Where is Admin account being used?

Tutorials Win: Microsoft Windows Forum

- Previous
  - 1
    - AD Administrator account - where is it being used? Hello, I am working with a domain where the main Administrator account has been (stupidly) used as a service account somewhere on the nework. The password has been changed for this, and now i am seeing many many events where the administrator account has attempted to logon, but cannot as the password is wrong. As this is the main admin account, it is not locked out, but i would like to know how to find out where the account is being used from. This would be handy to audit other accounts floating on the network also. Cheers. Tag: Where is Admin account being used? Tag: 132217
  - 2
    - We, www.chinadvdwholesaler.com, located in China, are specialized in Dear Sir or Madam. 1.What we are: We, www.chinadvdwholesaler.com, located in China, are specialized in the wholesaling and distributing of varies of DVD, VCD, MOVIE, TV SHOW, etc with high quality and competitive price. 4. Our Products: Nearly all the popular titles are available in our store, recently we have Sopranos, Stargate, Star trek, Star War, CSI,Baby Einstein, La Femme Nikita,007,West Wing, Friends, Sex and the City, Desperated Housewives etc on sell. All DVDs are Chinese original release, region free and NTSC/PAL format compatible, will play on all region code DVD players with original English audio. Please feel free contact us for the details 5. Contact : E-mail : sales@chinadvdwholesaler.com Website : www.chinadvdwholesaler.com Tag: Where is Admin account being used? Tag: 132216
  - 3
    - Creating Subdomains and routing emails Hello, We have Windows 2003 domain called abc.com. I want to create a subdomain caled marketing.abc.com. We need to create users with address name@marketing.abc.com under AD. What is the best way of approaching this? We also run Exchange 2003 at this primary site. What needs to be configured for routing mails addressed to this subdomain? Also, will this cause issues to current root domain, meaning user@abc.com? Thanks much Tag: Where is Admin account being used? Tag: 132215
  - 4
    - 2008 DCPromo OS Compatibility Warning "Some operations on clients running versions of Windows earlier than Vista with Service Pack 1 are also impacted, including domain join operations performed by the Active Directory Migration Tool..." We actually want to use ADMT to take a bunch of XP SP2 boxes and migrate them to the 2008 domain. Are we sunk? Will SP3 take care of this? What other 2008 AD compatibility issues could we face? Tag: Where is Admin account being used? Tag: 132211
  - 5
    - Date format on server and client Hi, We are deploying active directory on windows server 2003 R2 SP2 and windows XP Pro SP2 and SP3 clients. It seems on rare occasions, the date format used on the client computer changes to the one that is used on the server. We are in Canada so the date format should be dd/mm/aaaa but on the server it was set to aaaa/mm/dd. The client computer has the right settings localy, but sometimes it picks up this odd date format. I was wondering if there is a way for me to change this. I tried changing the date format on the server, but it didnt change anything on the client, after the gpupdate or a new session. If i open a session locally on the client, the date format is ok, but connected to the domain, it's wrong. It seems also i dont see this happening on every station. Any hint ? If you need more info, let me know. Thanks for your time. Bertrand Tag: Where is Admin account being used? Tag: 132209
  - 6
    - Group Policy Hi We want to setup a policy in our domain where screensavers will come on and lockout after a certain amount of time. The problem is we don't want all workstations/servers to have the screensaver policy. We would like to have two different groups. One with the policy of screen savers and one without. I thought creating another GPO would be key but I'm not sure how to proceed. I am kinda new but I do have GPMC installed and I can edit my default domain policy and it works fine. Thanks for anyone who can help me out. Tag: Where is Admin account being used? Tag: 132206
  - 7
    - "List in the Directory" permission How can I only assign a certain custom security group that I have created "Printer Publishers" the "list in the directory" right/permission? Right now it seems any user can clikc "List In The Directory" for any shared printer and it show up in my list of printers in active directory... don't want that, only want the group to be able to publish printers. Tag: Where is Admin account being used? Tag: 132197
  - 8
    - Docs Redirect and Administrator permissions Hi all, I want to make sure I've done this right. I am working on a server in which redirects were applied for My Documents. The option in Group Policy to make access Exclusive was checked. I needed to setup a robocopy script to move files nightly to another folder for backup redundancy. (It's a temporary measure.) I followed the instructions here: http://support.microsoft.com/kb/q288991/ I allowed a particular account in and given them full control. (In my case, the parent folder I applied the permissions to is D:\Redirects) In order to reapply permissions on all objects, I had to take ownership of the files and folders. Subfolders (the user folders) are not inheriting permissions from D:\Redirects) Here's where I'm confused: Creator Owner is set to Full Control on D:\Redirects, but even though I've reapplied ownership for each user on those objects in their folders, Effective Permissions doesn't show them to have full control on the objects. My goal: Allow Administrators FC to ALL user's redirected folders and their contacts and to allow each uesr FC access to their own folder and objects. Cheers, Mike.... Tag: Where is Admin account being used? Tag: 132194
  - 9
    - Merge / consolidate GPO's Hi, I need to consolidate multiple group policies into one. However I would like to avoid having to do this manually and was wondering if a tool existed which could merge policy settings. The import functionality within GPMC doesn't do it, it just overwrites any existing settings. I've looked into powershell scripts and 3rd party tools and cannot fins anything. Any help would be greatly appreciated. Regards, Dunc. Tag: Where is Admin account being used? Tag: 132186
  - 10
    - watch actress profile and photo watch actress priyamani photo watch actress profile and photo watch actress priyamani photo http://priyamaniforyou.blogspot.com/ Tag: Where is Admin account being used? Tag: 132183
  - 11
    - Outlook office 2003 + Group policy I need my users to use the same signature fomart. I have been able to disable the the signatures but now to link the required signature to the GP is the problem -- Any job can always be better done, when pple share ideas Tag: Where is Admin account being used? Tag: 132181
  - 12
    - A SHOCKING NEWS from Microsoft....... It's really a hot news for everyone http://polticsinfs.blogspot.com/ Tag: Where is Admin account being used? Tag: 132180
  - 13
