****
*
*
*
*







*
*
                                      
*
*
Windows Server



*
*

*
*

Recently in Microsoft Active Directory (DS) Category

This is the list of contents that correspond to this category:

administrator

Core

  Windows Server CORE Windows Server Core: Most awaited guide   Helpful Article: Server Core Installation Option of Windows Server 2008 Step-By-Step Guide http://technet.microsoft.com/en-us/library/cc753802.aspx   Benefits of having Windows Server CORE on the server: ●     Reduced maintenance. ●     Reduced attack...
administrator

Memory Leak Userenv 1053 1097

Event Type:                     Error Event Source:                Userenv Event Category:            None Event ID:   1053 Date:                                    4/18/2008 Time:                                   10:07:57 PM User:                                    NT AUTHORITY\SYSTEM Computer:                       RUS-BG1P Description: Windows cannot determine the user or computer name. (Not enough storage is available to complete this operation....
administrator

Troubleshooting NETLOGON Event 5774, 5775, and 5781

http://support.microsoft.com/kb/259277 SUMMARY One or more error messages may be logged in the System event log if the Netlogon service registration or deregistration process does not succeed. This article describes these error messages and offers some troubleshooting considerations.   MORE INFORMATION...
administrator

Directory Services Does Not Start If Ntds.dit File Is Missing

When you start a Windows 2000-based domain controller, you may receive the following Lsass.exe error message: Directory Services could not start because of the following error: The system cannot find the file specified. Error Status: 0xc000000f. Please click OK to...
administrator

Lsass 0xc00002e1 - "Directory Services cannot start" error message when you start your Windows Server based or Windows SBS Server based domain controller

http://support.microsoft.com/kb/258062 "Directory Services cannot start" error message when you start your Windows Server based or Windows SBS Server based domain controller     SUMMARY   This article leads you through a series of steps that may help you diagnose the...
administrator

KDC Event ID 11

Event ID KDC 11 in the System log of domain controllers   This is the Knowledge Base Article for KDC 11 Event ID Microsoft Support KB 321044 There is a script to be used inspite of ldifde dump. Please allow...
administrator

Explanation of Kerberos error KRB_AP_ERR_MODIFIED

Problem Operating System: Windows Server 2003 Enterprise [2003]   Problem Description The following error is repeated in the event log. The target server name may reference more than one server.   XP Message ===================== Event Type: Error Event Source: Kerberos...
administrator

You experience a long delay when you log on to a domain through a NAT server

SYMPTOMS You may notice a delay when you log on to your domain account, and the logon may revert to NTLM authentication. This behavior occurs when the following conditions are true: • You try to use Kerberos to log on...
administrator

Description of Common Kerberos-Related Errors in Windows 2000

SUMMARY Windows 2000 provides support for MIT Kerberos version 5 authentication, as defined in IETF Request For Comment (RFC) 1510. The Kerberos protocol is composed of three sub-protocols. The sub-protocol through which the client pre-sends the ticket for admission to...
administrator

NAT Netlogon and Kerberos Primer

Created : 09/18/2006 TITLE: NAT Netlogon and Kerberos Primer [ ]   Problem Description   # Issue:   Common Knowledge appears to state that is Network Address Translation (NAT) is in place then trusts, logons, and Kerberos will not...
administrator

A Kerberos client always sends client addresses in Windows 2000

Article ID : 317896 For a Microsoft Windows XP version of this article, see 318071. IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that...
administrator

New resolution for problems with Kerberos authentication when users belong to many groups

http://support.microsoft.com/kb/327825 Problems with Kerberos authentication when a user belongs to many groups   SYMPTOMS   When a user belongs to many groups, that user may have problems with authentication or with Group Policy settings. The following Microsoft Knowledge Base articles...
administrator

Kerberos Network Authentication Protocol over Network Address Translation (NAT)

Kerberos authentication protocol might fail in environments that use Network Address Translation (NAT) or DHCP..? What is causing Kerberos authentication to fail in these environments? Is this something I need to worry about in my Windows Active Directory (AD) environment?...
administrator

PRE: MOSS: Unable to connect SharePoint application using Kerberos authentication

Problem - You have configured Kerberos on a web application, but you are getting 401.1 and 401.2 errors when attempting to connect to that web application.   Environment - MOSS 2007.   Action Plan Gather the following information and do...
administrator

Deployment and operation of Active Directory domains that are configured by using single-label DNS names

http://support.microsoft.com/kb/300684 Information about configuring Windows for domains with single-label DNS names     SUMMARY   This article contains information about the deployment and operation of Active Directory domains that are configured by using single-label DNS names. The desire to remove...
administrator

Fix the file access issues on a Domain Controller

Fix the file access issues on a Domain Controller   In this case we will fix the file access issue of a client for a file share on a Domain Controller. The client configured a Group Policy, after which they...
administrator

LDP - LDAP Query to list locked accounts

LDAP Query to list locked accounts.   When you need to see a list of all user accounts that are locked using LDP tool, then you might need the following query to query the Active Directory using the LDP tool....
administrator

Measures to follow before proceeding with resetting the security database on the DC which is also a SQL Server

Measures to follow before proceeding with resetting the security database on the DC which is also a SQL Server   1.      We need to take the backup of the sql database before we go ahead with resetting the local security...
administrator

Basic Steps for demoting a Domain Controller which is also a Microsoft Exchange Server to a Member Server

If we have a Domain Controller in the Active Directory that is also an email server, i.e. both Active Directory and Microsoft Exchange services are installed and enabled on the Server. And now if we want to just demote the...
administrator

LDIFDE and CSVDE Dump

Ldifde and csvde commands with Examples LDIFDE and CSVDE are quite similar. Both utilities can be used to import and export objects into active directory. The syntax for CSVDE and LDIFDE is the same.  The main difference is that CSVDE...
administrator

