Using Active Directory (without any admin account) for checking if
Hello,
I'm programming in VS2003-ASP.NET 1.1. My web app is running on a
Windows Server 2003.
The user has to login into the web app using its account and password
of the Active Directory (AD).
I have this problem: How can I check if a domain account, that tries
to login, has been disabled or password has expired?
I use the System.DirectoryServices.DirectoryEntry class, but for
security reasons we don't want to user any admin user account to get
information of the account trying to login.
Say that account "jdoe" has been disabled, or its password has expired
in AD. If user tries to login, the web app should show some message
about acount disabled or password expired.
My code:
Dim Domain As String = "DOMAINXXX"
Dim sUserName="jdoe": Dim sPassword="jdoe_password"
Dim myEntry As System.DirectoryServices.DirectoryEntry =
New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain,
sUserName, sPassword,
System.DirectoryServices.AuthenticationTypes.Secure)
myEntry.Username = sUserName
myEntry.Password = sPassword
Dim mySearcher As
System.DirectoryServices.DirectorySearcher = New
System.DirectoryServices.DirectorySearcher(myEntry)
Dim myResult As System.DirectoryServices.SearchResult
mySearcher.Filter = "(&(objectCategory=person)
(objectClass=user)(userPrincipalName=" & UserName & "*))"
myResult = mySearcher.FindOne
Dim x as String = myResult.Properties("sAMAccountName")(0) ''<-- it
gets 'jdoe'
Dim y as String = myResult.Properties("userAccountControl")(0) ''<--
it gets Nothing
If I'd get 514 or 512 from myResult.Properties("userAccountControl")
(0), then it would be able to determine if account has expired or not.
But it gets Nothing
However, if myEntry.Username = "any_admin_account" then it works !
I had put this question on the ASP.NET zone, but I've been told that
the reasons I get Nothing from
myResult.Properties("userAccountControl")(0), could be because of
settings on the domain or the AD.
Sorry if I have put my question in the wrong area, but maybe you guys
could help me with some advices.
Many Thanks Tag: fun with indian sex moves downloadfree Tag: 134508
Any effect on Windows 2003 envir.?
Hi all,
I want to introduce one windows 2008 member server to windows 2003 envir.
with Windows 2003 DCs. Will it affect my schema or windows 2003 DCs?
thank you. Tag: fun with indian sex moves downloadfree Tag: 134464
workstations & server times
Hi all,
Is it possible to configure all member workstations & servers in our domain
to sync their date/time with a central server? We have 2 DCs and either one
would be OK We also have an ISA server on our network. So would we have to
open up any firewall permissions?
Any articles on how to do this would be greatly appreciated.
TIA! Tag: fun with indian sex moves downloadfree Tag: 134457
Group Policy - Maximum Password Age
OK, this is weird.... In Group Policy we have the Default Domain set
to Disabled. However, even though it is set to Disabled it does have
settings in it from when it use to be Enabled. One of the settings is
that the Maximum Password Age is set to 90 Days. Ok, now in the Group
Policy we have set and enabled on the OU for where my user's and
computers reside we have the Maximum Password Age set to 45 Days. Now
this is where it gets weird... even though everything I look at (GP
Modeling, GP Results, etc) says that the Maximum Password Age is set
to 45 Days, it appears that the passwords do not expire until they
reach 90 Days?
Any Ideas on this? Tag: fun with indian sex moves downloadfree Tag: 134436
Create a site over WAN link
I'm working on diagraming out a new AD site design for our single domain
network. We have 3 physical locations.
1. Data center facility with all servers (file, app, web, AD and Exchange)
2. Main campus (about 1000 users), currently no servers
3. Satellite office (about 100 users), currently no servers
WAN connection between Data Center and Main campus is 100Mbit. Should AD
sites represent physical locations, or if there is a high speed highly
available WAN link, can a site encompass more than one physical location. I'm
looking for best practice design geared toward high availability in the event
of connectivity disruption.
Currently I have two sites defined. One for the Data Center and main campus
and one for the satellite office. I've placed one ADDC at the Data center and
one at the main campus. Both are GC's with AD integrated DNS. Exchange will
be hosted at the data center. I also have a ADDC that is a GC with integrated
DNS at the satellite office. This office will also have a high bandwidth
highly available WAN link, but not as fast as the one between the DC and the
main campus.
Any suggestions on this approach would be greatly appreciated. Thank you. Tag: fun with indian sex moves downloadfree Tag: 134435
Query Based Distribution Group
We are looking at implementing QDQ in our environment. We have about 13,000
users. We first one we want to create is for everyone that has an Exchange
mailbox.
I have done some research to find out what the requirements and
recommendations are and found out that our DCs will be able to handle the
load. They have enough processing and memory capacity.
What I am curious about that I have not been able to find, but think I
remember from something is the results size of each QDG. Is there a
recommended limit on the number of results that a single QDG should return.
