Unable to sign CSR with Microsoft Windows CA
Hello Guys, I have created CSR (using the blow guide) for one of our NPS servers. https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Creating_an_Offline_Certificate_Request_in_Windows_Server When trying to sign it with our CA I…
Demote 2008 DC - access denied
Hi, I'm working on server updates, updateing my companies DCs from 2008 to 2016. I have the replacement server built but unable to demote the old server from AD. When I start the proccess it stuck of: The operation failed because: Active directory…
What is the minimium ports require for Active Directory user authentication?
HI everyone, Hope you can help... I have a server running in DMZ as a standalone windows server. THere are no ports open for Active Directory/domain communication. Now I need to set up a domain admin account to serve as a service account on that…
My GPO(Group Policy Object) is being blocked by my ACL
Hi all, I can't seem to find a way to allow my GPO to pass through my core router(which has ACL running). I was able to determine that the cause of this was the packets were being blocked by the ACL because if I remove the ACL on the VLAN, the GPO takes…
Unable to remove Child Domain Name from AD domain and Trust 2016 snap-in
Hi Experts Need help! We are already Removed and Cleanup our Active Directory Domain After Decommission of old AD version. Some of them are child domain and we successfully decommission all of them . Currently we have the Ad 2016 version , we…
Anonymous Logon being logged when changing passwords
So I have a Windows Server 2016 domain and whenever changing a password in Active Directory, even when creating a new account, anonymous logon is being written to the logs (event 4738) even though I'm logged in with a domain administrator account. It…
How to set up a Windows Server as a domain controller
I am a scientist in a biology lab and we have a computer running Windows Server 2019 Standard which we use for our computational work. We had been using the default Windows Remote Desktop setup which allowed up to 2 simultaneous connections, but this was…
Gruup membership and trust relationships
Let me ask a theoretical question about domains and trusts. Imagine 2 domains member of different forests. domain1.local trusts domain2.local pc1.domain1.local is member of DOMAIN1. user1@domain1.local can logon on pc1.domain1.local because…
Upgrade forest/domain when child domain/ tree domain
Hi, What to do if you want to upgrade forest/domain 2008r2 to 2012r2 when child domain/tree domain are/is present? What would be the steps. What is the difference if you have child domain or tree domain and you want to upgrade…
Upgrade from LDAP to LDAPs
Hi Guys, just saw this article: https://www.aeb.com/support/en/news/ldap-change.php Do we have to upgrade from LDAP to LDAPs now? What impact will it have? Thanks ML
How to find all possible DNS records for a server
Hi, I have decommissioned a Windows 2012 domain controller naming USDC-01. I want to find out each and every possible records (any records) for USDC-01 from all the forward, reverse lookup zones or conditional forwarder so that I can delete them.…
Active Directory 2008 R2 Decommissioning (Shutdown as observation period)
Hi Experts! We are planning to decommission an Active Directory 2008 Domain controller, we have already promoted a new Domain controller 2016 within same domain. As part of our pre requisites or preparation before decommission, we decided to…
4732 - "A member was added to a security-enabled local group" - system account as subject?
Hello, Windows security event log 4732: I see log entry's where it's clear 'user A' added 'user B' to 'group C'.... however I also see entries where instead of it being a user that is doing the adding to the group, it is 'nt authority\system', the…
Hide users from displaying in 3rd party application
Hi there - We host several voice servers in our domain - each server hosts a 3rd party voice solution for external customers. Although this application is configured to see users in the customer's domain perfectly fine, AD users from our domain show…
Disable Recycle Bin in AD 2016
Hi, "Recyle Bin" in Active Directory 2016 is enabled in our infrastructure. We want to promote domain and forest functional level step to step to from Windows Server 2008 R2 to Windows Server 2012 > Windows Server 2012 R2 > Windows…
Azure AD Domain Services Resource Forest Trust Error
Im trying to establish a trust between my on-premise domain and Azure AD Domain services managed domain. The on premise side has added forwarders for both machine IPs and added the trust to the DC. On the AADDS side after adding the trust information…
Branch Office: How to print on a shared printer when there is no connection to domain controller
Hello, i have a case with a company having 20 retail shops connected through vpn to their central offices using ADSL / VDSL lines. On the central offices, they have a Windows 2012 R2 A.D. Domain. On the retail shops, they have 5 to 15 pc's per shop with…
Site Design and Certificate Authority
Hi all, We have three sites in different Geo-locations. We have plan to create three active directory sites and there is a confusion. Can we deploy subordinate Enterprise CA for each site? BR
GPO StartUp Script for KMS Run as Admin and Stop User Prompts
We have 2 Data Centers which are connected to the same AD's Structure through a VPN tunnel. We have two KMS Servers due to using a VDI solution, if they is a fail-over we need to be able to License the newly created machines. KMS DNS setup only works…
Windows Server 2019 Domain Controller & SBS 2011
Hello, We have a Windows Server SBS 2011 Domain Controller which we are in the process of decommissioning. We have upgraded the Forest and Domain Functional Levels to Windows Server 2008 R2. We have also migrated the File Replication Service to DFS-R,…