Removal of a trust

Tutorials Win: Microsoft Windows Forum

- Previous
  - 1
    - domain logon for laptop users Hi, I posted this question on few forums before and didn't seem to find any solution. I am trying it one more time. My question is how laptop domain users normally logon to their laptops when they are not in their local network. I realized people can use cached credential if the machines are not attached to the network. This works fine if the laptop is not seeing any network connectivity. However, I found that the laptop can take up to 5 mins to logon to their desktop if the machine is connected to a different network other than the one with the DC reside. I know there are few work around, e.g. logon to it using a local user account or disable/disconnect any wire/wireless connection prior to the logon, but all these are not that seamless to the end users. Thanks, Any help would be appreciated. Tag: Removal of a trust Tag: 131056
  - 2
    - NT domain users missing username@domain entries We inherited an NT domain that had been upgraded directly to 2003. Users that have been added since the upgrade get the new username@domain fields populated under Users & Computers; the old NT users only have the pre-Windows 2000 domain\username fields populated. Will bumpting the domain/forest functional level up from 2003 Interim fix this? I bumped into some odd ACLs needed by a NAS box that allow only the new AD nomenclature ... Justin -- AIM/YIM/ICQ: vap0rtranz Homepage: http://appstate.edu/~jp59031/ "Here on the moon, our weekends are so advanced, they encompass the entire week." - Ignignokt Tag: Removal of a trust Tag: 131053
  - 3
    - Broken delegated domain I regularly run diagnostics and the dcdiag /test:dns reports that I have a broken delegated domain, yet I have never delegated this (There are a couple of other admins). I thought I understood this but I am down right stumped, it has to be something relatively simple but I sure am missing it. I don't have any sub-zones delegated, at least none that I can find. Everything is clean. DC is pointing at itself and another for dns services, AD integrated, forwards all internet requests to ISP. TEST: Delegations (Del) Error: DNS server: dcxxx.mnpower.com. IP:192.168.1.2 [Broken delegated domain mnpower.com.mnpower.com.] -- Paul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. Tag: Removal of a trust Tag: 131052
  - 4
    - RPC Dialog popup - how to troubleshoot? Hi, We've got 2 DCs that are GCs. They are physical boxes. We recently made two of our backup virtual DCs to be GCs as well. Since we did that users are getting an Outlook popup every so often which says something along the lines of: "Outlook is trying to retrieve data from Microsoft Exchange....". But then it lists one of the virtual DC names rather than the mail server name. We only have roughly 100 users so should not be a heavy load? I've looked online for troubleshooting but wondered what anyone else thought it might be? Thanks Tag: Removal of a trust Tag: 131050
  - 5
    - GPO for opening home page in new tab not working in IE7 Hi, I am trying to have IE7 go to the home page each time a new tab is opened via a GPO. Here is what I have so far: CLASS USER CATEGORY "Internet Explorer Tabbed Browsing" KEYNAME "Software\Microsoft\Internet Explorer\TabbedBrowsing" POLICY "ShowTabsWelcome" PART "ShowTabsWelcome" DROPDOWNLIST VALUENAME "ShowTabsWelcome" ITEMLIST NAME "Yes" VALUE NUMERIC 1 NAME "No" VALUE NUMERIC 0 END ITEMLIST END PART END POLICY POLICY "UseHomePageForNewTab" PART "UseHomePageForNewTab" DROPDOWNLIST VALUENAME "UseHomePageForNewPage" ITEMLIST NAME "Yes" VALUE NUMERIC 1 NAME "No" VALIE NUMERIC 0 END ITEMLIST END PART END POLICY END CATEGORY I then import this ADM intto the user node and nothing happens at all. Any help would be great, it is driving me nuts! :) Tag: Removal of a trust Tag: 131047
  - 6
    - New File Sharing System - What's my best option? Hi all! Please help me devise the best file sharing system for the following scenario: The company: 1 central office and 2 branch offices (both connected back to the central office via 512/kbps satellite) The idea: Provide a file sharing system that does NOT use mapped drives but still provides the users a list of short-cuts to available shares. Mapped drives create a problem when employees from the central office login at the branch offices (maps over the satcom connection are sloooooow and unstable). Furthermore, inconsistent drive letters assigned to different shares always causes confusion. From a data perspective, it would be nice to have the branch office drives available to the central office (and vise versa), but again I don't think the satcom connection can support the replication traffic (but I could be wrong). Also this requirement is not a core requirement, but like I said, it would be nice. I've thought about DFS and I'm open to learning more. I greatly appreciate and feedback and first hand experience. Thanks, Tag: Removal of a trust Tag: 131044