For our example of creating a goup to list everyone with a mailbox, we
initially thought we would create a univeral group and nest the QDG in that.
We would create one QDG for each mailbox server. Each Mailbox server has
about 3000 mailboxes. I do not know if that is too large for one QDG.
Should we break each server down to the database level where it would only
return ~200 results and nest those into a server based group?
Any advice, hints, articles and knowledge would be wonderful.
Thank you.
Pete Tag: fun with indian sex moves downloadfree Tag: 134377
What backups for DC and DNS etc?
Hi,
I'm in the process of reviewing our backup procedures for our Active
Directory and DNS (and DHCP).
(My setup is as follows):
Domain A - root forest - 4 domain controllers over 3 sites. (2 at the main
and these hold most roles).
The main server in each site is a GC, DHCP and DNS.
I was thinking i would back up the system state of one main DC in each site?
IS this enough or should i backup ALL?
Is System State enough to be backing up? Does this include everything?
If a DC goes down we do not mind so long as we have others - i am confortble
with seizing roles and demoting and promoting and tidying up AD etc. However
i want to protect against worse case scenario.
It is important for AD to be backed up, DHCP and DNS.
I believe we use some corperate Symantec product so imagine it able to do
most things so long as i know what to back up....
Thanks. Tag: fun with indian sex moves downloadfree Tag: 134343
Servers in Sites & Services
We have a 2003 AD. In Sites & Services, under Default First Site Name we
have 4 servers. 2 of them are the DCs with DNS. The other 2 are just
member servers. These 2 might have been DCs at one time. Should these be
removed?
--
Thanks! Tag: fun with indian sex moves downloadfree Tag: 134342
Forest functional upgrade not possible
Iâ??m having trouble upgrading the forest functional level in a test
environment, and am wondering if any light can be on the issue.
(Sorry, for the length of this initial post, but I thought it best to
include as much as possible).
When attempting to raise the forest functionality to Windows 2003 (logged in
to holder of all root FSMOs with Enterprise admin account) I receive the
followign error;
â??The forest functional level could not be be raised. This may be due to
replication latency. Please wait about 30 minutes and try again.â??
I first got this error two weeks ago, so replication latency can be ruled
out (replication health checked numerous times during this period).
More specifically if I raise the NTDS service logging level to 5 for 9
(Internal Processing), 8 (Directory access) and 16 (LDAP interface events) I
get three events logged when I try to raise forest functional level; 1535,
1175 and 1481.
The detail of these events are;
Source: NTDS General
Category: Internal Processing
Event ID: 1481
Description:
Internal error: The operation on the object failed.
Additional data: Error value: 5 00002179: SvcErr: DSID-030F12D4, problem
5003 (WILL_NOT_PERFORM), data 0
Source: NTDS General
Category: Directory Access
Event ID: 1175
Description:
Internal event: A privileged operation (rights required = 0x) on object
CN=Partitions,CN=Configuration,<FOREST ROOT> failed because a non-security
related error occurred.
Source: NTDS LDAP
Catoegry: LDAP Interface
Event ID: 1535
Internal event: The LDAP server returned an error 00002179: SvcErr: DSID,
030F12D4, problem 5003 (WILL_NOT_PERFORM), data 0
Error 2179 is ERROR_DS_NO_BEHAVIOR_VERSION_IN_MIXEDDOMAIN, which indicates
that one or more domains are still in mixed mode. However this is not the
case. The test domain has a placeholder root domain (single DC) and a
production domain (three DCs), both of which are at Windows 2003 level, and
this value (domainFunctionality=2) is consistent across all DCs).
This test environment Iâ??ve been asked to use, has unfortunately not been
maintained properly. When I got to it I found that it even had a â??deadâ??
domain referenced (another one below the placeholder root). I tidied this up
using NTDSUTIL, including removign the domain and the domainDNSzones
partition, and can no longer find any reference to it in the configuration
container, or as a trust in other domains, but I canâ??t help feeling that some
residue of this domain is causing the issue.
The following steps have been taken as troubleshooting steps;
â?¢ Replication confirmed as healthy. (repadmin /replsum)
â?¢ Domain controllers confirmed as healthy (dcdiag /c/v/d,
/test:verifyenterprisereferences)
â?¢ Netdiag /v on all DCs
â?¢ Only expected partitions in cn=partitions,cn=configuration,<FOREST ROOT>
â?¢ No references to failed domain in Configuration partition (dumped using
ldif and scanned)
â?¢ All DCs are now at sp2 (were at sp1 before)
â?¢ 2 * DomainDNSZones deleted and recreated
â?¢ No obsolete computer objects in Sites and Services
â?¢ No obsolete _msdcs references, or reference to â??deadâ?? domain
â?¢ Schema and Enterprise admins are universal groups
â?¢ Forest prep logs (for 2K3 update) are still available and donâ??t report any
error
â?¢ No unexpected computers think theyâ??re DCs (userAccountControl 8192)
â?¢ Lost and found objects deleted
â?¢ CNF objects deleted
â?¢ Lingering objects cleared down (there were a lot of these on the root DC
in the child partition)
â?¢ FSMO roles are reporting correctly (netdom query fsmo) when checked from
each DC. These are as per appropriate fsmoRoleOwner attributes.