    - watch actress sexy photo from movie clips and watch actress profile watch actress sexy photo from movie clips and watch actress profile http://priyamaniforyou.blogspot.com/ Tag: Where is Admin account being used? Tag: 132173
  - 14
    - finding out client name for a user logging in to a remote server I have a requirement to display last successful logon for an account and the location from which that logon occurred. When a user logs on to a workstation the location would of course be the hostname of that workstation. I'm using Visual Basic Scripting to do this. It was working fine until today while I was of course showing it to our security person. Even though I took into account when the user logs on to a workstation and the %CLIENTNAME% environment variable is not set, it seems that for some reason when logging onto a server %CLIENTNAME% can be set to "console" sometimes. This is strange considering I'm not asking for the Session Name which can be "console". I'm asking for the Client Name. When %CLIENTNAME% equals "console" when running my script or when running the 'set' command, if I look at the Users tab in Task Manager the Client Name is still the hostname of the maching I'm using to remote into the server. Strangely, I thought that on the Users tab the Session Name would be listed as "console" when I use Remote Desktop to logon to the console of the server. I'm using Win2k3 R2. The Session name is always a RDP session # whether I connect to the console or not. But that's not something I'm worrying about at the moment. Can anyone explain to me the circumstances that cause %CLIENTNAME% to be set to "console" as opposed to the user's workstation? I could test for it in my script if I knew the conditions under which it occurs. I'm currently using the following to grab the variable: strFromHost = objShell.ExpandEnvironmentStrings("%CLIENTNAME%") Thanks Brandon Tag: Where is Admin account being used? Tag: 132167
  - 15
    - Windows XP Mini-Setup not joining computers to existing account in We have a Win XP SP2 standard image we deploy onto a lot of our computers. The image has been sysprep'd and when booted, it goes through XP's Mini Setup using sysprep.inf to answer all questions except Computer Name. What we've tried doing is creating machine accounts in Active Directory (2003 Mixed Mode) in the OUs that we want the computers to end up in, and then (days later) booted the machines and allowed them to join the domain during Mini Setup. However, instead of joining the existing accounts, Mini Setup is creating a NEW account in the Computers OU in the root of AD. So now I have two machine accounts in AD with the same name. I have to track down the other account, delete it, and move the computer into that container a few minutes later after replication has finished. As far as I'm aware, this isn't the way its meant to work, is it? In Windows XP, if you join a computer to the domain by hand (outside of Mini Setup), it joins the existing account. Shouldn't the same happen in Mini Setup, or is there something I'm missing? TIA Tag: Where is Admin account being used? Tag: 132166
  - 16
    - Loggin on in determinate DC Hi, I have 3 Domain Controllers. Two in Site A and one in Site B. Is ther possible set a numeber of users to log on in a DC of Site A, being that users from Site B? Thanks. Luiz Tag: Where is Admin account being used? Tag: 132158
  - 17
    - Setting File -- Open Dialog box to a default location All, How can I through GP setting the default location for the File -- Open Dialog box to My Computer? We restricted C drive, it it defaults to that, so everytime they go to file -- Open, it gives them an error saying that its restricted. Thanks! Tag: Where is Admin account being used? Tag: 132152
  - 18
    - Certificate Help Hello, I've just installed our first Enterprise Root CA on one of our DC's running W2K3 Standard SP2. On another DC I'm trying to request a computer certificate, but am having trouble. When I go to the web page to request an advanced cert I am given the option of Administrator/Basic EFS/EFS Recovery Agent/User/Subordinate CA/Web Server. Am I missing something? I need a computer certificate becuase this DC is also my RADIUS server and I need a cert inorder to setup PEAP. Thanks! Tag: Where is Admin account being used? Tag: 132150
  - 19
    - AD Replication Monitor I ran the AD Replication Monitor. Under Current Transitive Replication Partner Status I am showing 7 "Partner Name: **DELETED SERVER #7". What exactly is this telling me? Is this a previous dc that didn't get deleted properly? I am fairly new to this organization so I don't have a lot of history on this domain. Thanks! Tag: Where is Admin account being used? Tag: 132149
  - 20
    - Adding Domain Controller Hi. I'm adding an additional domain controller (2k3) to an existing domain, which has only one DC that is also a 2k3 server. I ran dc promo on the new server and chose to copy active directory from an an existing DC. I received an error stating the forest was not ready, and to run adprep against the existing DC. I checked the functional level of the domain and forest in the existing DC and found it was set to 2000 level. I raised it to 2003 and thought that would help. It didn't. I also got an errors when trying to run adprep against the existing DC. I didn't think adprep was necessary when there weren't any 2000 servers on the domain. Any ideas? thanks Tag: Where is Admin account being used? Tag: 132134
  - 21
    - Moving FSMO roles I plan to install a new DC w/gc on new hardware and transfer all the FSMO roles from the existing DC. What are the best practices for moving them? Is there a certain order, waiting period between moving roles, etc.? Very simple environment - 2 dc's, default site config, 1 domain. The old and new servers will be in the same vlan, same physical location. The other dc (not a gc) will be in a different office (25mi.) - GigE 100Mb WAN connection. Thank you! Tag: Where is Admin account being used? Tag: 132133
  - 22
    - Event ID 1030's I'm seeing a number of 1030's on the clients, and this in GPMC: Group Policy Infrastructure failed due to the error listed below. Overlapped I/O operation is in progress. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available I've verified the admin name and passowrd in DHCP manager, and checked for cached passwords to the server on the clients, and still no luck. Any other ideas? Tag: Where is Admin account being used? Tag: 132128
  - 23
    - repadmin /removelingeringobjects Hi, i'm getting an error message on a mailserver. event id 2042 "it has been too long since this machine last replicated with the named source machine etc etc. looking at the dates mention further down the message, the tally up to a date when a previous DC failed and was removed from the domain. hardware failed from within the DC and dcpromo was never run to remove it from the domain, and as a result a lot of messages have been appearing around the servers relating to the missing dc. The 2042 message gives 3 options, and the only relvant one refers to using repadmin to clear up any residue following the servers demise. my question is that reading up on repadmin, I'm being told that 2003 server needs to be running on "both" servers....the problem is that only one server is running and i want to clear up the mess following the server dying in the first place. Or is it just a case of repadmin actually being able to determine what and where the issue is and clearing it automatically? cheers Tag: Where is Admin account being used? Tag: 132127