An example of Domain Rename

Knowledge Measure – Case Notes An experiment done on a test server for Domain Rename Operation. The case Notes of which are as follows:   Scenario DOMAIN= MICROSOFT.LOCAL DOMAIN NETBIOS = MICROSOFT DC 1 = OSAMA (holds all 5 FSMO)...
administrator

Rename a domain controller

http://technet.microsoft.com/en-us/library/cc782761.aspx Rename a domain controller Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 To rename a domain controller 1.      Open Command Prompt. 2.      Type: netdom computername CurrentComputerName/add:NewComputerName This command will update...
ebhakt

Restricting Active Directory replication traffic and client RPC traffic to a specific port

Restricting Active Directory replication traffic and client RPC traffic to a specific port http://support.microsoft.com/kb/224196 Restricting Active Directory replication traffic and client RPC traffic to a specific port SUMMARY By default, Active Directory replication remote procedure calls (RPC) occur dynamically over...
ebhakt

Group Policy Debug Log Settings

Group Policy Debug Log Settings   The below article has got information about enabling different debug loggings which are required for troubleshooting various Windows issues.    UserEnv Debug Logging   Userenv logging is useful when troubleshooting group Policy application related...
ebhakt

How to setup Folder Redirection through Group Policy?

How to setup Folder Redirection through Group Policy?   Configuring Folder Redirection This Article is taken from Technet as-is:   http://technet.microsoft.com/library/cc786749.aspx Configuring Folder Redirection   Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows...
ebhakt

FSMO Issues : Unable to Sieze Schema Master Role

FSMO Issues Unable to Seize Schema Master Role Unable to Seize Schema Master Role TITLE: Unable to Seize Schema Master Role Problem: Windows 2000 Server Problem Description When you try to seize the Schema Master Role you may recieve the...
ebhakt

"Schema mismatch" error message occurs when you try to run the Active Directory Installation Wizard

"Schema mismatch" error message occurs when you try to run the Active Directory Installation Wizard   http://support.microsoft.com/kb/838179 "Schema mismatch" error message occurs when you try to run the Active Directory Installation Wizard   SYMPTOMS When you run the Active Directory...
ebhakt

"Logon failure: the target account name is incorrect" error when promoting domain controllers or creating replicas

"Logon failure: the target account name is incorrect" error when promoting domain controllers or creating replicas SYMPTOMS When you try to promote domain controllers in new child domains or create replicas, you may receive the following error message: Logon Failure:...
ebhakt

DCPROMO Error message: The wizard cannot gain access to the list of domains in the forest

DCPROMO Error message: The wizard cannot gain access to the list of domains in the forest SYMPTOMS When you attempt to use Dcpromo.exe to move a Windows 2000-based, or a Windows Server 2003-based server into an existing domain, the following...
ebhakt

Troubleshooting Active Directory Installation Wizard Problems

Troubleshooting Active Directory Installation Wizard Problems   http://technet.microsoft.com/en-us/library/bb727058.aspx   Overview Active Directory Installation Wizard relies on a number of systems in Windows 2000 Server, including DNS registration and resolution, LDAP query and response, Kerberos authentication, Active Directory replication, FRS replication,...
ebhakt

DB Upgrade/DC Promotion/DC Demotion

DB Upgrade/DC Promotion/DC Demotion http://technet.microsoft.com/en-us/library/cc756637.aspx DB Upgrade/DC Promotion/DC Demotion Applies To: Windows Server 2008 The Security Accounts Manager (SAM) database changes state (active or inactive): During an operating system upgrade. When a server becomes a domain controller. When a server...
ebhakt

How Dcpromo.exe Adds Display Specifiers to Active Directory Forests

How Dcpromo.exe Adds Display Specifiers to Active Directory Forests http://support.microsoft.com/kb/308592 How Dcpromo.exe Adds Display Specifiers to Active Directory Forests SUMMARY You use Active Directory promotion (Dcpromo.exe) to add domain controllers to Windows 2000 server forests. This article describes the role...
ebhakt

How to use the Install from Media feature to promote Windows Server 2003-based domain controllers

How to use the Install from Media feature to promote Windows Server 2003-based domain controllers Kb 311078 System state > Alternate Loc > Dcpromo /adv The Install From Media (IFM) Feature allows System Administrators to actively promote a new Domain...
ebhakt

Active Directory Installation and Removal Issues

Active Directory Installation and Removal Issues http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbi_add_fvhd.mspx?mfr=true Active Directory Installation and Removal Issues To install and remove Active Directory, the Active Directory Installation Wizard (Dcpromo) is used. It is important that certain requirements are met to prevent an unsuccessful installation...
ebhakt

Adding or Removing a Domain During Dcpromo Requires Access to the Domain Naming Master FSMO Role Holder

Adding or Removing a Domain During Dcpromo Requires Access to the Domain Naming Master FSMO Role Holder http://support.microsoft.com/kb/254933 Adding or Removing a Domain During Dcpromo Requires Access to the Domain Naming Master FSMO Role Holder SUMMARY The domain naming master...
ebhakt

How to promote and demote domain controllers in Windows 2000

How to promote and demote domain controllers in Windows 2000   http://support.microsoft.com/kb/238369 How to promote and demote domain controllers in Windows 2000   SUMMARY   This article describes how to promote or demote a domain controller to a stand-alone server...
ebhakt

CrashOnAuditFail

CrashOnAuditFail Crashonauditfail This Registry Setting "Crashonauditfail" if enabled will cause the Domain Controller server to reboot when the size of Audit Logs is to full capacity and there is no more space to write Audit Event Logs without overwriting the...
ebhakt

Windows Fast Logon Optimization Feature

Windows Fast Logon Optimization Feature http://technet.microsoft.com/en-us/library/cc780527.aspx Fast Logon Optimization Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 Fast Logon Optimization The Fast Logon Optimization feature is set by default...
ebhakt