â?¢ Enterprise Admins and Enterprise Domain Controllers seem to have
appropriate rights (compared with other environments) to the partitions (at
root of partitions, and in CN=Partitions container), and the Partitions
container in Configuration partition.
â?¢ Thirteen attributes are added to the global catalog as part of the forest
functional update. To rule this out I manually added the attributes to the
PAS with the Schema GUI.
â?¢ ntmixedDomain value on all DCs=0.
â?¢ No obsolete security descriptors on CN=Partitions or itâ??s content partitions
â?¢ INITSYNC has been set to be skipped (Repl Perform Initial Synchronizations
= 0)
â?¢ â??Everyoneâ?? has Access this computer from the network right
â?¢ userAccountcontrol for all DCs is 532480
Two other errors have also been received, but havenâ??t helped me so far.
Whenever a DC is rebooted the following error is received;
Source: NTDS
Category: Internal Processing
Event ID: 1481
Description:
Internal error: The operation on object failed.
Additional data
Error value
2 000020EF: NameErr: DSID-032500F4, problem 2001 (NO_OBJECT), data -1603,
best match of: â??â??
20EF = ERROR_DS_UNKNOWN_ERROR
======
I tried using ADMOD to â??manuallyâ?? update the msDS-Behaviour-Version value
(recommended in a post elsewhere by Joe Richards), and got the following
error;
DN Count: 1
Using server: <ROOTDC>.<FOREST ROOT>:389
Directory: Windows Server 2003
Modifying specified objects...
DN: CN=Partitions,CN=Configuration,<FOREST ROOT>...
Extended Error: 00000057: LdapErr: DSID-0C090A85, comment: Error in
attribute conversion operation, data 0, vece
ERROR: Too many errors encountered, terminating...
The command did not complete successfully
x57= LDAP_FILTER_ERROR
I couldnâ??t get any further with these errors.
Thanks in advance for any help.
Regards
Gordon Tag: fun with indian sex moves downloadfree Tag: 134338
RENDOM or ADMT
Hi
I have inheritted a poorly named single level domain and am looking to
either rename it or to migrate the business to a new domain and suitable
domain name.
Currently the domain is named in the format domain.domain.company.com and
really only needs to be company.com
We have around 150 users but they only use AD for authentication as we have
linux based DNS (to be replaced by A integrated shortly) and linux file&print
servers.
1> I am after opinion as to whether to rename the domain or migrate to a new
AD domain on a new box.
2> I understand by doing this I can also migrate local profiles so end users
won't see the change, is this correct?
3> Do I install AD integrated DNS before i start either process?
I can answer any questions if I am not clear enough
Cheers
Andy Tag: fun with indian sex moves downloadfree Tag: 134336
Security analysis
We have one-place branch office and we'd like to create security analysis of
our services, checking procedures and make new procedures and rules.
As first step we'll run Microsoft Best Practices Analyzers (for Exchange,
GPO, SharePoint, SystemStateAnalyzer, ...) and follow Microsoft
Instrastructure Optimization to identify our currently position in IT
software and hardware world.
Can you please advice any other SW / procedure to follow formal
procedure...?
p.s. sorry for crosspoting
Thnx. Tag: fun with indian sex moves downloadfree Tag: 134334
admin pack vista & terminal profile tab
Installed Windows Server 2003 SP1 Administration Tools Pack on Windows Vista.
In Active Directory Users and Computers when you pull up the properties of a
user account the Terminal Services Profile tab is missing. This is not just
the case on my installation. The Terminal Services Extension in MMC is
missing. How do we make this available? Tag: fun with indian sex moves downloadfree Tag: 134325
DCDIAG Error
Sometimes Exchange 2007 had problem connecting to the DC (cannot find DC) I
then started to run a dcdiag and got some DNS errors which I think I fixed.
Now when I run a DCdiag it passes all the test without one of which I have
attached the log from DCDIAG below. I have no idea what that could be.
Could anyone please point me to the right direction. I really would
appreciate.
Thanks in advance.
Starting test: frsevent
......................... SCTDC passed test frsevent
Starting test: kccevent
An Error Event occured. EventID: 0x0000025C
Time Generated: 08/18/2008 11:03:20
Event String: NTDS (476) NTDSA: Locale ID 0x0000041e (Thai
......................... SCTDC failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 08/18/2008 11:02:39
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 08/18/2008 11:02:39
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 08/18/2008 11:02:39
(Event String could not be retrieved)
......................... SCTDC failed test systemlog Tag: fun with indian sex moves downloadfree Tag: 134317
Minimum security settings of computer accounts for allowing domain user account to join domain
Hi ALL,
I'd like to configure the security settings for the computer accounts that
only allow domain user to join domain (nothing else, including changing
computer account name,etc.). I tried to create a dummy computer account
using (Active Directory Users and Computers -> New Computer Wizard) and
specified a domain user account in the "The following user or group can join
this computer to a domain". The domain account can join domain but also can
modify the computer name (Simply change the computer name in the Windows
client, the computer account will be modified after reboot). Do anyone know
what is the minimum security settings of the computer account object so that
the domain account can only have join domain privilege, no others,
especially change the computer account name?
