Outlook office 2003 + Group policy
I need my users to use the same signature fomart. I have been able to
disable the the signatures but now to link the required signature to the GP
is the problem
--
Any job can always be better done, when pple share ideas Tag: watch actress profile and photo watch actress priyamani photo Tag: 132181
A SHOCKING NEWS from Microsoft.......
It's really a hot news for everyone
http://polticsinfs.blogspot.com/ Tag: watch actress profile and photo watch actress priyamani photo Tag: 132180
finding out client name for a user logging in to a remote server
I have a requirement to display last successful logon for an account and
the location from which that logon occurred. When a user logs on to a
workstation the location would of course be the hostname of that
workstation. I'm using Visual Basic Scripting to do this. It was working
fine until today while I was of course showing it to our security person.
Even though I took into account when the user logs on to a workstation
and the %CLIENTNAME% environment variable is not set, it seems that for
some reason when logging onto a server %CLIENTNAME% can be set to
"console" sometimes. This is strange considering I'm not asking for the
Session Name which can be "console". I'm asking for the Client Name.
When %CLIENTNAME% equals "console" when running my script or when
running the 'set' command, if I look at the Users tab in Task Manager
the Client Name is still the hostname of the maching I'm using to remote
into the server.
Strangely, I thought that on the Users tab the Session Name would be
listed as "console" when I use Remote Desktop to logon to the console of
the server. I'm using Win2k3 R2. The Session name is always a RDP
session # whether I connect to the console or not. But that's not
something I'm worrying about at the moment.
Can anyone explain to me the circumstances that cause %CLIENTNAME% to be
set to "console" as opposed to the user's workstation? I could test for
it in my script if I knew the conditions under which it occurs. I'm
currently using the following to grab the variable:
strFromHost = objShell.ExpandEnvironmentStrings("%CLIENTNAME%")
Thanks
Brandon Tag: watch actress profile and photo watch actress priyamani photo Tag: 132167
Windows XP Mini-Setup not joining computers to existing account in
We have a Win XP SP2 standard image we deploy onto a lot of our computers.
The image has been sysprep'd and when booted, it goes through XP's Mini Setup
using sysprep.inf to answer all questions except Computer Name.
What we've tried doing is creating machine accounts in Active Directory
(2003 Mixed Mode) in the OUs that we want the computers to end up in, and
then (days later) booted the machines and allowed them to join the domain
during Mini Setup. However, instead of joining the existing accounts, Mini
Setup is creating a NEW account in the Computers OU in the root of AD. So now
I have two machine accounts in AD with the same name. I have to track down
the other account, delete it, and move the computer into that container a few
minutes later after replication has finished.
As far as I'm aware, this isn't the way its meant to work, is it? In Windows
XP, if you join a computer to the domain by hand (outside of Mini Setup), it
joins the existing account. Shouldn't the same happen in Mini Setup, or is
there something I'm missing?
TIA Tag: watch actress profile and photo watch actress priyamani photo Tag: 132166
Loggin on in determinate DC
Hi,
I have 3 Domain Controllers.
Two in Site A and one in Site B.
Is ther possible set a numeber of users to log on in a DC of Site A, being
that users from Site B?
Thanks.
Luiz Tag: watch actress profile and photo watch actress priyamani photo Tag: 132158
Setting File -- Open Dialog box to a default location
All,
How can I through GP setting the default location for the File -- Open
Dialog box to My Computer? We restricted C drive, it it defaults to that, so
everytime they go to file -- Open, it gives them an error saying that its
restricted.
Thanks! Tag: watch actress profile and photo watch actress priyamani photo Tag: 132152
Certificate Help
Hello,
I've just installed our first Enterprise Root CA on one of our DC's running
W2K3 Standard SP2. On another DC I'm trying to request a computer
certificate, but am having trouble. When I go to the web page to request an
advanced cert I am given the option of Administrator/Basic EFS/EFS Recovery
Agent/User/Subordinate CA/Web Server. Am I missing something? I need a
computer certificate becuase this DC is also my RADIUS server and I need a
cert inorder to setup PEAP.
Thanks! Tag: watch actress profile and photo watch actress priyamani photo Tag: 132150
AD Replication Monitor
I ran the AD Replication Monitor. Under Current Transitive Replication
Partner Status I am showing 7 "Partner Name: **DELETED SERVER #7". What
exactly is this telling me? Is this a previous dc that didn't get deleted
properly? I am fairly new to this organization so I don't have a lot of
history on this domain. Thanks! Tag: watch actress profile and photo watch actress priyamani photo Tag: 132149
Adding Domain Controller
Hi. I'm adding an additional domain controller (2k3) to an existing domain,
which has only one DC that is also a 2k3 server. I ran dc promo on the new
server and chose to copy active directory from an an existing DC. I received
an error stating the forest was not ready, and to run adprep against the
existing DC. I checked the functional level of the domain and forest in the
existing DC and found it was set to 2000 level. I raised it to 2003 and
thought that would help. It didn't. I also got an errors when trying to run
adprep against the existing DC. I didn't think adprep was necessary when
there weren't any 2000 servers on the domain. Any ideas?
thanks Tag: watch actress profile and photo watch actress priyamani photo Tag: 132134
Moving FSMO roles
I plan to install a new DC w/gc on new hardware and transfer all the FSMO
roles from the existing DC. What are the best practices for moving them? Is
there a certain order, waiting period between moving roles, etc.? Very
simple environment - 2 dc's, default site config, 1 domain. The old and new
servers will be in the same vlan, same physical location. The other dc (not
a gc) will be in a different office (25mi.) - GigE 100Mb WAN connection.
Thank you! Tag: watch actress profile and photo watch actress priyamani photo Tag: 132133
Event ID 1030's
I'm seeing a number of 1030's on the clients, and this in GPMC:
Group Policy Infrastructure failed due to the error listed below.
Overlapped I/O operation is in progress.
Note: Due to the GP Core failure, none of the other Group Policy components
processed their policy. Consequently, status information for the other
components is not available
I've verified the admin name and passowrd in DHCP manager, and checked for
cached passwords to the server on the clients, and still no luck.
Any other ideas? Tag: watch actress profile and photo watch actress priyamani photo Tag: 132128
repadmin /removelingeringobjects
Hi, i'm getting an error message on a mailserver. event id 2042 "it has been
too long since this machine last replicated with the named source machine
etc etc.
looking at the dates mention further down the message, the tally up to a
date when a previous DC failed and was removed from the domain.
hardware failed from within the DC and dcpromo was never run to remove it
from the domain, and as a result a lot of messages have been appearing
around the servers relating to the missing dc.
The 2042 message gives 3 options, and the only relvant one refers to using
repadmin to clear up any residue following the servers demise.
my question is that reading up on repadmin, I'm being told that 2003 server
needs to be running on "both" servers....the problem is that only one server
is running and i want to clear up the mess following the server dying in the
first place. Or is it just a case of repadmin actually being able to
determine what and where the issue is and clearing it automatically?
cheers Tag: watch actress profile and photo watch actress priyamani photo Tag: 132127
Setting the home page for all users
Hi,
I have the IE7 AD template installed on our DC's and am trying to set the
home page, but the users IE7 is having none of it! I have gone to User
Configuration > Administrative Templates > Windows Explorer > Disable
changing home page settings > enable http://intranet
DC - gpupdate /force
User - gpupdate /force
No http://intranet page
any ideas? Tag: watch actress profile and photo watch actress priyamani photo Tag: 132126
Policy (GPO) Order
Hi,
one question about Policy (GPO) Order applying:
- I have 3 policies: one enabled, the second disabled and the third disabled.
The disabled policy will predominate, ok?
Thanks.
Luiz Tag: watch actress profile and photo watch actress priyamani photo Tag: 132120
Creating New Domain Tree in Existing Forest
We just bought a company that I have to integrate into our active directory.
They currently have Windows 2000 AD and I have Windows 2003 AD. How do I
bring their Windows 2000 AD into my AD as a domain tree without losing their
users? If you could point me to instructions on how to make this possible I
would appreciate it.
thanks -- dee Tag: watch actress profile and photo watch actress priyamani photo Tag: 132117
problems with single level dns name (domain)
Hi
a new customer has a w2k3 server on location vienna with a single level
domain "intern" and no "intern.local" as normally used.
we have to install a second AD-Controller an location linz (connected with
vienna via a 2 MBit VPN-Tunnel).
after using KB 300684 we could move the second server in the domain as member.
then we installed AD on the sec. server, tested dns with nslookup, all works
fine.