Group Policy slow link detection

Group Policy slow link detection http://technet.microsoft.com/en-us/library/cc978717.aspx Group Policy slow link detection Computer Configuration\Administrative Templates\System\Group Policy Description Defines a slow connection for purposes of applying and updating Group Policy. If the rate at which data is transferred from the domain controller...
ebhakt

How a slow link is detected for processing user profiles and Group Policy

How a slow link is detected for processing user profiles and Group Policy http://support.microsoft.com/kb/227260 How a slow link is detected for processing user profiles and Group Policy SUMMARY This article describes how a slow link is detected in Windows 2000...
ebhakt

Ports for Domains and Trusts - How to configure a firewall for domains and trusts

Ports for Domains and Trusts - How to configure a firewall for domains and trusts http://support.microsoft.com/kb/179442 How to configure a firewall for domains and trusts SUMMARY This article describes how to configure a firewall for domains and trusts. Note: Not...
ebhakt

Replication fails with access denied and getting FRS event 13562 - crashonauditfail

Replication fails with access denied and getting FRS event 13562 - crashonauditfail TITLE: Replication fails with access denied and getting FRS event 13562 Problem Windows 2000 Server Problem Description One Domain Controller fails to replicate getting access denied error. FRS...
ebhakt

How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in Windows XP, and in Windows 2000

How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in Windows XP, and in Windows 2000 http://support.microsoft.com/kb/244474 How to force Kerberos to use TCP instead of UDP in Windows SUMMARY The Windows Kerberos authentication package...
ebhakt

Protocols and Interfaces to Active Directory

Protocols and Interfaces to Active Directory API Name Description LDAP C API As described in RFC 1823 for LDAPv3, LDAP API is a C language API to the LDAP network protocol. ADSI COM interface to Active Directory that abstracts the...
ebhakt

How to optimize Active Directory replication in a large network

How to optimize Active Directory replication in a large network   http://support.microsoft.com/kb/244368 How to optimize Active Directory replication in a large network   SUMMARY This article describes how to optimize Active Directory replication in large network configurations.   MORE INFORMATION...
ebhakt

How to perform an authoritative restore to a domain controller in Windows 2000

How to perform an authoritative restore to a domain controller in Windows 2000 http://support.microsoft.com/kb/241594 How to perform an authoritative restore to a domain controller in Windows 2000 SUMMARY This article discusses how to perform an authoritative restore of the Active...
ebhakt

Account Passwords and Policies

Account Passwords and Policies   Microsoft Windows NT Server 4.0, Windows 2000, Windows XP, and the Windows Server 2003 Family   Password and account lockout settings are designed to protect accounts and data in your organization by mitigating the threat...
ebhakt

ADVISORY: Set a custom attribute as confidential & delegate read perms to a group

ADVISORY: Set a custom attribute as confidential & delegate read perms to a group TITLE: ADVISORY: Set a custom attribute as confidential & delegate read perms to a group The issue we are currently experiencing is: "How to change viewable...
ebhakt

Active Directory Replication in Depth - USN

Active Directory Replication in Depth - USN   How to find USN of an Object from Active Directory:   C:\>repadmin /showobjmeta * [DN path of object] > obj_delhi.txt   * = All Dc's [DN path of object] = Object whose...
ebhakt

How does the Active Directory Replication Model Works

How does the Active Directory Replication Model Works http://technet.microsoft.com/en-us/library/cc772726(v=ws.10).aspx How does the Active Directory Replication Model Works Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows...
ebhakt

Determining the product option of a Windows NT setup

Determining the product option of a Windows NT setup HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType WinNT = Client = Windows NT workstation, Windows XP/2000 Professional, Windows XP Home LanmanNT = DC = Windows NT/2000/2003 Server domain controller (primary or backup) ServerNT = Member Server =...
ebhakt

Things to consider when you host Active Directory domain controllers in virtual hosting environments

Considerations when hosting Active Directory domain controller in virtual hosting environments http://support.microsoft.com/kb/888794 Things to consider when you host Active Directory domain controllers in virtual hosting environments SUMMARY A virtual hosting environment lets you run multiple guest operating systems on a...
ebhakt

Error Message: Logon Failure: The Target Account Name Is Incorrect

Error Message: Logon Failure: The Target Account Name Is Incorrect http://support.microsoft.com/kb/310340 Error Message: Logon Failure: The Target Account Name Is Incorrect SYMPTOMS When you try to gain access to a child domain controller from the parent domain, you may receive...
ebhakt

How to mark an attribute as confidential in Windows Server 2003 Service Pack 1

How to mark an attribute as confidential in Windows Server 2003 Service Pack 1 http://support.microsoft.com/kb/922836 How to mark an attribute as confidential in Windows Server 2003 Service Pack 1 SUMMARY In the Active Directory directory service for Microsoft Windows Server...
ebhakt

Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003 Domain

Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003 Domain http://support.microsoft.com/kb/555040 Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003 Domain SUMMARY This KB helps avoiding common mistakes while upgrading their system. SYMPTOMS A...
ebhakt

Schema Update requires Write access to schema in Active Directory

Article ID : 285172 Schema Update requires Write access to schema in Active Directory http://support.microsoft.com/kb/285172 Schema Updates Require Write Access to Schema in Active Directory SUMMARY This article discusses schema updates. IMPORTANT: This article contains information about modifying the Active...
ebhakt

Restartable AD DS Step-by-Step Guide

Restartable AD DS Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc732714.aspx Restartable AD DS Step-by-Step Guide   Applies To: Windows Server 2008, Windows Server 2008 R2   You can use Microsoft Management Console (MMC) snap-ins, or the Net.exe command-line tool, to stop or restart Active...
ebhakt