TIA
M C Tag: fun with indian sex moves downloadfree Tag: 134315
Problem After Creating Home Folder with vbs script
Hello,
I have a script that creates users, assigns them to security groups
and creates and sets a home folder. Here is an excerpt:
'Create home folder
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFSO.CreateFolder("\\terra\home\2010\" &
strSAMAccountName)
'Set permissions
Set oShell = wscript.CreateObject("Wscript.Shell")
oShell.Run "%COMSPEC% /c Echo Y| cacls \\terra\home\2010\"&
strSAMAccountName & " /t /e /g Administrators:F "& strSAMAccountName &
":C /R Students", 2, True
'Set home directory and home drive
objNewUser.Put "homeDirectory", "\\terra\home\2010\" &
strSAMAccountName
objNewUser.SetInfo
objNewUser.Put "homeDrive", "H"
objNewUser.SetInfo
At the end of the script, everything looks good. Permissions are set
properly.
However, on first logon, the folder does not map in the login script.
When the user tries to get to their home folder manually, xp throws a
message about access to the resource being disallowed.
I can fix it by going into AD Users and Computers, setting the home
folder to local, applying it and then setting the home folder back to
where it is supposed to be. (I'd rather not do this for the 100 plus
students and users that we get at the beginning of each year.
Thanks for your ideas.
Steve Ediger
Any ideas? Tag: fun with indian sex moves downloadfree Tag: 134311
Useracc dissapeared resulted in a disconneted mailbox
Hi all
Environment:
Windows 2003 SP2 AD (No SBS2003), Exchange 2003 SP2, Win XP Clients w SP2
Problem:
An AD useraccount dissapeared, no information about HOW, resulted in a lost
account and a disconnected mailbox.
Solution:
Recover the exchange db to e RSG and recover the mailbox, accociated It to a
new created user and reconnected it.
Q:
(I need to now what may have resulted in a deleted account when no admin
with rights and knowledges has been logged on to the one Exchange server
with Exchange tools, and not ot a server with ADUC tool.)
1.) Has anyone any knowledge of bugs, issues, faulty third party apps that
might cause this scenario of the deleted usser account?
2.) Most important, How can I, afterwards, search how this might have
happened with the deleted/removed user account (where, how, what tools
etc.)?
I need to find out if the account was deleted by a user and If so, who.
Secondly, If not a user, what and why. Pls, any help would be highly
appreciated.
In this thread, suggestions of improvements are not wanted at the moment (I
know that my enviroment Is poorly set up and not properly configured, will
create other threads for that).
TIA
Henrik (Hear), MCP-SBS Tag: fun with indian sex moves downloadfree Tag: 134308
2003 Server Internet DNS configuration
I have 26 web sites hosted on my own web server that are public to the
internet. I have 2 servers, NS1 and NS2. NS2 runs Apache web server. I
would like to know if it is necessary for the domain DNS (ns2.company.net)
entry to be Active Directory-Integrated. All the rest are simply primary
and secondary. Tag: fun with indian sex moves downloadfree Tag: 134297
Folder redirection - client's profiles on multiple pcs
We're looking at implementing folder redirection in an already
well-established client estate.
The implementation guidelines are always drawn up with the assumption of a
greenfield site, or a relatively uncomplicated one-machine-per-user setup.
The issue we have is where the same user might log on to several machines,
and may have files scattered across these. Certainly we may have the case
where exchange has invited the user to autoarchive their email onto the local
hard disk, and so they will have two or more machines where a user has an
"archive.pst" sitting.
How does folder redirection work for a user, where their folder has already
been redirected from one machine?
Does it look for and use the redirected folder if it exists, regardless of
the local profiles? Can they get to any files on the local machine?
Thanks for your help! Tag: fun with indian sex moves downloadfree Tag: 134295
email address as login name
I want to grant external users access to resources in our domain. Is it
possible to register these users with their usernames being their own custom
email addresses? How is Microsoft doing it with their passport authentication? Tag: fun with indian sex moves downloadfree Tag: 134293
KCC error
This is a multi-part message in MIME format.
------=_NextPart_000_0015_01C90079.ECDE3C40
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I'm configuring a additional Domain Controller, however some error =
appear.
