CA Restore

Tutorials Win: Microsoft Windows Forum

- Previous
  - 1
    - Script for every logon in the last 90 days I am looking for a script I can run that will give me a list of every logon for a certain OU for the last 90 days. I am running on a Windows 2000 Domain. Tag: CA Restore Tag: 135639
  - 2
    - Final questions before promoting to DC Hi All, I can use some verification of what Iâ??m going to do with my new 2003 windows server that Iâ??m promoting to a domain controller. Please excuse the wordy email but Iâ??m a little slow and I also want make sure I do it right the first time. Also please excuse me with the many posts over the last few days. You all have been very helpful and I thank you for it. To reiterate my other posts we have 6 Windows 2000 servers. 4 of them are DCâ??s with one of them playing the master role. We have a new 2003 server on the network that Iâ??m going to promote to a domain controller (this one is not a master). I cannot promote the 2003 server to a domain controller until I run adprep /forestprep. Thatâ??s what the system told me when I ran dcpromo on the 2003 server. So after studying, posting on groups and generally sweating a lot, hereâ??s what I plan to do. Any suggestions will be appreciated. 1. Iâ??m going to run adprep /forestprep and then adprep /domainprep on the master domain controller that is running windows server 2003. I will be using the Windows 2003 support CD to run this. I have read that you should do the same commands on the Infrastructure Master in each AD domain. And, since I only have one domain (with 4 soon to be 5 domain controllers) I should not have to run it on each server correct? Just run it on the master and then replicate it to the slaves. 2. Iâ??ve already checked to make sure that there arenâ??t any mangled attributes in the system. I checked using ADSIEdit.exe the following entries and verified that they look good. By good I mean that there arenâ??t any other characters/attributes that can be considered mangled. They are just how they look below. a. HouseIdentifier b. secretary c. LabeledURI My questions about the above possible mangled entries are as follows: 1. Should I be running the fix utility before doing anything? I believe that I do not have to do that. 2. After running adprep /forestprep on the master should I check for mangling and fix them before going forward? If there was no mangling should I run the command to prorogate the changes to the other domain controllers before I run adprep /domainprep? Then of course do I repeat the above after running adprep /domainprep? 3. I will also have the utility ready to run the Inetorgpersonfix.ldf file if it is necessary. Iâ??m not too sure I understand the syntax of this yet but I have to read the documentation. 4. Once all is done and propogated is there anything else I have to do before running dcpromo on the new 2003 server? Thanks in advance for your help, Steve Lewis http://www.utrecht.com Tag: CA Restore Tag: 135638
  - 3
    - Pass-through Authentication Could someone please clarify this... Is it possible to use pass-through authentication from a domain acct in domain1 to access a share in domain2 where there is a matching local user acct on the server with the share in domain2 (same user name & pw)? (these two domains don't have trust setup) I guess I am not clear that if you were to try to access a share on a server in another domain does it pass username & password to authenticate which might match a local acct and work? or does it pass domain\useraccount & password in which case it wouldn't work? Thanks for any assistance on this as it is confusing to me. Tag: CA Restore Tag: 135635
  - 4
    - Problem accessing shared folders Here is a very Interesting problem that I am having often. When I connect to our server (DC also) for shared folders thru Run> \\192.168.x.x it would ask for username and password. If I provide administrator and his password then it displays the shared folders. Instead if I provide abc\ananda (where abc is my domain name) and password it says the username has already been tried etc. The Interesting part is if I provide some wrong username (say ananda1) then quite naturally it does not accept and the next time when I prove abc\ananda and my password then it accepts displays the shared folders. Thanks in advance for any suggestions. -- Ananda Waugh, MCA, MCSE Network Administrator Tag: CA Restore Tag: 135634
  - 5
    - Group Policy is not taking effect I created an OU and added a user into it. Then I created a GPO and linked that to this OU. Then from User Configuration> Admin Templates> taskbar & start menu I enabled Remove Log Off from Start Menu. When the user logs on the same system (DC) it takes effect: Log Off is not available in start menu. But when he logs on some other system the new configuration did not have any effect. After I enabled roaming user profile for that particular user, it is working. But user must log on the DC once then only the policy would take effect in other systems. But all users are not supposed to log on DC. I tried the same in another domain and got the same result. Any suggestion would be of great help to me. -- Ananda Waugh, MCA, MCSE Network Administrator Tag: CA Restore Tag: 135631
  - 6
    - PES I am currently working on a forest to forest domain migration project. Both forest/domains are native Windows 2003. I am using the NetIQ DMA tool (unfortunately) As such I am constrained to using an older version of PES v1. PES installs fine on the DC and works as designed for about 1 to 2 days. After 1 or 2 days, PES dissapears. It is like it is automatically uninstalled. We have turned on auditing and verified that no one is manually removing it. Any thoughts would be greatly appreciated. -- David Davis [MCSE, CISSP] Tag: CA Restore Tag: 135575
  - 7
    - Cannot start Base Filtering Engine on 2008 server joined to 2003 domain After initial boot of the server (factory install) the server was joined to the 2003 AD domain. Prior to rebooting I noticed that I was unable to make any configuration changes to the Firewall i.e. add exceptions. Upon rebooting the firewall service was not running and when I tried to restart it, received a message saying that one of it's dependant services (BFE) was not started. Starting the BFE resulted in an error 5: Access is denied. This occurred in both local and domain admin accounts. Moving the server to a seperate OU that denies all GPOs resulted in the same issues as did a gpupdate/reboot. Setting BFE to run as the domain admin resulted in error 1297. No domain policies are set to enforce. Can anyone assist as this seems to be a common issue but the fixes above did not resolve it? Thanks Paul Tag: CA Restore Tag: 135557
  - 8
    - 64-Bit server in a 32-bit AD environment I plan to add a 64-bit Windows Server 2003 application server as a member server to an existing 32-Bit Server2003 active directory domain. Is this a supported environment and if so are there any pitfalls to watch out for ? Thanks in advance fo any advice GaryD Tag: CA Restore Tag: 135554
  - 9
    - AD Security groups I have inherited an AD environment and need a way of seeing where all the global security groups are granting permissions. Does any one know of a script or tool that will allow me to search AD (and the file system if possible) to find out where security groups are applying. Thanks Jamie -- jamiew ------------------------------------------------------------------------ jamiew's Profile: http://forums.techarena.in/members/jamiew.htm View this thread: http://forums.techarena.in/active-directory/1032812.htm http://forums.techarena.in Tag: CA Restore Tag: 135553
  - 10
    - active direcotr2008 Dear, how we can take backup of active directory 2008? Rgds, Nasir karim -- Message posted via http://www.winserverkb.com Tag: CA Restore Tag: 135550