  - 7
    - account in schuled task Hi all, For the management of my servers I try remotely to know the name of each accounts used in the scheduled tasks. How to know these informatiions by script? Tag: Removal of a trust Tag: 131041
  - 8
    - Air Force one 25 paypal payment $28/pairs cnbbiz2008@hotmail.com Please chat with me by cnbbiz2008@hotmail.com to get the price and more photos, we take paypal payment $28/pairs as payment. please see the photo album below for our product list. Af1 paypal payment $28/pairs cnbbiz2008@hotmail.com ( http://photo.163.com/photos/lidg888999/152713715/ ) Af1 high paypal payment $28/pairs cnbbiz2008@hotmail.com ( http://photo.163.com/photos/lidg888999/140934568/) Af1 clear paypal payment $28/pairs cnbbiz2008@hotmail.com ( http://photo.163.com/photos/lidg888999/130772837/ ) nike shoes paypal payment $28/pairs cnbbiz2008@hotmail.com ( http://photo.163.com/photos/lidg888999/140934339/ ) nike athletic shoes paypal payment $28/pairs cnbbiz2008@hotmail.com ( http://photo.163.com/photos/lidg888999/140437767/ ) AF1 (top quality) paypal payment $28/pairs cnbbiz2008@hotmail.com (http://photo.163.com/photos/lidg888999/#p2) AF1 high (top quality) paypal payment $28/pairs cnbbiz2008@hotmail.com (http://photo.163.com/photos/lidg888999/#p2) af1 25 (top quality) paypal payment $28/pairs cnbbiz2008@hotmail.com (http://photo.163.com/photos/lidg888999/#p2) Af1 25 paypal payment $28/pairs cnbbiz2008@hotmail.com (http:// photo.163.com/photos/lidg888999/#p2) Air Force 1 paypal payment $28/pairs cnbbiz2008@hotmail.com (http://photo.163.com/photos/lidg888999/#p2) Air Force one 25 paypal payment $28/pairs cnbbiz2008@hotmail.com (http://photo.163.com/photos/lidg888999/#p2) Nike Air Force one 25 paypal payment $28/pairs cnbbiz2008@hotmail.com (http://photo.163.com/photos/lidg888999/#p2) Air Force 1 LTD paypal payment $28/pairs cnbbiz2008@hotmail.com (http://photo.163.com/photos/lidg888999/#p2) Af1 LTD paypal payment $28/pairs cnbbiz2008@hotmail.com (http:// photo.163.com/photos/lidg888999/#p2) Tag: Removal of a trust Tag: 131037
  - 9
    - can't add global distribution to share I am running windows 2003 R2. I addedd a global distribution group and added members to that group. When I try to add that global distribution to the security share, it won't let me. It seems like it can;t find the distribution group, but when i search within active directory, it finds it fine. I created another global distribution and added another share, same problem. Any info would be appreciated. jt Tag: Removal of a trust Tag: 131026
  - 10
    - Duplication of active directory environment? I have something kind of... different, that I would love to accomplish but not sure if it's possible. I have a single forest, single domain AD production environment (ionaglobal.com). I also have a test AD environment(single forest/domain) called istest.com. I went ahead and modified a script I found to create all sorts of users in my istest.com domain, to test replication etc.. which is all wonderful... but too generic for me. What I would really like to do, is somehow, someway.. take a replica of my ionaglobal.com domain, and import it into my istest.com domain.. so I have copies of all of my user accounts, security groups etc.. If it's a one time shot to replicate, and I can't have constant replication... then I can live with that.. but in a perfect world, I'd have weekly replication, or daily.. something that when my production changes.. my test env will change. Most of my reasoning for this is I'd really like to set up an exact replica of my MS environment in a development setting.. so I can have a development AD/Exchange/Office Communicator environment that IT can play around with.. test new things.. break.. fix.. and not have to really worry too much about doing anything new in production until it's all been tested, verified and we get warm and fuzzies because it's with our replica production data. Now... It sounds like a big order what I want to accomplish... so I don't have high hopes for someone replying back saying sure! just use this vb script.. so I suspect there may be commercial products that could allow something similar... but I just wanted to get peoples thoughts. Cheers, -Derek Tag: Removal of a trust Tag: 131022
  - 11
    - FREE YOUR HOME BUSINESS EARN 150 US $$ PER DAY. FREE YOUR HOME BUSINESS EARN 150 US $$ PER DAY http://govindswamy-govindaswamy.blogspot.com http://kavigovindan.blogspot.com http://govindaswamy-amman.blogspot.com http://govindaswamy10.blogspot.com Tag: Removal of a trust Tag: 131018
  - 12