The environment:
UK Network and have a VPN connection to HK
The dcpromo process is complete without any error and the DC is appear =
at the "Active Directoty Users and Computers" Snap-ins. The erro appear =
at the Event Viewer
The attempt to establish a replication link for the following writable =
directory partition failed.=20
=20
Directory partition:=20
CN=3DConfiguration,DC=3Dkcacad,DC=3Dco,DC=3Duk=20
Source domain controller:=20
CN=3DNTDS =
Settings,CN=3DLONDONFILE,CN=3DServers,CN=3DKCALONDON,CN=3DSites,CN=3DConf=
iguration,DC=3Dkcacad,DC=3Dco,DC=3Duk=20
Source domain controller address:=20
43126dc7-4083-4e14-9a77-eade6892a697._msdcs.kcacad.co.uk=20
Intersite transport (if any):=20
CN=3DIP,CN=3DInter-Site =
Transports,CN=3DSites,CN=3DConfiguration,DC=3Dkcacad,DC=3Dco,DC=3Duk=20
=20
This domain controller will be unable to replicate with the source =
domain controller until this problem is corrected. =20
=20
User Action=20
Verify if the source domain controller is accessible or network=20
and
Event Type: Information
Event Source: NTDS Replication
Event Category: Replication=20
Event ID: 1557
Date: 8/17/2008
Time: 2:43:02 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: KCAHKFS
Description:
The local domain controller has not completed a full synchronization of =
the following directory partition. The local domain controller will not =
be advertised to clients by the domain controller locator service until =
this task is completed.=20
=20
Directory partition:
DC=3Dkcacad,DC=3Dco,DC=3Duk=20
=20
An attempt to complete a full synchronization of this directory =
partition will be tried again later.
For more information, see Help and Support Center at =
http://go.microsoft.com/fwlink/events.asp.
It seems something wrong to synchronize the domain informations. Is any =
one have ideas about this?
------=_NextPart_000_0015_01C90079.ECDE3C40
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.6000.16705" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2>I'm configuring a additional Domain =
Controller,=20
however some error appear.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>The environment:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>UK Network and have a VPN connection to =
HK</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>The dcpromo process is complete without =
any error=20
and the DC is appear at the "Active Directoty Users and Computers" =
Snap-ins. The=20
erro appear at the Event Viewer</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><STRONG><FONT color=3D#ff0000>The =
attempt to=20
establish a replication link for the following writable directory =
partition=20
failed. <BR> <BR>Directory partition:=20
<BR>CN=3DConfiguration,DC=3Dkcacad,DC=3Dco,DC=3Duk <BR>Source domain =
controller:=20
<BR>CN=3DNTDS=20
Settings,CN=3DLONDONFILE,CN=3DServers,CN=3DKCALONDON,CN=3DSites,CN=3DConf=
iguration,DC=3Dkcacad,DC=3Dco,DC=3Duk=20
<BR>Source domain controller address:=20
<BR>43126dc7-4083-4e14-9a77-eade6892a697._msdcs.kcacad.co.uk =
<BR>Intersite=20
transport (if any): <BR>CN=3DIP,CN=3DInter-Site=20
Transports,CN=3DSites,CN=3DConfiguration,DC=3Dkcacad,DC=3Dco,DC=3Duk =
<BR> <BR>This=20
domain controller will be unable to replicate with the source domain =
controller=20
until this problem is corrected. <BR> <BR>User Action =
<BR>Verify if=20
the source domain controller is accessible or network</FONT></STRONG>=20
</FONT></DIV>
<DIV><STRONG><FONT face=3DArial color=3D#ff0000 =
size=3D2></FONT></STRONG> </DIV>
<DIV><STRONG><FONT face=3DArial size=3D2>and</FONT></STRONG></DIV>
<DIV><STRONG><FONT face=3DArial color=3D#ff0000 =
size=3D2></FONT></STRONG> </DIV>
<DIV><FONT face=3DArial color=3D#ff0000 size=3D2><STRONG>Event=20
Type: Information<BR>Event Source: NTDS Replication<BR>Event=20
Category: Replication <BR>Event=20
ID: 1557<BR>Date: 8/17/2008<BR>Time: 2:43:02=20
PM<BR>User: NT AUTHORITY\ANONYMOUS=20
LOGON<BR>Computer: KCAHKFS<BR>Description:<BR>The local domain =
controller=20
has not completed a full synchronization of the following directory =
partition.=20
The local domain controller will not be advertised to clients by the =
domain=20
controller locator service until this task is completed. =
<BR> <BR>Directory=20
partition:<BR>DC=3Dkcacad,DC=3Dco,DC=3Duk <BR> <BR>An attempt to =
complete a full=20
synchronization of this directory partition will be tried again=20
later.</STRONG></FONT></DIV>
<DIV><FONT color=3D#ff0000><STRONG></STRONG></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><FONT color=3D#ff0000><STRONG>For more =
information,=20
see Help and Support Center at </STRONG></FONT><A=20
href=3D"http://go.microsoft.com/fwlink/events.asp"><FONT=20
color=3D#ff0000><STRONG>http://go.microsoft.com/fwlink/events.asp</STRONG=
></FONT></A><FONT=20
color=3D#ff0000><STRONG>.<BR></STRONG></FONT></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><FONT color=3D#ff0000><FONT =
color=3D#000000>It seems=20
something wrong to synchronize the domain informations. Is any one have =
ideas=20
about this?</FONT></FONT></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><FONT color=3D#ff0000><FONT=20
color=3D#000000></FONT></FONT></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><FONT=20
color=3D#ff0000> </DIV></FONT></FONT></BODY></HTML>
------=_NextPart_000_0015_01C90079.ECDE3C40-- Tag: fun with indian sex moves downloadfree Tag: 134292
Suddenly DHCP server service can't start
I'm getting the following errors:
Event ID 1008
The DHCP service failed to start as a RPC server. The following error
occurred :
Not enough resources are available to complete this operation.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event ID 1008
The DHCP service is shutting down due to the following error:
Not enough resources are available to complete this operation.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Anyone has a clue???