Our problem: the user locally in linz cann't access to the local shares on
the sec. AD-Controller, they get the message access denied.
when i remove the AD on the second server and chance the dns entry to the
vienna dns-server all works fine.
workstation systemlog: source: BROWSER, err: 8021, no list from Browser,
source: BROWSER, err: 8032, read fails, applicationlog: source: userenv, err:
1058, gpt.ini access denied
can you help me ? Tag: watch actress profile and photo watch actress priyamani photo Tag: 132111
problem with steadystate and restricting rights from administrator
I have a domain Active directory on a windows 2000 Server and I moved the
rights I made on a pc with steadystate to the server with the active
directory with SCTSettings.adm. Then I did some changes in the group policy
at the All Windows Steadystate restrictions hopping that this will affect
only to users that also have Steadystate restricting the right click on
desktop, the access on C:\, and in all windows programs but this affected on
the privilages of the administrator rights too!!! Now I can't have access to
c:\, not to administrative programs not even right click to the workspace!!!
Is there other way to have access to the gpedit (group policy editor) to
change the policy again ? cause even the administrator doesn't have any
rights now and... I think... this is a HUGE bug!!!! nomater what
administrator shouldn't affect on any change of GROUP policy...
Pls I need help imidiatly not to setup the server again cause I have 200
users to put again in active directory one by one... Tag: watch actress profile and photo watch actress priyamani photo Tag: 132110
Re: Site link configuration question..
again my bad...
this should be:
adfind -config -rb "CN=IP,CN=Inter-Site Transports,CN=Sites" -f
"objectCategory=siteLink" siteList
have not had coffee yet ;-(
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge de Almeida Pinto [MVP - DS]"
<SubstituteThisWithMyFullNameSeparatedByDots@gmail.com> wrote in message
news:...
> my bad...
>
> this should be:
> adfind -config -rb "CN=IP,CN=Inter-Site Transports,CN=Sites" -f
> "objectCategory=siteLink" siteObjectBL
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ------------------------------------------------------------------------------------------
> * How to ask a question --> http://support.microsoft.com/?id=555375
> ------------------------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no
> rights!
> * Always test ANY suggestion in a test environment before implementing!
> ------------------------------------------------------------------------------------------
> #################################################
> #################################################
> ------------------------------------------------------------------------------------------
> "Kent" <Kent@discussions.microsoft.com> wrote in message
> news:7278BC24-A71C-4CFF-8533-48BF0FC49AD3@microsoft.com...
>> post the IP of the client you used
>> ----------------------------------
>> 192.168.1.22
>>
>>
>> post NLTEST /DSGETSITE
>> ----------------------
>> C:\Documents and Settings\administrator>nltest /dsgetsite
>> Client
>> The command completed successfully
>>
>>
>> post NLTEST /DSGETDC:<DOMAIN>
>> -----------------------------
>> C:\Documents and Settings\administrator>nltest /dsgetdc:contoso.com
>> DC: \\hq-con-dc-03.contoso.com
>> Address: \\192.100.0.2
>> Dom Guid: 6de92f82-4b65-4711-9abc-2e86c0ade8ed
>> Dom Name: contoso.com
>> Forest Name: contoso.com
>> Dc Site Name: AsiaPacific
>> Our Site Name: Client
>> Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN
>> DNS_FOREST
>> CLO
>> SE_SITE
>> The command completed successfully
>>
>>
>> post NLTEST /DSGETSITECOV
>> -------------------------
>> C:\AdFind>nltest /dsgetsitecov
>> DsGetDcSiteCoverage failed: Status = 50 0x32 ERROR_NOT_SUPPORTED
>>
>>
>> adfind -config -rb "CN=Sites" -f "objectCategory=Site" siteObjectBL
>> -------------------------------------------------------------------
>> C:\AdFind>adfind -config -rb "CN=Sites" -f "objectCategory=Site"
>> siteobjectBL
>>
>> AdFind V01.37.00cpp Joe Richards (joe@joeware.net) June 2007
>>
>> Using server: hq-con-dc-01.contoso.com:389
>> Directory: Windows Server 2003
>> Base DN: CN=Sites,CN=Configuration,DC=contoso,DC=com
>>
>> dn:CN=Europe,CN=Sites,CN=Configuration,DC=contoso,DC=com
>>>siteObjectBL:
>>>CN=10.0.0.0/8,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso,DC=
>> com
>>
>> dn:CN=AsiaPacific,CN=Sites,CN=Configuration,DC=contoso,DC=com
>>>siteObjectBL:
>>>CN=192.100.0.0/24,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso
>> ,DC=com
>>
>> dn:CN=America,CN=Sites,CN=Configuration,DC=contoso,DC=com
>>>siteObjectBL:
>>>CN=138.169.0.0/16,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso
>> ,DC=com
>>
>> dn:CN=Client,CN=Sites,CN=Configuration,DC=contoso,DC=com
>>>siteObjectBL:
>>>CN=192.168.1.0/24,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso
>> ,DC=com
>>
>> 4 Objects returned
>>
>>
>> adfind -config -rb "CN=IP,CN=Inter-Site Transports,CN=Sites" -f
>> "objectCategory=Site" siteObjectBL
>> --------------------------------------------------------------------------------------------------
>> C:\AdFind>adfind -config -rb "CN=IP,CN=Inter-Site Transports,CN=Sites" -f
>> "objec
>> tCategory=Site" siteobjectBL
>>
>> AdFind V01.37.00cpp Joe Richards (joe@joeware.net) June 2007
>>
>> Using server: hq-con-dc-01.contoso.com:389
>> Directory: Windows Server 2003
>> Base DN: CN=IP,CN=Inter-Site
>> Transports,CN=Sites,CN=Configuration,DC=contoso,DC=
>> com
>>
>> 0 Objects returned
>>
>> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>
>>>
>>>
>>> * post the IP of the client you used
>>> * post NLTEST /DSGETSITE
>>> * post NLTEST /DSGETDC:<DOMAIN>
>>> * post NLTEST /DSGETSITECOV
>>> * adfind -config -rb "CN=Sites" -f "objectCategory=Site" siteObjectBL
>>> * adfind -config -rb "CN=IP,CN=Inter-Site Transports,CN=Sites" -f
>>> "objectCategory=Site" siteObjectBL
>>>
>>> ADFIND can be downloaded from joeware.net
>>>
>>> --
>>>
>>> Cheers,
>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>
>>> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>>>
>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>> ------------------------------------------------------------------------------------------
>>> * How to ask a question --> http://support.microsoft.com/?id=555375
>>> ------------------------------------------------------------------------------------------
>>> * This posting is provided "AS IS" with no warranties and confers no
>>> rights!
>>> * Always test ANY suggestion in a test environment before implementing!
>>> ------------------------------------------------------------------------------------------
>>> #################################################
>>> #################################################
>>> ------------------------------------------------------------------------------------------
>>> "Kent" <Kent@discussions.microsoft.com> wrote in message
>>> news:7A167365-80B5-4300-8246-D8326440E443@microsoft.com...
>>> > Yes, there are currently 2 site links configured.
>>> >
>>> > First Site Link with the cost of 50 are configured to contain 2 HUB
>>> > sites
>>> > (SITEA & SITEB).
>>> > Second Site Link with the cost of 80 is configured to contain 1 BO
>>> > (SITEC)
>>> > &
>>> > 1 nearest HUB site (SITEB).
>>> >
>>> > I've tried with nltest and set command, the logon server for a client
>>> > at
>>> > SITEC is going to DC at SITEA & SITEC randomly. By right, it should
>>> > only
>>> > goes
>>> > to DC at SITEB right as there is already a Site Link configured?
>>> >
>>> > Thanks.
>>> >
>>> >
>>> > "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>> >
>>> >> it should not matter what the costs is because the site link between
>>> >> the
>>> >> BO
>>> >> and the HUB is always the cheapest!. Do you have other site links
>>> >> configured?
>>> >> use can also use NLTEST on both the client and the DC to test
>>> >> configurations
>>> >>
>>> >> --
>>> >>
>>> >> Cheers,
>>> >> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>> >>
>>> >> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services
>>> >> #
>>> >>
>>> >> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>> >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>> >> ------------------------------------------------------------------------------------------
>>> >> * How to ask a question --> http://support.microsoft.com/?id=555375
>>> >> ------------------------------------------------------------------------------------------
>>> >> * This posting is provided "AS IS" with no warranties and confers no
>>> >> rights!