    - Stopping Continuous Event 1955 and 1083 Hi: On one of my domain controllers we repeatedly get 1955 and 1083 events on a particular user account. The actual user complains that his account gets locked out and then unlocks itself. We are running 2003 sp2 in Windows 2003 domain and forrest. I've couldn't find any duplicate accounts and also have tried moving the account to another OU and did a sync to the DC's replication partner. Any ideas on how I could remove/delete this continuing DS_Writ on the source domain controller? I don't know if there is a way to enter the directory to see outstanding writes and just delete it. Or maybe need to go into ntdsutil and make the account and all of its properties authoritative on the destination domain controller thinking that would kill the request coming from the other domain controller? Thanks in advance. Charles Tag: Removal of a trust Tag: 131016
  - 13
    - Unable to make domain controller in windows server 2008 Dear Iam Unable to make domain controller in windows server 2008 as i run dcpromo it gives msg for adprep / forestprep i have run this comand but stil unable to make domain controller. Saqib Tag: Removal of a trust Tag: 131010
  - 14
    - Unable to create AD objects... Is anyone available to take a look at this thread... http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.server.active_directory&mid=be90de26-d4c1-4805-bd3a-8a70ab0e70d4&sloc=en-us ...and donate some invaluable assistance? Thanx. Tag: Removal of a trust Tag: 130998
  - 15
    - LDAPS Hi, I'm trying to enable LDAP over SSL (LDAPS) to secure communication between a web server and a DC. Both server are in the same subnet, but the webserver is not member of the domain. The DC is the only computer in the Domain. The purpose of this DC is only to authenticates user accessing web site on the web server The DC have Certificate Service installed as enterprise root. Using ldp.exe, I can connect both on port 389 and 636 from the DC itself. From the Web server, using ldp.exe I can connect on port 389, but not on 636. Error is : ld = ldap_open("ldapsvr01", 636); Error <0x51>: Fail to connect to ldapsvr01. I compared the config with my corporate domain, where LDAPS works perfectly. I notice that, from the Trust Root Certification Authorities on the web server, the Certificate Template type is CA. From my pc on the corporate domain (who can connect on port 636 using ldp.exe), the type is Root Certification Authority. Can someone give me the nail I need to finish building this house? Thanks. Tag: Removal of a trust Tag: 130986
  - 16
    - How to force a restart of computers in a domain Hello, is there a way to force a restart of all member computers in a domain? I am running a mixed mode windows 2000 domain with about 70 XP workstations. Thanks, Eddie Tag: Removal of a trust Tag: 130977
  - 17
    - adding a windows 2003 domain controller Hello, I have a windows 2003 forest and the functional level is raised to windows 2003. I am trying to add a domain controller to the domain. The server I am trying to add is running Windows 2003 R2. Whenever I try to install active directory, I get a message that says the forest is not ready and that I need to run adprep. Even though the functional level is Windows 2003, I tried running adprep anyway and it said that it had already been run and it wasn't going to do anything. Can a Windows 2003 R2 server be added as a domain controller in a Windows 2003 active directory domain? Thanks in advance!! Tim Tag: Removal of a trust Tag: 130976
  - 18
    - 2000 Adc to 2003 r2 Adc Hii All I am using exhange 2003 server in windows 2000 domain.I am planing to upgrade windows 2000 domain to windows 2003 domain. could be any problem when running forestprep or domain prep steps ? which issues that I have to attention ? Best Regards Tag: Removal of a trust Tag: 130974
  - 19
    - Forcing OU setting on Child Objects. I am having problem Delegation-Settings, which means old UserAccounts in an OU are not inheriting the Delegation configuration of the OU. What is strange again is that when the CheckBox â??Allow Inheritable Permission of the parent...â?? in the â??SecuritySettings >> Advanceâ??of these affected users is enabled, it reset itself back automatically to disable after some hours. How can I force the setting of the OU on all the child object â??Replace permissionâ?¦â?? as it exist in NTFS permission? Thanks Tag: Removal of a trust Tag: 130972
  - 20
    - GPO :local group membership Hi all, I use GPO to modify the Administrators local workstation group but this solution replace the existing user membership. How to add a user in a workstation user group without to delete the existing users? Thanks in advance LB Tag: Removal of a trust Tag: 130965
  - 21