Restartable AD DS :: Restartable Active Directory Domain Service

Restartable AD DS Restartable Active Directory Domain Service As taken from: Restartable AD DS Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc732714.aspx You can change the default by modifying the DsrmAdminLogonBehavior registry entry. By modifying the value for that registry entry, you can log on...
ebhakt

Password Change and its Replication

Password Change and its Replication   Extract of one webcast by Mike Resnick, I hope this will make things clear about password change replication:   http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fwebcasts%2Fen%2Fwc022703%2Fwct022703.asp   Microsoft Corporation Microsoft Windows 2000 Server and Windows Server 2003: Password and Account...
ebhakt

Windows 2000 NAT Editors

Windows 2000 NAT Editors   http://support.microsoft.com/default.aspx?scid=kb;EN-US;317509 SUMMARY This article describes the network address translation (NAT) editors that are included in Windows 2000.   MORE INFORMATION Windows 2000 includes built-in NAT editors for the following protocols: ·         File Transfer Protocol (FTP)...
ebhakt

How Kerberos works

How Kerberos works   1) Kerberos 5: Only Supported for IE 5.5+ Kerberos 5 is supported for Internet Explorer browsers continuing IE 5.5 and then later browsers. 2) Kerberos doesnot works on Internet             This is important to note that...
ebhakt

How to allow users who are not administrators to install MSI packages

Hacks How to allow users who are not administrators to install MSI packages http://support.microsoft.com/kb/259459 How to allow users who are not administrators to install MSI packages SUMMARY This article describes three methods by which an administrator can enable a nonadministrator...
ebhakt

INFO: How to Use ADSI to Query a Third-Party LDAP Server

INFO: How to Use ADSI to Query a Third-Party LDAP Server http://support.microsoft.com/kb/251195  SUMMARY   The Lightweight Directory Access Protocol (LDAP) provider for Active Directory Service Interfaces (ADSI) is used to retrieve information from third-party LDAP servers. This article describes several...
administrator

How to view and set LDAP policy in Active Directory by using Ntdsutil.exe

How to view and set LDAP policy in Active Directory by using Ntdsutil.exe http://support.microsoft.com/kb/315071 SUMMARY This step-by-step article describes how to manage Lightweight Directory Access Protocol (LDAP) policies by using the Ntdsutil.exe tool. To make sure that domain controllers can...
administrator

To delegate control of the group priority attribute

To delegate control of the group priority attribute CN=Group-Priority,CN=Schema,CN=Configuration,DC=tsged,DC=com Assessment: ================= <Suggestions for troubleshooting, data collection, etc> 1. Open up ADSIEdit.msc. 2. Right click on the domain name, and select Properties 3. Click on the "Security" tab. 4. Click the...
administrator

How to remove (retired) objects from Active Directory

How to remove (retired) objects from Active Directory SOS080324700001 Problem Description How to remove retired objects ------------------------------ Problem Description-: When I execute command "repadmin /showvector /latency cn=Configuration,dc=domain,dc=com" We will obtain the following result. Site\DC (retired) @ USN 130898 @ Time...
administrator

Common Metadata Cleanup Issues

Common Metadata Cleanup Issues Metadata cleanup:- If you try to connect to the same server that you want to delete, when you try to delete the server, you may receive the following error message: Error 2094. The DSA Object cannot...
administrator

Cannot do metadata cleanup for a Domain Controller because other child or tree root domains are dependent on it

Cannot do metadata cleanup for a Domain Controller because other child or tree root domains are dependent on it Domain Management ntdsutil domain management delete NC <> ISSUE: You might receive the following error message while trying to do metadata...
administrator

"DsRemoveDsDomainW error 0x2015" error message when you use Ntdsutil to try to remove metadata for a domain controller that was removed from your network in Windows Server 2003

"DsRemoveDsDomainW error 0x2015" error message when you use Ntdsutil to try to remove metadata for a domain controller that was removed from your network in Windows Server 2003 Root | | | |→Child.Root |→Tree : DC 1) Meta for DC...
administrator

How to delete orphaned domain controllers from domain

How to delete orphaned domain controllers from domain Orphaned DC This article tells you the Action Plan on How to delete an Orphaned Domain Controller from the Active Directory Domain. To delete orphaned domain controllers from domain in future, follow...
administrator

How to detect Stale Accounts from AD

How to detect Stale Accounts from AD   Stale Account Detection   Stale account detection is required so that unused computer and user accounts can be removed from Active Directory. On domain controllers running Windows Server 2003 and Windows Server...
administrator

How to use the Showmeta command

How to use the Showmeta command Showmeta is a switch of the Repadmin Support tools utility. You can use the showmeta command to find data related to a particular Object. It helps in finding the originating write for the deletion...
administrator

Event ID 2108 and Event ID 1084 occur during inbound replication of Active Directory in Windows 2000 Server and in Windows Server 2003

Event ID 2108 and Event ID 1084 occur during inbound replication of Active Directory in Windows 2000 Server and in Windows Server 2003   http://support.microsoft.com/kb/837932 SYMPTOMS When inbound replication of the Active Directory directory service occurs, a destination domain controller...
administrator

How to restore deleted user accounts and their group memberships in Active Directory

How to restore deleted user accounts and their group memberships in Active Directory How to restore deleted user accounts and their group memberships in Active Directory http://support.microsoft.com/kb/840001/en-us?spid=12925&sid=1614 + LDP + Adrestore : Need to run it multiple times You can...
administrator

Some Important ADSIEDIT Active Directory Partition Paths to know about

Some Important ADSIEDIT Active Directory Partition Paths to know about   Lost & Found Container   Objects, whose parent OU's are missing (deleted) are moved into Lost & Found Container inside Active Directory.   ADSIEDIT Path: ?   Lost and...
administrator

Error Messages When Trying to Change User Properties

Ø This comes if you change the password for a user for whom you don't have the delegation for.   Article ID        :           236374 http://support.microsoft.com/kb/236374   Error Messages When Trying to Change User Properties   This issue can occur if...
administrator