  - 24
    - Setting the home page for all users Hi, I have the IE7 AD template installed on our DC's and am trying to set the home page, but the users IE7 is having none of it! I have gone to User Configuration > Administrative Templates > Windows Explorer > Disable changing home page settings > enable http://intranet DC - gpupdate /force User - gpupdate /force No http://intranet page any ideas? Tag: Where is Admin account being used? Tag: 132126
  - 25
    - Policy (GPO) Order Hi, one question about Policy (GPO) Order applying: - I have 3 policies: one enabled, the second disabled and the third disabled. The disabled policy will predominate, ok? Thanks. Luiz Tag: Where is Admin account being used? Tag: 132120
- Next
  - 1
    - Creating New Domain Tree in Existing Forest We just bought a company that I have to integrate into our active directory. They currently have Windows 2000 AD and I have Windows 2003 AD. How do I bring their Windows 2000 AD into my AD as a domain tree without losing their users? If you could point me to instructions on how to make this possible I would appreciate it. thanks -- dee Tag: Where is Admin account being used? Tag: 132117
  - 2
    - problems with single level dns name (domain) Hi a new customer has a w2k3 server on location vienna with a single level domain "intern" and no "intern.local" as normally used. we have to install a second AD-Controller an location linz (connected with vienna via a 2 MBit VPN-Tunnel). after using KB 300684 we could move the second server in the domain as member. then we installed AD on the sec. server, tested dns with nslookup, all works fine. Our problem: the user locally in linz cann't access to the local shares on the sec. AD-Controller, they get the message access denied. when i remove the AD on the second server and chance the dns entry to the vienna dns-server all works fine. workstation systemlog: source: BROWSER, err: 8021, no list from Browser, source: BROWSER, err: 8032, read fails, applicationlog: source: userenv, err: 1058, gpt.ini access denied can you help me ? Tag: Where is Admin account being used? Tag: 132111
  - 3
    - problem with steadystate and restricting rights from administrator I have a domain Active directory on a windows 2000 Server and I moved the rights I made on a pc with steadystate to the server with the active directory with SCTSettings.adm. Then I did some changes in the group policy at the All Windows Steadystate restrictions hopping that this will affect only to users that also have Steadystate restricting the right click on desktop, the access on C:\, and in all windows programs but this affected on the privilages of the administrator rights too!!! Now I can't have access to c:\, not to administrative programs not even right click to the workspace!!! Is there other way to have access to the gpedit (group policy editor) to change the policy again ? cause even the administrator doesn't have any rights now and... I think... this is a HUGE bug!!!! nomater what administrator shouldn't affect on any change of GROUP policy... Pls I need help imidiatly not to setup the server again cause I have 200 users to put again in active directory one by one... Tag: Where is Admin account being used? Tag: 132110
  - 4
    - Re: Site link configuration question.. again my bad... this should be: adfind -config -rb "CN=IP,CN=Inter-Site Transports,CN=Sites" -f "objectCategory=siteLink" siteList have not had coffee yet ;-( -- Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx ------------------------------------------------------------------------------------------ * How to ask a question --> http://support.microsoft.com/?id=555375 ------------------------------------------------------------------------------------------ * This posting is provided "AS IS" with no warranties and confers no rights! * Always test ANY suggestion in a test environment before implementing! ------------------------------------------------------------------------------------------ ################################################# ################################################# ------------------------------------------------------------------------------------------ "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@gmail.com> wrote in message news:... > my bad... > > this should be: > adfind -config -rb "CN=IP,CN=Inter-Site Transports,CN=Sites" -f > "objectCategory=siteLink" siteObjectBL > > -- > > Cheers, > (HOPEFULLY THIS INFORMATION HELPS YOU!) > > # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # > > BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx > BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx > ------------------------------------------------------------------------------------------ > * How to ask a question --> http://support.microsoft.com/?id=555375 > ------------------------------------------------------------------------------------------ > * This posting is provided "AS IS" with no warranties and confers no > rights! > * Always test ANY suggestion in a test environment before implementing! > ------------------------------------------------------------------------------------------ > ################################################# > ################################################# > ------------------------------------------------------------------------------------------ > "Kent" <Kent@discussions.microsoft.com> wrote in message > news:7278BC24-A71C-4CFF-8533-48BF0FC49AD3@microsoft.com... >> post the IP of the client you used >> ---------------------------------- >> 192.168.1.22 >> >> >> post NLTEST /DSGETSITE >> ---------------------- >> C:\Documents and Settings\administrator>nltest /dsgetsite >> Client >> The command completed successfully >> >> >> post NLTEST /DSGETDC:<DOMAIN> >> ----------------------------- >> C:\Documents and Settings\administrator>nltest /dsgetdc:contoso.com >> DC: \\hq-con-dc-03.contoso.com >> Address: \\192.100.0.2 >> Dom Guid: 6de92f82-4b65-4711-9abc-2e86c0ade8ed >> Dom Name: contoso.com >> Forest Name: contoso.com >> Dc Site Name: AsiaPacific >> Our Site Name: Client >> Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN >> DNS_FOREST >> CLO >> SE_SITE >> The command completed successfully >> >> >> post NLTEST /DSGETSITECOV >> ------------------------- >> C:\AdFind>nltest /dsgetsitecov >> DsGetDcSiteCoverage failed: Status = 50 0x32 ERROR_NOT_SUPPORTED >> >> >> adfind -config -rb "CN=Sites" -f "objectCategory=Site" siteObjectBL >> ------------------------------------------------------------------- >> C:\AdFind>adfind -config -rb "CN=Sites" -f "objectCategory=Site" >> siteobjectBL >> >> AdFind V01.37.00cpp Joe Richards (joe@joeware.net) June 2007 >> >> Using server: hq-con-dc-01.contoso.com:389 >> Directory: Windows Server 2003 >> Base