    - Child domain user does not show parent domain group membership Hello Everyone, We just ran across something interesting - from what I know, everything is working properly. We have a parent domain - domain.com and a single child domain - child.domain.com When I look at universal distribution groups in the parent domain, of which a child domain user is a member, I see their name in the list. If I look at the "Member Of" tab on the child domain user in ADUC, it does not show that they are members of those groups. Since the group is universal, should the Member Of tab show the user's membership since I thought that the universal group info is replicated? If not, is there a global way to see all the groups that the user is a member of? Thanks in advance!!! Tag: Removal of a trust Tag: 130964
  - 22
    - reset password I am probably forgetting something simple so please help shake the marbles loose in my brain. I am attempting to reset the password of a user on a domain controller using 2003. The only domain controller on the network. I get the error "Windows cannot complete the password change for [USERNAME] because: The system cannot find the file specified." Nothing seems to show up in any of the logs regarding this failure. Any ideas why Tag: Removal of a trust Tag: 130963
  - 23
    - Filtered Sid Hi there, We just created a forest trust relationship between an AD2003 domain and an AD2008 domain. We are experiencing a really wierd issue. Here it is: A user from the 2003 domain needs to have a permission to access a shared folder on a member server of the 2008 domain. If we put the 2003 domain user in a 2008 local domain group and then give the permission to this group to access the folder on the 2008 member server, it fails. The security log says that a SID has been filtered. If we explicitly give the permission to the same user on the same folder, it is successful. If we put the 2003 user in a 2003 domain universal group, then put that universal group in the 2008 local domain group then give permission to the local domain group on the 2008 file server, it still fails, and gives the same security event. If we promote our 2008 file server as a DC, it starts to work. If we demote it back as a file server, it continues to work. - I compared ALL the local and domain policies, and everything seems fine. - I made sure that SID filtering is disabled on the trust relationship (anyway, it shouldn't be a concern, since it is a forest trust) - I made sure SID History is enabled on the trust relationship (but this too shouldn't be a concern since the user has not been migrated) What could I do next to troubleshoot this issue? Tag: Removal of a trust Tag: 130955
  - 24
    - Remote Control Addin AD I have the Remote control Addin installed for Active Directory. When I right click a PC to remote control, nothing happens. There are no error messages or anything. I tried reinstalling the addin also. Could this be a rights issue? We are using Windows Server 2003. I am using an XP machine with the 2003 admin pack installed. Thank you for your help Tag: Removal of a trust Tag: 130954
  - 25
    - Site Replication Question: Have DC's in 4 locations, all in their own sites in AD. The root DC is in Location A it has an automatic replication partner with site B. Sites C and D only have a replication partner with Site B. When we brought up site D the network link between D and B was not available but the link between D and A was. However when we brought up this site it created a replication partner with site B. Replication would not work until we corrected the link between B and D. I am concerned if the link goes down at B that I will have issues replicating from the other sites Tag: Removal of a trust Tag: 130951
- Next
  - 1
    - Sites and Services I have an old DC that shows up in AD Sites and Services. I ran DCPromo and removed it as a DC awhile back but it still shows up in AD Sites and Services. Is it safe to just remove it from AD Sites and Services? TIA Tag: Removal of a trust Tag: 130949
  - 2
    - What ports are require for DC behind firewall to work? Hi, All our servers are on their own subnet, however there will be a firewall installed between the servers subnet and the LAN users. Can someone list the UDP/TCP required and weather inbound or outbound to and from the LAN? I can only think inbound from LAN to the server subnet need to be opened? Thanks Tag: Removal of a trust Tag: 130946
  - 3
    - This days it's all about money ...... This days it's all about money ...... you can make us of our site to get money or send money or to know the value of the product YOU USE OUR SITE GET MONEY THROUGH INTERNET JUST LOGON TO WWW.JOBSFORYOUGUYS.BLOGSPOT.COM Tag: Removal of a trust Tag: 130932
  - 4