USN Rollback Complete Article

USN Rollback Complete Article This article describes what is USN Rollback and what issues does it cause and how to Troubleshoot USN Rollback Issue What is USN Rollback? To under this issue you should first read the following two articles:...
administrator

You cannot open file shares or Group Policy snap-ins on a domain controller

You cannot open file shares or Group Policy snap-ins on a domain controller http://support.microsoft.com/kb/839499 SUMMARY You cannot open file shares or the Group Policy snap-ins on a Windows Server 2003 domain controller or on a Windows 2000 Server domain controller....
administrator

Server Message Block communication between a client-side SMB component and a server-side SMB component is not completed if the SMB signing settings are mismatched in Group Policy or in the registry

Server Message Block communication between a client-side SMB component and a server-side SMB component is not completed if the SMB signing settings are mismatched in Group Policy or in the registry http://support.microsoft.com/kb/916846 SYMPTOMS Server Message Block (SMB) communication between a...
administrator

Overview of SMB Signing

Overview of SMB Signing How to determine whether SMB signing is enabled in a network monitor trace To determine whether SMB signing is enabled, required at the server, or both, view the Negotiate Dialect Response from the server: SMB: R...
administrator

Microsoft SMB Protocol Packet Exchange Scenario

Microsoft SMB Protocol Packet Exchange Scenario This topic gives an example of a Microsoft SMB Protocol packet exchange between a client and a server. The following steps are an overview of the process: 1. The client and server establish a...
administrator

Group Policy Troubleshooting

Group Policy Troubleshooting   + enabled Gptext logging: Value Path: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Value Name: GPTextDebugLevel Value Type: REG_DWORD Value Data: 1002 (hex) Output: %systemroot%\debug\usermode\gptext.log        ...
administrator

Event ID 1053 is logged when you use the "Gpupdate /force" command, or you restart a Windows Server 2003-based domain controller

Event ID 1053 is logged when you use the "Gpupdate /force" command, or you restart a Windows Server 2003-based domain controller http://support.microsoft.com/kb/937535 SYMPTOMS When you use the Gpupdate /force command on a Microsoft Windows Server 2003-based domain controller, or you...
administrator

Userenv errors occur and events are logged after you apply Group Policy to computers that are running Windows Server 2003, Windows XP, or Windows 2000

Userenv errors occur and events are logged after you apply Group Policy to computers that are running Windows Server 2003, Windows XP, or Windows 2000   Article ID : 887303 http://support.microsoft.com/kb/887303    1.    Examine the DNS settings and network properties...
administrator

Enable GPSVC debug logging in Vista: troubleshooting the Group Policy Service

Enable GPSVC debug logging in Vista: troubleshooting the Group Policy Service Number  : SOX070618700009 Created  : 06/18/2007 Region  : US   This article will specifically help you to troubleshoot Group Policy Service Issues. To know more about Group Policy Client...
administrator

Authoritative Userenv 1030 and 1058 Troubleshooting Guide

Authoritative Userenv 1030 and 1058 Troubleshooting Guide   Authoritative Userenv 1030 and 1058 Troubleshooting Guide Number          :           SOX030714700054 TITLE: Authoritative Userenv 1030 and 1058 Troubleshooting Guide Problem Windows Server 2003 Standard ID: SOX030714700054   Problem Description SYMPTOMS ========   Windows...
administrator

CSE :: Client Side Extensions

CSE :: Client Side Extensions   Identifying Group Policy Client-Side Extensions http://support.microsoft.com/kb/216357 gptext.dll appmgmts.dll scecli.dll iedkcs32.dll dskquota.dll fdeploy.dll   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions     ●     GUID: 25537BA6-77A8-11D2-9B6C-0000F8080861 Component: Folder Redirection ●     GUID: 3610EDA5-77EF-11D2-8DC5-00C04FA31A66 Component: Microsoft Disk Quota ●     GUID: 42B5FAAE-6536-11D2-AE5A-0000F87571E3 Component:...
administrator

Remove folder redirection group policy and relocate user's data back to local machines.

Remove folder redirection group policy and relocate user's data back to local machines.   SRX080602600766   S: (Subjective) =============== Remove folder redirection group policy and relocate user's data back to local machines. # But you deleted the GPO after following...
administrator

Folder Redirection

Folder Redirection http://www.microsoft.com/windows/windows2000/en/advanced/help/folder.htm You use the Folder Redirection extension to Group Policy to redirect certain Windows 2000 special folders to network locations. Special folders are those folders such as My Documents and My Pictures that are located under Documents and...
administrator

How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003

How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003   http://support.microsoft.com/kb/274443 SUMMARY In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as an administrator, you can customize desktops by...
administrator

Issue with Grant exclusive user rights - Folder Redirection

Issue with Grant exclusive user rights - Folder Redirection   SYMPTOMS The following Event ID 1000 and Event ID 101 messages may be logged in the Application log when the Folder Redirection component of Group Policy is set up: Event...
administrator

The Sysvol and Netlogon Shares Are Missing After You Restore a Domain Controller from Backup

KB 316790 The Sysvol and Netlogon Shares Are Missing After You Restore a Domain Controller from Backup http://support.microsoft.com/kb/316790/en-us The Sysvol and Netlogon Shares Are Missing After You Restore a Domain Controller from Backup SYMPTOMS After you restore a domain controller...
administrator

Recovering missing FRS objects and FRS attributes in Active Directory

Recovering missing FRS objects and FRS attributes in Active Directory http://support.microsoft.com/kb/312862 Recovering missing FRS objects and FRS attributes in Active Directory SUMMARY File Replication service (FRS) is a multi-threaded, multi-master replication engine that replaces the LMREPL service in Microsoft Windows...
administrator

