Password policy Tag: 131954
 - 2
 - LATEST SHOCKING HOT NEWS FROM MICROSOFT....... YES ITS REALLY HEART BREAKING NEWS FOR EVERYONE http://polticsinfs.blogspot.com/ Tag: Password policy Tag: 131953
 - 3
 - Server 2003 sp3 error - Domain controller cannot be found ? Hello, We have two 2003 servers running, both DC's for the same domain, with active directory replicated between them for redundancy. Everything worked fine during initial testing, but after mistakenly setting up a trust between the two servers (its not needed, right?), I was unable to access any shares on the second server (not the Global Catalogue server), even from itself! When I try to access the shares, I receive an error : .... Access is denied or the domain controller cannot be located! I tried to remove the trusts, but I then get an error - : the directory is busy... I can ping server2.mydomain ok, and it seems as if active directory objects are still replicating to it, but I may be mistaken. I've tried creating new shares with liberal permissions but alas, same error! I was considering demoting the second machine, but it is running exchange and I am concerned that this may affect it. Help?!? Thanks Max Tag: Password policy Tag: 131948
 - 4
 - restricting access to queries and such Hello, I am looking to extend our AD into a larger environment. However, there are servers that will have local admins who I do not want to be able to perform any queries against AD to get information. For example, I don't want these local admins to be able to use a normal ldap viewer to scrape the whole directory for information they don't need. They still need to be able to bind to AD and what not and I may even want to give them administrative control over an OU or two. How can I achieve this in AD? Thanks! Tag: Password policy Tag: 131947
 - 5
 - watch priyamani glamors photo watch priyamani glamors photo from movie clips ***************************************** http://priyamaniforyou.blogspot.com/ ***************************************** Tag: Password policy Tag: 131944
 - 6
 - cheap prada chanel handbags, miumiu juicy chloe purse, dior dg fendi Discount Pro Bowl NFL jersey, NBA Jersey, NHL jersey, MLB jersey discount price. Suppliers NFL sports jersey, NFL basketball jersey, NFL football jersey, Reebok NFL jersey, 2008 New NFL jersey Prada LV Handbags, Chanel Miumiu Purse, Fendi Dior Wallet wholesale Discount Prada Handbags, Chanel Handbags, LV Handbags, (G U C C I)Handbags, D&G Handbags, Chloe Handbags, Hermes Handbags, Guess Handbags, Jimmy Choo Handbags, Bcbg Handbags. Supply Dior Wallet, Fendi Wallet, Coach Purse, Juicy Purse, Miumiu Purse For more products pls visit: http://groups.google.com/group/sci.electronics.design/browse_thread/thread/810c9501e1294f2d/7d29dbf8ba6d6efa?hl=en&lnk=st&q=edhardy+t-shirts#7d29dbf8ba6d6efa Tag: Password policy Tag: 131943
 - 7
 - Directory: Property | Security | Extended | Owner Hello, Shortly I have put 2 Windows2000 PCs in a domain. They seem to be set the same and they use the same application. By one of them all is working fine. By the other, when the application tries to save a file, it displays an error that it can't. Only logging on the PC locally allow this application correctly. At a first glance, I did not find a difference between both PCs. Looking more in detail, I found different owners (Property | Security | Extended | Owner) for the directory where this application wants to save the files. Perhaps it is something else, but before on other places I want to have both PCs with the same list. Does anyone know how I can change this list? Thanks, Hubert Retif Tag: Password policy Tag: 131940
 - 8
 - supply fendi versace dior armani prada lv sunglasses & sandals at Air Force 1 X Jordan 9 20 Fusion , Air Force 1 X Jordan 1 3 Fusion , Air Force 1 X Jordan 4 5 Fusion , Air Force 1 X Jordan 7 8 Fusion , Air Force 1 X Jordan 12 13 Fusion , Air Force 1 X Jordan 21 23 Fusion , Discount Coach Sandals, Dior Sandals, Prada Sandals, Chanel Sandals, Versace Sandals, Crocs Sandals, LV Sandals, ( G U C C I ) Sandals, UGG Sandals, Burberry Sandals, Women's Sandals Men's Slippers From China Discount, Prada Sunglasses, Discount, D&G Sunglasses, Discount, Fendi Sunglasses,Discount,Burberry Sunglasses Discount, Chanel Sunglasses Discount, LVSunglasses Discount, Dior Sunglasses Discount, (G U C C I ) Sunglasses Discount, ArmaniSunglasses Discount, Versace SunglassesDiscount, A&F Sunglasses Discount, LV Sunglasses For more products pls visit: http://groups.google.com/group/rec.music.opera/browse_thread/thread/30cd1ce52968c9fc/a9ff553f65becc4c?hl=en&lnk=st&q=discount+edhardy+t-shirts#a9ff553f65becc4c Tag: Password policy Tag: 131937
 - 9
 - Restricted group policies We have a restricted group policy at the domain level which basically defines the domain members of a local group (the local group members are these...) , which is the "lock down" type of restricted group policy as opposed to the one where you just say "this domain group should be a member of this local group". Anyway, using the type of domain-level restricted group policy we have, if we create an OU-level one where we say "this domain group should be a member of the local group populated above" will that work since the domain policy is processed before the OU policy? I guess that would be kinda tricking the domain-level policy. I'm assuming that each time the domain policy is re-processed, the user added in the OU policy will be removed then immediately re-added by the OU policy... thanks for your input! - JayDee Tag: Password policy Tag: 131936
 - 10
 - MS Access bulk update Active Directory I work for a university and I am trying to bulk update student accounts each qtr. Each qtr we delete all users import fresh. I created an Access Directory that pulls enrollment information from the main system at the university and I have a local table that has the following: STUDENTID FIRSTNAME LASTNAME USERNAME PASSWORD HOMEDIR PROFILEPATH TSPATH Ive read up and looked at some mass import programs such as ADDUSERS and CSVDE but the issue with ADDUSERS is it doesnt appear to allow for Terminal Server path. The problem with CSVDE is it doesnt allow me to set passwords. Correct me if I am wrong. Since I have this wrritten in VBA and Access I was hoping for a solution to keep in side of Access and loop through the records and update AD. Any thoughts? Tag: Password policy Tag: 131935