    - Migrating Contacts from one domain to another? Hi, We're currently migrating many users with mailboxes and groups from one domain to another. We use this ADMT v2 tool for this. We also have a lot of contacts for some reason. Is there an easy way to transfer these? Can't see the obvious way? Thanks, Tag: Removal of a trust Tag: 130930
  - 5
    - Server Access Rights When I have a "member" server, I create a group in AD for admining the server. I then put this group in the server's local Admin Group. This works fine. However, how do I do this for a server that is one of my domain controllers? They don't have local account & groups? Obviously, this is not an issue for (as the domain admin), but it is an issue if I want to have someone have admin rights for just a specific server. Any help would be appreciated. Tag: Removal of a trust Tag: 130929
  - 6
    - remove sub-domain on root domain Hi All, I have problem on AD, we have sub-domain A.abc.com, on this domain contoller already delete on this domain ,remove this domain not choose this DC is last server , so i use the ADSI connect to domain abc.com , i can see the domain on ADSI , i cannot create user , if the username as same as a.abc.com , but i cannot delete the username on a.abc.com , becuase this domain is remove , how to remove this domain on AD , i try ntdsutil metadata cleanup , but no success , how to remove , i cannot create many user account on domain abc.com , Help ..........Thanks, NTDSutil command select operation target: list site Found 10 site(s) 0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sml,DC=com 1 - CN=Korea,CN=Sites,CN=Configuration,DC=sml,DC=com 2 - CN=Thailand,CN=Sites,CN=Configuration,DC=sml,DC=com 3 - CN=HongKong,CN=Sites,CN=Configuration,DC=sml,DC=com 4 - CN=RPDI,CN=Sites,CN=Configuration,DC=sml,DC=com 5 - CN=Vietnam,CN=Sites,CN=Configuration,DC=sml,DC=com 6 - CN=DR_Site,CN=Sites,CN=Configuration,DC=sml,DC=com 7 - CN=US,CN=Sites,CN=Configuration,DC=sml,DC=com 8 - CN=China-DG,CN=Sites,CN=Configuration,DC=sml,DC=com 9 - CN=UKC,CN=Sites,CN=Configuration,DC=sml,DC=com select operation target: select operation target: select domain 5 No current site Domain - DC=china-dg,DC=sml,DC=com No current server No current Naming Context select operation target: list site Found 10 site(s) 0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sml,DC=com 1 - CN=Korea,CN=Sites,CN=Configuration,DC=sml,DC=com 2 - CN=Thailand,CN=Sites,CN=Configuration,DC=sml,DC=com 3 - CN=HongKong,CN=Sites,CN=Configuration,DC=sml,DC=com 4 - CN=RPDI,CN=Sites,CN=Configuration,DC=sml,DC=com 5 - CN=Vietnam,CN=Sites,CN=Configuration,DC=sml,DC=com 6 - CN=DR_Site,CN=Sites,CN=Configuration,DC=sml,DC=com 7 - CN=US,CN=Sites,CN=Configuration,DC=sml,DC=com 8 - CN=China-DG,CN=Sites,CN=Configuration,DC=sml,DC=com 9 - CN=UKC,CN=Sites,CN=Configuration,DC=sml,DC=com select operation target: select site 8 Site - CN=China-DG,CN=Sites,CN=Configuration,DC=sml,DC=com Domain - DC=china-dg,DC=sml,DC=com No current server No current Naming Context select operation target: list server in site Found 0 server(s) select operation target: ? ? - Show this help information Connections - Connect to a specific domain controller Help - Show this help information List current selections - List the current site/domain/server/Naming Cont ext List domains - Lists all domains which have Cross-Refs List domains in site - Lists domains in the selected site List Naming Contexts - Lists known Naming Contexts List roles for connected server - Lists roles connected server knows about List servers for domain in site - Lists servers for selected domain and site List servers in site - Lists servers in selected site List sites - List sites in the enterprise Quit - Return to the prior menu Select domain %d - Make domain %d the selected domain Select Naming Context %d - Make Naming Context %d the selected Naming Cont ext Select server %d - Make server %d the selected server Select site %d - Make site %d the selected site select operation target: q metadata cleanup: ? ? - Show this help information Connections - Connect to a specific domain controller Help - Show this help information Quit - Return to the prior menu Remove selected domain - Remove DS objects for selected domain Remove selected Naming Context - Remove DS objects for selected Naming Context Remove selected server - Remove DS objects for selected server Remove selected server %s - Remove DS objects for selected server Remove selected server %s on %s - Remove DS objects for selected server Select operation target - Select sites, servers, domains, roles and naming contexts metadata cleanup: remove selected domain ? Error 80070057 parsing input - illegal syntax? metadata cleanup: remove selected domain china-dg.sml.com Error 80070057 parsing input - illegal syntax? metadata cleanup: remove selected domain DsRemoveDsDomainW error 0x2015(The directory service can perform the requested o peration only on a leaf object.) metadata cleanup: Tag: Removal of a trust Tag: 130915