  - 11
    - Invicta Diver Aluminum Mens Watch 7008 Recommendation Discount Invicta Diver Aluminum Mens Watch 7008 Recommendation Discount Watches Invicta Diver Aluminum Mens Watch 7008 Site: http://invicta-watches.pxhelp.com/Invicta-wristwatch-3729.html Thank you for choosing http://www.pxhelp.com/ Quality Invicta Watches: http://invicta-watches.pxhelp.com/ Invicta Diver Aluminum Mens Watch 7008 AdditionalInfo : Watches Brand : Invicta Watches ( http://invicta-watches.pxhelp.com/ ) Gender : Mens Model : invicta-diver-aluminum-mens-watch-7008 Also Called : Case Material : Aluminum Movement : Quartz Crystal : Mineral Dial Color : Orange Clasp : Orange Mesh Water Resistant Bezel : Unidirectional Rotating Case Thickness : 44 mm Water Resistant : 100 Meters (330 Feet) Availability: Usually Ships In 1 - 2 Business Days Invicta Diver Aluminum Mens Watch 7008 Aluminum Case. Orange Mesh Water Resistant Strap. Orange Dial. Unidirectional Bezel. Mineral Crystal. Tang Clasp. 44 mm Case Diameter. Quartz Movement. Water Resistant At 100 Meters (330 Feet). Invicta Diver Aluminum Mens Watch 7008 Invicta Diver Aluminum Mens Watch 7008 Brand InvictaSeries Invicta DiverGender MensCase Material AluminumCase Diameter 44 mmDial Color OrangeBezel Unidirectional RotatingMovement QuartzClasp TangBracelet Orange Mesh Water ResistantWater Resistant 100 Meters (330 Feet)Crystal MineralWarranty 5 Year Extended WarrantyMeaning "invincible" in Latin, Invicta watches were actually made as early as 1837. Founder Raphael Picard wanted to bring people high quality Swiss watches at affordable prices. The company began its history in La Chaux-de-fonds, Switzerland - a land well-known for its watch making endeavors. Swiss watches have been highly coveted by many parts of the world, and Invicta watches picked up in popularity. The name was well known and well established for more than a century. In the history of Invicta watch, one thing has remained constant: Invicta watches are known for their quality and beautiful design. This is as true today as it was a century ago.Invicta Diver Aluminum Mens Watch 7008 is brand new, join thousands of satisfied customers and buy your Invicta Diver Aluminum Mens Watch 7008 with total satisfaction . A Pxhelp.com 30 Day Money Back Guarantee is included with every Invicta Diver Aluminum Mens Watch 7008 for secure, risk-free online shopping. Pxhelp.com does not charge sales tax for the Invicta Diver Aluminum Mens Watch 7008, unless shipped within New York State. Pxhelp.com is rated 5 stars on the Yahoo! network. Other Invicta Watches You Might Like Invicta Abyss Diamond Mens Watch 7091 http://invicta-watches.pxhelp.com/Invicta-wristwatch-3751.html Invicta Women's Baby Lupah Black Leather Pink MOP Dial Watch 2351/BLK http://invicta-watches.pxhelp.com/Invicta-wristwatch-3457.html Invicta Pro Diver Gold Tone Mens Watch 9311 http://invicta-watches.pxhelp.com/Invicta-wristwatch-3517.html Invicta Men's Time Square Swiss Automatic Black Leather Watch 2412/ BLK http://invicta-watches.pxhelp.com/Invicta-wristwatch-3529.html Invicta 3266 Diver RB Men's Watch http://invicta-watches.pxhelp.com/Invicta-wristwatch-3603.html Invicta Jumping Hours Gold Tone Tresor Globe Mens Watch 2841 http://invicta-watches.pxhelp.com/Invicta-wristwatch-3791.html Invicta Diver Elite Moon Phase Two Tone Mens Watch 7094 http://invicta-watches.pxhelp.com/Invicta-wristwatch-3750.html Invicta Speedway Mens Watch 9223 http://invicta-watches.pxhelp.com/Invicta-wristwatch-3571.html Invicta Ocean Pro Diver Watch 2302 http://invicta-watches.pxhelp.com/Invicta-wristwatch-3586.html Invicta Lupah Watch 2183 http://invicta-watches.pxhelp.com/Invicta-wristwatch-3432.html Tag: CA Restore Tag: 135547
  - 12
    - "DNS name does not exist."(error code 0x0000232B RCODE_NAME_ERROR) Hello! I've tried everything I can think of and find before weighting on to others, but it just seems that I can't get it going with some assist. Please? Here is a copy of my error: The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain smallbusiness.local: The error was: "DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.smallbusiness.local Common causes of this error include the following: - The DNS SRV records required to locate a domain controller for the domain are not registered in DNS. These records are registered with a DNS server automatically when a domain controller is added to a domain. They are updated by the domain controller at set intervals. This computer is configured to use DNS servers with following IP addresses: 24.92.226.41 24.92.226.40 - One or more of the following zones do not include delegation to its child zone: smallbusiness.local local . (the root zone) For information about correcting this problem, click Help. jturner5569 Tag: CA Restore Tag: 135546
  - 13
    - Subdomains Hello, We run Windows 2003 domains with integerated DNS. For example, our domain is rd.com. I want to create a subdomain for rd.com, say RESEARCH.rd.com. We currently have an MX for rd.com and I would like to add a new MX for subdomain RESEARCH.rd.com. How could I do this and is there a procudure lsit I could follow to get this accomplished. TIA Tag: CA Restore Tag: 135539
  - 14
    - Domain Controller Crashed - how to Transfer Role Hi: Need urgent help here - One of the domain controller with Infrastruture Role crashed. Other domain controllers carry other roles. On AD Users and computers, under Infrastruture tab, Operation Manager - has "Error" in the field, Next line is: "the current operation master is offline. The role cannot be transferred" It has the "chnage" botton on right. How do I tranfer instratruture role to another domain controller? And clean up AD for this server. I am thinking about getting ride of this server since it's old. Any help is greatly appreciated. Thanks. Tag: CA Restore Tag: 135531
  - 15
    - Where do the mangled entries for adprep live Hi All, I've been trying to find out about these mangled entries and I think I know where they are found. See below and let me know if this is correct. How to find out if the mangled attributes are actually mangled Go to the server you are working on. In this case it is MYSERVERNAME: Open up the following: ldp.exe Every thing we need to know about the attributes for AD is listed below. These attributes are as follows: a. On the Connection menu, click Connect, leave the Server box empty, type 389 in the Port box, and then click OK. Youâ??ll see the following: ld = ldap_open("", 389); Established connection to . Retrieving base DSA information... Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: 1> currentTime: 9/4/2008 11:57:50 Eastern Standard Time Eastern Daylight Time; 1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 1> dsServiceName: CN=NTDS Settings,CN=MYSERVERNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomainName,DC=com; 3> namingContexts: CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; CN=Configuration,DC=MyDomainName,DC=com; DC=MyDomainName,DC=com; 1> defaultNamingContext: DC=MyDomainName,DC=com; 1> schemaNamingContext: CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 1> configurationNamingContext: CN=Configuration,DC=MyDomainName,DC=com; 1> rootDomainNamingContext: DC=MyDomainName,DC=com; 16> supported Control: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2> supportedLDAPVersion: 3; 2; 12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxActiveQueries; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; 1> highestCommittedUSN: 9443481; 2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; 1> dnsHostName: MyServerName.MyDomainName.com; 1> ldapServiceName: MyDomainName.com:MyServerName$@MYDOMAINNAME.COM; 1> serverName: CN=MYSERVERNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomainName,DC=com; 2> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1791; 1> isSynchronized: TRUE; 1> isGlobalCatalogReady: TRUE; ----------- b. On the Connection menu, click Bind, leave all the boxes empty, and then click OK. Youâ??ll see the following: ld = ldap_open("", 389); Established connection to . Retrieving base DSA information... Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: 1> currentTime: 9/4/2008 11:57:50 Eastern Standard Time Eastern Daylight Time; 1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 1> dsServiceName: CN=NTDS Settings,CN=MYSERVERNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomainName,DC=com; 3> namingContexts: CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; CN=Configuration,DC=MyDomainName,DC=com; DC=MyDomainName,DC=com; 1> defaultNamingContext: DC=MyDomainName,DC=com; 1> schemaNamingContext: CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 1> configurationNamingContext: CN=Configuration,DC=MyDomainName,DC=com; 1> rootDomainNamingContext: DC=MyDomainName,DC=com; 16> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2> supportedLDAPVersion: 3; 2; 12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxActiveQueries; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; 1> highestCommittedUSN: 9443481; 2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; 1> dnsHostName: MyServerName.MyDomainName.com; 1> ldapServiceName: MyDomainName.com:MyServerName$@MYDOMAINNAME.COM; 1> serverName: CN=MYSERVERNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomainName,DC=com; 2> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1791; 1> isSynchronized: TRUE; 1> isGlobalCatalogReady: TRUE; ----------- res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3 {NtAuthIdentity: User='NULL'; Pwd= <unavailable>; domain = 'NULL'.} Authenticated as dn:'NULL'. Record the distinguished name path for the SchemaNamingContext attribute. Ours is CN=Schema,CN=Configuration,DC=MyDomainName,DC=com On the Browse menu, click Search. Configure the following settings: Base DN: Type the distinguished name path for the schema naming context that is identified above. CN=Schema,CN=Configuration,DC=MyDomainName,DC=com Filter: Type (ldapdisplayname=dup*). Scope: Click Subtree. When you click on RUN you will see in our case that this entry has no DUPâ??s at all as shown. ld = ldap_open("", 389); Established connection to . Retrieving base DSA information... Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: 1> currentTime: 9/4/2008 11:57:50 Eastern Standard Time Eastern Daylight Time; 1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 1> dsServiceName: CN=NTDS Settings,CN=MYSERVERNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomainName,DC=com; 3> namingContexts: CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; CN=Configuration,DC=MyDomainName,DC=com; DC=MyDomainName,DC=com; 1> defaultNamingContext: DC=MyDomainName,DC=com; 1> schemaNamingContext: CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 1> configurationNamingContext: CN=Configuration,DC=MyDomainName,DC=com; 1> rootDomainNamingContext: DC=MyDomainName,DC=com; 16> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2> supportedLDAPVersion: 3; 2; 12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxActiveQueries; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; 1> highestCommittedUSN: 9443481; 2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; 1> dnsHostName: MyServerName.MyDomainName.com; 1> ldapServiceName: MyDomainName.com:MyServerName$@MYDOMAINNAME.COM; 1> serverName: CN=MYSERVERNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomainName,DC=com; 2> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1791; 1> isSynchronized: TRUE; 1> isGlobalCatalogReady: TRUE; ----------- res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3 {NtAuthIdentity: User='NULL'; Pwd= <unavailable>; domain = 'NULL'.} Authenticated as dn:'NULL'. ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname=house*)", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com 1> canonicalName: MyDomainName.com/Configuration/Schema/ms-Exch-House-Identifier; 1> cn: ms-Exch-House-Identifier; 1> distinguishedName: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 2> objectClass: top; attributeSchema; 1> name: ms-Exch-House-Identifier; ----------- ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname=dup*)", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 0 entries: ----------- Which means that there are no duplicates for any attributes. However if you run the following in LPD.exe you will see that the attributes are there; Do the same search for the following: (ldapdisplayname=house*) for houseIdentifier. This will show the following: ld = ldap_open("", 389); Established connection to . Retrieving base DSA information... Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: 1> currentTime: 9/4/2008 11:57:50 Eastern Standard Time Eastern Daylight Time; 1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 1> dsServiceName: CN=NTDS Settings,CN=MYSERVERNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomainName,DC=com; 3> namingContexts: CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; CN=Configuration,DC=MyDomainName,DC=com; DC=MyDomainName,DC=com; 1> defaultNamingContext: DC=MyDomainName,DC=com; 1> schemaNamingContext: CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 1> configurationNamingContext: CN=Configuration,DC=MyDomainName,DC=com; 1> rootDomainNamingContext: DC=MyDomainName,DC=com; 16> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2> supportedLDAPVersion: 3; 2; 12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxActiveQueries; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; 1> highestCommittedUSN: 9443481; 2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; 1> dnsHostName: MyServerName.MyDomainName.com; 1> ldapServiceName: MyDomainName.com:MyServerName$@MYDOMAINNAME.COM; 1> serverName: CN=MYSERVERNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomainName,DC=com; 2> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1791; 1> isSynchronized: TRUE; 1> isGlobalCatalogReady: TRUE; ----------- res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3 {NtAuthIdentity: User='NULL'; Pwd= <unavailable>; domain = 'NULL'.} Authenticated as dn:'NULL'. ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname=house*)", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com 1> canonicalName: MyDomainName.com/Configuration/Schema/ms-Exch-House-Identifier; 1> cn: ms-Exch-House-Identifier; 1> distinguishedName: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 2> objectClass: top; attributeSchema; 1> name: ms-Exch-House-Identifier; ----------- ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname=dup*)", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 0 entries: ----------- ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname=house*) ", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com 1> canonicalName: MyDomainName.com/Configuration/Schema/ms-Exch-House-Identifier; 1> cn: ms-Exch-House-Identifier; 1> distinguishedName: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 2> objectClass: top; attributeSchema; 1> name: ms-Exch-House-Identifier; ----------- Note the above entry (last line). > name: ms-Exch-House-Identifier; Can be checked using ADSI Edit. Just go into the program: "C:\Program Files\Support Tools\adsiedit.msc" and do the following: Click on the schema CN = SCHEMA [MYSERVERNAME],CN=Configuration,DC=MyDomainName,DC=com On the right side right click on CN=ms-Exch-House-Identifier. A pop up will come up. Select which properties to view â??Bothâ?? Select a property to view â??LDAPDisplayNameâ?? Then you will see the value of houseIdentifier without any mangling of DUPâ??s in the value field: Do the same for the following: (ldapdisplayname= labledUR*) for labledURI. This will show the following: ld = ldap_open("", 389); Established connection to . Retrieving base DSA information... Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: 1> currentTime: 9/4/2008 11:57:50 Eastern Standard Time Eastern Daylight Time; 1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 1> dsServiceName: CN=NTDS Settings,CN=MYSERVERNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomainName,DC=com; 3> namingContexts: CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; CN=Configuration,DC=MyDomainName,DC=com; DC=MyDomainName,DC=com; 1> defaultNamingContext: DC=MyDomainName,DC=com; 1> schemaNamingContext: CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 1> configurationNamingContext: CN=Configuration,DC=MyDomainName,DC=com; 1> rootDomainNamingContext: DC=MyDomainName,DC=com; 16> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2> supportedLDAPVersion: 3; 2; 12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxActiveQueries; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; 1> highestCommittedUSN: 9443481; 2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; 1> dnsHostName: MyServerName.MyDomainName.com; 1> ldapServiceName: MyDomainName.com:MyServerName$@MYDOMAINNAME.COM; 1> serverName: CN=MYSERVERNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomainName,DC=com; 2> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1791; 1> isSynchronized: TRUE; 1> isGlobalCatalogReady: TRUE; ----------- res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3 {NtAuthIdentity: User='NULL'; Pwd= <unavailable>; domain = 'NULL'.} Authenticated as dn:'NULL'. ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname=house*)", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com 1> canonicalName: MyDomainName.com/Configuration/Schema/ms-Exch-House-Identifier; 1> cn: ms-Exch-House-Identifier; 1> distinguishedName: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 2> objectClass: top; attributeSchema; 1> name: ms-Exch-House-Identifier; ----------- ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname=dup*)", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 0 entries: ----------- ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname=house*) ", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com 1> canonicalName: MyDomainName.com/Configuration/Schema/ms-Exch-House-Identifier; 1> cn: ms-Exch-House-Identifier; 1> distinguishedName: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 2> objectClass: top; attributeSchema; 1> name: ms-Exch-labledURI; ----------- ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname= labledUR*) ", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 0 entries: ----------- Again the last entry is 1> name: ms-Exch-labledURI; Open up ADSI Edit and select ms_Exch_labeledURI and drill down like above and youâ??ll see labeledURI without any mangling of DUPâ??s in the value field: You can use the following: (ldapdisplayname= secretar*) for secretary. ld = ldap_open("", 389); Established connection to . Retrieving base DSA information... Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: 1> currentTime: 9/4/2008 11:57:50 Eastern Standard Time Eastern Daylight Time; 1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 1> dsServiceName: CN=NTDS Settings,CN=MYSERVERNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomainName,DC=com; 3> namingContexts: CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; CN=Configuration,DC=MyDomainName,DC=com; DC=MyDomainName,DC=com; 1> defaultNamingContext: DC=MyDomainName,DC=com; 1> schemaNamingContext: CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 1> configurationNamingContext: CN=Configuration,DC=MyDomainName,DC=com; 1> rootDomainNamingContext: DC=MyDomainName,DC=com; 16> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2> supportedLDAPVersion: 3; 2; 12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxActiveQueries; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; 1> highestCommittedUSN: 9443481; 2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; 1> dnsHostName: MyServerName.MyDomainName.com; 1> ldapServiceName: MyDomainName.com:MyServerName$@MYDOMAINNAME.COM; 1> serverName: CN=MYSERVERNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomainName,DC=com; 2> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1791; 1> isSynchronized: TRUE; 1> isGlobalCatalogReady: TRUE; ----------- res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3 {NtAuthIdentity: User='NULL'; Pwd= <unavailable>; domain = 'NULL'.} Authenticated as dn:'NULL'. ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname=house*)", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com 1> canonicalName: MyDomainName.com/Configuration/Schema/ms-Exch-House-Identifier; 1> cn: ms-Exch-House-Identifier; 1> distinguishedName: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 2> objectClass: top; attributeSchema; 1> name: ms-Exch-House-Identifier; ----------- ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname=dup*)", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 0 entries: ----------- ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname=house*) ", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com 1> canonicalName: MyDomainName.com/Configuration/Schema/ms-Exch-House-Identifier; 1> cn: ms-Exch-House-Identifier; 1> distinguishedName: CN=ms-Exch-House-Identifier,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 2> objectClass: top; attributeSchema; 1> name: ms-Exch-House-Identifier; ----------- ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname= labledUR*) ", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 0 entries: ----------- ***Searching... ldap_search_s(ld, "CN=Schema,CN=Configuration,DC=MyDomainName,DC=com", 1, "(ldapdisplayname= secretar*) ", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com 1> canonicalName: MyDomainName.com/Configuration/Schema/ms-Exch-Assistant-Name; 1> cn: ms-Exch-Assistant-Name; 1> distinguishedName: CN=ms-Exch-Assistant-Name,CN=Schema,CN=Configuration,DC=MyDomainName,DC=com; 2> objectClass: top; attributeSchema; 1> name: ms-Exch-Assistant-Name; 1> name: ms-Exch-Assistant-Name; Open up ADSI Edit and select ms_Exch_Assistant-Name and drill down like above and youâ??ll see the proper name without mangling: I hope this helps and I hope I'm saying it correctly. Thanks for all your help, -- Steve Lewis Tag: CA Restore Tag: 135530
  - 16
    - DCs keep sending out DHCPDISCOVER packets My network admin is questioning why my statically assigned DCs keep sending out DHCPDISCOVER packets. Any ideas or utilities to determine where these are originating from and if they can be stopped? As a quick test I stopped the DHCP client service (which I know must be left running even on static machines for DNS registration) but he still saw them. Tag: CA Restore Tag: 135523
  - 17