 - 11
 - Way for non-administrator to manage contacts in Global Address Lis I have created several distribution lists which are largely populated by contacts with external email addresses only. The contacts are in a separate OU to segregate them from normal users. The distribution lists are maintained through Outlook 2003 by a user who does not have rights to log on to the server. She is able to add/delete distribution list members with no problems. Is there a similar method to allow her to add/delete/modify the contacts themselves? I modified the OU to be "managed by" this user, and I also tried changing the group policy for the OU to delegate the container and child to the user. I can see all properties, but no changes are allowed. Delete does nothing, and add gets me an error " you cannot create entries in this address book". What I'm looking for is a safe way to let a user manage a very limited subset of active directory information. Any ideas would be greatly appreciated. Server: SBS 2003 with Exchange Server 2003. Fully up to date. Workstation: Windows XP SP2. Thanks, Amanda Tag: Password policy Tag: 131927
 - 12
 - windows 2008 - GPMC not there after upgrade from 2003 We have 5 DCs in our domain and upgraded the first DC to 2008. We do not see the GPMC.MSC. Do we have to upgrade all of them to get the GPMC from the 2008 DC ? It is not listed under administrative tools and can't do a search for it either. Thanks in advance. Tag: Password policy Tag: 131925
 - 13
 - Removing Deployed Printers GPO 2003 R2 I am using GPO to deploy printers for users in an OU - based on per user. I have logon script setup to use the printer connection .exe. The printers deploy fine, but when I move the users out of the OU the old connections remain. This occurs on Vista, XP, Windows 2003. I can manually delete them but i'm sure when I first tested this it removed the printers when the GPO no longer applied. I have check gpresult and the policy is definately no applying. Any ideas ? Tag: Password policy Tag: 131917
 - 14
 - Authenticating Web user and domain User with ADAM Hi all, I'm trying to build a web application to authenticate users. I've two scenarios A - Users are in ADAM OU (most of my users , about 65000) ex: CN=myUser,OU=41847,OU=Users,O=SistemiWeb B - Other user are only in my Active Directory (about 250 users) I would like to give all of them acces to my web apps with their user name and pwd. I've looked at ADAM and I'm thinking thad it could accomplish at my goal, but I'm a beginner whit membership, provider, etc, and I'm not able to find some clear example on the web. If anyone could give me a referral I'll be very grateful (sorry for my english...) Tag: Password policy Tag: 131911
 - 15
 - How to purge old computers in my AD ? In my Active Directory, i have much old computers in Active Directory and i don't know how can i be sure to delete a computer really no longer exists. Does someone has a solution ? An other question, what is the best solution to delete the old wins record ? Tag: Password policy Tag: 131908
 - 16
 - Site link configuration question.. Hi All, I would like to seek some opinions from AD experts regarding my scenario below: Scenario: --------- 1. Active Directory contains 8 domain controllers (all configured as GC), 4 located at UK data centre and 4 more located at Singpapore data centre. 2. There are around 20 sites created on AD which are located at Asia Pacific region and around 40 sites created on AD which are located at Europe & America region. 3. I want to ensure computers at sites located at Asia Pacific will authenticate to domain controllers at Singapore data centre and computers at sites located at Europe/America to authenticate to domain controllers at UK data centre. Current setup: -------------- 1. Site link between Singapore DC and UK DC is having a cost of 10. 2. A site link is configured to contain multiple sites from Asia Pacific to Singapore DC with a cost of 50. This is the same to Europe/America site link but it's configured to UK DC instead of Singapore one (with a cost of 50 as well). 3. The problem with this setup is users are authenticating to different domain controllers, sometime to Singapore then UK. My suggestion is to: -------------------- 1. Configure 2 site links for 1 site with different costing. Example: Site A is located at Asia Pacific, computers at Site A must authenticate to domain controllers at Singapore data centre so i will create a Site Link to Singapore DC site with cost of 40 and another Site Link to UK site with cost of 80. This would ensure the logon authentication will go to the correct domain controllers. 2. Site Link betwenn Singapore DC and UK DC will have a cost of 10. But i'm not sure whether is this solution practical because it'll create alot of Site Links on Active Directory. Anyone can give some suggestions? Thanks in advance. Tag: Password policy Tag: 131907
 - 17
 - Server 2003 thinks it's no longer a PDC or Server 2003 I have a small domain (1 server & a cpl of XP wkstns) with W2K3 Standard as the only server. For some reason, the server no longer thinks it's a DC, so when any domain functions are tried the response is "No DC found". This also comes up when AD Users & Computers is started. When I try to reinstall Adminpk, it replies that 'Admin Pack can only be installed on XP or on Server 2003'. If I try running adminpk from an XP wkstn, it says that the domain can't be found. What I'd like to do is add another server to the domain as a DC, and once AD is on that server, make that the PDC & rebuild the original, but the original not being recognized is preventing that. Any ideas ? Thanx, Joe Auerbach Tag: Password policy Tag: 131904
 - 18