  - 7
    - Setting-up User settings As our company is expanding rather quick there are a couple of task that i would like to automate to reduce the time we spend on each new PC or user. 1. for each new user on a pc (we have no roaming profile) we must setup all the printers manually. How can i add all the printers to be added automatically for all users? 2. we also have a couple of shared drives on the server which we Map as Network Drives, including the users home directory which is pointed as their My Documnets as well. How can i add these network drives automatically and how can we add the users home drive and point their my documents to this drive. i hope i have made my question clear! and many thanks in advance Tag: Removal of a trust Tag: 130911
  - 8
    - LDAP Query for a DC Hi, I am trying to ensure complete removal a DC from AD due to a few issues after DCPROMO removal. I am trying to locate an LDAP query that will locate any objects that reference the DC so that i can delete them from AD, perhaps using ADSIedit or other tool. Does anyone know how I can acheive this, or suggest an LDAP query thanks Tag: Removal of a trust Tag: 130903
  - 9
    - How to kill an old group policy? I work for a company that has ALL of their policies sitting in the Default Domain policy. Im currently working through cleaning and spliting them up into individual policies. The one im stuck on right now is the Proxy Settings policy. I have created a new policy on its own,with all of the settings that previously lived in the Default domain policy. Problem is, when i remove the settings from the default domain policy, no one gets the Proxy settings, even though the policies are being applied at the same level. I do an RSOP, and i can see the old policy looks like it is still hanging onto the fact it once had these proxy settings, but now that ive disabled them, it is now remving the settings, and taking precendence over the new Proxy policy. How do you completely remove reference from a group policy?Im guessing that because this is the default domain policy, it is behaving differently. Any help is appreciated!! Tag: Removal of a trust Tag: 130901
  - 10
    - Qestion about development environment Hi, We are developing an application that authenticates users based on LDAP queries. To do this we need to create lots of test users. We prefer **not** adding all the users to our main AD branch. Can we add a child branch to our main AD domain, with restricted administration right so we can do our experiment without being member of main domain admin group? Thank you, Max Tag: Removal of a trust Tag: 130895
  - 11
    - Qestion about development environment Hi, We are developing an application that authenticates users based on LDAP queries. To do this we need to create lots of test users. We prefer not adding all the users to our main AD branch. Can we add a child branch to our main AD domain, with restricted administration right so we can do our experiment without being member of main domain adminz Tag: Removal of a trust Tag: 130894
  - 12
    - Getting a new Domain Controller Hi, I am getting a new server intended to replace my existing Windows 2000 server I need to verfiy the process aof adding this new server 2003 and what needs tobe done to get my active directory onto this new server appreciate any help Tag: Removal of a trust Tag: 130887
  - 13
    - rights not percolating For some reason rights I am assigning to users in active directory are not being passed. I assigned administrator rights to one user so he could make some changes to his PC and his level did not change on the local machine. Same problem with other users, they are only retaining the rights asigned when the login was created. We are running a single server (2003) with about 10 users on its own isolated domain, I am not an AD expert so any tips or troubleshooters would be apreciated! Tag: Removal of a trust Tag: 130884
  - 14
    - AccessCheck function fails in multi domain environment I am trying to use authorization function "accesscheck" for a user to access the resource which is in the other domain, But accesscheck function denies the access. Example Suppose there are 2 domains with trust. share object is on Domain 1 and need to access this object from Domain 2. When the user from any Domain having access rights to share oject login to Domain2 then he gets the access token from domain2. We use function AccessCheck(which check access) functions which denies the access and in my knowledge it does not work across domain. Which function should I use to fix this problem. Tag: Removal of a trust Tag: 130883
  - 15
