I am having trouble getting remote computers added to my domain. I can ping the DC from the workstation and everything is fine. I can also ping the workstation from the DC and everything is fine. When adding the workstation to the domain I get the error that no DC's could be contacted when looking for the service record (SRV). However, doing the MS commands to check the status of the SRV records I can see exactly what I need to see from the workstation and it is obviously present on the DC. DNS appears to be working as I can resolve names within the network and on the internet. I tried a test this morning by adding a new interface to my ASA 5510 and trying from an IP address on that interface to the DC on the same interface from yesterday and I get the exact same results. Am I missing something simple? Oh...and yes, I can add machines in the same subnet as the DC flawlessly. Thanks for any help!
↧
Cannot Add Remote Workstations to Domain
↧
diffrent password age
Can I configure different password policies, having one domain. mostly I need the password age becasue I want the servers to change password automaticly once a year and the pc users once a month.
Does anyone konw if that is posible and how to do it?
↧
↧
Have to Disable IPV6 through Group Policy
Hi,
I wanted to disable IPV6 in all Windows 7 and 8 computers in out network through Group policy,
Please suggest.
I have tried through using below artical
But it is not working.
Please suggest the any other alternatives.
↧
active directory
I have tried all sorts of variations to try and sync my active directory, but it's not working. Any ideas?
↧
installing sliverlight using GPO
im trying to deploy sliverlight i used the instructions on this post
used this command to create and MSI package
msiexec /a silverlight.msi /p silverlight.msp /qb
when i create GPO and go to Edit In the Group Policy Management Editor, navigate to Computer Configuration > Policies > Software Settings > Software Installation. I dont see the msi package which was created i only see the msi package which came with silverlight when i downloaded and extracted the file. I tried to add that msi package but that didnt install silverlight.
please let me know, if there is a workaround
thanks
↧
↧
Group Policy offline files causing slow bootup when off network
Hi,
One of our clients has a group policy setup to redirect Desktop, Documents, and IE favorites to a server location. A problem comes up for laptop users when they are onsite at one of their clients. Bootup takes a rediculously long time. When I disable offline files, bootup is fine. I've attached a screenshot of my offline files group policy. Can anyone tell me what might be wrong with it that is causing this?
Thanks,
--Kylan
↧
Server 2012 GPO to give local admin rights to all workstations but Admin?
Currently I have configured a GPO built up to give local administrator access on all the workstations in our domain network. I want to edit the current GPO by not allowing access to our DC, file share computer server, and VMs. Where should I start?
↧
Folder Redirection and Exclusive Rights? Admins can't access?
I have folder redirection enabled for My Docs, Favorites, and Desktop. All work fine.
Server 2012.
My goal is to make sure no users can access each others folders, and this security works fine. Problem is, the Exclusive rights also blocks Domain Admins, so it becomes a pain when I need to troubleshoot something.
Any ideas on how I can keep the security working that blocks users from access each others folders, but allow "Domain Admins" to have full access?
↧
Rename and Join Domain Script
Hi guys,
At the weekend we are planning to roll out 350ish Windows 7 machines on our network. The machines were imaged and delivered by Dell before I have got involved, but it doesn't look like much planning was put into naming the machines and joining to the domain.
The machines will be named according to asset tags, so I was hoping that someone might have come across a script that would allow us to join to the domain (preferably to a specified OU) whilst being prompted for a machine name.
I've been playing around with batch files, vbs scripts and powershell scripts all night, but I can't seem to find something that will work as desired.
Hopefully there's a scripting guru who's dealt with something like this before!
Thanks in advance.
PS - Sorry if this is in the wrong group, the AD group seemed the most appropriate.
↧
↧
Storing mobile phone numbers in AD
As part of our DR plan management would like to store all of our employees phone numbers in active directory just incase we need to contact everyone. My concern is that most of these are personal phone numbers and if I put them in AD anyone can look at your contact card and get your personal mobile number. Does anyone know of a way to store these numbers without them being populated in the GAL?
↧
SBS 2003 Domain user acting as Domain Admin without permissions?
Okay, I ran into a strange issue with one of our domain users today. We have a SBS 2003 domain. The conversation of having some new folder with explicit security has come up. What we did was created a new HR folder and locked it down to only administrators (Me) and two of our executive staff. That works great for everyone except one user who can go directly into this folder even though they do not have permissions. I have even tried setting explicit deny permissions and it does not stop their user account. This person can also access any folder in other directories even though she does not have any permissions set.