>>> >> * Always test ANY suggestion in a test environment before
>>> >> implementing!
>>> >> ------------------------------------------------------------------------------------------
>>> >> #################################################
>>> >> #################################################
>>> >> ------------------------------------------------------------------------------------------
>>> >> "Kent" <Kent@discussions.microsoft.com> wrote in message
>>> >> news:B7DFA04D-45B2-4E35-9FB6-D6C3574E2DE6@microsoft.com...
>>> >> > Hi Jorge,
>>> >> > Thanks for your advice below.
>>> >> >
>>> >> > I've tested out the 1st solution in virtual environment (without
>>> >> > site
>>> >> > aware
>>> >> > apps), and it's working perfectly.
>>> >> >
>>> >> > However, when i test out the 2nd solution it seems that the
>>> >> > authentication
>>> >> > is not consistent. Let me brief you on my virtual setup.
>>> >> >
>>> >> > - 3 sites = SiteA (with 1 domain controller), SiteB (with 1 domain
>>> >> > controller), SiteC (clients without domain controller)
>>> >> > - SiteA & SiteB is in the same Site Link with a cost of 20
>>> >> > - SiteB & SiteC is in the same Site Link with a cost of 50
>>> >> >
>>> >> > When a XP machine from SiteC is logging on to the domain, it should
>>> >> > be
>>> >> > authenticating to domain controller at SiteB but sometimes it's
>>> >> > going
>>> >> > to
>>> >> > domain controller at SiteA.
>>> >> >
>>> >> > But when changing the Site Link cost of 50 to 15 (SiteB & SiteC),
>>> >> > authentication is constantly going to domain controller at SiteB
>>> >> > (which
>>> >> > is
>>> >> > what i want). So, my question is whether is it correct to have
>>> >> > lower
>>> >> > cost
>>> >> > between Branch and HUB than HUB to HUB?
>>> >> >
>>> >> > Appreciate your advice on this.
>>> >> > Thanks again.
>>> >> >
>>> >> >
>>> >> > "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>> >> >
>>> >> >> in that case I would:
>>> >> >> * create an AD site for each HUB
>>> >> >> * create an AD site link and put the HUBs in it
>>> >> >> * create an AD subnet for each subnet at one HUB and link it to
>>> >> >> the AD
>>> >> >> site
>>> >> >> of the corresponding HUB
>>> >> >> * create an AD subnet for each subnet at the branch offices and
>>> >> >> link
>>> >> >> it
>>> >> >> to
>>> >> >> the AD site of the nearest HUB
>>> >> >>
>>> >> >> this way client at a branch office will use the nearest HUB
>>> >> >>
>>> >> >> if you were to have site aware apps in the branch office site I
>>> >> >> would:
>>> >> >> * create an AD site for each HUB
>>> >> >> * create an AD site for each branch office (BO)
>>> >> >> * create an AD subnet for each subnet at one HUB and link it to
>>> >> >> the AD
>>> >> >> site
>>> >> >> of the corresponding HUB
>>> >> >> * create an AD subnet for each subnet at one BO and link it to the
>>> >> >> AD
>>> >> >> site
>>> >> >> of the corresponding BO
>>> >> >> * create an AD site link for each BO and its nearest HUB
>>> >> >> in this last scenario the DCs in the HUB will register SRV records
>>> >> >> in
>>> >> >> the
>>> >> >> linked BOs and therefore service those BOs as you want
>>> >> >>
>>> >> >> --
>>> >> >>
>>> >> >> Cheers,
>>> >> >> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>> >> >>
>>> >> >> # Jorge de Almeida Pinto # MVP Identity & Access - Directory
>>> >> >> Services
>>> >> >> #
>>> >> >>
>>> >> >> BLOG (WEB-BASED)-->
>>> >> >> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>> >> >> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>> >> >> ------------------------------------------------------------------------------------------
>>> >> >> * How to ask a question -->
>>> >> >> http://support.microsoft.com/?id=555375
>>> >> >> ------------------------------------------------------------------------------------------
>>> >> >> * This posting is provided "AS IS" with no warranties and confers
>>> >> >> no
>>> >> >> rights!
>>> >> >> * Always test ANY suggestion in a test environment before
>>> >> >> implementing!
>>> >> >> ------------------------------------------------------------------------------------------
>>> >> >> #################################################
>>> >> >> #################################################
>>> >> >> ------------------------------------------------------------------------------------------
>>> >> >> "Kent" <Kent@discussions.microsoft.com> wrote in message
>>> >> >> news:4CC9443D-62AC-4307-AF6B-B71ADBEB8539@microsoft.com...
>>> >> >> > Hello,
>>> >> >> > Yes, subnets are defined correctly and linked to the correct
>>> >> >> > sites.
>>> >> >> > Branch sites does not have any DC and no apps like DFS, MSMQ,
>>> >> >> > etc is
>>> >> >> > installed.
>>> >> >> >
>>> >> >> > So are there any good ideas for me get the logon authentication
>>> >> >> > to
>>> >> >> > work
>>> >> >> > correctly?
>>> >> >> > Thanks
>>> >> >> >
>>> >> >> >
>>> >> >> > "dave m" wrote:
>>> >> >> >
>>> >> >> >> I assume, and hate to, that there is only a single domain
>>> >> >> >> involved
>>> >> >> >> here.
>>> >> >> >>
>>> >> >> >> dave Admin
>>> >> >> >>
>>> >> >> >>
>>> >> >> >> "Kent" <Kent@discussions.microsoft.com> wrote in message
>>> >> >> >> news:1CCC2FC3-6F2E-4F58-92B3-7A858F054CFC@microsoft.com...
>>> >> >> >> > Hi All,
>>> >> >> >> > I would like to seek some opinions from AD experts regarding
>>> >> >> >> > my
>>> >> >> >> > scenario
>>> >> >> >> > below:
>>> >> >> >> >
>>> >> >> >> > Scenario:
>>> >> >> >> > ---------
>>> >> >> >> > 1. Active Directory contains 8 domain controllers (all
>>> >> >> >> > configured
>>> >> >> >> > as
>>> >> >> >> > GC),
>>> >> >> >> > 4
>>> >> >> >> > located at UK data centre and 4 more located at Singpapore
>>> >> >> >> > data
>>> >> >> >> > centre.
>>> >> >> >> > 2. There are around 20 sites created on AD which are located
>>> >> >> >> > at
>>> >> >> >> > Asia
>>> >> >> >> > Pacific
>>> >> >> >> > region and around 40 sites created on AD which are located at
>>> >> >> >> > Europe
>>> >> >> >> > &
>>> >> >> >> > America region.
>>> >> >> >> > 3. I want to ensure computers at sites located at Asia
>>> >> >> >> > Pacific
>>> >> >> >> > will
>>> >> >> >> > authenticate to domain controllers at Singapore data centre
>>> >> >> >> > and
>>> >> >> >> > computers
>>> >> >> >> > at
>>> >> >> >> > sites located at Europe/America to authenticate to domain
>>> >> >> >> > controllers
>>> >> >> >> > at
>>> >> >> >> > UK
>>> >> >> >> > data centre.
>>> >> >> >> >
>>> >> >> >> >
>>> >> >> >> > Current setup:
>>> >> >> >> > --------------
>>> >> >> >> > 1. Site link between Singapore DC and UK DC is having a cost
>>> >> >> >> > of
>>> >> >> >> > 10.
>>> >> >> >> > 2. A site link is configured to contain multiple sites from
>>> >> >> >> > Asia
>>> >> >> >> > Pacific
>>> >> >> >> > to
>>> >> >> >> > Singapore DC with a cost of 50. This is the same to
>>> >> >> >> > Europe/America
>>> >> >> >> > site
>>> >> >> >> > link
>>> >> >> >> > but it's configured to UK DC instead of Singapore one (with a
>>> >> >> >> > cost
>>> >> >> >> > of
>>> >> >> >> > 50
>>> >> >> >> > as
>>> >> >> >> > well).
>>> >> >> >> > 3. The problem with this setup is users are authenticating to
>>> >> >> >> > different
>>> >> >> >> > domain controllers, sometime to Singapore then UK.
>>> >> >> >> >
>>> >> >> >> >
>>> >> >> >> > My suggestion is to:
>>> >> >> >> > --------------------
>>> >> >> >> > 1. Configure 2 site links for 1 site with different costing.