    - How to Configure localgroup into Group Policy Hi there: I know that you can use restricted groups in group policy to assign domain groups to be members of the localgroup on computers in the domain. When the restricted group dialogue boxes prompt me I can't figure out how to include "localgroup" in there. It appears that it only allows me to select groups from the domain only. Any help would be great! I would settle for using the "c> net localgroup administrators "dom\vir users" /add" command but it doesn't like groups that have a space in the name eventhough I have quotes around it. Please help. Thanks, Charles Tag: Removal of a trust Tag: 130881
  - 16
    - Help with secondary email address setup in W2K AD and Exchange 200 We have someone who just got married and changed her last name. So we are trying to add her new email address as the primary email address in Windows 2000 AD link with Exchange 2003. We used to just able to add the new email and set it as the primary and that's it. And when we go into Outlook and type in newname@domain.com it will automatically find it in address book and convert it to "first name, last name" as it's being sent as an internal email. However, now it's not doing it? A X.400 setting is now created for the secondary address so I went in and manually added it. The email will work if I find her new name in the address book and pick it from list but if I type in user@domain.com, it won't work where I will get a 5.1.1 error message. We noticed weird problem started happening after we moved the Exchange server from the "computer" OU to a new OU we created and since then moved it back to the "computer" OU.. any help? Thanks! Tag: Removal of a trust Tag: 130880
  - 17
    - IPSec GPO -- Cannot Save Sorry, had trouble finding a GPO group. I'm interested in applying an IPsec policy via GPO, but have found that I cannot save any changes. I had assumed the new policy options in Vista/2008 would allow multiple Active Directory IPsec policies, unlike the 2003/XP policy options, and allow to save them as any other GPO. I was wondering if the saving issues I'm having (if so) are permissions related, as I am not a domain admin (only OU administrator), and if so, is there any way to add specific targetted permissions to my account which would allow saving of the IPSec GPO to my OU. Thanks all. Tag: Removal of a trust Tag: 130877
  - 18
    - Getting the DN ( distingished name) using Taskpad parameters I am trying to get the DN of a user account via a ADUC and an attached taskpad. Though able to reconstruct the DN from the $NAME<0> $NAME<1> etc parameters - the DN required for DSGET does not like commas hence any commas have to have a "\" infront. My question - is there an easier way of getting the full DN of a user account using a taskpad ? a second question - are there any other variables apart from $COL and $NAME ? many thanks Martin Tag: Removal of a trust Tag: 130876
  - 19
    - Disabled Office XP "Recently used list" via Group Policy. How do I go about disabling office XP "Recently used list" via GP? This is what I have done but it's not working? So far, I have downloaded the Office XP ADM, Word.ADM, Excel.ADM, PPT.ADM, and Access.ADM. On AD, I created a "Users" OU and a new GP labeled "Disable Office Feature" in that OU. For the "Disabled Office Feature" GP, I added the "Word.ADM" and in the "Recently used list" I have it setup to be "disabled." I then moved my own account to that new "Users" OU and did a gpupdate/force on my system, which promoted me to reboot. After reboot, I did a gpresult and see that the new GP was applied on my system. However, when I go into MS Word, I'm still seeing the "recently used list." Am I doing something wrong? Please help! Thank you in advance for your help! Tag: Removal of a trust Tag: 130875
  - 20
    - user account locked up frequently a user complained that her AD user account got locked up frequently. How can I troubleshoot what the cause could be? Maybe she changed her password and some software is still using the old one. Anyway, need to find a way to tell what is the cause and where it's from (the machine). Thanks. Tag: Removal of a trust Tag: 130874
  - 21
