|
w32tm /resync /rediscover yields Access is denied
Scenario:
-forest with 1 parent domain and 1 child domain
-parent pdc emulator is pointing to external time servers and is configured
as an authoritative time server via this article:
http://support.microsoft.com/kb/816042
-all of the rest of the parent dc's and child dc's including the child pdc
emulator are pointing to the parent pdc emulator for the following key:
HKEY_LOCAL_MAC...
|
3 |
10/13/2008 9:26:01 AM |
|
|
System Log error on windows 2008
Hi,
I have an intresting issue with security auditing on windows 2008.
The problem is that the DC is logging the following event, instead of
security events.
Event ID: 521
Unable to log events to security log:
Status code: 0xc0000017
Value of CrashOnAuditFail: 0
Number of failed audits: 99
I have tried clearing the log and that didnt help.
As I have read this may have some...
|
3 |
10/12/2008 7:46:40 PM |
|
|
transfer FSMO roles server 2003
I had out server go down so we replaced the HDD's and reloaded server 2003
std and resored the system state.
This brought all my active directory back but also showed all the installed
programs what where loaded to this server, this caused numnerout problems so
we setup a temp server and transfed the FSMO roles to it.
We tested that i worked with out exchange box and a user logged on o...
|
6 |
10/12/2008 7:36:10 PM |
|
|
NT to 2003
For upgrading NT domain to 2003 and not the in place upgrade but the method
where you create a new 2003 domain and migrate the users and computers to the
new 2003 domain:
1) is there a way to revert back to NT domain when things go wrong?
2) what kind of issues can I run into during the upgrade?
3) do the 2003 DCs need to be registered on WINS to do the upgrade? We're
planning to not use...
|
5 |
10/12/2008 3:38:49 AM |
|
|
Domains/subdomains
I've inherited a small active directory where all domain administration has
been done at the subdomain level. For example, my domain looks like this:
companyusa.companyname.com
All nodes are members of companyusa and all work is done there. But I've
begun to wonder if the higher domain name (companyname) is something that
should be accessible to network administrators? Does it make ...
|
6 |
10/12/2008 2:15:00 AM |
|
|
Remote desktop problem on DCs
Crossposting from a Terminal Services Group:
> > Just added a new administrator to the domain admins group. Unlike the rest
> > of us, she can't get a remote desktop on our DCs (although she can on our
> > member servers). When she tries to connect, she gets this error window:
> >
> > "To log on to this remote computer, you must have Terminal Server User
...
|
4 |
10/12/2008 1:57:00 AM |
|
|
Replication fail between W2k & W2k3
Hi Expert,
I have just join an W2k3 as an additional DC (DC2) to current W2k DC
(DC1).
But i find out the replication was fail between 2 DC.
On AD site & services, I did try click on the replica now from DC1 to
DC2, it give me an access denied error. Replica from DC2 to DC1 was
success.
Any reason that why can get access denied as Im not really expert in
doing server migration.
Appre...
|
4 |
10/11/2008 2:29:54 PM |
|
|
Modify User Permissions to Add Printers or change IP
Hello,
The majority of persons on my domain have the standard "user" previlages in
AD. The problem I am having is especially with the laptop users that some of
them don't have the rights to change their IP Address on the laptop when they
go overseas. How can I give the particular right so they can only change
their IP address?
Also, the same applies to persons and printers, I'd like ...
|
3 |
10/10/2008 10:01:23 PM |
|
|
Re-innstalled Server 2008
I had to re-install Server 2008 (Enterprise), copied the files in the
C.\Windows\NTDS (ntds.dit etc) first and thought (naively) that I could just
copy them back after windows server 2008 was installed (clean) again and role
DC was added.
However the system does not even boot and just restarts.
I tried repair with just cmd prompt to copy back the new files which were
created at the new i...
|
5 |
10/10/2008 8:11:52 PM |
|
|
build now, join later
I'm speccing a large addition (six racks, more than two dozen servers) to an
existing AD forest. Problem is, we cannot connect to the AD forest from
here, but plan to (re)join the domain later. We're discussing ways to make
this work. I thought I should get some recommendations.
The simplest and most time consuming is to stage the apps that are
domain-aware, ship the racks, join the dom...
|
6 |
10/10/2008 7:49:50 PM |
|
|
Group Policy and Windows 2008
I have a group policy that runs a script at machine startup for a group of
servers within an OU. In the past this has worked just fine but as I begin
to look at 2008 this script no longer works as expected. It appears the
machine account must have separate tokens similar to a user which has
elevated permissions. I am referring to this in reference to the UAC.
I am running a copy scri...
|
2 |
10/10/2008 7:07:18 PM |
|
|
Certificate Services Error
I restarted my enterprise root CA server the other day and it won't start
now. I receive the following errors:
Event ID 300: certsrv.exe (840) The database engine 5.02.3790.3959 started.