Thanks Tag: fun with indian sex moves downloadfree Tag: 134289
promot 2003 sp2 to dc
We have a 2003 DC and we want to promote a 2003 sp2 server to a dc. A
message came up that we need to run adprep. would we take the adprep.exe
from the sp2 server and run that on the 2003 dc? If we upgrade the 2003
dc to sp2 does it negate the need to run adprep?
many thanks
Ali Tag: fun with indian sex moves downloadfree Tag: 134275
adprep
Hi
I need to run adprep to allow a DC promotion. When can I find a whitepaper
detailing what adprep does and available options etc...
Regards
Craig Tag: fun with indian sex moves downloadfree Tag: 134271
ADAMSync Problem with userProxy and SID?
Dear all,
I want to setup AD to ADAM sync and everything works fine so far. But
during /sync command I get following error:
Processing Entry: Page 1, Frame 1, Entry 10, Count 1, USN 0
Processing source entry <guid=bfbd971e58030f43abcabf91bfa284c9>
Processing in-scope entry bfbd971e58030f43abcabf91bfa284c9.
Adding target object
CN=XXXXXXXXX,OU=USERS,OU=XXXXXXXXXXX,DC=XXXX,DC=XXXX,DC=XXXXX,DC=com.
Adding attributes: sourceobjectguid, sn, c, l, title, description,
postalCode, postOfficeBox, physicalDeliveryOfficeName,
telephoneNumber, givenName, instanceType, displayName, co, department,
company, streetAddress, userAccountControl, codePage, countryCode,
primaryGroupID, objectSid, accountExpires, sAMAccountName,
userPrincipalName, mail, mobile, lastagedchange, objectclass,
Ldap error occured. ldap_add_sW: Unwilling To Perform.
Extended Info: 000020E7: SvcErr: DSID-03152AA9, problem 5003
(WILL_NOT_PERFORM), data 1317
With option /force -1 all OUs and so on are created successfully. Only
user objects will not be created and result in same error above.
It could be something with the objectSID as stated in this link
http://microsoft-programming.hostweb.com/TopicMessages/microsoft.public.metadirectory/2055221/1/Default.aspx
But I've no idea how to resolve this!
As background: The server which is running ADAM is not in the source
domain of this snyc process. It's not in a domain at all.
Thanks for any help in advance!
Marc Tag: fun with indian sex moves downloadfree Tag: 134262
DNS change changes back by itself
I changed a DNS entry on a test domain, and when I ping the machine name from
that server, I get the proper (new) ip address back. When I ping it from
anywhere else, I get the old value (the one I changed it from) back. It
never seem to replicate properly, so I never get the new value when I ping it
from anywhere except the DNS server on which I made the change. After a
while, it changes back to the old entry on the DNS server where I made the
change. Tag: fun with indian sex moves downloadfree Tag: 134258
Limit on AD fields?
Is there a limit on the amount of characters that can be entered in
physicalDeliveryOfficeName ('Office' field)?? We use qwests active roles and
I receive an error when entering more than 128 characters. I do not see any
policies in Active Roles to limit this.
Thanks! Tag: fun with indian sex moves downloadfree Tag: 134250
Security for Active Directory LDAP Utilities
Any articles I can read on how to be able to tighten the ability for "any"
users to query Active Directory and modify it with the command line utilities
and LDAP? How to create groups that only access using this service?
Tina Tag: fun with indian sex moves downloadfree Tag: 134243
Additional Domain Controller requirement.
I have Win2k3 Ent. Edition with SP1 running as Domain Controller holding all
five roles.I have other member server with Win2k3 Standard SP2 running SQL
Server 2005 with CRM server.I want to make this machine ADC of root domain
controller alongwith making it a global catalogue server.
suppose after making this changes successfully, will my exchange server 2003
running on separate machine able to function correctly in case my root domain
controller cease to function correctly.