DN: CN=Sites,CN=Configuration,DC=contoso,DC=com >> >> dn:CN=Europe,CN=Sites,CN=Configuration,DC=contoso,DC=com >>>siteObjectBL: >>>CN=10.0.0.0/8,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso,DC= >> com >> >> dn:CN=AsiaPacific,CN=Sites,CN=Configuration,DC=contoso,DC=com >>>siteObjectBL: >>>CN=192.100.0.0/24,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso >> ,DC=com >> >> dn:CN=America,CN=Sites,CN=Configuration,DC=contoso,DC=com >>>siteObjectBL: >>>CN=138.169.0.0/16,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso >> ,DC=com >> >> dn:CN=Client,CN=Sites,CN=Configuration,DC=contoso,DC=com >>>siteObjectBL: >>>CN=192.168.1.0/24,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso >> ,DC=com >> >> 4 Objects returned >> >> >> adfind -config -rb "CN=IP,CN=Inter-Site Transports,CN=Sites" -f >> "objectCategory=Site" siteObjectBL >> -------------------------------------------------------------------------------------------------- >> C:\AdFind>adfind -config -rb "CN=IP,CN=Inter-Site Transports,CN=Sites" -f >> "objec >> tCategory=Site" siteobjectBL >> >> AdFind V01.37.00cpp Joe Richards (joe@joeware.net) June 2007 >> >> Using server: hq-con-dc-01.contoso.com:389 >> Directory: Windows Server 2003 >> Base DN: CN=IP,CN=Inter-Site >> Transports,CN=Sites,CN=Configuration,DC=contoso,DC= >> com >> >> 0 Objects returned >> >> "Jorge de Almeida Pinto [MVP - DS]" wrote: >> >>> >>> >>> * post the IP of the client you used >>> * post NLTEST /DSGETSITE >>> * post NLTEST /DSGETDC:<DOMAIN> >>> * post NLTEST /DSGETSITECOV >>> * adfind -config -rb "CN=Sites" -f "objectCategory=Site" siteObjectBL >>> * adfind -config -rb "CN=IP,CN=Inter-Site Transports,CN=Sites" -f >>> "objectCategory=Site" siteObjectBL >>> >>> ADFIND can be downloaded from joeware.net >>> >>> -- >>> >>> Cheers, >>> (HOPEFULLY THIS INFORMATION HELPS YOU!) >>> >>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services # >>> >>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx >>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx >>> ------------------------------------------------------------------------------------------ >>> * How to ask a question --> http://support.microsoft.com/?id=555375 >>> ------------------------------------------------------------------------------------------ >>> * This posting is provided "AS IS" with no warranties and confers no >>> rights! >>> * Always test ANY suggestion in a test environment before implementing! >>> ------------------------------------------------------------------------------------------ >>> ################################################# >>> ################################################# >>> ------------------------------------------------------------------------------------------ >>> "Kent" <Kent@discussions.microsoft.com> wrote in message >>> news:7A167365-80B5-4300-8246-D8326440E443@microsoft.com... >>> > Yes, there are currently 2 site links configured. >>> > >>> > First Site Link with the cost of 50 are configured to contain 2 HUB >>> > sites >>> > (SITEA & SITEB). >>> > Second Site Link with the cost of 80 is configured to contain 1 BO >>> > (SITEC) >>> > & >>> > 1 nearest HUB site (SITEB). >>> > >>> > I've tried with nltest and set command, the logon server for a client >>> > at >>> > SITEC is going to DC at SITEA & SITEC randomly. By right, it should >>> > only >>> > goes >>> > to DC at SITEB right as there is already a Site Link configured? >>> > >>> > Thanks. >>> > >>> > >>> > "Jorge de Almeida Pinto [MVP - DS]" wrote: >>> > >>> >> it should not matter what the costs is because the site link between >>> >> the >>> >> BO >>> >> and the HUB is always the cheapest!. Do you have other site links >>> >> configured? >>> >> use can also use NLTEST on both the client and the DC to test >>> >> configurations >>> >> >>> >> -- >>> >> >>> >> Cheers, >>> >> (HOPEFULLY THIS INFORMATION HELPS YOU!) >>> >> >>> >> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services >>> >> # >>> >> >>> >> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx >>> >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx >>> >> ------------------------------------------------------------------------------------------ >>> >> * How to ask a question --> http://support.microsoft.com/?id=555375 >>> >> ------------------------------------------------------------------------------------------ >>> >> * This posting is provided "AS IS" with no warranties and confers no >>> >> rights! >>> >> * Always test ANY suggestion in a test environment before >>> >> implementing! >>> >> ------------------------------------------------------------------------------------------ >>> >> ################################################# >>> >> ################################################# >>> >> ------------------------------------------------------------------------------------------ >>> >> "Kent" <Kent@discussions.microsoft.com> wrote in message >>> >> news:B7DFA04D-45B2-4E35-9FB6-D6C3574E2DE6@microsoft.com... >>> >> > Hi Jorge, >>> >> > Thanks for your advice below. >>> >> > >>> >> > I've tested out the 1st solution in virtual environment (without >>> >> > site >>> >> > aware >>> >> > apps), and it's working perfectly. >>> >> > >>> >> > However, when i test out the 2nd solution it seems that the >>> >> > authentication >>> >> > is not consistent. Let me brief you on my virtual setup. >>> >> > >>> >> > - 3 sites = SiteA (with 1 domain controller), SiteB (with 1 domain >>> >> > controller), SiteC (clients without domain controller) >>> >> > - SiteA & SiteB is in the same Site Link with a cost of 20 >>> >> > - SiteB & SiteC is in the same Site Link with a cost of 50 >>> >> > >>> >> > When a XP machine from SiteC is logging on to the domain, it should >>> >> > be >>> >> > authenticating to domain controller at SiteB but sometimes it's >>> >> > going >>> >> > to >>> >> > domain controller at SiteA. >>> >> > >>> >> > But when changing the Site Link cost of 50 to 15 (SiteB & SiteC), >>> >> > authentication is constantly going to domain controller at SiteB >>> >> > (which >>> >> > is >>> >> > what i want). So, my question is whether is it correct to have >>> >> > lower >>> >> > cost >>> >> > between Branch and HUB than HUB to HUB? >>> >> > >>> >> > Appreciate your advice on this. >>> >> > Thanks again. >>> >> > >>> >> > >>> >> > "Jorge de Almeida Pinto [MVP - DS]" wrote: >>> >> > >>> >> >> in that case I would: >>> >> >> * create an AD site for each HUB >>> >> >> * create an AD site link and put the HUBs in it >>> >> >> * create an AD subnet for each subnet at one HUB and link it to >>> >> >> the AD >>> >> >> site >>> >> >> of the corresponding HUB >>> >> >> * create an AD subnet for each subnet at the branch offices and >>> >> >> link >>> >> >> it >>> >> >> to >>> >> >> the AD site of the nearest HUB >>> >> >> >>> >> >> this way client at a branch office will use the nearest HUB >>> >> >> >>> >> >> if you were to have site aware apps in the branch office site I >>> >> >> would: >>> >> >> * create an AD site for each HUB >>> >> >> * create an AD site for each branch office (BO) >>> >> >> * create an AD subnet for each subnet at one HUB and link it to >>> >> >> the AD >>> >> >> site >>> >> >> of the corresponding HUB >>> >> >> * create an AD subnet for each subnet at one BO and link it to the >>> >> >> AD >>> >> >> site >>> >> >> of the corresponding BO >>> >> >> * create an AD site link for each BO and its nearest HUB >>> >> >> in this last scenario the DCs in the HUB will register SRV records >>> >> >> in >>> >> >> the >>> >> >> linked BOs and therefore service those BOs as you want >>> >> >> >>> >> >> -- >>> >> >> >>> >> >> Cheers, >>> >> >> (HOPEFULLY THIS INFORMATION HELPS YOU!) >>> >> >> >>> >> >> # Jorge de Almeida Pinto # MVP Identity & Access - Directory >>> >> >> Services >>> >> >> # >>> >> >> >>> >> >> BLOG (WEB-BASED)--> >>> >> >> http://blogs.dirteam.com/blogs/jorge/default.aspx >>> >> >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx >>> >> >> ------------------------------------------------------------------------------------------ >>> >> >> * How to ask a question --> >>> >> >> http://support.microsoft.com/?id=555375 >>> >> >> ------------------------------------------------------------------------------------------ >>> >> >> * This posting is provided "AS IS" with no warranties and confers >>> >> >> no >>> >> >> rights! >>> >> >> * Always test ANY suggestion in a test environment before >>> >> >> implementing! >>> >> >> ------------------------------------------------------------------------------------------ >>> >> >> ################################################# >>> >> >> ################################################# >>> >> >> ------------------------------------------------------------------------------------------ >>> >> >> "Kent" <Kent@discussions.microsoft.com> wrote in message >>> >> >> news:4CC9443D-62AC-4307-AF6B-B71ADBEB8539@microsoft.com... >>> >> >> > Hello, >>> >> >> > Yes, subnets are defined correctly and linked to the correct >>> >> >> > sites. >>> >> >> > Branch sites does not have any DC and no apps like DFS, MSMQ, >>> >> >> > etc is >>> >> >> > installed. >>> >> >> > >>> >> >> > So are there any good ideas for me get the logon authentication >>> >> >> > to >>> >> >> > work >>> >> >> > correctly? >>> >> >> > Thanks >>> >> >> > >>> >> >> > >>> >> >> > "dave m" wrote: >>> >> >> > >>> >> >> >> I assume, and hate to, that there is only a single domain >>> >> >> >> involved >>> >> >> >> here. >>> >> >> >> >>> >> >> >> dave Admin >>> >> >> >> >>> >> >> >> >>> >> >> >> "Kent" <Kent@discussions.microsoft.com> wrote in message >>> >> >> >> news:1CCC2FC3-6F2E-4F58-92B3-7A858F054CFC@microsoft.com... >>> >> >> >> > Hi All, >>> >> >> >> > I would like to seek some opinions from AD experts regarding >>> >> >> >> > my >>> >> >> >> > scenario >>> >> >> >> > below: >>> >> >> >> > >>> >> >> >> > Scenario: >>> >> >> >> > --------- >>> >> >> >> > 1. Active Directory contains 8 domain controllers (all >>> >> >> >> > configured >>> >> >> >> > as >>> >> >> >> > GC), >>> >> >> >> > 4 >>> >> >> >> > located at UK data centre and 4 more located at Singpapore >>> >> >> >> > data >>> >> >> >> > centre. >>> >> >> >> > 2. There are around 20 sites created on AD which are located >>> >> >> >> > at >>> >> >> >> > Asia >>> >> >> >> > Pacific >>> >> >> >> > region and around 40 sites created on AD which are located at >>> >> >> >> > Europe >>> >> >> >> > & >>> >> >> >> > America region. >>> >> >> >> > 3. I want to ensure computers at sites located at Asia >>> >> >> >> > Pacific >>> >> >> >> > will >>> >> >> >> > authenticate to domain controllers at Singapore data centre >>> >> >> >> > and >>> >> >> >> > computers >>> >> >> >> > at >>> >> >> >> > sites located at Europe/America to authenticate to domain >>> >> >> >> > controllers >>> >> >> >> > at >>> >> >> >> > UK >>> >> >> >> > data centre. >>> >> >> >> > >>> >> >> >> > >>> >> >> >> > Current setup: >>> >> >> >> > -------------- >>> >> >> >> > 1. Site link between Singapore DC and UK DC is having a cost >>> >> >> >> > of >>> >> >> >> > 10. >>> >> >> >> > 2. A site link is configured to contain multiple sites from >>> >> >> >> > Asia >>> >> >> >> > Pacific >>> >> >> >> > to >>> >> >> >> > Singapore DC with a cost of 50. This is the same to >>> >> >> >> > Europe/America >>> >> >> >> > site >>> >> >> >> > link >>> >> >> >> > but it's configured to UK DC instead of Singapore one (with a >>> >> >> >> > cost >>> >> >> >> > of >>> >> >> >> > 50 >>> >> >> >> > as >>> >> >> >> > well). >>> >> >> >> > 3. The problem with this setup is users are authenticating to >>> >> >> >> > different >>> >> >> >> > domain controllers, sometime to Singapore then UK. >>> >> >> >> > >>> >> >> >> > >>> >> >> >> > My suggestion is to: >>> >> >> >> > -------------------- >>> >> >> >> > 1. Configure 2 site links for 1 site with different costing. >>> >> >> >> > Example: >>> >> >> >> > Site >>> >> >> >> > A >>> >> >> >> > is located at Asia Pacific, computers at Site A must >>> >> >> >> > authenticate >>> >> >> >> > to >>> >> >> >> > domain >>> >> >> >> > controllers at Singapore data centre so i will create a Site >>> >> >> >> > Link >>> >> >> >> > to >>> >> >> >> > Singapore DC site with cost of 40 and another Site Link to UK >>> >> >> >> > site >>> >> >> >> > with >>> >> >> >> > cost >>> >> >> >> > of 80. This would ensure the logon authentication will go to >>> >> >> >> > the >>> >> >> >> > correct >>> >> >> >> > domain controllers. >>> >> >> >> > 2. Site Link betwenn Singapore DC and UK DC will have a cost >>> >> >> >> > of >>> >> >> >> > 10. >>> >> >> >> > >>> >> >> >> > >>> >> >> >> > But i'm not sure whether is this solution practical because >>> >> >> >> > it'll >>> >> >> >> > create >>> >> >> >> > alot of Site Links on Active Directory. >>> >> >> >> > Anyone can give some suggestions? >>> >> >> >> > >>> >> >> >> > Thanks in advance. >>> >> >> >> > >>> >> >> >> > >>> >> >> >> >>> >> >> >> >>> >> >> >> >>> >> >> >> >>> >> >> >>> >> >> >>> >> >>> >> >>> >>> > Tag: Where is Admin account being used? Tag: 132108
  - 5
    - watch actress sexy photo from movie clips and watch actress profile watch actress sexy photo from movie clips and watch actress profile http://priyamaniforyou.blogspot.com/ Tag: Where is Admin account being used? Tag: 132100
  - 6
    - How to remove\add workstation from\to domain remotely? How to remove\add workstation from\to domain remotely? Tag: Where is Admin account being used? Tag: 132098
  - 7
    - Unable to create Domain on Server 2008 When running 'dcpromo' I receive the following error: 'The new domain cannot be created because the local Administrator account password does not meet requirements.' I have tried multiple passwords using 6 or more Upper case, Lower case, & Special characters. This is a new server setup with no existing domains. Tag: Where is Admin account being used? Tag: 132094
  - 8
    - Restricting Trusted Domain user login hour Hi there, I was wondering if there is anyway to limit user's logon hour by configuring AD Domain A while the user account is in a trusted Domain B please? What I have got is a computer lab with all computers and network resources belonging to Domain A. Domain A trusted Domain B (with the same forest), hence users from Domain B can log onto computers in the lab. Now we want to limit users from using the lab after hour. I know I can set the logon hours for the users in AD User and Computer in Domain B but I only want to limit their access to computers in Domain A, not the entire organization/AD forest. Is there a way to control that within Domain A please? Thanks, Edmond. Tag: Where is Admin account being used? Tag: 132093