Configuring Correct Staging Area Space for Replica Sets

Configuring Correct Staging Area Space for Replica Sets   http://support.microsoft.com/kb/329491   Configuring Correct Staging Area Space for Replica Sets   SUMMARY This article describes the correct staging area space for replica sets. The File Replication service (FRS) creates staging files...
administrator

Recommendations for managing Group Policy administrative template (.adm) files

Recommendations for managing Group Policy administrative template (.adm) files   http://support.microsoft.com/kb/816662   SUMMARY This article describes how ADM files work, the policy settings that are available to manage their operation, and recommendations about how to handle common ADM file management...
administrator

File Replication Service (Additional tuning)

File Replication Service (Additional tuning)   File Replication Service (Additional tuning) – Article unavailable now on Microsoft.com < http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/distrib/dsd h_frs_leca.asp >   [TO-REWRITE-THIS-ARTICLE]...
administrator

Deploying FRS

Deploying FRS   After you have deployed a domain-based DFS namespace, you are ready to deploy FRS.   This section describes the following FRS deployment scenarios: • Deploying a new replica set • Adding a new replica member to an...
administrator

Increasing Data Availability by Using FRS

Increasing Data Availability by Using FRS   To design an FRS replication strategy, you need to take the following steps: 1. Identify data to replicate. 2. Choose the replication topology. 3. Design the replication schedule. 4. Plan the staging directory....
administrator

Monitoring and Troubleshooting the File Replication Service

Monitoring and Troubleshooting the File Replication Service   File Replication Service (FRS) is used for synchronizing the SYSVOL shared folders on domain controllers and for synchronizing DFS link targets on servers running Windows 2000 and Windows Server 2003. If you...
administrator

Planning DFS and FRS Security

Planning DFS and FRS Security   Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2   When planning to secure DFS namespaces and content replicated by FRS, follow these guidelines:...
administrator

FRS and Sysvol Improvements in Windows Vista

FRS and Sysvol Improvements FRS and Sysvol Improvements in Windows Vista Group Policy benefits from improvements to the File Replication Service (FRS) and storage of the new administrative template files (ADMX files) to reduce usage of network bandwidth and Sysvol...
administrator

Introduction to FRS

Introduction to FRS   http://technet.microsoft.com/library/Cc962212   File Replication service is a multithreaded replication engine that replaces the LMRepl service that is used in Microsoft® Windows NT®. Multithreaded means that several processes can run at the same time to handle multiple...
administrator

How FRS Works

How FRS Works   http://technet.microsoft.com/library/Cc962202   FRS provides redundancy for the content of designated NTFS shares between Windows 2000 servers. The servers can be interconnected in any topology such as a ring or a star configuration. With an appropriate topology...
administrator

FRS Tools and Settings

FRS Tools and Settings FRS Tools and Settings   FRS Tools The following tools are associated with File Replication service (FRS). Connstat.cmd: FRS Connection Status Report Category Windows Support Tools for Windows Server 2003 and Windows 2000 Version compatibility Runs...
administrator

FRS objects : Overview of Active Directory Objects That Are Used by FRS

FRS objects Overview of Active Directory Objects That Are Used by FRS NTFRS-Subscriptions NTFRS-Subscriber NTFRS Settings, Replica Set, and Member Objects NTFRS-Settings NTFRS-Replica-Set NTFRS-Member NTDS-Connection http://support.microsoft.com/kb/296183 Overview of Active Directory Objects That Are Used by FRS SUMMARY This article describes...
administrator

FRS CPU SPIKE: NTFRS Service spiking the CPU

FRS CPU SPIKE: NTFRS Service spiking the CPU   NTFRS Service spiking the CPU, FRS CPU SPIKE Number  : SOX060530700007 Created  : 05/30/2006 Region  : US TITLE: NTFRS Service spiking the CPU, FRS CPU SPIKE Problem Windows Server 2003 Enterprise...
administrator

Assert Error in FRS

Assert Error in FRS SOX031219700164   Problem :   customer was getting Assert errors in FRS that did not correspond to any known issues. He also could not get Windows Update to run. We tried to load a hotfix and...
administrator

FRS replication may not start when seeding partner is in seeding mode himself

FRS replication may not start when seeding partner is in seeding mode himself   FRS replication may not start when seeding partner is in seeding mode himself SOX060724700012   Problem :   Summary ============================= This customer had the problem that...
administrator

High processor usage with FRS

High processor usage with FRS   High processor usage with FRS SOX020325700099   Problem : Customer has 32 DCs. When FRS starts, the processor usage on 12 DCs would go up to 90% and stay there until they stopped FRS....
administrator

Interesting Things to know about FRS

Interesting Things to know about FRS   What is FRS (File Replication Service?) FRS (File Replication Service) is the service responsible for replicating updated data on the member Servers of a DFS Replication Group. FRS was the default Replication Service...
administrator

Migrating DFS namespace from v1 to v2

Migrating DFS namespace from v1 to v2 Made a v1 namespace with name Eps.local \V1 and in ADsiedit.msc ---domain --system--DFSconf-v1 (ftdfs) that shows its a v1. now exported it into an XML file called V1.xml on C drive through command...
administrator

SYSVOL Migration to DFSR

SYSVOL Migration to DFSR        The domain functional level should be Windows 2008      In the command prompt, type in the command dfsrmig /setglobalstate 0  : This is to set the state at :”Start”      When that succeeds, next...
administrator

The Active Directory database garbage collection process

The Active Directory database garbage collection process APPLIES TO ·         Microsoft Windows Server 2003, Standard Edition (32-bit x86) ·         Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) ·         Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) ·         Microsoft Windows 2000...
administrator

Useful shelf life of a system-state backup of Active Directory

Useful shelf life of a system-state backup of Active Directory APPLIES TO ·         Microsoft Windows Server 2003, Standard Edition (32-bit x86) ·         Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) ·         Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems...
administrator

Domain Controller Diagnostics Tool (dcdiag.exe)