    - active directory not replication after dc promo Dcpromo/active directory replication/DNS problem I am in the process of adding a windows sever 2003 SP2 to a windows 2000 domain. I used the adprep /forest and domain prep . Everything went fine I see the containers created by adprep. The DNS domain name is different than the NETBios name. When I run dcpromo I get different responses as errors mainly that it cannot manage the network session with the current domain controller. I did managed to have dcpromo run successfully , however sysvol does not replicate and becomes shared. In the event viewer I get ?windows cannot find the computer account? I also get from FRS ?File Replication Service is initializing the system volume with data from another domain controller. Computer OPERA-910FIMR83 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.? And from directory service The attempt to establish a replication link for the following writable directory partition failed. Directory partition: DC=domain,DC=org,DC=1 Source domain controller: CN=NTDS Settings,CN=DATA-SERV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=org,DC=1 Source domain controller address: e49b62f6-61c6-4f64-8ced-22ec69f6ae64._msdcs.domain.org.1 Intersite transport (if any): This domain controller will be unable to replicate with the source domain controller until this problem is corrected. I can join a windows 2000 server with no problem. I have setup a virtual pc windows 2000 with no problems on the domain and removed it. I have also cleaned up the active directory to remove any traces of the virtual machine. So now I have a test environment to test solutions. I did go ahead and seize all the roles in the test environment, I have set up another virtual server 2003 and I get the same results. Things I have done: I have run dcdiag and netdiag and both report no errors on the 2000 servers. If I run it on the 2003 box I get that it cannot find the GUID._msdcs.domian.org.1 ip address. Connectivity test failed. Everything else test ok. DNS works fine all DC point to the same DNS box which is the DC that holds all FSMO roles. On the DC's I can see the shares if I type \\GUID._msdcs.domain.org.1 how ever on the server 2003 I get path not found or could find a network provider. Please help. -- scoobydog ------------------------------------------------------------------------ scoobydog's Profile: http://forums.techarena.in/members/scoobydog.htm View this thread: http://forums.techarena.in/active-directory/1032294.htm http://forums.techarena.in Tag: CA Restore Tag: 135506
  - 18
    - Quest v NetIQ for migrating NT4 to 2003 AD anybody have a preference for NetIQ DMA V quest DMW? Tag: CA Restore Tag: 135499
  - 19
    - newly joined domain and slow in start up Hi, a win2k3 server newly joined a domain. When it starts up it took a long time stay in "applying computer settings". When finally it starts up, logon as domain user takes another long time but logon as a local user is fast. wher to look in to the problem? thanks in advance Tag: CA Restore Tag: 135494
  - 20
    - is there anyway to set timezone for pcs via GPO? thanks in advance Tag: CA Restore Tag: 135492
  - 21
    - schufafreier kredit blitzkredit online kredite oesterreich kredit mit schufa postbank online kredit schufafreier kredit blitzkredit online kredite oesterreich kredit mit schufa postbank online kredit + + + + +++ GUENSTIGE KREDITE ONLINE +++ KREDITE IM INTERNET OHNE SCHUFA +++ + + http://WWW.KREDITE-ONLINE-24.INFO/ http://WWW.KREDITE-ONLINE-24.INFO/ http://WWW.KREDITE-ONLINE-24.INFO/ http://WWW.KREDITE-ONLINE-24.INFO/ http://WWW.KREDITE-ONLINE-24.INFO/ http://WWW.KREDITE-ONLINE-24.INFO/ http://WWW.KREDITE-ONLINE-24.INFO/ http://WWW.KREDITE-ONLINE-24.INFO/ http://WWW.KREDITE-ONLINE-24.INFO/ + + + + ################################################################################## + + +++ GUENSTIGE KREDITE ONLINE +++ KREDITE IM INTERNET OHNE SCHUFA +++ + http://jhku.net/KREDITE-ONLINE-24/ http://jhku.net/KREDITE-ONLINE-24/ http://jhku.net/KREDITE-ONLINE-24/ http://jhku.net/KREDITE-ONLINE-24/ http://jhku.net/KREDITE-ONLINE-24/ http://jhku.net/KREDITE-ONLINE-24/ http://jhku.net/KREDITE-ONLINE-24/ http://jhku.net/KREDITE-ONLINE-24/ http://jhku.net/KREDITE-ONLINE-24/ + + + + http://draconian.com/dragon-forum/showthread.php?t=20448 http://www.topwomen.org/forum/index.php?showtopic=86088 http://ibm-news.for-um.de/showthread.php?t=12009 http://ibm-news.for-um.de/showthread.php?t=9133 http://ibm-news.for-um.de/showthread.php?t=11640 http://ibm-news.for-um.de/showthread.php?t=10026 http://ibm-news.for-um.de/showthread.php?t=14309 http://ibm-news.for-um.de/showthread.php?t=14693 http://ibm-news.for-um.de/showthread.php?t=14002 euro kredite schufafreie kredite auto kredit ohne schufa kredit karte ohne schufa online kredite von privat bargeld kredit kredit einkommen online kredit test kredit ohne schufa mit sofortzusage schnelle kredite ohne schufa kredit ohne schufa in sofort kredit ohne schufa fuer online kredit rechner kredite ohne schufa mit kredite muenchen kredit ohne schufa ohne online credit ohne schufa kredit ohne schufa fuer arbeitslose online-kredite kredit auch ohne schufa bank kredit online kredit online handyvertrag ohne schufa finanzierung kredit fuer selbststaendige sofortkredit ohne schufa kreditantrag online online kredite oesterreich bargeld ohne schufa kredit ohne schufaauskunft guenstige kredite ohne schufa kredite ohne schufa serioes kreditvergleich online online kredite in raten kredit handy ohne schufa Tag: CA Restore Tag: 135489
  - 22
    - unable to access AD - The security ID structure is invalid Hi to all, Currently, i am installing Microsoft Dynamic CRM 4.0 onto a Server with Windows Server 2003 SP2. During installation, all the things have run smoothly, but it comes to a point on "Creating and configuring Microsoft DynamicsCRM groups in Active Directory" on the part for "Microsoft.Crm.Setup.Server.GrantAccessToCrmServicesAction" The following error Messager Prompted out :- --------------------------- Microsoft Dynamics CRM Setup --------------------------- Action Microsoft.Crm.Setup.Server.GrantAccessToCrmServicesAction failed. The security ID structure is invalid. (Exception from HRESULT: 0x80070539) --------------------------- Retry Cancel --------------------------- Previously I have created a Organizational Unit (OU) on the Domain Controller, which named "CRM", which I then select the same OU name during installation. My Question is will AD have some component that I need to configure? what does The security ID structure is invalid means? Please Help >.< thanks and regards, Vince Server Pros Wannabe -- Message posted via WinServerKB.com http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-ad/200809/1 Tag: CA Restore Tag: 135488
  - 23
    - RID Pool renewal request Q: Quick question. For a 2003 DC, when will a DC request a new rid pool from the RID master? In 2000 SP4 it was 50% of the current RID pool exhausted (I think). Has it changed with 2003 or 2008 ? Thanks -- /kj Tag: CA Restore Tag: 135487
  - 24
    - ADPrep /forestprep failed 2000 to 2003 r2 I'm running ADPrep on my 2000 DC and I get almost complete and I get an error. Here is a copy of error part in the ADPrep.log file. Adprep checked to verify whether operation cn=26ad2ebf-f8f5-44a4-b97c- a616c8b9d09a,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=crdius,D C=local has completed. [Status/Consequence] The operation GUID already exists so Adprep did not attempt to rerun this operation but is continuing. Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=4444c516-f43a-4c12-9c4b- b5c064941d61,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=xxxx,DC= local. LDAP API ldap_search_s() finished, return code is 0x20 Adprep verified the state of operation cn=4444c516-f43a-4c12-9c4b- b5c064941d61,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=xxxx,DC= local. [Status/Consequence] The operation has not run or is not currently running. It will be run next. Adprep was unable to complete because the call back function (null) failed. [Status/Consequence] Error message: Error(110) while running ""C:\WINNT\system32 \LDIFde.exe" -o ObjectGuid -d "CN=pKICertificateTemplate-Display,CN= 404,CN=DisplaySpecifiers,CN=Configuration,DC=xxxx,DC=local" -u -f "C: \DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\TMPAA.tmp" -j "C:\WINNT\system32 \debug\adprep\logs\20080903150106" -s crdi-ad.xxxx.local". Could not move file C:\WINNT\system32\debug\adprep\logs\20080903150106\LDIF.err to C:\WINNT\system32\debug\adprep\logs\20080903150106 \DisplaySpecifierUpgradeLdifError.001.txt. The system cannot find the file specified. (0x80070002). [User Action] Check the log file Adprep.log, in the C:\WINNT\system32\debug\adprep \logs\20080903150106 directory for more information. Adprep set the value of registry key System\CurrentControlSet\Services \NTDS\Parameters\Schema Update Allowed to 1 Adprep was unable to update forest-wide information. [Status/Consequence] Adprep requires access to existing forest-wide information from the schema master in order to complete this operation. [User Action] Check the log file, Adprep.log, in the C:\WINNT\system32\debug\adprep \logs\20080903150106 directory for more information. Any help on this error would be great. Tag: CA Restore Tag: 135469