  - 9
    - Password policy We have Windows 2003 domain and we are in the process of implementing password policy across the domain. What will be the suggested/ recommended pathway to exclude administrator/ special purpose admin related accouts from this password policy? Thanks Tag: Where is Admin account being used? Tag: 132078
  - 10
    - Automate home directory for a new user All, How can I automate the creation of a users home directory, when the user is created in AD? I am not wanting to use the my documents folder redirection, but rather still with standard drive mappings. Thanks! Tag: Where is Admin account being used? Tag: 132077
  - 11
    - LDAP Bind Is it possible to remove anonymous bind in Active Directory? Tag: Where is Admin account being used? Tag: 132073
  - 12
    - LDAP Bind Can you disallow Anonymous Bind in AD? Tag: Where is Admin account being used? Tag: 132072
  - 13
    - idlist error I am thinking this is a possible account error. I have a user who gets the following error no matter what computer she logs onto on our domain : Cannot find/ idlist,:216:4800,//dc01/netlogon/ If other users log onto her computers they dont get this error but this error seems to follow the user. Any ideas ? Cant see anything obvious wrong with the account in AD. Thanks Tag: Where is Admin account being used? Tag: 132067
  - 14
    - Best method for moving 2003 sp2 Domain controller to new hardware. Hi, I need to move a domain controller to faster better hardware. The new hardware will have different drive controllers and most likely a different storage layout. What are best practices to ensure minimum disruption to the network? Max Tag: Where is Admin account being used? Tag: 132066
  - 15
    - Role based administration for password resets Hello, We have a Windows 2003 domain.We are in the process of implementing password policy on the domain. Currently we add helpdesk staff to server operators group for AD administration. Is there a role based administration model in Windows 2003 so that I can add some helpdesk staff to just reset password and not server operators? Thanks Tag: Where is Admin account being used? Tag: 132061
  - 16
    - Get localhost AD folder Hi, I would like to put a row in users loginscript todetermine which OU the localhost is located in. Any idea? Regards Magnus Tag: Where is Admin account being used? Tag: 132048
  - 17
    - Failure login to domain or losing domain membership Server information of each site Site A (Production) Server A1 (Application server - Window cluster) Server B1 (Database Server - Windows/MS SQL cluster) Server C1 (Database Server â?? Windows/MS SQL cluster) Server F0 (Existing Domain controller), F1 (New Domain controller) OS (Windows 2003 server enterprise R2/SP2) OS for Server A1, B1, and C1 are on external SAN volumes OS for Server F1 are on internal disks. Site B (DR â?? Disaster Recovery) Server A2 (Application Server â?? Windows cluster) Server B2 (Database Server â?? Windows/MS SQL cluster) Server C2 (Database Server â?? Windows/MS SQL cluster) Server F2 (Domain Controller â?? Fresh installation OS only) Server D (Fax Server) Server E (Citrix Server) OS (Windows 2003 Server enterprise R2/SP2) OS for Server A2, B2, and C2 are on external SAN volumes. The OS for these servers is replicated from OS of servers (A1, B1& C1). Hence the configuration of server (A2, B2 & C2) is exactly same as servers (A1, B1 & C1). OS for Server F2, D & E are on internal disks. Server F2 is configured with basic OS with the same IP address and Host name as of server F1. Setup & Configure Step (1st time) Site A Configure Server F1 at site A as additional domain controller along with existing domain controller. These domain controllers serves domain â??XYZ.comâ??. The server F1 holds all the FSMO roles except Infrastructure role. Configure Server A1,B1 and C1 server and join to domain â??XYZ.comâ?? Bring servers D & E to Site A(Production) from Site B(DR) Setup and configure servers D & E and join to domain â??XYZ.comâ?? at Site A After joining domainâ??XYZ.comâ?? for servers D & E, move back both servers to Site B(DR). Perform a full or system state backup at site A from existing AD server F1 using â??ntbackupâ?? and copy backup file(.bkf) from domain controller(F1) at site A to domain controller(F2) at site B. Site B Restore backup file (.bkf) on domain controller (F2) at site B. Now server F2 becomes new independent Active Directory server at site B. Replicate OS (using IBM SVC) of servers A1, B1, and C1 at Site A to servers A2, B2 and C2 at site B respectively. Bring up Server A2, B2, and C2 On boot, servers are able to login as domain member. Servers D & E (Fax & Citrix) which were joined at Site A and brought back to site B are now boot up at Site B. Servers D & E (Fax & Citrix) are also ble to login as domain members. Periodic restore (Perform DR restore & Testing â?? Daily or weekly) Note: At DR Site all servers D, E, F2, A2, B2 and C2 were already able to join and login as domain member when first time setup & configuration was done. But to keep the Active Directory server at site B up to date as Active Directory server at site A, we are backing up the Active Directory server (F1) at site A and restoring it on Active Directory server (F2) at site B periodically. Perform a full or system state backup at Site A from existing AD server F1 by using â??ntbackupâ?? and copy backup file(.bkf) from site A to site B. Perform restore on AD at site B using latest backup file. Boot up servers A2, B2, C2 and try to login as domain member, but login fails. Boot up servers D & E server, try to login as domain member, but login fails. It is not necessary that it will fail on second restore. Sometimes it work even if we restore Active Directory server several times in 3-4 days, but after 3-4 days or 1 week when we backup and restore only Active Directory, some of the servers (A2,B2,C2,D & E) are not able to login as domain members. But since OS of servers A2, B2 & C2 are on external SAN disks, we can replicate the OS of servers A1, B1 & C1 to servers A2, and B2 & C2. In this case these servers (A2, B2 & C2) are able to login as domain members. But OS for servers D & E is not on external disk and we can not replicate OS for these two servers. For example, the servers (A2, B2, C2, D & E) were able to login as domain member on 30th June with the backup file of Active Directory also of the same date. So for next few days (1st July and 2nd July) we performed backup of Active Directory server (F1) and restored it on Active Directory server (F2) at site B. We booted the member servers and the servers could join as domain members. But later after few days say 4 th July, we performed backup again of Active Directory (F1) at site A and restored it on Active Directory server(F2) at site B. This time we boot the member servers, but these servers could not login as domain members. So to check whether the newly restored AD server (F2) also requires the OS of servers at the same moment or close to some range of time, we replicated OS of only A2, B2 and C2 on 4th July and boot these servers. Then these serves were able to login as domain members. We have tested the above cycle several times and our observation is same every time. Question: Why servers (A2, B2, C2, D & E) are not able to login as domain members after 3-4days? Why servers A2, B2 & C2 after replicating OS are able to login as domain members? Any permanent solution? Tag: Where is Admin account being used? Tag: 132040