Dcdiag http://technet.microsoft.com/en-us/library/cc776854.aspx Domain Controller Diagnostics Tool (dcdiag.exe) Applies To: Windows Server 2003 with SP1 What does DCDiag.exe do? This command-line tool analyzes the state of one or all domain controllers in a forest and reports any problems to assist in...
administrator

Monitoring Active Directory Health

Monitoring Active Directory Health http://technet.microsoft.com/en-us/library/cc180912.aspx Monitoring Active Directory Health Active Directory Management Pack (ADMP) monitors Active Directory — and the external components that are related to Active Directory — to ensure that their ongoing behavior falls within the bounds of...
administrator

Active Directory Diagnostic Logging

Active Directory Diagnostic Logging http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbi_add_oudd.mspx AD Logs Summary of Log Files Used in Active Directory Windows 2000 maintains specific log files that pertain to Active Directory. For example, when installing or removing Active Directory by using the Active Directory Installation...
administrator

Directory Services Debug Logging Primer

Directory Services Debug Logging Primer http://blogs.technet.com/b/askds/archive/2008/04/02/directory-services-debug-logging-primer.aspx Bhaskar here. In Directory Services we support a whole bunch of components which each have their own debug logging. A while back I pulled together all the information from various KB and TechNet articles...
administrator

Troubleshooting Common Login ‘n’ Startup Issues

Troubleshooting Common Login 'n' Startup Issues To troubleshoot, To fix and To resolve common issues that are related to User Login and Start Up; we can look into a couple of things before calling the support professional. If you are...
administrator

Login ‘n’ Startup :: Understanding Logon and Authentication

Login n Startup Understanding Logon and Authentication http://technet.microsoft.com/en-us/library/bb457114.aspx ============================================================================== When a user logs on to a computer, a series of steps begins that makes up the authentication process. Authentication validates user identity and defines resources that a user can access....
administrator

Delegation

Delegation In distributed systems, it is typical for one server to call another server to accomplish a task for a client. This functionality is called impersonation. To handle these requests for a client, the server must be given the authority...
administrator

Active Directory Database Mounting

Active Directory Database Mounting Active Directory Database Mounting and Snapshot creation is a technique where in you can store instances of the whole Active Directory by taking its snapshot, and then you can mount these snapshots to activate that instance...
administrator

Windows Server Core - Part 01

Windows Server Core - Part 01 To manage a server that is running a Server Core installation and is a domain member using an MMC snap-in 1.    Start an MMC snap-in, such as Computer Management. 2.    In the left pane,...
administrator

Windows Server Core - Part 02 - dcpromo

Windows Server Core - Part 02 - dcpromo Appendix of Unattended Installation Parameters http://technet.microsoft.com/en-us/library/cc732086.aspx Appendix of Unattended Installation Parameters Applies To: Windows Server 2008, Windows Server 2008 R2 The tables in this appendix provide the information that you need to...
administrator

Active Directory Sites and Services

Active Directory Sites and Services Step-by-Step Guide to Active Directory Sites and Services http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/adsrv.mspx Step-by-Step Guide to Active Directory Sites and Services   This guide explains how to use the Active Directory Sites and Services snap-in to administer replication topology...
administrator

Active Directory Replication

Active Directory Replication Active Directory Replication is process of replicating Active Directory data from one Domain Controller to another. It is an automated process which has its own schedule; which when occurs replicates initial data, data changes and new data...
administrator

Account Lockout

Account Lockout Account Lockout is the Lockout of an user’s / service account due to entering incorrect credentials more than what is specified in the Account Lockout Section of the Password Policy for the Domain; after which you cannot use...
administrator

Csvde

Csvde http://technet.microsoft.com/hi-in/library/cc771621(en-us,WS.10).aspx Csvde Applies To: Windows Server 2008 Csvde Imports and exports data from Active Directory Lightweight Directory Services (AD LDS) using files that store data in the comma-separated value (CSV) format. You can also support batch operations based on...
administrator

UAC

UAC The policies for User Account Control can be checked by going to:   Group policy Editor>>Computer configuration>>Windows settings>>Security settings>>Local policies>>Security Options.   User Account Control http://technet.microsoft.com/en-us/library/cc772207.aspx User Account Control Updated: May 1, 2008 Applies To: Windows Server 2008, Windows...
administrator

GINA Registry

GINA Registry What if you want to publish your own version of the Windows Logon screen? What if you want to alter the look and feel of the Windows Login Prompt?   Use Window GINA dll registry location. Windows Uses...
administrator

Permissions

Permissions The Security ACL on a file/folder can be used to give access rights/permissions to users in an Active Directory Domain. Use the xcacls tool to modify / view permissions on files and folders. Xcacls http://support.microsoft.com/kb/825751 http://support.microsoft.com/kb/318754   For Example;...
administrator

Groups

Groups A Group is an object that can contain another security principle as its members. And it can be a member of another group as well. As the two domains are in the different forests, we only can add users...
administrator

Service Accounts

Service Accounts A Service Account is a special purpose user account created in Active Directory with which different services are / can be configured to Run As.. These Services when configured in the Logon Tab of the Properties section of...
administrator

Security

Security   19 Smart Tips for Securing Active Directory http://technet.microsoft.com/en-us/magazine/cc160982.aspx Active Directory Group Policy   Does Active Directory keep you up at night? One could easily understand why. It is most likely the largest and most critical distributed system in...
administrator

What Are Access Tokens?

