Hi,
I am trying to access the Advanced tab in ADUC as described on http://support.microsoft.com/KB/326894 but no luck.
Its 2008R2. Exch 2010.
any work arounds ?
↧
Access the Exchange Advanced Tab in Active Directory Users and Computers
↧
I get numbers instead of the sid in my GPO settings for users/groups
not trying to confuses anyone so I'm making a new tread I'm getting errors in My BPA for MY 2012 r2 DC and i have trouble shooted it and found that it cant resolve a SID number. Now My question is this I been reading that when you see Numbers instead of the User name its because the account has been deleted. I then Read that it could be account that is corrupted. SO I have searched and Searched for the SID in My ADUC i used the PStool SIDTONAME and I cant find anything to match that SID so is it safe to remove it from the GPO Settings
↧
↧
AD not pulling GPO
Hi,
I am new to GPO and i am trying to get this GPO to pull and it is not pulling.
Here is how the domain looks.
↧
upgrading My AD to 2012 r2 AD DS BPA Errors that i need help with
Ok So On my first domain Controller that is running 2012 R2 I ran the Best Practice Analyzer and i keep getting these to errors
The Active Directory Domain Services Best Practices Analyzer (AD DS BPA) is not able to collect data about Group Policy Results setting "Enable computer and user accounts to be trusted for delegation" from the domain controller
The Active Directory Domain Services Best Practices Analyzer (AD DS BPA) is not able to collect data about Group Policy Results setting "Access this computer from the network" from the domain controller SCDC05
so I ran this cmd to check the access to this computer from network setting
$doc = C:\Windows\System32\BestPractices\v1.0\Models\Mic
rosoft\Windows\DirectoryServices\DirectoryServices_model.ps1
and I do get a numbers SID here are the results
PS C:\Users\administrator.SUMTERCOUNTYSC> $doc = C:\Windows\Syste
es\v1.0\Models\Microsoft\Windows\DirectoryServices\DirectoryServi
WARNING: Cannot translate account name
*S-1-5-21-337444221-582459625-1262395448-1114 to SID
FullyQualifiedErrorId: IdentityNotMappedException
ScriptLineNumber: 4836
OffsetInLine: 13
ScriptLine: $account.Translate([System.Type]
"System.Security.Principal.SecurityIdentifier")
Exception:
Type: System.Security.Principal.IdentityNotMappedException
Message: Some or all identity references could not be translated.
InnerException: N/A
WARNING: Cannot translate account name
*S-1-5-21-337444221-582459625-1262395448-1114 to SID
FullyQualifiedErrorId: IdentityNotMappedException
ScriptLineNumber: 4836
OffsetInLine: 13
ScriptLine: $account.Translate([System.Type]
"System.Security.Principal.SecurityIdentifier")
Exception:
Type: System.Security.Principal.IdentityNotMappedException
Message: Some or all identity references could not be translated.
InnerException: N/A
I have deleted a lot of old accounts in the past year and i have looked in my AD Recovery program to try and see if i can match up the SIDS and So far i can't Before i remove it from the policy I wanted to get a second opinion cause I dont want to break anything .
and also I need help with this other error as well
The Active Directory Domain Services Best Practices Analyzer (AD DS BPA) is not able to collect data about Group Policy Results setting "Enable computer and user accounts to be trusted for delegation" from the domain controller
I have check the policy to make sure that the Built in Administrator is selected for this as the KB from Microsoft stated but I'm still getting this error
↧
GPO to deploy software as wake on computer
is there a way to force deploy software on computer using GPO without user interaction. (Inshort wake on lan feature)
This is the scenario where there are remote cart pc which are not often rebooted, no user interaction and sometime it stays ideal for a long time of period.
↧
↧
Windows updates and GPO's
In Windows 8, the default Windows Update setting seems to be to only install updates for Windows, not for things like Office.
One can fix this by opening Windows Update and changing the setting to all Microsoft products, but this is not scalable. I've looked for that same option in the Windows Update GPO area, but have not found anything that does what I want.
Can someone point me in the right direction?
↧
User Profile Update and Active Directory w/ Custom Attributes
Is there a way I can modify the User Profile (Standard one from spiceworks) to include other text fields, such as 'email address' pulled from active directory? I would also want the user to be able to edit this, just like updating thier profile now which automatically updates active directory.
I am looking for a few custom attributes / fields - does anyone have a way to do this?
↧
Volume Activation Managment Tool 2.0
Will this not work with Office 2013?
It keeps telling me invalid character on the 3rd that I try to enter for my product key, which is a "N".
I know for sure the key is correct.
Any ideas?
↧
Pesky Java Install...Looking for Help for this Newbie
I am trying to test the latest version of Java on my test computers but I am having issues getting it to install. Here is my scenerio:
My test computer is located in the domain computers OU but within a sub-container called IT Test. Here is where I am trying to apply my Java Test GPO but it will not install on my test comuter. Could the fact that I have a previous Java GPO located in the Domain Computers OU that is conflicting witht he install of the test one I am tryin to push? I have tested it before and got it to work, but for some reason right now, it simply will not push to any computers I am trying ot test it on.
↧
↧
office 2010 outlook gpo setting not applying
Im trying to disable the junk email folder and filtering all together in outlook 2010 in my environment. So I went ahead and downloaded the adm and admx files for office 2010 and installed them in my central store. I created a test gpo and turned off the junk email settings. For whatever reason the settings are not working on my test machine. I have double checked that the machine and account are in the correct ou. I even ran a gpresult from the gpmc and it shows the policy applying. Is there something im doing wrong here? Does it matter that office 2010 was deployed on this machine with a custom msp file? Would that have anything to do with it?