  - 18
    - "Memory Hierarchy Error" from "Microsoft WHEA Logger" after migrating Hello, since we reinstalled our domain Controller in Windows 2008, we have every few minutes a warning from the "Microsoft-Windows-WHEA-Logger", concerning a "Memory Hierarchy Error". The server is a HP DL380 with 4 gigs of RAM, 32 gigabyte SCSI-disk,... I already ran the Memory Diagnostics Tool included in Windows 2008, but it showed me no errors Here is the detail about the event, perhaps some idea what could be the cause: Error Source: Corrected Machine Check Error Type: Memory Hierarchy Error Processor ID Valid: Yes Processor ID: 0x6 Bank Number: 0 Transaction Type: Generic Processor Participation: N/A Request Type: Snoop Memory/Io: N/A Memory Hierarchy Level: Level 1 Timeout: N/A Event Xml: <Event xmlns=3D"http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name=3D"Microsoft-Windows-WHEA-Logger" Guid=3D"{c26c4f3c-3f66-4e99-8f8a-39405cfed220}" /> <EventID>19</EventID> <Version>0</Version> <Level>3</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime=3D"2008-07-08T04:45:38.589Z" /> <EventRecordID>3051</EventRecordID> <Correlation ActivityID=3D"{DBC18E92-DD0E-4B8F-9E77-39CE5828C6B7}" / > <Execution ProcessID=3D"1412" ThreadID=3D"3020" /> <Channel>System</Channel> <Computer> name </Computer> <Security UserID=3D"S-1-5-19" /> </System> <EventData> <Data Name=3D"ApicIdValid">1</Data> <Data Name=3D"ApicId">0x6</Data> <Data Name=3D"MCABank">0</Data> <Data Name=3D"MciStat">0xcc00001f20040189</Data> <Data Name=3D"MciAddr">0x1824100</Data> <Data Name=3D"MciMisc">0x1400002d012a0</Data> <Data Name=3D"ErrorType">9</Data> <Data Name=3D"TransactionType">2</Data> <Data Name=3D"Participation">256</Data> <Data Name=3D"RequestType">8</Data> <Data Name=3D"MemorIO">256</Data> <Data Name=3D"MemHierarchyLvl">1</Data> <Data Name=3D"Timeout">256</Data> <Data Name=3D"Length">1730</Data> <Data Name=3D"RawData">435045520102FFFFFFFF03000200000002000000C2060000242D040008= 0708140000000000000000000000000000000000000000000000000000000000000000BDC40= 7CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBB5739B183AE0C801= 00000000000000000000000000000000000000000000000058010000C000000001020000010= 00000ADCC7698B447DB4BB65E16F193C4F3DB00000000000000000000000000000000020000= 00000000000000000000000000000000000000000018020000920200000102000000000000D= 5560F3986CA494695C473A408AE583400000000000000000000000000000000020000000000= 000000000000000000000000000000000000AA040000180200000102000000000000E95412E= 7B9C14049AB76909703A4320F00000000000000000000000000000000020000000000000000= 000000000000000000000000000000FF01000000000000000001000C010000250F000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000006000000000000000000000000000000000000000= 000000000000000000000000000000000000000070100000000000006000000000000000B08= 020600440000FFFBEBBFB045828100000000000000000000000000000000000000000000000= 00000000000000000F50157A5EFE3DE43AC72249B573FAD2C03000000000000009F00622000= 000000004182010000000000000000000000000000000000000000000000000000000001000= 800800100000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000004572507400000000180200000001000000000000000000000000000000000000000000= 0002000000000000000100000000000000020000000600000000000000FF010000000000000= 00001000C010000250F00000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000600000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 0000000000000000000000000100000092030000010000000100000022A96776B5E0C801010= 00000000000000000000000000000890104201F0000CC0041820100000000A012D002004001= 000C00000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000</ Data> </EventData> </Event> Best regards paulreims Tag: Where is Admin account being used? Tag: 132034
  - 19
    - Problem with Microsoft WHEA Logger after migrating to 2008 Hello, since we reinstalled our domain Controller in Windows 2008, we have every few minutes a warning from the "Microsoft-Windows-WHEA-Logger", concerning a "Memory Hierarchy Error". The server is a HP DL380 with 4 gigs of RAM, 32 gigabyte SCSI-disk,... I already ran the Memory Diagnostics Tool included in Windows 2008, but it showed me no errors Here is the detail about the event, perhaps some idea what could be the cause: Error Source: Corrected Machine Check Error Type: Memory Hierarchy Error Processor ID Valid: Yes Processor ID: 0x6 Bank Number: 0 Transaction Type: Generic Processor Participation: N/A Request Type: Snoop Memory/Io: N/A Memory Hierarchy Level: Level 1 Timeout: N/A Event Xml: <Event xmlns=3D"http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name=3D"Microsoft-Windows-WHEA-Logger" Guid=3D"{c26c4f3c-3f66-4e99-8f8a-39405cfed220}" /> <EventID>19</EventID> <Version>0</Version> <Level>3</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime=3D"2008-07-08T04:45:38.589Z" /> <EventRecordID>3051</EventRecordID> <Correlation ActivityID=3D"{DBC18E92-DD0E-4B8F-9E77-39CE5828C6B7}" / > <Execution ProcessID=3D"1412" ThreadID=3D"3020" /> <Channel>System</Channel> <Computer> name </Computer> <Security UserID=3D"S-1-5-19" /> </System> <EventData> <Data Name=3D"ApicIdValid">1</Data> <Data Name=3D"ApicId">0x6</Data> <Data Name=3D"MCABank">0</Data> <Data Name=3D"MciStat">0xcc00001f20040189</Data> <Data Name=3D"MciAddr">0x1824100</Data> <Data Name=3D"MciMisc">0x1400002d012a0</Data> <Data Name=3D"ErrorType">9</Data> <Data Name=3D"TransactionType">2</Data> <Data Name=3D"Participation">256</Data> <Data Name=3D"RequestType">8</Data> <Data Name=3D"MemorIO">256</Data> <Data Name=3D"MemHierarchyLvl">1</Data> <Data Name=3D"Timeout">256</Data> <Data Name=3D"Length">1730</Data> <Data Name=3D"RawData">435045520102FFFFFFFF03000200000002000000C2060000242D040008= 0708140000000000000000000000000000000000000000000000000000000000000000BDC40= 7CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBB5739B183AE0C801= 00000000000000000000000000000000000000000000000058010000C000000001020000010= 00000ADCC7698B447DB4BB65E16F193C4F3DB00000000000000000000000000000000020000= 00000000000000000000000000000000000000000018020000920200000102000000000000D= 5560F3986CA494695C473A408AE583400000000000000000000000000000000020000000000= 000000000000000000000000000000000000AA040000180200000102000000000000E95412E= 7B9C14049AB76909703A4320F00000000000000000000000000000000020000000000000000= 000000000000000000000000000000FF01000000000000000001000C010000250F000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000006000000000000000000000000000000000000000= 