Event ID 301: certsrv.exe (840) The database engine is initiating recovery
steps.
Event ID 302: certsrv.exe (840) The database engine has successfully
completed recovery steps.
Event ID 34: Cert...
|
3 |
10/10/2008 6:47:38 PM |
|
|
Alias for "map network drive"
how can set the short name for map network drive?
thanks
...
|
4 |
10/10/2008 4:19:23 PM |
|
|
ADAM schema update
Hi,
I'm considering using an instance of ADAM to provide an authorizatoin store.
I note that during the setup I am advised to import some schema files (LDF).
For use with AzMan the advice is to import: MS-AZMAN.LDF,
MS-InetOrgPerson.LDF and MS-User.LDF.
My question is, once imported, what mechanism is used to maintain these
schema, or do they never change?
Cheers,
Mike...
|
5 |
10/10/2008 3:01:06 PM |
|
|
Kerberos & UserAccountControl query
First off sorry for the long winded post but tought it better to have all the
info.
I was asked to create a keytab by our Oracle dba for some single sign-on
server testing we are thinking of implemeting so I ran the supplied command:
Ktpass -princ HTTP/hostname.domain.com@DOMAIN.COM -pass helloworld -mapuser
testuser -out hostname.keytab
This changed the user logon name which I unders...
|
2 |
10/10/2008 3:01:05 PM |
|
|
AzMan Store initilization error
Hi,
I've developed a test web application that will use an AzMan store to
control security. The store is currently on my XP box and the application is
developed in VS2008 using C# and .NET 2.0. The application works fine from
the IDE but when I publish it to the localhost and try to run that version I
get an error:
Insufficient access rights to perform the operation. (Exception from ...
|
3 |
10/10/2008 2:21:01 PM |
|
|
Sample Script for DSADD for Bulk Users
Do you have a sample script for DSADD User? I want to add users to Active
Directory running Windows 2003. I want to add the following attributes
First Name, Last Name, Logon Name, setup a password, users need to change
password after logging in the first time, assign users in a certain groups,
etc. Please let me know if you have any questions or need additional
information.
Thanks...
|
7 |
10/10/2008 12:46:01 PM |
|
|
Allow inheritable permissions issue
Hello all
When I set Allow inheritable permissions it doesnt say checked ... after a
few hours it reverts back to being clearing and my user looses permissions.
Should I just blow away the user and recreate ?
Thanks...
|
7 |
10/10/2008 12:24:41 PM |
|
|
Kerberos Query
Hi everyone,
I've managed to cause myself a bit of a problem with Kerberos that I'm not
100% sure how to diagnose... I've got two web servers, we'll say server1
(Win2k web server) and server2 (win2k3 web server - indended to replace
server1 hardware, which is now eol).
The plan was to migrate server1 to server 2, but keep the same IP address
due to a unknown number of badly-coded app...
|
6 |
10/10/2008 12:12:11 PM |
|
|
Change IP on domain controller
We have two domain controllers, both are GC's and AD integrated DNS servers.
We will be changing the IP subnet that these two servers sit on and need to
change the IP of the server. What steps do I need to take to RE-IP a domain
controller? I want to make sure it does not break DNS or anything like that.
Thanks....
|
4 |
10/9/2008 7:46:10 PM |
|
|
Finding 'unused' accounts?
What is a good way to find accounts that have not been used 'within some time
period' - so they can be removed?...
|
7 |
10/9/2008 7:39:00 PM |
|
|
Security on Home Drive
I want to get a list of everyone security permissions on there home drives.
As I have noticed some have the everyone permission enables....
|
3 |
10/9/2008 6:56:06 PM |
|
|
Windows Server 2008 GPO question
Hi,
one question about applying GPO:
- I have an OU and in it one Windows XP SP3. I applied an User GPO in that OU.
Must I put user in that OU?
Thanks for while.
Luiz...
|
6 |
10/9/2008 2:04:01 PM |
|
|
Event when user is created?
Hi all,
I am desperately seeking a way to hook some code into the user
creation process. the objecive is to do some postprocessing when a
user account gets created.
One possible way I can think of is, for instance, hooking into the
"Domain Users and Computers" MMC Console, but it seems that MMCs do
not provide any facilities for that.
Another way was to trap the user creation process...
|
4 |
10/9/2008 1:35:42 PM |
|
|
Active Directory Restructure Question
My company is planning to do a restructure of our Active Directory Domain.
Currently, we have one domain, let's call it us.test.com. We also have
multiple non-AD DNS Domains that we have non-member Windows Servers. These
DNS domains are prod.test.com, dev.test.com, qa.test.com, staging.test.com,
etc. These are seperated by different subnets, and seperate firewalls so
that traffic doe...
|
8 |
10/9/2008 1:23:05 PM |