Furthermore, making a server ADC running SQL Server 2005 and CRM is
recommended or not since i have only this machine to make it ADC? THis
machine is located within same LAN not across another SITE.
regards Tag: fun with indian sex moves downloadfree Tag: 134239
Move users between DL's?
Is it possible, preferably using some tool, to move users from one
distribution list to another? Tag: fun with indian sex moves downloadfree Tag: 134237
replication and smtp address problem
Hi,
When i want to replicate with a dc in my forest i get the error below.
That domain can replicate from my domain, but i cannot replicate from that
domain.
I couldn't solve this problem, has anyone got an idea?
---------------------------
Replicate Now
---------------------------
The following error occurred during the attempt to synchronize naming
context ForestDnsZones.xxx.root from domain controller XXXXXSERVER1 to
domain controller XXXDC1:
The naming context is in the process of being removed or is not replicated
from the specified server.
This operation will not continue.
---------------------------
OK Tag: fun with indian sex moves downloadfree Tag: 134229
Cannot login to domain controller
The problem:
"Windows cannot connect to the domain, either because the domain controller
is down or otherwise unavailable, or because your computer account was not
found. Please try again later. If this message continues to appear, contact
your system administrator for assistance."
For the most part everything is working fine. Occasionally Iâ??ll get the
above message and I can fix it by leaving the domain and joining it again.
Sometimes the problem will come back in a few days, sometimes weeks later. On
other workstations after correcting it once the problem never returns.
I donâ??t see any errors generated in the workstation or domain controller
event logs. The workstation has the correct DNS for the domain controller. It
can ping the DNS controller. It can leave and join the domain with no
problems at all.
The problem seems to happen mostly to laptop users that take their PC away
from the domain for a few days, but itâ??s not isolated to these users. It has
happened to desktop users too.
The server is running Windows Server 2003 R2. Itâ??s connected to another
domain controller via a VPN using Logmein Hamachi. I have another location
with the same configuration with but it does not experience the same
problems.
Any ideas on what can be causing the problem? Tag: fun with indian sex moves downloadfree Tag: 134228
Allowing users to update their own AD user information displayed in GAL?
What is the most recommended tool/solution for allowing users to effectively
update their own Active Directory user information (all informational
fields) that is displayed in the GAL? Thank you.
*note: All 2003 environment (AD, Exchange and Outlook). Tag: fun with indian sex moves downloadfree Tag: 134224
Restrict Administrators and Users from Joining Computers to the Do
We would like to restrict all users and administrators from joining computers
to the domain unless a computer account has already been created or "staged"
in the Active Directory Users and Computers tool.
We have a Windows 2003 domain.
Does anyone know how to do this?
Thank you for any and all comments clues...! Tag: fun with indian sex moves downloadfree Tag: 134217
Local administration and Group Policy
Is there a was to add a new user as a Local Administrators on a PC thru Group
Policy...without removing any current users (also Local Administrators) that
are already on that PC.
I know I can manually add directly on that PC, but curious if there is a way
thru GPO.
Thanks. Tag: fun with indian sex moves downloadfree Tag: 134214
Is there a way to get all the policy configurations for AD
I am trying to find a way to pull all the Active Directory group
policy configurations off a domain controller into some readable/
downloadable format. Anyone have any ideas?
Thanks. Tag: fun with indian sex moves downloadfree Tag: 134210
Security Account Manager Initialization failed.
This is what I'm trying to fix. My win2k3 DC server, keep getting the error
"Security Account Manager Initialization failed because of the following
error: Directory Service cannot start: error status 0xc00002e1. Please.....
Reboot into Directory service restore mode...." I know to the fix this
error I must use safe mode, but When I try to get to safe mode, I get the
error "c:\window\system\Services.exe terminated unexpectedly and Status Code
-1073741819 click ok to reboot" after taking a long time. Sorry if I post
this before.
--
Rich Tag: fun with indian sex moves downloadfree Tag: 134201
Testing PW on a AD user
Without actually loggin in as AD user.. I'd like to test that a
particular AD user still has the password I think it has. Any way to
do this. I have operator rights to AD. I suspect it does not because
some service is saying it can't log in as that user when I type the
password in.
Thanks in advance. Tag: fun with indian sex moves downloadfree Tag: 134197
giving rights
I have more than 10 computers setup on a domain. I need to give staff rights
and give students limited rights so they don't change the functions of the
computers.
I need to also change the way we log on .I want to have staff and student
log on when you can see the drop down button that says "this computer" and
"the domain name". Tag: fun with indian sex moves downloadfree Tag: 134196
User importing issue.
I have an Enterprise Server 2003 that is a member server of Domain.
I need to move local users and passwords from that server to Domain.
Is it possible?
If not, Will I have to use csvde to export the users and them import into ad
using dsadd?
Thankyou in advance!
FM Tag: fun with indian sex moves downloadfree Tag: 134193
remove admin shares on Windows 2003
Can someone advise how to use Group policy to disable admin shares on
Windows 2003?