000000000000000000000000000000000000000070100000000000006000000000000000B08= 020600440000FFFBEBBFB045828100000000000000000000000000000000000000000000000= 00000000000000000F50157A5EFE3DE43AC72249B573FAD2C03000000000000009F00622000= 000000004182010000000000000000000000000000000000000000000000000000000001000= 800800100000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000004572507400000000180200000001000000000000000000000000000000000000000000= 0002000000000000000100000000000000020000000600000000000000FF010000000000000= 00001000C010000250F00000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000600000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 0000000000000000000000000100000092030000010000000100000022A96776B5E0C801010= 00000000000000000000000000000890104201F0000CC0041820100000000A012D002004001= 000C00000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000000000000000000000000000000000000000000000000000= 000000000000000000000000000</ Data> </EventData> </Event> Best regards paulreims Tag: Where is Admin account being used? Tag: 132033
  - 20
    - A HOT SHOCKING NEWS FROM MICROSOFT.... TODAY A BIG HOT NEWS FOR EVERYONE FOR MORE DETAILS ON http://polticsinfs.blogspot.com Tag: Where is Admin account being used? Tag: 132031
  - 21
    - Unique time requirement We have an AD 2003 domain which uses the domain hierachy time sync model. There is a developer who is using an application that generates transactions. Before this application hits production they need to confirm that it can log transactions for different times/dates (i dont know why.. they just do) So they have tried changing the system clock, but of course this causes all sorts of problems and they cant access the box. It will then re-sync its clock with a domain controller and the box is back to normal.. Is there some sort of software which can cater for this, ie it interfaces with the system clock and the operating system, so that it can have multiple times. ie the OS communcates with the domain with the correct time, but somehow this app can make available a second time for applications.. strange request.. and I can't see how it can be done but I thought id see if anyone here had come across a similar requirement. They cant do this testing in a workgroup as they need to interface with other apps/boxes on the domain using windows authentication.. any ideas? Tag: Where is Admin account being used? Tag: 132021
  - 22
    - renaming a home directory One of my users just got married and now I want to rename the account. My question is should I just rename the home directory or build another account and migrate to that account. My concern is how LDAP is affected by renaming a home directory . This is a Server 2008 domain Tag: Where is Admin account being used? Tag: 132017
  - 23
    - ADAM Partitions on Separate Servers Is it possible to create an ADAM instance where one or more partitions are on one server and a different partition is on a second server? Tag: Where is Admin account being used? Tag: 132015
  - 24
    - Disabling NETBIOS on windows 2008 server effects group policy I want to avoid NETBIOS traffic in my office ,for that I have disabled "TCP/IP NETBIOS helper" under services of my Windows 2008 std. domain controller.Suddenly, my group policies stopped working and giving me error" failed to open group policies, The network path was not found". If I enable NETBIOS service, group policy works fine. Can anyone suggest me a better way to stop NETBIOS traffic. Thanks Amit Arora amit1982@gmail.com Tag: Where is Admin account being used? Tag: 132008
  - 25
    - lsass.exe terminated - restart of computer I've got several Server 2003 Std SP2 systems running AD that reboot arbitrarily maybe once or twice a week. It seems to be getting more frequent now too. I get the same event IDs every single time in the System and Application event logs. I've run virus scans, used MBSA, ran the Malicious Software Removal Tool, and installed hotfix 927342. Yet, despite everything I've tried, searched endlessly on google for a solution, I cannot seem to figure this problem out. Here's some other info about my environment: * 8 total DCs * 6 sites * 3 GCs (all of the GCs are in the same site - central datacenter) - the other 5 DCs are have Universal group membership cacheing enabled * 2 Exchange Servers - backend cluster and frontend OWA Here's the events I'm seeing and it seems to be related to a problem with lsass.exe: Event Type: Error Event Source: LsaSrv Event Category: Security Package Manager Event ID: 5000 Date: 7/7/2008 Time: 10:10:43 AM User: N/A Computer: Description: The security package Negotiate generated an exception. The exception information is the data. Event Type: Information Event Source: USER32 Event Category: None Event ID: 1074 Date: 7/7/2008 Time: 10:11:31 AM User: NT AUTHORITY\SYSTEM Computer: Description: The process winlogon.exe has initiated the restart of computer on behalf of user for the following reason: No title for this reason could be found Reason Code: 0x50006 Shutdown Type: restart Comment: The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart. Event Type: Error Event Source: Winlogon Event Category: None Event ID: 1015 Date: 7/7/2008 Time: 10:11:25 AM User: N/A Computer: Description: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted. Event Type: Error Event Source: Application Error Event Category: (100) Event ID: 1000 Date: 7/7/2008 Time: 10:10:53 AM User: N/A Computer: Description: Faulting application lsass.exe, version 5.2.3790.0, faulting module ntdll.dll, version 5.2.3790.3959, fault address 0x0001950e. Has anyone else seen or experienced this problem? I'd appreciate your help. Tag: Where is Admin account being used? Tag: 132003

Hello,
I am working with a domain where the main Administrator account has been
(stupidly) used as a service account somewhere on the nework. The password
has been changed for this, and now i am seeing many many events where the
administrator account has attempted to logon, but cannot as the password is
wrong. As this is the main admin account, it is not locked out, but i would
like to know how to find out where the account is being used from. This would
be handy to audit other accounts floating on the network also.
Cheers.

Top

Re: Where is Admin account being used? by Jorge

Jorge
Fri Jul 11 01:14:25 PDT 2008

do not doublepost. see other post with an answer

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"gbug" <gbug@discussions.microsoft.com> wrote in message
news:18C1CF26-FD3E-456D-8A08-79B7AB6A7579@microsoft.com...
> Hello,
> I am working with a domain where the main Administrator account has been
> (stupidly) used as a service account somewhere on the nework. The password
> has been changed for this, and now i am seeing many many events where the
> administrator account has attempted to logon, but cannot as the password
> is
> wrong. As this is the main admin account, it is not locked out, but i
> would
> like to know how to find out where the account is being used from. This
> would
> be handy to audit other accounts floating on the network also.
> Cheers.

Top