>>> >> >> >> > Example:
>>> >> >> >> > Site
>>> >> >> >> > A
>>> >> >> >> > is located at Asia Pacific, computers at Site A must
>>> >> >> >> > authenticate
>>> >> >> >> > to
>>> >> >> >> > domain
>>> >> >> >> > controllers at Singapore data centre so i will create a Site
>>> >> >> >> > Link
>>> >> >> >> > to
>>> >> >> >> > Singapore DC site with cost of 40 and another Site Link to UK
>>> >> >> >> > site
>>> >> >> >> > with
>>> >> >> >> > cost
>>> >> >> >> > of 80. This would ensure the logon authentication will go to
>>> >> >> >> > the
>>> >> >> >> > correct
>>> >> >> >> > domain controllers.
>>> >> >> >> > 2. Site Link betwenn Singapore DC and UK DC will have a cost
>>> >> >> >> > of
>>> >> >> >> > 10.
>>> >> >> >> >
>>> >> >> >> >
>>> >> >> >> > But i'm not sure whether is this solution practical because
>>> >> >> >> > it'll
>>> >> >> >> > create
>>> >> >> >> > alot of Site Links on Active Directory.
>>> >> >> >> > Anyone can give some suggestions?
>>> >> >> >> >
>>> >> >> >> > Thanks in advance.
>>> >> >> >> >
>>> >> >> >> >
>>> >> >> >>
>>> >> >> >>
>>> >> >> >>
>>> >> >> >>
>>> >> >>
>>> >> >>
>>> >>
>>> >>
>>>
>>>
> Tag: watch actress profile and photo watch actress priyamani photo Tag: 132108
Unable to create Domain on Server 2008
When running 'dcpromo' I receive the following error: 'The new domain cannot
be created because the local Administrator account password does not meet
requirements.' I have tried multiple passwords using 6 or more Upper case,
Lower case, & Special characters. This is a new server setup with no existing
domains. Tag: watch actress profile and photo watch actress priyamani photo Tag: 132094
Restricting Trusted Domain user login hour
Hi there,
I was wondering if there is anyway to limit user's logon hour by
configuring AD Domain A while the user account is in a trusted Domain
B please?
What I have got is a computer lab with all computers and network
resources belonging to Domain A. Domain A trusted Domain B (with the
same forest), hence users from Domain B can log onto computers in the
lab. Now we want to limit users from using the lab after hour. I know
I can set the logon hours for the users in AD User and Computer in
Domain B but I only want to limit their access to computers in Domain
A, not the entire organization/AD forest.
Is there a way to control that within Domain A please?
Thanks,
Edmond. Tag: watch actress profile and photo watch actress priyamani photo Tag: 132093
Password policy
We have Windows 2003 domain and we are in the process of implementing
password policy across the domain.
What will be the suggested/ recommended pathway to exclude administrator/
special purpose admin related accouts from this password policy?
Thanks Tag: watch actress profile and photo watch actress priyamani photo Tag: 132078
Automate home directory for a new user
All, How can I automate the creation of a users home directory, when the
user is created in AD? I am not wanting to use the my documents folder
redirection, but rather still with standard drive mappings.
Thanks! Tag: watch actress profile and photo watch actress priyamani photo Tag: 132077
idlist error
I am thinking this is a possible account error. I have a user who
gets the following error no matter what computer she logs onto on our
domain :
Cannot find/ idlist,:216:4800,//dc01/netlogon/
If other users log onto her computers they dont get this error but
this error seems to follow the user. Any ideas ?
Cant see anything obvious wrong with the account in AD.
Thanks Tag: watch actress profile and photo watch actress priyamani photo Tag: 132067
Best method for moving 2003 sp2 Domain controller to new hardware.
Hi,
I need to move a domain controller to faster better hardware. The new
hardware will have different drive controllers and most likely a
different storage layout. What are best practices to ensure minimum
disruption to the network?
Max Tag: watch actress profile and photo watch actress priyamani photo Tag: 132066
Role based administration for password resets
Hello,
We have a Windows 2003 domain.We are in the process of implementing password
policy on the domain.
Currently we add helpdesk staff to server operators group for AD
administration. Is there a role based administration model in Windows 2003 so
that I can add some helpdesk staff to just reset password and not server
operators?
Thanks Tag: watch actress profile and photo watch actress priyamani photo Tag: 132061
Get localhost AD folder
Hi,
I would like to put a row in users loginscript todetermine which OU the
localhost is located in.
Any idea?
Regards Magnus Tag: watch actress profile and photo watch actress priyamani photo Tag: 132048
Failure login to domain or losing domain membership
Server information of each site
Site A (Production)
Server A1 (Application server - Window cluster) Server B1 (Database Server -
Windows/MS SQL cluster) Server C1 (Database Server â?? Windows/MS SQL cluster)
Server F0 (Existing Domain controller), F1 (New Domain controller) OS
(Windows 2003 server enterprise R2/SP2)
OS for Server A1, B1, and C1 are on external SAN volumes OS for Server F1
are on internal disks.
Site B (DR â?? Disaster Recovery)
Server A2 (Application Server â?? Windows cluster) Server B2 (Database Server
â?? Windows/MS SQL cluster) Server C2 (Database Server â?? Windows/MS SQL
cluster) Server F2 (Domain Controller â?? Fresh installation OS only)
Server D (Fax Server)
Server E (Citrix Server)
OS (Windows 2003 Server enterprise R2/SP2)
OS for Server A2, B2, and C2 are on external SAN volumes. The OS for these
servers is replicated from OS of servers (A1, B1& C1). Hence the
configuration of server (A2, B2 & C2) is exactly same as servers (A1, B1 &
C1).
OS for Server F2, D & E are on internal disks.
Server F2 is configured with basic OS with the same IP address and Host name
as of server F1.
Setup & Configure Step (1st time)
Site A
Configure Server F1 at site A as additional domain controller along
with existing domain controller. These domain controllers serves
domain â??XYZ.comâ??.
The server F1 holds all the FSMO roles except Infrastructure role.
Configure Server A1,B1 and C1 server and join to domain â??XYZ.comâ??
Bring servers D & E to Site A(Production) from Site B(DR)
Setup and configure servers D & E and join to domain â??XYZ.comâ?? at
Site A
After joining domainâ??XYZ.comâ?? for servers D & E, move back both
servers to Site B(DR).
Perform a full or system state backup at site A from existing AD
server F1 using â??ntbackupâ?? and copy backup file(.bkf) from domain
controller(F1) at site A to domain controller(F2) at site B.
Site B
Restore backup file (.bkf) on domain controller (F2) at site B.
Now server F2 becomes new independent Active Directory server at site
B.
Replicate OS (using IBM SVC) of servers A1, B1, and C1 at Site A to
servers A2, B2 and C2 at site B respectively.
Bring up Server A2, B2, and C2
On boot, servers are able to login as domain member.
Servers D & E (Fax & Citrix) which were joined at Site A and brought
back to site B are now boot up at Site B.
Servers D & E (Fax & Citrix) are also ble to login as domain members.
Periodic restore (Perform DR restore & Testing â?? Daily or weekly)
Note: At DR Site all servers D, E, F2, A2, B2 and C2 were already able to
join and login as domain member when first time setup & configuration was
done. But to keep the Active Directory server at site B up to date as Active
Directory server at site A, we are backing up the Active Directory server
(F1) at site A and restoring it on Active Directory server (F2) at site B
periodically.
Perform a full or system state backup at Site A from existing AD
server F1 by using â??ntbackupâ?? and copy backup file(.bkf) from site A
to site B.
Perform restore on AD at site B using latest backup file.
Boot up servers A2, B2, C2 and try to login as domain member, but
login fails.
Boot up servers D & E server, try to login as domain member, but
login fails.
It is not necessary that it will fail on second restore. Sometimes it
work even if we restore Active Directory server several times in 3-4
days, but after 3-4 days or 1 week when we backup and restore only
Active Directory, some of the servers (A2,B2,C2,D & E) are not able to
login as domain members.
But since OS of servers A2, B2 & C2 are on external SAN disks, we can
replicate the OS of servers A1, B1 & C1 to servers A2, and B2 & C2. In
this case these servers (A2, B2 & C2) are able to login as domain
members.
But OS for servers D & E is not on external disk and we can not
replicate OS for these two servers.
