One of our clients is a Tier 1 PCI company, and their auditors have made a suggestion with regards to us as System Administrators and our access rights. We administer their entirely Windows based infrastructure of roughly 700 Desktops/80 servers/10 Domain Controllers. They are suggesting that we move to a system where we have three separate accounts: DOMAIN.CO.UK\UserWS DOMAIN.CO.UK\UserSRV DOMAIN.CO.UK\UserDC Where WS is the account that logs on to only WorkStations, is a Local Administrator [...]Continue Reading »
What are all the possible causes of the “An Active Directory Domain Controller (AD DC) for the domain …” error message?
Earlier I was having issues connecting one of my workstations (client) to my domain, and I thought it was because the domain was not in my possession yet (reference: this question). But, due to the answer I’m led to believe that there is something else going on? I’ve searched the internet and can’t really find out why I’m still having issues, so I figured I’d ask to see what the possible causes of this error [...]Continue Reading »
We’re moving our domain controller to a new Hyper-V host. I read it on TechNet about not using export on a VM running as DC (although I saw a lot of answers on TechNet suggesting doing so to move DC). What we plan to do is shutdown the VM, move the VHD to the new Hyper-V host, then create a new VM using that VHD. I don’t think USN rollback would occur since it’s like [...]Continue Reading »
While working on an application which queries AD for user information, I kept retrieving Domain Controllers as part of my results. Using C# DirectorySearcher with the following filter: “(objectClass=User)” After some digging around, I noticed that for our DCs, the objectClass attribute is set to: top; person; organizationalPerson; user; computer It struck me kind of odd. However, I have no frame of reference and was not able to locate any specific documentation about it. Can [...]Continue Reading »
Can a Second Domain Controller, with buggy hard drive hardware, cause a corruption to Active Directory?
We have a new Domain Controller that holds all FSMO roles. We also have two old hardware servers, about 4-5 years old each, set up as secondary Domain Controllers. My question is do I run the risk of corruption in Active Directory if I have a drive failure, due to old hardware, on one of the secondary Domain Controllers. I am really trying to convince the client to buy a new hardware based server for [...]Continue Reading »
We had a major network issue where our secondary domain controller (responsible for Win2k3 boxes) died and had to be rebuilt (I beleive this is what happened, I am a developer not network admin). Anyway, I am working remotely via VPN at the moment and since this happened, I am getting an authentication box when trying to access certain areas of SDL Tridion via IE (Tridion 2009 SP1 is IE only) it seems like somewhere [...]Continue Reading »
We have several servers running as Domain Controllers, “DC01″, “DC02″, and “DC03″. For some reasons, we need to reboot them. Is there a specific procedure to follow? Additional info: “DC01″ currently holds all FSMO roles. Should I transfer the roles to another DC before rebooting it? More information: DC01 is Windows 2008 Enterprise. DC02 and DC03 are Windows 2008 R2 Enterprise. Asked by pepoluan No need to stagger reboots. Active Directory, being a multi-master system, [...]Continue Reading »
I am working at corporate headquarters called Papermash. I joined their domain on my Win7 Pro, what I found interesting is that I could login to the domain using credentials PAPERMASH\username, and also PAPERMASHCORPORATE.com\username. When I tried to visit papermashcorporate.com using my browser there was no such website, if I ping it all packets fail. This is quite confusing for me, could someone explain what is going on here? Asked by jesterII PAPERMASH is the [...]Continue Reading »
I have an odd issue with my Group Policy service on one of my domain controllers. For some reason the gpsvc service within one of my svchosts is consuming a huge number of ports. The destination port is always to one of my DCs on the 389 LDAP port. The source ports can potentially be such a long list as to consume all available ports on the system. This generally starts causing problems around a [...]Continue Reading »
I’m having some trouble with setting up a SMTP server on a windows server 2003 machine, while trying to send emails using PHP through the internet, but to domain email addresses. Common info: I’m a newbie on this, so I don’t know many of the concepts Machine has Windows Server 2003 Server Machine on a domain (mydomain.com) Machine is not a domain controller Machine accesses a domain controller through the internet (WAN with a corporate [...]Continue Reading »