Thank you very much! Tag: fun with indian sex moves downloadfree Tag: 134186
Netlogon Error Causes RDC to Fail Until After Local Logon?
Hi,
A few months ago I changed the network connection for one of my DCs from its
100 MB NIC to its gigabit NIC. (I was concerned about the slower NIC's
connector having been possibly damaged.)
Since then, any time I reboot this server remotely (security patch
application) I am unable to log back on to it remotely until AFTER I have
gone to the server and logged on locally. All other functionality on the
server and the domain appears to be fine.
I find a single instanced of Event ID 3096 in the System log after each
boot. I have done some research and learned that if the Netlogon service
starts before the NIC is bound (And this appears to be common with gigabit
NICs.) and / or before DNS has started on the server, then this error is
likely to occur.
My understanding is that this error is of no real consequence under these
circumstances and can be ignored safely. Otherwise, I can configure the
system to delay the starting of Netlogon, or I can set the DC to use one of
the other DCs as a secondary DNS server (instead of only having it point at
itself), or switch back to the 100 MB NIC.
Does anyone (besides me) think that my inability to log on via RDP is
related to this issue? Because, if it is, then I'll be more likely to take
steps to correct the issue. The server is in a very inconvenient location for
me to get to, and I'd be happier not having to make the trek to it after each
reboot.
I'd like to make my effort on this count, because I can only reboot that
server once per month (following application of security updates). And my
reboot for this month is already used up.
Thanks for your observations,
LeftFoot Tag: fun with indian sex moves downloadfree Tag: 134185
Beta testing website
Hi All,
This is a bit off-topic but may be of interest to some
people. I have just found a website that looks interesting. It lets
companies register their products for beta testing, and testers
specify what sort of products that they would like to test.
Sort of a beta testing dating service - Membership is free.
It look like it is just starting out, but is a promising concept.
Betatestnow.com
Cheers
Mike Tag: fun with indian sex moves downloadfree Tag: 134183
exception in proxy settings via GPO
Hi,
we have a GPO that specifies proxy server for users domain wide. In the GPO,
bypass proxy for intranet is ticked, but when users browsing an inernal
address such as http://hostname/ it failed. How can I explicitly tell the
GPO to exclude URLs appear as http://hostname/ from using proxy?
thanks for your help n advance Tag: fun with indian sex moves downloadfree Tag: 134175
How to schedule tasks run at specified time via group policy?
Dear Master,
I have one query about using Group Policy to implement the following
situation:
Windows 2003 Active Directory Environement.
I'd like all the clients (windows XP +SP2, windows 2000) to run a bat script
at 12:00 p.m. every Tuesday, this bat file is to cleanup temporary files.
Moreover, if it is also possible, I'd like all the client run the MRT
(Microsoft Malicious Software Removal Tool) tool at 12:00 every Wednesday.
Pls be mentioned as I've checked this tool need administrative right on your
client.
Is that possible to be implemented by Group Policy or other scripts?
Thanks in advance! Tag: fun with indian sex moves downloadfree Tag: 134166
Deleting AD and Domain
I just messed up my first Server 2003 R2 install. Can I remove both Domain
and AD and start over?
--
Thanks,
Notaclue Tag: fun with indian sex moves downloadfree Tag: 134152
What process controls AD replication?
Gurus,
What process controls AD replication? My friend says it's the FRS. I say
the FRS only replicates the contents of NETLOGON and SYSVOL across DCs while
the actual AD replication is initiated and controlled by lsass.exe. Who is
right? Loser buys lunch at an expensive restaurant.
--
Spin Tag: fun with indian sex moves downloadfree Tag: 134142
stop replication between 2 DC's
Hi Friends,
I've been using 2 domain controllers xyz.com and abc.com. abc.com was
migrated from xyz.com as I needed to have more space and hardware
resource. Unfortunately one of my coworker formatted source domain
xyz.com rather to properly depromote it; i've been getting file
replication error as the source DC no longer exists. I tried to stop
replication between xyz and abc DC's, tried deleting the xyz DC from
sites and services MMC. I am getting the error message dsa object
cannot be deleted. I did google surf and was adviced to use ADSI
utility to remove orphaned NTDS settings; I used the utility and I
don't see the options as provided at microst knowledge article "http://
support.microsoft.com/kb/318698". Can someone advice me how to stop
replication between the 2 DC's. Thanks. Tag: fun with indian sex moves downloadfree Tag: 134140
Event ID 11
I'm getting this event log. I do I go about resolving it? Thanks, Sam
EVENT # 3321
EVENT LOG System
EVENT TYPE Error
SOURCE KDC
EVENT ID 11
COMPUTERNAME AD1
TIME 8/13/2008 12:13:33 PM
MESSAGE There are multiple accounts with name
MSSQLSvc/SalesSupport.ncmedical.com:1433 of type DS_SERVICE_PRINCIPAL_NAME. Tag: fun with indian sex moves downloadfree Tag: 134131