For example, the servers (A2, B2, C2, D & E) were able to login as
domain member on 30th June with the backup file of Active Directory also
of the same date. So for next few days (1st July and 2nd July) we
performed backup of Active Directory server (F1) and restored it on
Active Directory server (F2) at site B. We booted the member servers and
the servers could join as domain members. But later after few days say 4
th July, we performed backup again of Active Directory (F1) at site A
and restored it on Active Directory server(F2) at site B. This time we
boot the member servers, but these servers could not login as domain
members.
So to check whether the newly restored AD server (F2) also requires the
OS of servers at the same moment or close to some range of time, we
replicated OS of only A2, B2 and C2 on 4th July and boot these servers.
Then these serves were able to login as domain members.
We have tested the above cycle several times and our observation is same
every time.
Question:
Why servers (A2, B2, C2, D & E) are not able to login as domain
members after 3-4days?
Why servers A2, B2 & C2 after replicating OS are able to login as
domain members?
Any permanent solution? Tag: watch actress profile and photo watch actress priyamani photo Tag: 132040
Problem with Microsoft WHEA Logger after migrating to 2008
Hello,
since we reinstalled our domain Controller in Windows 2008, we have
every few minutes a warning from the "Microsoft-Windows-WHEA-Logger",
concerning a "Memory Hierarchy Error". The server is a HP DL380 with 4
gigs of RAM, 32 gigabyte SCSI-disk,... I already ran the Memory
Diagnostics Tool included in Windows 2008, but it showed me no errors
Here is the detail about the event, perhaps some idea what could be
the cause:
Error Source: Corrected Machine Check
Error Type: Memory Hierarchy Error
Processor ID Valid: Yes
Processor ID: 0x6
Bank Number: 0
Transaction Type: Generic
Processor Participation: N/A
Request Type: Snoop
Memory/Io: N/A
Memory Hierarchy Level: Level 1
Timeout: N/A
Event Xml:
<Event xmlns=3D"http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name=3D"Microsoft-Windows-WHEA-Logger"
Guid=3D"{c26c4f3c-3f66-4e99-8f8a-39405cfed220}" />
<EventID>19</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime=3D"2008-07-08T04:45:38.589Z" />
<EventRecordID>3051</EventRecordID>
<Correlation ActivityID=3D"{DBC18E92-DD0E-4B8F-9E77-39CE5828C6B7}" /
>
<Execution ProcessID=3D"1412" ThreadID=3D"3020" />
<Channel>System</Channel>
<Computer> name </Computer>
<Security UserID=3D"S-1-5-19" />
</System>
<EventData>
<Data Name=3D"ApicIdValid">1</Data>
<Data Name=3D"ApicId">0x6</Data>
<Data Name=3D"MCABank">0</Data>
<Data Name=3D"MciStat">0xcc00001f20040189</Data>
<Data Name=3D"MciAddr">0x1824100</Data>
<Data Name=3D"MciMisc">0x1400002d012a0</Data>
<Data Name=3D"ErrorType">9</Data>
<Data Name=3D"TransactionType">2</Data>
<Data Name=3D"Participation">256</Data>
<Data Name=3D"RequestType">8</Data>
<Data Name=3D"MemorIO">256</Data>
<Data Name=3D"MemHierarchyLvl">1</Data>
<Data Name=3D"Timeout">256</Data>
<Data Name=3D"Length">1730</Data>
<Data
Name=3D"RawData">435045520102FFFFFFFF03000200000002000000C2060000242D040008=
0708140000000000000000000000000000000000000000000000000000000000000000BDC40=
7CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBB5739B183AE0C801=
00000000000000000000000000000000000000000000000058010000C000000001020000010=
00000ADCC7698B447DB4BB65E16F193C4F3DB00000000000000000000000000000000020000=
00000000000000000000000000000000000000000018020000920200000102000000000000D=
5560F3986CA494695C473A408AE583400000000000000000000000000000000020000000000=
000000000000000000000000000000000000AA040000180200000102000000000000E95412E=
7B9C14049AB76909703A4320F00000000000000000000000000000000020000000000000000=
000000000000000000000000000000FF01000000000000000001000C010000250F000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000006000000000000000000000000000000000000000=
000000000000000000000000000000000000000070100000000000006000000000000000B08=
020600440000FFFBEBBFB045828100000000000000000000000000000000000000000000000=
00000000000000000F50157A5EFE3DE43AC72249B573FAD2C03000000000000009F00622000=
000000004182010000000000000000000000000000000000000000000000000000000001000=
800800100000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000004572507400000000180200000001000000000000000000000000000000000000000000=
0002000000000000000100000000000000020000000600000000000000FF010000000000000=
00001000C010000250F00000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000600000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
0000000000000000000000000100000092030000010000000100000022A96776B5E0C801010=
00000000000000000000000000000890104201F0000CC0041820100000000A012D002004001=
000C00000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000000000000000000000000000000000000000000000000000=
000000000000000000000000000</
Data>
</EventData>
</Event>
Best regards
paulreims Tag: watch actress profile and photo watch actress priyamani photo Tag: 132033
A HOT SHOCKING NEWS FROM MICROSOFT....
TODAY A BIG HOT NEWS FOR EVERYONE
FOR MORE DETAILS ON
http://polticsinfs.blogspot.com Tag: watch actress profile and photo watch actress priyamani photo Tag: 132031
Unique time requirement
We have an AD 2003 domain which uses the domain hierachy time sync model.
There is a developer who is using an application that generates
transactions. Before this application hits production they need to confirm
that it can log transactions for different times/dates (i dont know why..
they just do)
So they have tried changing the system clock, but of course this causes all
sorts of problems and they cant access the box. It will then re-sync its
clock with a domain controller and the box is back to normal..
Is there some sort of software which can cater for this, ie it interfaces
with the system clock and the operating system, so that it can have multiple
times. ie the OS communcates with the domain with the correct time, but
somehow this app can make available a second time for applications..
strange request.. and I can't see how it can be done but I thought id see if
anyone here had come across a similar requirement.
They cant do this testing in a workgroup as they need to interface with
other apps/boxes on the domain using windows authentication..
any ideas? Tag: watch actress profile and photo watch actress priyamani photo Tag: 132021
renaming a home directory
One of my users just got married and now I want to rename the
account.
My question is should I just rename the home directory or build
another account and migrate to that account. My concern is how LDAP
is
affected by renaming a home directory . This is a Server 2008 domain Tag: watch actress profile and photo watch actress priyamani photo Tag: 132017
ADAM Partitions on Separate Servers
Is it possible to create an ADAM instance where one or more partitions
are on one server and a different partition is on a second server? Tag: watch actress profile and photo watch actress priyamani photo Tag: 132015
Disabling NETBIOS on windows 2008 server effects group policy
I want to avoid NETBIOS traffic in my office ,for that I have disabled
"TCP/IP NETBIOS helper" under services of my Windows 2008 std. domain
controller.Suddenly, my group policies stopped working and giving me error"
failed to open group policies, The network path was not found".
If I enable NETBIOS service, group policy works fine.
Can anyone suggest me a better way to stop NETBIOS traffic.
Thanks
Amit Arora
amit1982@gmail.com Tag: watch actress profile and photo watch actress priyamani photo Tag: 132008
lsass.exe terminated - restart of computer
I've got several Server 2003 Std SP2 systems running AD that reboot
arbitrarily maybe once or twice a week. It seems to be getting more frequent
now too. I get the same event IDs every single time in the System and
Application event logs. I've run virus scans, used MBSA, ran the Malicious
Software Removal Tool, and installed hotfix 927342. Yet, despite everything
I've tried, searched endlessly on google for a solution, I cannot seem to
figure this problem out.
Here's some other info about my environment:
* 8 total DCs
* 6 sites
* 3 GCs (all of the GCs are in the same site - central datacenter) - the
other 5 DCs are have Universal group membership cacheing enabled
* 2 Exchange Servers - backend cluster and frontend OWA
Here's the events I'm seeing and it seems to be related to a problem with
lsass.exe:
Event Type: Error
Event Source: LsaSrv
Event Category: Security Package Manager
Event ID: 5000
Date: 7/7/2008
Time: 10:10:43 AM
User: N/A
Computer:
Description:
The security package Negotiate generated an exception. The exception
information is the data.