  - 25
    - Import Global Security groups from txt file using ldifde I have a text file with a list of groups I would like to create in AD for a file sharing project. I know I can script an import of users and or containers. say I wanted to add a group "group" to a container in my AD called "container" in my domain fabrikam.com. How would I do that? Any replies would be appreciated. Thanks! Tag: CA Restore Tag: 135457
- Next
  - 1
    - server 2003 and gpo - exclude a user How does one exclude a user from a GPO? Thanks Tag: CA Restore Tag: 135455
  - 2
    - IE home page GPO... inheritance nightmare I have the following AD structure: - domain - OU A - OU B - OU C - OU D - OU E ... - OU X - OU Y - OU Z I need every user in OU D ... Y to have the same Interner Explorer home page, but I need users in OU Z to be able to freely choose the home page they want. I can create and link a GPO to OU C setting the IE home page (without the "no override" flag); then I can create and link a GPO to OU Z which will overwrite the settings inherited from OU C with different ones; but which ones should I use to now free users in OU Z to choose the home page they want? If I don't set anything for the IE home page, the settings in OU C prevail; if I set something it works, but I don't want users in OU Z to be forced to use some specific other home page. If I set the policy with a blank value, the user's home page settings get reset to the default (MSN) every time the policy is applied. I can't set "block policy inheritance" on OU Z, because there are other policies I want applied; so, what can I do to undo the settings coming from OU C at the OU Z level, without overwriting them with other settings? I know I can create a GPO and manually link it to each OU under C excluding Z, but this is quite cumberstome, as there are a lot of OUs there. Thanks for any tip Massimo Tag: CA Restore Tag: 135454
  - 3
    - DNS and GPO Best Practices? Within our network, we recently implemented several Laptop Workstations that users are allowed to take home. Previously, all workstations were assigned DNS server IP addresses (internal addresses) via the DHCP server. This seems to cause problems with laptop users as they are unable to browse the internet when they take their machines home. What is the best practice for assigning a DNS IP addresses to all machines when they connect to the domain, either wired or wifi, while allowing the laptop machines to connect to the Internet when off-site? I would imagine it is a combination of GPO and OU settings. Have there be write-ups regarding network setups similar to this? If so, where might I find them? Tag: CA Restore Tag: 135448
  - 4
    - GPMC Install I've installed the GPMC a million times without issue. So, after some trials I'm stumped. I have a Win2K3 X64 DC that I'm trying to install the GPMC on. I'm getting the error "Please install the MS .NET framework before installing MS GMPC with SP1." I've tried uninstalling and reinstalling .NET. I've tried updating to new versions. Same error everytime. What little nuance am I missing? Thanks, D Tag: CA Restore Tag: 135445
  - 5
    - ADM Template for IE 7 Little new to installing templates, if I want to see the new settings for IE 7 on all my OUs should I install the template at the domain level, and if so does it remove all my GPO settings I had in the past in regards to IE? cheers Tag: CA Restore Tag: 135443
  - 6
    - Mangling of Secretary, houseIdentifier, and labeledURI Attributes Hi All, Here is my next question on promoting a windows 2003 server to a domain controller. Microsoft talks about http://support.microsoft.com/kb/314649/. Iâ??ve looked all over the 4 DCâ??s we already have and there is not any reference to the possible Mangled attributes that may occur in Windows 2000 and Windows Server 2003 forests if Exchange 2000 creates the initial definition of the Secretary, the houseIdentifier, and the labeledURI attributes in a Windows 2000 domain. Iâ??ve ran ADSI edit on all domains (our ntserver1 is our master DC. I found this out by running netdom query fsmo on each DC and they all pointed to ntserver1). Within ADSI edit I looked for all occurrences of Secretary, the houseIdentifier, and the labeledURI and cannot see anything listed for these. Am I looking in the right place? If these arenâ??t even listed can I assume that the do not exist? If they do not exist that am I correct that the running adprep /forestprep and adprep /domainprep will not cause any mangling of the above attributes? The Microsoft documentation leaves a little to be desired and of course at my age reading is getting harder and harder ï?? Any suggestions, ideas etc will be greatly appreciated. Thanks, Steve Lewis -- Steve Lewis Tag: CA Restore Tag: 135442
  - 7
    - IP Conflict Hi. I Have about 400 Client in 11 Site , 1 Client Conflict IP With a IP Server and i can't find it. what is your suggestion? are there any applications to find a computer by mac address? are there any applications for saving list of computers in a network with mac addresses and IPs? Tag: CA Restore Tag: 135435
  - 8
    - Help with script center script I've taken the following script from MS script center and ammended it for my AD structure http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true However when I run it it seems to list almost all the systems in my domain rather than just the ones which were last logged off prior to the date set in the script. Any ideas where I'm going wrong. I'm pretty new to scripting so be gentle! lol Tag: CA Restore Tag: 135431
  - 9
    - Create Mailbox Time Stamp? Is there any way to find out when an Exchange mailbox was created? If the mailbox was created sometime after the creation of the AD account? I see no such attribute in ADSI. Is there anywhere else to look? Tag: CA Restore Tag: 135430
  - 10
    - permission on c:\Windows\System32\certsrv\en-US\default.asp I am trying to edit the asp files to appear and work in certain ways but I can't seem to be able to edit the files. I am an administrator but it says only TrustedInstaller has full permission. What can I do to gain the permission necessary to edit the files? Thanks Tag: CA Restore Tag: 135428
  - 11
    - Windows Server 2003 - FSMO Holders as VMWare Virtual Machines Hello all - I wasn't sure if this should be in the VMWare group or not, but since it is more AD-related I thought I would post here first. My company is looking to virtualize as many of our Windows 2003 domain controllers as possible, and I would like to know if anyone else has experience with this and what the possible pitfalls/problems could be. We have a single forest environment with 3 domains, with 4 DC's per domain. Our DR site currently hosts 1 DC for each of the 3 domains (3 DCs total), and these DC's are currently virtual machines on VMWare ESX Server. We also have 2 DC's from our home office that are hosted on ESX Server, but they are not FSMO role holders in the domain/ forest. I know that official MS policy is that they do not support domain controllers in virtual environments (other than MS Virtual Server) and they discourage having FSMO role holders as virtuals as well. The DC's that are currently virtual machines at our DR site we do not seem to have any issues with, however the 2 DC's at our home office site that are VM's we consistently receive SCOM alerts on related to AD Last Bind Latency, and Memory Utilization alerts. Other than the SCOM alerts, the event logs on all the DC's (including the VM's) are clean; so I don't think the SCOM alerts are necessarily indicating a problem. I guess the main thing I am looking for is some feedback from any of you who might have a current production environment with virtual domain controllers (FSMO holders as well), and if you have consistent performance/replication issues, or if this setup is something you have avoided entirely. Any feedback is appreciated! Thanks! Tag: CA Restore Tag: 135423