 - Folder Re-direction issues I have a W2K3 R2 domain with XP SP 2/3 clients. I want to enable re-direction of the My Documents folder for my laptop users so I can get their docs on my server where they'll be backed up. I have enabled redirection of the My Documents folder using Group Policy and all is working fine. I also enabled the GP to synchronise off-line at log-off. BTW, I'm re-directing the My Docs to a DFS share so that it can be sync'ed with servers in our other locations. This is also working just fine. My problem is that the documentation that I've see says that off-line caching of a re-directed My Documents folder is enabled by default. However in the testing I've done, when I log off and disconnect the laptop with the redirected My Docs folder, log back on, and try to open the My Documents folder I get a message that the server hosting the My Documents folder is unavailable. Re-connecting it to the network makes the My Docs folder available so obviously there's no caching going on. Enabling the caching settings on the server share made no difference either. I really don't want to have to go around and manually enable off-line files on each laptop that I choose to re-direct. Any suggestions? Thanks for your help Don Tag: Password policy Tag: 131897
 - 19
 - Unix Attributes Tab in ADUC Hello all, Is there a way to get the Unix Attributes tab to show up in the ADUC of a domain computer that has ADUC? Right now we have to log into a DC in order to change these settings. Thank you Eric Tag: Password policy Tag: 131892
 - 20
 - Renaming domain Hello everyone. I made a mistake a couple of years ago when I setup a domain server for one of my clients (which I'll refer to as 'client' rather than their real name. I named the domain client.com rather than client.local as I should have. Pretty dumb, I realize now. Naturally, we've had some issues with conflicts with their website, which is hosted off-site. I made a DNS entry on the domain controller to cover for this a while back, but now it seems that I really need to rename the domain to something appropriate. I've read about using rendom and gpfixup, but there seems to be some disagreement as to how well this actually works. In any case, I'm hoping to get some guidance for the best solution. As I stated, the network has a single server which serves as the domain controller. It's running Server 2003 Standard Edition, not SBS. They do not use Exchange Server which, from what I've read, is a good thing because of this. They have somewhere between 15 and 20 clients, and they have a couple of major applications they run from the server. One of the big questions I haven't found an answer for is whether the workstations will need to be configured with a new profile if I rename the domain from client.com to client.local. Obviously, I'm hoping they keep the same profiles. Redoing those would be a nightmare. I'm also considering opening a MS phone support case. Hopefully they could walk us through the process. Any thoughts or suggestions? Thank you. Ramon Tag: Password policy Tag: 131888
 - 21
 - ktpass command with wrong password provided Hi, From some documents, I know ktpass.exe from windows 2003 support tools can map SPN to user. I use this command to generate a key file for SPNEGO purpose. In this command, an option "-pass" which is used to provide password for the user. However, I found even providing a wrong password, the command could still be executed without problem. The key file could be generated. I am curious, (1) what is this password used for??? (2) Suppose I provide a correct password to run with ktpass for an account, and the password of this account is changed, then will the keyfile needed to be generated? Any guideline or document are welcome and be appreciate. Thanks, Raymond Tag: Password policy Tag: 131885
 - 22
 - Can a group policy turn of XP firewall? Hi, I have deployed SP3 for XP on a number of test PC's, but I have noticed the firewall turns on after the install and reboot. I need all computers in the Domain to have their firewalls turned of, can I do this? Tag: Password policy Tag: 131883
 - 23
 - AD trust, DNS and DMZ Hello, In a DMZ environment, I enabled routing between my PDC emulator in the DMZ (Windows 2000 server) and my PDC emulator in the LAN (Windows 2003 server). Two different forests / domains. I also opened the needed protocols for a good communication with a one way trust relationship. On the Windows 2003 server side, I created my one way trust relationship and gave the DMZ credential so the trust is also automatically created on the DMZ side. Logging on the DMZ Domain controller, I can now access the trusted LAN directory and add users from the LAN. Now, my problem: in order to make this work on the other machines of the DMZ (like web servers), how does the authentication request works? Do I have to enable routing and firewall rules so they will be able to talk to the LAN DC? I was hoping the DMZ server will "proxy" the request and there will be no other configuration... but I sniffed packets from a DMZ server, and apparently, it is trying to reach servers in the LAN side directly after doing some DNS request. In other words, do the machines in the DMZ that require authentication from LAN users need routed access to LAN DCs? I think yes, but I would like to have a "no" answer and a "how to"... Thank you for any help. Tag: Password policy Tag: 131875
 - 24
 - AD Site Registration Morning All; It seems some of the computers I have in my OU "Company Computers" does not get a site according to AD. I run the following script; Set objADInfo = WScript.CreateObject("ADSystemInfo") strSite = objADInfo.SiteName strUserDN = objADInfo.UserName strComputerDN = objADInfo.ComputerName WScript.Echo strSite WScript.Echo strComputerDN WScript.Echo strUserDN Some of the systems recognize the SITE, but others do not and show nothing. ComputerDN and UserDN are fine. I guess the question is how does the AD know the site? Tag: Password policy Tag: 131871
 - 25
 - Windows 2003 AD Replication times for object changes I'm trying to nail down the priority and timing of the replication of object changes in our AD. I'd like to know how long it should take to replicate things like Group Membership changes, password changes, and other user object changes to other DCs in our domain. Our domain is Windows 2003 native and all our DCs are GCs. We make our user object changes from the domain PDC. Is there a white paper somewhere that spells out what the replication of these changes should be? -- Sandy Wood Orange County District Attorney Tag: Password policy Tag: 131866