Event Type: Information
Event Source: USER32
Event Category: None
Event ID: 1074
Date: 7/7/2008
Time: 10:11:31 AM
User: NT AUTHORITY\SYSTEM
Computer:
Description:
The process winlogon.exe has initiated the restart of computer on behalf of
user for the following reason: No title for this reason could be found
Reason Code: 0x50006
Shutdown Type: restart
Comment: The system process 'C:\WINDOWS\system32\lsass.exe' terminated
unexpectedly with status code -1073741819. The system will now shut down and
restart.
Event Type: Error
Event Source: Winlogon
Event Category: None
Event ID: 1015
Date: 7/7/2008
Time: 10:11:25 AM
User: N/A
Computer:
Description:
A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status
code c0000005. The machine must now be restarted.
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 7/7/2008
Time: 10:10:53 AM
User: N/A
Computer:
Description:
Faulting application lsass.exe, version 5.2.3790.0, faulting module
ntdll.dll, version 5.2.3790.3959, fault address 0x0001950e.
Has anyone else seen or experienced this problem? I'd appreciate your help. Tag: watch actress profile and photo watch actress priyamani photo Tag: 132003
DCPROMO RPC error
I am trying to promote a domain controller on 2008 in a separate site to my
domain. The only existing current DCs are in another site. The sites are
connected by permanent VPN, and I know it's working because I can log on to
the domain perfectly well (a bit slowly) from any computer at the remote
site, as well as join the domain as a member server from the computer I am
trying to promote.
When running DCPROMO, it starts the process then stops with the error:
-----
The operation failed because:
Active Directory Domain Services could not create the NTDS Settings object
for this Active Directory Domain Controller CN=NTDS
Settings,CN=ES-SERVER2,CN=SERVERS,CN=ELEMENTARY,CN=SITES,CN=CONFIGURATION,DC=stghs,DC=net
on the remote AD DC hs-server2.stghs.net. Ensure the provided network
credentials have sufficient permissions.
"The RPC Server is unavailable."
-----
Any ideas? Thanks for your help.
Aaron Stamboulieh - MCSA Tag: watch actress profile and photo watch actress priyamani photo Tag: 131995
PDC Failing and GP not updating
I have a somewhat new additional DC in production however the FSMOCheck
is failing for it's PDC and I get an error when trying to access the GP.
I have included a DCDiag, I can not determine the cause for this. The
DCs are connected across a high speed WAN. Any help is much appreciated,
thanks in advance.
Domain Controller Diagnosis
Performing initial setup:
* Connecting to directory service on server DRS-689-10.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 3 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DRS-343-10A
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DRS-343-10A passed test Connectivity
Testing server: Default-First-Site-Name\DRS-343-10B
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DRS-343-10B passed test Connectivity
Testing server: Default-First-Site-Name\DRS-689-10
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DRS-689-10 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DRS-343-10A
Starting test: Replications
* Replications Check
* Replication Latency Check
The replications latency check is not available on this DC.
* Replication Site Latency Check
......................... DRS-343-10A passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DRS-343-10A passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DRS-343-10A passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=drs343,DC=drs
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=drs343,DC=drs
(Configuration,Version 2)
* Security Permissions Check for
DC=drs343,DC=drs
(Domain,Version 2)
......................... DRS-343-10A passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... DRS-343-10A passed test NetLogons
Starting test: Advertising
The DC DRS-343-10A is advertising itself as a DC and having a DS.
The DC DRS-343-10A is advertising as an LDAP server
The DC DRS-343-10A is advertising as having a writeable directory
The DC DRS-343-10A is advertising as a Key Distribution Center
The DC DRS-343-10A is advertising as a time server
The DS DRS-343-10A is advertising as a GC.
......................... DRS-343-10A passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
Role Domain Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
Role PDC Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
Role Rid Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
......................... DRS-343-10A passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3601 to 1073741823
* drs-343-10a.drs343.drs is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2601 to 3100
* rIDNextRID: 2438
* rIDPreviousAllocationPool is 2101 to 2600
......................... DRS-343-10A passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/drs-343-10a.drs343.drs/drs343.drs
* SPN found :LDAP/drs-343-10a.drs343.drs
* SPN found :LDAP/DRS-343-10A
* SPN found :LDAP/drs-343-10a.drs343.drs/DRS343
* SPN found
:LDAP/a37e1493-32f0-407d-b97f-f42c82ec40ee._msdcs.drs343.drs
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/a37e1493-32f0-407d-b97f-f42c82ec40ee/drs343.drs
* SPN found :HOST/drs-343-10a.drs343.drs/drs343.drs
* SPN found :HOST/drs-343-10a.drs343.drs
* SPN found :HOST/DRS-343-10A
* SPN found :HOST/drs-343-10a.drs343.drs/DRS343
* SPN found :GC/drs-343-10a.drs343.drs/drs343.drs
......................... DRS-343-10A passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DRS-343-10A passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... DRS-343-10A passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
DRS-343-10A is in domain DC=drs343,DC=drs
Checking for CN=DRS-343-10A,OU=Domain
Controllers,DC=drs343,DC=drs in domain DC=drs343,DC=drs on 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
in domain CN=Configuration,DC=drs343,DC=drs on 3 servers
Object is up-to-date on all servers.
......................... DRS-343-10A passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DRS-343-10A passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... DRS-343-10A passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
......................... DRS-343-10A passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... DRS-343-10A passed test systemlog
Starting test: VerifyReplicas
......................... DRS-343-10A passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DRS-343-10A,OU=Domain Controllers,DC=drs343,DC=drs and
backlink on
CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
are correct.
The system object reference (frsComputerReferenceBL)
CN=DRS-343-10A,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=drs343,DC=drs
and backlink on CN=DRS-343-10A,OU=Domain
Controllers,DC=drs343,DC=drs
are correct.
The system object reference (serverReferenceBL)
CN=DRS-343-10A,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=drs343,DC=drs
and backlink on
CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
are correct.
......................... DRS-343-10A passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... DRS-343-10A passed test
VerifyEnterpriseReferences
Testing server: Default-First-Site-Name\DRS-343-10B
Starting test: Replications
* Replications Check
* Replication Latency Check
The replications latency check is not available on this DC.
* Replication Site Latency Check
......................... DRS-343-10B passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DRS-343-10B passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DRS-343-10B passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=drs343,DC=drs
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=drs343,DC=drs
(Configuration,Version 2)
* Security Permissions Check for
DC=drs343,DC=drs
(Domain,Version 2)
......................... DRS-343-10B passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... DRS-343-10B passed test NetLogons
Starting test: Advertising
The DC DRS-343-10B is advertising itself as a DC and having a DS.
The DC DRS-343-10B is advertising as an LDAP server
The DC DRS-343-10B is advertising as having a writeable directory
The DC DRS-343-10B is advertising as a Key Distribution Center
The DC DRS-343-10B is advertising as a time server
The DS DRS-343-10B is advertising as a GC.
......................... DRS-343-10B passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
Role Domain Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
Role PDC Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
Role Rid Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
......................... DRS-343-10B passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3601 to 1073741823
* drs-343-10a.drs343.drs is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1601 to 2100
* rIDNextRID: 1611
* rIDPreviousAllocationPool is 1601 to 2100
......................... DRS-343-10B passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/drs-343-10b.drs343.drs/drs343.drs
* SPN found :LDAP/drs-343-10b.drs343.drs
* SPN found :LDAP/DRS-343-10B
* SPN found :LDAP/drs-343-10b.drs343.drs/DRS343
* SPN found
:LDAP/9261c24e-6c89-427d-b152-78381398cde1._msdcs.drs343.drs
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/9261c24e-6c89-427d-b152-78381398cde1/drs343.drs
* SPN found :HOST/drs-343-10b.drs343.drs/drs343.drs
* SPN found :HOST/drs-343-10b.drs343.drs
* SPN found :HOST/DRS-343-10B
* SPN found :HOST/drs-343-10b.drs343.drs/DRS343
* SPN found :GC/drs-343-10b.drs343.drs/drs343.drs
......................... DRS-343-10B passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DRS-343-10B passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... DRS-343-10B passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
DRS-343-10B is in domain DC=drs343,DC=drs
Checking for CN=DRS-343-10B,OU=Domain
Controllers,DC=drs343,DC=drs in domain DC=drs343,DC=drs on 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=DRS-343-10B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
in domain CN=Configuration,DC=drs343,DC=drs on 3 servers
Object is up-to-date on all servers.