    - User Creation with VBS how to add to Group Dear All (Also posted this in VBScript as i dont know which applies more !!) Below is a full copy of my code to date which seems to work nicely. Im still tinkering with it as parts are yet to be added home dir etc. Basically it pulls users from a CSV and creates their accounts. However how on earth do i add them to a group....???? Every user will by default need to be a member of the "students" Group so can this be hardcoded somehow..? Then they need to be a member of a more specific group pertaining to that class only. Ideas anyone..? Cheers Paul --------------------------------------------------------------------------------------------- Option Explicit Dim sCSVFileLocation Dim sCSVFile Dim oConnection Dim oRecordSet Dim oNewUser ' Variables needed for LDAP connection Dim oRootLDAP Dim oContainer ' Holding variables for information import from CSV file Dim sLogon Dim sFirstName Dim sLastName Dim sDisplayName Dim sdescription Dim sNAME Dim sPassword Dim nPwdLastSet Dim nUserAccountControl ' Used to enable the account Dim sDomain ' Modify this to match your company's AD domain sDomain="mydomain.co.uk" ' Input file location sCSVFileLocation = "C:\Scripts\" 'KEEP TRAILING SLASH! ' Full path to input file sCSVFile = sCSVFileLocation&"User.csv" ' Commands used to open the CSV file and select all of the records set oConnection = createobject("adodb.connection") set oRecordSet = createobject("adodb.recordset") oConnection.open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source= " & sCSVFileLocation & ";Extended Properties=""text;HDR=yes;FMT=Delimited""" oRecordSet.open "SELECT * FROM " & sCSVFile ,oConnection ' Create a connection to the Active Directory Users container. Set oRootLDAP = GetObject("LDAP://rootDSE") Set oContainer = GetObject("LDAP://ou=StudentsGP," & _ oRootLDAP.Get("defaultNamingContext")) ' Allows processing to continue even if an error occurs (i.e. dup user) ' We put this below the CSV and AD information since processing can ' continue with a single bad record, but not if there is a problem with ' the CSV file or AD connection on error resume next do until oRecordSet.EOF ' Reads the values (cells) in the sInputFile file. ' --------- Start creating user account ' Read variable information from the CSV file ' and build everything needed to create the account sFirstName = oRecordSet.Fields.Item(1).value sLastName = oRecordSet.Fields.Item(2).value sLogon = sFirstName&"."&sLastName sDisplayName = sFirstName&" "&sLastName sPassword = oRecordSet.Fields.Item(3).value sdescription = oRecordSet.Fields.Item(4).value sNAME = oRecordSet.Fields.Item(5).value ' Build the User account Set oNewUser = oContainer.Create("User","cn="&sFirstName&" "&SLastName) oNewUser.put "sAMAccountName",lcase(sLogon) oNewUser.put "givenName",sFirstName oNewUser.put "sn",sLastName oNewUser.put "UserPrincipalName",lcase(SLogon)&"@"&sDomain oNewUser.put "DisplayName",sDisplayName oNewUser.put "description",sdescription oNewUser.put "name",lcase(sLogon) oNewUser.put "scriptPath",sNAME ' Write this information into Active Directory so we can ' modify the password and enable the user account oNewUser.SetInfo ' Change the users password oNewUser.SetPassword sPassword oNewUser.Put "pwdLastSet", 0 ' Enable the user account oNewUser.Put "userAccountControl", 512 oNewUser.Put "userAccountControl", 66048 oNewUser.SetInfo ' Used only for debugging if err.number = -2147019886 then msgbox "User logon " & sLogon & "already exists" end if oRecordSet.MoveNext loop ----------------------------------------------------------------------------------- Tag: Removal of a trust Tag: 130852
  - 22
    - LDAP Null Base Can you please suggest me how to resolve LDAP null base security vulnarability reported by port scan? http://xforce.iss.net/xforce/xfdb/1425 Tag: Removal of a trust Tag: 130847
  - 23
    - restore a machine from saved state not work I have a virtual server2005 R2 sp1 and have machines on "saved state" and "undo disk" enabled" when i try to restore the save state for the hard drive, and i am getting a HTTP Error 502.1 - bad gateway. and the browser just hang. does anyone know this issue and is there any fix? Tag: Removal of a trust Tag: 130843
  - 24
    - DIGITAL TV DIGITAL TV http://digitaltvtech.blogspot.com Tag: Removal of a trust Tag: 130840
  - 25
    - Remote Control permissions prompt Options Hi, I have a terminal server user. See print screen below http://www.box.net/shared/agdpk5n48s in AD the Enable remote control is enabled and the require user's permission is not checked (i.e disabled). Yet, I get prompted for the user's password when I try to remote control a user. Is their another place that one needs to change the settings? Thanks Tag: Removal of a trust Tag: 130835

Can anyone point me to a Checklist, How-To, or Best Practices on the best way
to remove a trust from a 2003 Domain and a NT Domain? Thanks

Craig

Top

Re: Removal of a trust by Meinolf

Meinolf
Thu Jun 19 14:30:47 PDT 2008

Hello MacMan0295,

Open Active directory domains and trusts. Here you can do what you like.
http://technet2.microsoft.com/windowsserver/en/library/2e04f596-7a59-4fb9-82eb-a318f0452e171033.mspx?mfr=true

http://technet2.microsoft.com/windowsserver/en/library/a7277eea-221f-45b6-9acb-259482a0169a1033.mspx?mfr=true

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Can anyone point me to a Checklist, How-To, or Best Practices on the
> best way to remove a trust from a 2003 Domain and a NT Domain? Thanks
>
> Craig
>

Top