I have checked things like the admin groups and share security but turned up nothing. This user is only a "Domain User" in group membership. Not part of the domain admins, not part of anything that would give this user complete access to everything. Has anyone seen something like this?
Thanks for any feedback,
-Andrew
↧
Windows Firewall
Should I leave it on or off? Need RDC to work on all workstations in the domain. Have Trend AV with firewall option but always curious what the BPA is?
↧
Active Direct Services WS 2008 and Windows XP Share Folder Error
The ADS setup Windows Server 2008 and Windows XP SP3 with client extensions. Server is having three share folder and which has been mapped with windows XP. When user click on mapped drive it shows error which has been attached.
↧
↧
Nest AD security groups within distribution groups...
Please read before pasting some link you quickly find in Google...
Best practice dictates that:
- users should be members of Domain Global Groups, named after the role that user performs for the company. Check.
- Domain Global Groups are nested within Domain Universal Groups (for use in trusted domains) and Domain Local Groups (which are used to apply permissions on resources). Check.
Problem: If I nest either the DGG or the DLG within distribution groups, and remove the user as a direct member of that group, and send an email to that distribution group, the user does not get the email becuase it seems they have to be a direct member of the distribution group. So group membership goes from adding users to very fe groups to adding users to many groups, since most of our groups are distribution groups.
So, is there a way to drop the user in the DGG they belong in (e.g., "Sales-User"), then add that DGG to a Distribution group (e.g., DG-Sales-Users) so that all members of Sales-Users receive emails when sent to the Distribution List?
Please Note!!! it is against best practice to mail-enable security groups (other than for the purpose of updating the users of a particular resource when a change is made) as this would apply permissions to resources where they may not be wanted.
↧
IT workstation setup
Currently my workstation is not on the domain, currently setup as a Workgroup.
The reason I didn't join my workstation to a domain because I don't want to be restricted installing software and I don't want my files to be stored on the network. By default, GPO policy are tight which inherent to all OU - such as Control Panel restriction, C drive restriction, etc.
I am a web developer and I deal with a lot files, database, and sometime I install softwares.
When I need to admin the Windows Server, I use Remote Desktop Connection or sometime login to console via Vmware ESXi.
If I do join the domain on my workstation, should I use domain login all the time on my workstation or what the best way?
↧
Configuring users in a domain environment
I provide IT support for an Accounting firm that has a Windows Server set up as a domain controller with Active Directory installed. Each employee has their own login created in Active Directory. The problem is, they all share the same password and are part of the Administrators profile group! (bad practice, I know). Part of the reason is so that when updates are made on their machines, we can test how those updates affect the user. How do IT Admins handle managing user passwords? Do you know their passwords or not? If not, how do you log in to their accounts when they are not present to troubleshoot / test software? Do you have a separate "dummy user account" to do the testing?
↧
Programatically Change Domain SID without rejoining domain using vc++
I want to change domain new sid to old sid which is before rebuild domain again as my all client computer is joined with old sid and i do not want to rejoin all manually could you tell me the way that all client work as they work before . if there is a way to update old sid please tell me .
↧
↧
Active Directory with Exchange tabs
I have Domain controller running on Windows Server 2008.
My problem: Exchange tabs are not available.
I know it is possible to run AD for Users and Computers on Windows 7 and see Exchange tabs.
I would like to know the full installation process to do that.
It would be even better on a Windows 8 / 8.1 workstation
↧
RemoteApp MSI not installing through GPO
Hi All,
Weird one...
Have an existing server that's doing Fileserver and RDS roles currently, and wanted to split the roles out. Existing server hosts a RemoteApp, which, up until I removed the GPO, was deploying just fine via MSI.
I threw up a new server, and replicated all RDS/RemoteApp settings from the existing server, to make sure everything should work. I then recreated the GPO with the exact same settings, and assigned the MSI to the GPO, thinking it should just work.
But no.
The original GPO removed all copies of the RemoteApp from workstations (I did tell it to), and now the new GPO appears to be running/processing fine (there is absolutely nothing in the event logs to say it's failing/not able to install the package, in fact, it says that the GPO was processed successfully), yet no package gets installed on the workstations!
I have no idea where to go from here.
Thanks in advance!
Dave
↧
How can I allow email to send with no Subject with the "Send anyway Message"?
I'm on Exchange 2013 with Outlook 2010 clients. I have GPO's in place controlling certain Office settings.
Is there a GPO method that will allow users to send emails that do not have a subject line?
I was not able to find anything so I thought I'd ask the Spiceheads.
↧