......................... DRS-343-10B passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DRS-343-10B passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... DRS-343-10B passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
......................... DRS-343-10B passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... DRS-343-10B passed test systemlog
Starting test: VerifyReplicas
......................... DRS-343-10B passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DRS-343-10B,OU=Domain Controllers,DC=drs343,DC=drs and
backlink on
CN=DRS-343-10B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
are correct.
The system object reference (frsComputerReferenceBL)
CN=DRS-343-10B,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=drs343,DC=drs
and backlink on CN=DRS-343-10B,OU=Domain
Controllers,DC=drs343,DC=drs
are correct.
The system object reference (serverReferenceBL)
CN=DRS-343-10B,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=drs343,DC=drs
and backlink on
CN=NTDS
Settings,CN=DRS-343-10B,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
are correct.
......................... DRS-343-10B passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... DRS-343-10B passed test
VerifyEnterpriseReferences
Testing server: Default-First-Site-Name\DRS-689-10
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration,DC=drs343,DC=drs
Latency information for 1 entries in the vector were
ignored.
0 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 1 had no latency information (Win2K DC).
CN=Configuration,DC=drs343,DC=drs
Latency information for 1 entries in the vector were
ignored.
0 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 1 had no latency information (Win2K DC).
DC=drs343,DC=drs
Latency information for 1 entries in the vector were
ignored.
0 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating
this nc. 1 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... DRS-689-10 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DRS-689-10 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=drs343,DC=drs.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DRS-689-10 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=drs343,DC=drs
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=drs343,DC=drs
(Configuration,Version 2)
* Security Permissions Check for
DC=drs343,DC=drs
(Domain,Version 2)
......................... DRS-689-10 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... DRS-689-10 passed test NetLogons
Starting test: Advertising
The DC DRS-689-10 is advertising itself as a DC and having a DS.
The DC DRS-689-10 is advertising as an LDAP server
The DC DRS-689-10 is advertising as having a writeable directory
The DC DRS-689-10 is advertising as a Key Distribution Center
The DC DRS-689-10 is advertising as a time server
The DS DRS-689-10 is advertising as a GC.
......................... DRS-689-10 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
Role Domain Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
Role PDC Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
Role Rid Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=DRS-343-10A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
......................... DRS-689-10 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3601 to 1073741823
* drs-343-10a.drs343.drs is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3101 to 3600
* rIDPreviousAllocationPool is 3101 to 3600
* rIDNextRID: 3107
......................... DRS-689-10 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/drs-689-10.drs343.drs/drs343.drs
* SPN found :LDAP/drs-689-10.drs343.drs
* SPN found :LDAP/DRS-689-10
* SPN found :LDAP/drs-689-10.drs343.drs/DRS343
* SPN found
:LDAP/af71a11f-b6e5-4096-839f-d94bd27c1402._msdcs.drs343.drs
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/af71a11f-b6e5-4096-839f-d94bd27c1402/drs343.drs
* SPN found :HOST/drs-689-10.drs343.drs/drs343.drs
* SPN found :HOST/drs-689-10.drs343.drs
* SPN found :HOST/DRS-689-10
* SPN found :HOST/drs-689-10.drs343.drs/DRS343
* SPN found :GC/drs-689-10.drs343.drs/drs343.drs
......................... DRS-689-10 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DRS-689-10 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... DRS-689-10 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
DRS-689-10 is in domain DC=drs343,DC=drs
Checking for CN=DRS-689-10,OU=Domain
Controllers,DC=drs343,DC=drs in domain DC=drs343,DC=drs on 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=DRS-689-10,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
in domain CN=Configuration,DC=drs343,DC=drs on 3 servers
Object is up-to-date on all servers.
......................... DRS-689-10 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DRS-689-10 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... DRS-689-10 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
......................... DRS-689-10 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... DRS-689-10 passed test systemlog
Starting test: VerifyReplicas
......................... DRS-689-10 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DRS-689-10,OU=Domain Controllers,DC=drs343,DC=drs and
backlink on
CN=DRS-689-10,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
are correct.
The system object reference (frsComputerReferenceBL)
CN=DRS-689-10,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=drs343,DC=drs
and backlink on CN=DRS-689-10,OU=Domain
Controllers,DC=drs343,DC=drs
are correct.
The system object reference (serverReferenceBL)
CN=DRS-689-10,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=drs343,DC=drs
and backlink on
CN=NTDS
Settings,CN=DRS-689-10,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=drs343,DC=drs
are correct.
......................... DRS-689-10 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... DRS-689-10 passed test
VerifyEnterpriseReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : drs343
Starting test: CrossRefValidation
......................... drs343 passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... drs343 passed test CheckSDRefDom
Running enterprise tests on : drs343.drs
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside
the scope
provided by the command line arguments provided.
......................... drs343.drs passed test Intersite
Starting test: FsmoCheck
GC Name: \\drs-689-10.drs343.drs
Locator Flags: 0xe00003fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\drs-689-10.drs343.drs
Locator Flags: 0xe00003fc
Preferred Time Server Name: \\drs-689-10.drs343.drs
Locator Flags: 0xe00003fc
KDC Name: \\drs-689-10.drs343.drs
Locator Flags: 0xe00003fc
......................... drs343.drs failed test FsmoCheck Tag: watch actress profile and photo watch actress priyamani photo Tag: 131992
Domain can not be found
I'm having a time of things. Recently a domain controller, the first one in
the domain, died. I was able to successfully remove the controller from
active directory using the Microsoft knowledge base article, but now my
domain can not be found. DCDIAG gives errors when run from the current
domain controller. I've used the registerdns switch of ipconfig, restarted
net logon, and ensured that the old server is not referenced anywhere in DNS.
I've also ensured that all of my clients are using this server as the DNS
server, but still, I can't find the domain. I can successfully ping the
server and all other clients by name, I do not use NetBIOS and I do not use
WINS, and I can use nslookup successfully. Plus, the SYSVOL and NETLOGON
shares are completely gone. I need serious help. The results of a DCDIAG
are below. The site name is HURRICANE, server name is CORUSCANT.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Hurricane\CORUSCANT
Starting test: Connectivity
......................... CORUSCANT passed test Connectivity
Doing primary tests
Testing server: Hurricane\CORUSCANT
Starting test: Replications
......................... CORUSCANT passed test Replications
Starting test: NCSecDesc
......................... CORUSCANT passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\CORUSCANT\netlogon)
[CORUSCANT] An net use or LsaPolicy operation failed with error
1203, No network provider accepted the given network path..
......................... CORUSCANT failed test NetLogons
Starting test: Advertising
......................... CORUSCANT passed test Advertising
Starting test: KnowsOfRoleHolders
......................... CORUSCANT passed test KnowsOfRoleHolders
Starting test: RidManager
......................... CORUSCANT passed test RidManager
Starting test: MachineAccount
......................... CORUSCANT passed test MachineAccount
Starting test: Services
......................... CORUSCANT passed test Services
Starting test: ObjectsReplicated
......................... CORUSCANT passed test ObjectsReplicated
Starting test: frssysvol
......................... CORUSCANT passed test frssysvol
Starting test: frsevent
......................... CORUSCANT passed test frsevent
Starting test: kccevent
......................... CORUSCANT passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 07/07/2008 10:35:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 07/07/2008 10:35:01
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 07/07/2008 10:35:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 07/07/2008 10:35:03
(Event String could not be retrieved)
......................... CORUSCANT failed test systemlog
Starting test: VerifyReferences
......................... CORUSCANT passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : ccs
Starting test: CrossRefValidation
......................... ccs passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ccs passed test CheckSDRefDom
Running enterprise tests on : ccs.local
Starting test: Intersite
......................... ccs.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... ccs.local failed test FsmoCheck Tag: watch actress profile and photo watch actress priyamani photo Tag: 131988
Cached Credentials stop working all of a sudden
Hello,
we have a Domain built on a mixture of 2003- and 2000-based domain
controllers. We have lots of people who are on the road regularly using
notebooks. Some people only log on to the domain once every half a year. When
they are on the road they log on using cached credentials. They do not have
local admin permissions and we do not allow them to use a local user account
(this has been dictated by company management).
About once every 2 months we have a case where some laptop user all of a
sudden cannot use his cached credentials anymore. The system shows a message,
that the domain cannot be contacted and that's it. This hits different people
on different laptops without any warning. It has actually happened to myself
when I was on a one-week-vacation.