What Are Access Tokens? http://technet.microsoft.com/en-us/library/cc759267.aspx Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2   What Are Access Tokens?   An access token is a protected object that contains information...
administrator

Metadata Cleanup

Metadata Cleanup Metadata Cleanup is the process of removing unused metadata from the Active Directory. It deletes an object from the Active Directory Database. Usually in a scenario when a Server / Domain Controller is offline and you are stuck...
administrator

Global Catalog Servers

Global catalog http://support.microsoft.com/kb/254933   Confirm that the domain naming master is a global catalog server. Type nltest /dsgetdc:domainname /server:servername to see if the server is advertising the "GC" flag. New global catalog servers also register event 1119 ("This Windows domain...
administrator

SYSVOL

SYSVOL SYSVOL is the default share available on a Domain Controller that holds the data for Group Policy Settings. Whenever a Group Policy is made; a GPO is created and its templates lie inside SYSVOL share. So, after a successful...
administrator

Group policy in Windows Server 2008

Group policy in Windows Server 2008 AD Shot Gyan - Central Store Central Store In Windows 2000/2003, adm files were stored as part of every GPO on SYSVOL. It took around 4MB of storage space for every GPO. In addition,...
administrator

RID

RID RID Allocation Domain controllers running have a shared RID pool. The RID operations master is responsible for maintaining a pool of RIDs to be used by the domain controllers in its domain and for providing groups of RIDs to...
administrator

Domain Naming Master

Domain Naming Master Adding or Removing a Domain During Dcpromo Requires Access to the Domain Naming Master FSMO Role Holder http://support.microsoft.com/kb/254933 The domain naming master Flexible Single Master Operations (FSMO) role holder is assigned to the domain controller that is...
administrator

How to create custom administrative templates in Windows

How to create custom administrative templates in Windows   This step-by-step article describes how to create custom Administrative Templates to use with Group Policy settings in a Windows 2000-based domain. Group Policy templates provide an interface that you can use...
administrator

Optimize Active Directory Disk Performance

Optimize Active Directory Disk Performance Active Directory is a database and has the performance issues of a database. Familiar with SQL or Exchange? You know what works and what does not. AD has the database component and log files which...
administrator

NTDS.DIT Database management

NTDS.DIT Database management Active Directory database file NTDS.DIT http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/ActiveDirectory/ActiveDirectorydatabasefileNTDS.DIT.html Windows 2000 Active Directory data store, the actual database file, is %SystemRoot%\ntds\NTDS.DIT. The ntds.dit file is the heart of Active Directory including user accounts. Active Directory's database engine is the Extensible...
administrator

Group Policy

Group Policy Windows Active Directory provides System Administrators the ability to implement Organizational Policies in terms of Computers Rights Assignments and Restrictions. There are settings that can be configured on a Windows Based Computer to Apply the Policies These are...
administrator

User Rights Assignment

Client, service, and program issues can occur if you change security settings and user rights assignments http://support.microsoft.com/kb/823659 Security settings and user rights assignments can be changed in local policies and group policies to help tighten the security on domain controllers...
administrator

DSRM

DSRM Configure Your Server Wizard sets a blank recovery mode password http://support.microsoft.com/kb/271641 English Language Version After you have installed the hotfix, you can use the Setpwd.exe tool (located in the %SystemRoot%\System32 folder) to replace the null password with a strong...
administrator

Domain Join

Domain Join Domain Join operation joins a client computer to an Active Directory Domain so that the users on the Active Directory can Login and Access or Use this Client computer. You can Join a Windows Client Computer to the...
administrator

User logon across forest

Domain Locator across a Forest Trust http://blogs.technet.com/askds/archive/2008/09/24/domain-locator-across-a-forest-trust.aspx http://support.microsoft.com/default.aspx?scid=kb;EN-US;939252 We're asked, many times, why a user does not authenticate against a local domain controller in the same site when logging on across a forest. We've setup the most common scenario to...
administrator

AdPrep

AdPrep   Infrastructure master - The Infrastructure master role is domain-wide and there is one for each domain. This role is required for domain controllers to run the adprep /forestprep command successfully and to update SID attributes and distinguished name...
administrator

Functionality Levels

Functionality Levels   What Are Active Directory Functional Levels? http://technet2.microsoft.com/windowsserver/en/library/da255f53-ae6c-4af8-80f1-9b3c046022311033.mspx?mfr=true   How Active Directory Functional Levels Work http://technet2.microsoft.com/windowsserver/en/library/c3aa5e55-42c0-4386-93ba-66e5c538b0ac1033.mspx?mfr=true   Domain and forest functionality http://technet2.microsoft.com/WindowsServer/en/Library/b3674c9b-fab9-4c1e-a8f6-7871264712711033.mspx?mfr=true     Forest functional level ========================= The Windows 2000 forest functional level provides all Active Directory...
administrator

FSMO

In a Multi-master environment, FSMO Roles specify the distribution of responsibility among the Domain Controllers to take decisions when in a conflict. The responsibility for taking decisions is distributed among five (5) FSMO Roles. All these Roles can be on...
administrator

Basic Troubleshooting steps

Basic Troubleshooting Steps These are the basic troubleshooting steps that will come in handy for almost all of the relevant issues with in an Active Directory Domain Environment where in it needs troubleshooting. These are some basics that need to...
administrator

GINA

GINA GINA Registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Value = GinaDLL REG_SZ   The defaults are: Ginadll:REG_SZ:MSGINA.DLL   A Graphical Identification and Authentication dynamic-link library (DLL). The GINA is a replaceable DLL component that is loaded by the Winlogon executable. The GINA implements the authentication...


This is the list for sub-categories that this category contains..


Enjoy here!

*
*
****




More Advertisements from "Google":

*****



    Desktop
  • eBooks
  • Games
  • Softwares
  • Tools
  • Tweaks
  • Wallpapers
  • Warez
    PDA
  • Games
  • Tools
  • Wallpapers
    System Administration
  • dll Center
  • Scripts
  • Tools
  • .extensions database
  • Write-up
    more...
  • Download Database
  • Jobs
  • Lists
  • Polls
  • Glossary

01000011 01110010 01100001 01100011 01101011 01111010 01101000 01100001 01100011 01101011