↧
RODC in DMZ, a little help...
Hey all, thanks for reading.
So the long and the short of it is that I've been tasked with setting up a Windows 2012 VPN server and an FTP for our site. Access to these services would be best done via AD user accounts.
The only way I can really think of doing this safely would be to build a RODC in the DMZ and allow tight restricted connection between it and a single RWDC on the internal network, rather than allowing the VPN and FTP servers to connect though the DMZ to the RWDC's on our internal network.
What are others experiences with this?
Thanks all.
↧
GPO Broken For Single User
I have a Windows 2008 R2 server with a AD domain. I use GPOs extensively.
For the past 4 years I have used GPO to map drives on users computers. There are 3 drives mapped for one OU. Last week, one user informed me that she no longer has the G drive. I rebooted , checked event logs, double checked the OU and GPO. It's still working for everyone else. I manually mapped the drive under a different letter (G is not available). It works fine that way.
I'm out of ideas for troubleshooting this. I also looked at DNS. Everything is fine.
The crazy thing is that the other two drives still map.
Ideas?
↧
Give user Active Directory rights without domain admin rights
Our company just hired a network consultant that needs to scan our active directory using a particular tool (which needs access to our AD). The problem is I do not really want to give him Domain Admin rights...is there anyway to do so without giving him full control over the domain?
Thanks,
↧
↧
IE8 and IE10 Policies Conflicting
Hey guys
First post, Ive been lurking over the years and found loads of helpful info here.
Basically on our office we have people using IE8, IE9, IE10 and IE11.
I found out that the IE8&9 group policy doesn’t apply to IE10&11 so created a new one for the new versions
What is happening now though is in IE8&9 “Trusted Sites” is greyed out but neither the trusted sites from old policy OR new have been added in so some of our intranet pages aren’t working well in the older versions
For IE8&9 Policy the sites are added under user config/policies/windows settings/IE maintenance/security/security zones/trusted sites
IE10&11 Policy is user config/policies/admin templates/windows components/IE/IE control panel/security page/site to zone assignment list
How can I make these two policies work together?
Cheers
gfunk
↧
Add 2012/win8/8.1 group policy extensions to 2008 R2 domain
Is there a way I can add the group policy extensions for Server 2012/Win 8/Win 8.1 to my server 2008 R2 domain? More specifically, I'm wanting to disable SkyDrive in Win 8.1 using group policy but "Computer Configuration\Administrative Templates\Windows Components\SkyDrive" isn't available on my server 2008 R2 DCs.
↧
Add Printer Wizard GPO
Hi all,
I've only just found out that Vista + clients by default can only display 20 network printers in the add printer wizard. I know there is a local policy which can be configured to increase this, which I have tested on my Windows 7 client and it works fine.
However when I try and control this via GPO using the same settings, the client can still only view 20 network printers. A gpresult on the client shows that the policy has been applied, and I have also done a gpupdate /force on both our primary 2008 R2 DC and the client. I have also tried enforcing the policy which doesn't make a difference.
For info the policy setting is;
Computer Configuration > Policies > Admin Templates > Printers > "Add Printer Wizard - Network Scan Page".
Am I missing something obvious here, or it there another Microsoft Easter egg that I have to uncover?
Thanks in advance!
↧
HP t610 connectivity problems with Active Directory
I have a couple of HP t610 (thin clients) PN: e4t93at#aba. When we have users connect they go through an preconfigured RDP connection to a load balancer, then to one of 3 terminal servers.
We are experiencing the following problems with this model:
-If they enter an incorrect password on logon, they are prompted to change their password. In most cases their passwords are not due to expire. If they go through with the change password process, the password does not change on their Active Directory account and thus they cannot log on. The workaround right now is for them to give us the password they want to use, we enter it in AD and then they can log on.
-If they are due to change their password and go through the change password process, the new password does not register on their Active Directory account. Workaround is same process as mentioned above.
-If they walk away from their terminal server session without logging out the session wil time them out (as set on our terminal server) but it will also lock their Active Directory account (like they entered a wrong password X amount of times. If we unlock the account they are then able to log back in with no problem using the same password.
We have other models of HP thin clients doing this same log on process and they are working fine/do not give the problems mentioned above
Can anyone advise on what could be causing the problem or what to look at/adjust? I just started working on this problem, so if I need to provide more information let me know.
↧
↧
Authentication Parameters in LDAP/AD
Hi Everybody, I have limited information about AD and LDAP. I am going to install one application in my server, and I need to setup some parameters from our LDAP or AD server.
In our company , my user has limited access to "Active Directory Users and Computers".
how can I find our AD is OU-Container or CN-Container base ?
For example: if my company full domain name is "AA.bb.com", how can I fill bellow authentication parameters?
CN= admin_user, CN= Users, DC=, DC=
or
CN= Admin_user, O= ? , DC= , DC=
More appreciated for your response.
Marjan
↧
Force proxy on Windows 8.1 from Server 2008 R2 Group Policy
Hello,
I need to know how I can force IE11 on Windows 8.1 to use a specific proxy from the Windows Server 2008 R2 group policy.
Instructions online say that the group policy setting for the proxy configuration is under User Configuration > Windows Settings > Internet Explorer Maintenance, but I don't see Internet Explorer Maintenance anywhere in my group policy settings.
The closest thing I can find is under User Config > Preferences > Control Panel Settings > Internet Settings....But the only options is gives me is to configure for IE 5-8.
Anyone have any ideas?
↧
Any GPO guru's out there??
I have deployed are new photocopiers on a new printserver via the print manager into the default GPO, yet it is not deploying the printer!!!!!!
Help!!!!!!!!
Please
Steve
↧