  - 12
    - How do I view ldap attributes for a user? I searched but could not find an answer to this question. I want to look at all the ldap attributes for a given user. Is there tool to do that in Windows 2003 Server? Thank you. Tag: CA Restore Tag: 135420
  - 13
    - ADPREP - Impact to domain during upgrade I am looking to use ADPREP to extend my Windows 2000 domain to allow Windows 2003 Domain Controllers. One question that I have is how will Active Directory be affected during the process. Will services still function as normal whilst ADPREP is running ? Thanks in advance Tony Tag: CA Restore Tag: 135418
  - 14
    - Network clearup This maybe an easy one.... We have lots of computers within our active directory OU's. Over a period of time a lot of the computers now don't exist on the network but show up in the ADUC. Is there any way of clearing up these pc's if they haven't been used within say 30 days?? I'm still going through the process of putting a description by each PC but want to get rid of old machines Also i have a couple of pc's showing on the network and want to send a message to them, how do i do that?? I don't know who the user is! Hope somone can help??? Thanks Tag: CA Restore Tag: 135401
  - 15
    - Restrict User Account Logons Hi, I need to restrict the computers that users can logon to but only at specific times. As an example, I need UserA to be able to logon to PC1 or PC2 at any time but I need to be able to restrict UserB from logging on to PC1 between 9am and 10am. However, I also want UserB to be able to logon to PC2 at any time. In Active Directory, I can restrict the logon hours for UserB but this applies to all PCs. Through Group Policies I can restrict UserB from logging on to PC1 but this applies at all times. I need to find a mix of restriction by PC and by time. Any ideas? Tag: CA Restore Tag: 135400
  - 16
    - kerberos Hi, My event viewer is filled with the type of errors listed below The kerberos client received a KRB_AP_ERR_MODIFIED error from the server STAFFROOM-02$. The target name used was cifs/SCIENCELAPTOP-3.STDAVIDS.LOCAL. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (STDAVIDS.LOCAL), and the client realm. I have no duplicate machine names on the network, this is causing problems with users loggin on. Is it possible to disable this feature? -- Thanks and regards Tony Tag: CA Restore Tag: 135399
  - 17
    - Please Help me in writing this script Dear All I have an excel sheet contains all information about our AD users. thses information taken from HR database. 1st colum has email address like (User1@mycompany.com) 2nd colum has 1st name 3rd colum has initial 4th colum has last name 5th colum has phone number etc the sheet has many other attributes. the sAMAccountName is not inculded in the excel. I want to write a script that read the 1st colum (email attribute), the search active directory for the match. if the email found, i want to modify his attributes based on the attributes in the excel sheet. same thing for other users. if the email is not found in the AD, echo "not found" the search cretiria is the email attribute. we have arround 400 entry in the excel sheet. please help me.... Tag: CA Restore Tag: 135396
  - 18
    - Add Notes for Tracking Where can I add notes in AD user accounts when creating an account? The Notes field, when text is placed there appears in the Exchange GAL, so not there. I need to have my Helpdesk peers add notes for, name=which one of them created the object, when= on what date, ticket= the ticket number they were working on. Only in this manner can management backtrack and take corrective action when mistakes are made, like a peer who constantly mispells names or makes other process mistakes, like not following the process. Tag: CA Restore Tag: 135387
  - 19
    - Error - AD busy - DC won't upgrade to 2003 functional domain Have 2 server test lab with Server 2003 Enteprise on both machines. Both in one domain. When I try to raise functional level an error comes back the the AD is busy. No problems in any even log. Can not find articles on problems with upgrading the functional levels, just how easy it is to do it. Any suggestions on articles, tips, log techniques, etc. would be appreciated. -- Thank you for your help. Christian Tag: CA Restore Tag: 135386
  - 20
    - hiding outlook contact fields Not sure if this is the best place to post this, but I suppose it could be a group policy type question. I have had a request come in asking if I can hide the mobiel and home addresses in the contact properties of contacts in outlook from specific groups. any ideas off hand? Tag: CA Restore Tag: 135380
  - 21
    - Replacing old server running Win2k with new server running Win2k3 Hello, Our old Win2kserver is getting disposed we have a newer server running Win2k3 that is a member server in our domain we are planning to have this newer server assume the role of Domain controller. Our existing server has all roles and since it was our only server we have no replcation at all and this old boy has all roles so nothing has been assigned to any other server....... Do I really need to run AD migration? Most supportive info I see states I need to : Run ADPrep/DomainPrep and Forestprep ( on which server?) then run DCPROMO on this newer Win2k3 box In stall DNS snap-in on this newer server transfer FMSO roles to thie new Win2k3 DC Is this all there is to it ....... is there more that has to be done with DNS..... I guess I just need the process validated I appreciate any help Tag: CA Restore Tag: 135378
  - 22
    - Force GPO update from DC? Hey all, Just curious, I know I can run GPUpdate (with /force) to initiate policy refresh fro the client side. I also know that I can manipulate the policy refresh interval on the server side. However, let's say you just made a critical GPO change and wanted it pushed right away without the user having to do anything. What's the simplest way? Thanks, Dan Tag: CA Restore Tag: 135372
  - 23
    - ADAM Windows XP install I would like to install Adam on my Windows XP with SP2. Where can I find the download files. I am finding all search's are leading to Windows 2003 SP1 release of Adam. Your help is appreciated. Tag: CA Restore Tag: 135371
  - 24
    - Adding a domain Group in Local Group need help for following. I want to add a domain group in a local group buy using GPO with out impacting current "local group" membership. i.e Local Group = "Remote desktop users" current non domain local memebers= user1, user2, user 3 I want to add domain\Group01 in "Remote Desktop users" without removing current memeber. Thx, Tag: CA Restore Tag: 135369
  - 25
    - Adding user in a group in domain I need help for following. I want to add a domain group in a local group buy using GPO with out impacting current "local group" membership. i.e Local Group = "Remote desktop users" current non domain local memebers= user1, user2, user 3 I want to add domain\Group01 in "Remote Desktop users" without removing current memeber. Thx, Tag: CA Restore Tag: 135368