We have Windows 2003 domain and we are in the process of implementing
password policy across the domain.

What will be the suggested/ recommended pathway to exclude administrator/
special purpose admin related accouts from this password policy?

Thanks

Top

Re: Password policy by Florian

Florian
Tue Jul 08 11:21:57 PDT 2008

Howdie!

TSAM schrieb:
> We have Windows 2003 domain and we are in the process of implementing
> password policy across the domain.
>
> What will be the suggested/ recommended pathway to exclude administrator/
> special purpose admin related accouts from this password policy?

Make sure you check the "Password does not expire" box in those account
properties. That'll do the trick.

cheers,

Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

Top

Re: Password policy by Meinolf

Meinolf
Tue Jul 08 12:41:20 PDT 2008

Hello TSAM,

On the account properties use "Password will never expire". That's the only
way you have, except you use some 3rd party tools.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> We have Windows 2003 domain and we are in the process of implementing
> password policy across the domain.
>
> What will be the suggested/ recommended pathway to exclude
> administrator/ special purpose admin related accouts from this
> password policy?
>
> Thanks
>

Top

Re: Password policy by Brandon

Brandon
Tue Jul 08 18:48:11 PDT 2008

TSAM wrote:
> We have Windows 2003 domain and we are in the process of implementing
> password policy across the domain.
>
> What will be the suggested/ recommended pathway to exclude administrator/
> special purpose admin related accouts from this password policy?
>
> Thanks

I don't have a system in front of me to check how to do it but I was
recently shown that it is possible to make group policies not apply to
certain groups even if they are located in an OU that is being affected
by a group policy. If the "password never expires" method is not
sufficient for you then you can try exempting people from the policy. I
believe it is a setting on the policy itself, not on the group.

Maybe someone else can vouch for this before you spend time on it.

Top

Re: Password policy by Jack

Jack
Wed Jul 09 07:20:47 PDT 2008

On Jul 8, 2:19 pm, TSAM <T...@discussions.microsoft.com> wrote:
> We have Windows 2003 domain and we are in the process of implementing
> password policy across the domain.
>
> What will be the suggested/ recommended pathway to exclude administrator/
> special purpose admin related accouts from this password policy?
>
> Thanks

Without the use of third-party tools, the only option that you have
would be to select "Password Does Not Expire" in the properties of
those specific users.

Regards,
Jack Doyle, Systems Engineer
ScriptLogic Corporation
http://www.scriptlogic.com

Top