If we connect the laptop to the network and have the person log on
"properly" the problem goes away and cached credentials work. Some people
have RAS permissions and we have been able to "solve" the problem by having
them log on using RAS.
We do not have a GP defining the use of cached credentials so the default of
the last 10 logons is in place. We do not tamper with the cahced logons in
the registry either. There is no password expiration policy in place.
Does anybody have an idea? It's a real pain having to tell someone that he
has to mail his notebook back to HQ half way around the world so that we can
log him on.
Any help or hint would be greatly appreciated!
Thanks!
HarryH Tag: watch actress profile and photo watch actress priyamani photo Tag: 131981
Task Scheduler keeps losing passwords
Hello,
I started having problems with scheduled tasks last weekend. For some reason
the Task Scheduler keeps losing the used accounts passwords. The problem is
with atleast two of the servers in the domain. The other is Windows 2000 and
the other 2003.
I don't know if someone has made any changes to GPO. But when I asked about
it I got no replies.
Any idea what could be causing this? Tag: watch actress profile and photo watch actress priyamani photo Tag: 131978
adam withou sp1
hi all,
I need to know if i can download a msi to install ADAM without SP1.
Our cx need to creat a replica between two servers and one of servers has
ADAM without SP1 and the other one with SP1. Cx need to have both servers
without SP1.
What option is better? both with SP1 or Without? it's possible creat the
replica with different versions?
Thanks.
Joan Tag: watch actress profile and photo watch actress priyamani photo Tag: 131976
Pre-Authentication Failure
I have a new exchange 2007 server on 2008 and I am seeing these errors every
minute on my 2003r2 DC. It says it's not a problem but every minute seems
like a problem.
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 7/6/2008
Time: 10:16:06 PM
User: NT AUTHORITY\SYSTEM
Computer: FILESERVER
Description:
Pre-authentication failed:
User Name: EXC$
User ID: DOMAIN\EXC$
Service Name: krbtgt/DOMAIN.LOCAL
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 10.1.1.1
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp. Tag: watch actress profile and photo watch actress priyamani photo Tag: 131974
Rado Sintra Ladies Watch R13618711, Best Luxury Watch -
Rado Sintra Ladies Watch R13618711, Best Luxury Watch - www.luxury-gift.org
Luxury Gift : http://www.luxury-gift.org
Rado Watches : http://www.luxury-gift.org//rado-watches.html
Rado Sintra Ladies Watch R13618711 Link :
http://www.luxury-gift.org/Watches/rado-watch-2210.html
Rado Sintra Ladies Watch R13618711 Information :
Brand : Rado Watches
Series : Rado Sintra
Code : Rado-Sintra-Ladies-Watch-R13618711
Gender : Ladies
Case Material : Black Ceramic and 18kt White Gold
Dial Color : Black With 4 Diamonds
Bracelet Strap : Black Ceramic and 18kt White Gold
Movement : Quartz
Clasp Type : Hidden Deployment
Bezel : Diamond
Crystal : Scratch Resistant Sapphire
Case Back :
Case Diameter :
Case Thickness :
Water Resistant : 30m/100ft
Black ceramic and 18kt white gold case and bracelet. Black dial with 4
diamond hour markers. Diamond bezel. Scratch resistant sapphire
crystal. Hidden deployment clasp. Case size 21mm x 18mm. Quartz
movement. Water resistant at 30 meters (100 feet). <br><br><b> </
b><br> <table width="100%" border="0"><tr valign="top"><td width="119"
nowrap bgcolor="#EFEFF1"><font color="#000066" size="2" face="Arial,
Helvetica, sans-serif"><b>Brand</b></font></td><td width="641"
bgcolor="#EFEFF1"> <font color="#000000" size="2" face="Arial,
Helvetica, sans-serif"> Rado</font></td></tr><tr valign="top"><td
nowrap bgcolor="#EFEFF1"><font color="#000066" size="2" face="Arial,
Helvetica, sans-serif"><b>Series</b></font></td><td
bgcolor="#EFEFF1"><font color="#000000" size="2" face="Arial,
Helvetica, sans-serif"> Rado Sintra</font></td></tr><tr
valign="top"><td nowrap bgcolor="#EFEFF1"><font color="#000066"
size="2" face="Arial, Helvetica, sans-serif"><b>Gender</b></font></
td><td bgcolor="#EFEFF1"><font color="#000000" size="2" face="Arial,
Helvetica, sans-serif"> Ladies</font></td></tr><tr valign="top"><td
nowrap bgcolor="#EFEFF1"><font color="#000066" size="2"
face="Arial,Helvetica,sans-serif"><b>Case Material<br></b></font></
td><td bgcolor="#EFEFF1"><font color="#000000" size="2" face="Arial,
Helvetica, sans-serif"> Black Ceramic and 18kt White Gold</font></td></
tr><tr valign="top"><td nowrap bgcolor="#EFEFF1"><font color="#000066"
size="2" face="Arial, Helvetica, sans-serif"><b>Dial Color</b></font></
td><td bgcolor="#EFEFF1"><font color="#000000" size="2" face="Arial,
Helvetica, sans-serif"> Black With 4 Diamonds</font></td></tr><tr
valign="top"><td nowrap bgcolor="#EFEFF1"><font color="#000066"
size="2" face="Arial, Helvetica, sans-serif"><b>Bezel</b></font></
td><td bgcolor="#EFEFF1"><font color="#000000" size="2" face="Arial,
Helvetica, sans-serif"> Diamond</font></td></tr><tr valign="top"><td
nowrap bgcolor="#EFEFF1"><font color="#000066" size="2" face="Arial,
Helvetica, sans-serif"><b>Movement</b></font></td><td
bgcolor="#EFEFF1"><font color="#000000" size="2" face="Arial,
Helvetica, sans-serif"> Quartz</font></td></tr><tr valign="top"><td
nowrap bgcolor="#EFEFF1"><font color="#000066" size="2" face="Arial,
Helvetica, sans-serif"><b>Clasp</b></font></td><td
bgcolor="#EFEFF1"><font color="#000000" size="2" face="Arial,
Helvetica, sans-serif"> Hidden Deployment</font></td></tr><tr
valign="top"><td nowrap bgcolor="#EFEFF1"><font color="#000066"
size="2" face="Arial, Helvetica, sans-serif"><b>Bracelet</b></font></
td><td bgcolor="#EFEFF1"><font color="#000000" size="2" face="Arial,
Helvetica, sans-serif"> Black Ceramic and 18kt White Gold</font></td></
tr><tr valign="top"><td nowrap bgcolor="#EFEFF1"><font color="#000066"
size="2" face="Arial, Helvetica, sans-serif"><b>Water Resistant</b></
font></td><td bgcolor="#EFEFF1"><font color="#000000" size="2"
face="Arial, Helvetica, sans-serif"> 30m/100ft</font></td></tr><tr
valign="top"><td nowrap bgcolor="#EFEFF1"><font color="#000066"
size="2" face="Arial, Helvetica, sans-serif"><b>Crystal</b></font></
td><td bgcolor="#EFEFF1"><font color="#000000" size="2" face="Arial,
Helvetica, sans-serif"> Scratch Resistant Sapphire</font></td></tr><tr
valign="top"><td nowrap bgcolor="#EFEFF1"><font color="#000066"
size="2" face="Arial, Helvetica, sans-serif"><b>Warranty</b></font></
td><td bgcolor="#EFEFF1"><font color="#000000" size="2" face="Arial,
Helvetica, sans-serif"> 2 Year Jomashop.com Warranty</font></td></tr></
tr></table><br><br>Rado watches are well-known for the highly scratch-
resistant materials used in their watch collections. Instead of the
easy-tarnished, conventional materials used in other luxury watch
brands (such as steel and gold); Rado uses unique materials such as
high-tech ceramics, hardmetal, platinum, diamonds, and lanthanum in
their watches for superior longevity. Rado watches truly combines
exquisite form with function, as the movement accuracy embedded within
the watch internally complements its durable exterior. Jomashop.com is
proud to offer an extensive line of discounted Rado watches: Rado
Integral watches, Rado Ceramica watches, Rado Sintra watches, Rado
Couple watches, Rado Ovation watches, Rado Anatom watches, Rado Cerix
watches, and other Rado watch series are available
Rado Sintra Ladies Watch R13618711 Link :
http://www.luxury-gift.org/Watches/rado-watch-2210.html Tag: watch actress profile and photo watch actress priyamani photo Tag: 131964