I had an issue with one of my DC's which was my CA. I only have one
Enterprise CA on a single forest single domain AD. Windows 2003 functional
level.

I backed up my CA, Stoped my CA service, backed up the registry
(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\"mydomain Root CA")

I then uninstalled CA service, DCpromo demoted the server. Rebooted.
DCpromo - verified that all went well. dcdiag - all good.

I then reinstalled CA, custom. used my backedup certificate. Stopped
service, restored registry key, restored CA from backup and allowed it to
"start service". Here is were it all fell apart. I am getting:
"Microsoft Certificate services - Bad Key, 0x80090003 (-2146893821)"

Event log: Application

Event Type: Error
Event Source: CertSvc
Event Category: None
Event ID: 100
Date: 9/5/2008
Time: 12:05:07 PM
User: N/A
Computer: mydc2
Description:
Certificate Services did not start: Could not load or verify the current CA
certificate. MyDomain Root CA Bad Key. 0x80090003 (-2146893821).

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I look forward to any advice you can provide.

--
Fredrick A. Zilz
Director IT
InterHealth N.I.

Top

RE: CA Restore by Onion

Onion
Fri Sep 05 14:27:19 PDT 2008

It sounds like you did the backup/restore correctly. You can also turn on
debug logging (logs to %systemroot%\cert#.log) to help determine the root
cause of the issue:

certutil -setreg ca\debug 0xffffffe3

Top