http://support.microsoft.com/kb/327825 Problems with Kerberos authentication when a user belongs to many groups SYMPTOMS When a user belongs to many groups, that user may have problems with authentication or with Group Policy settings. The following Microsoft Knowledge Base articles...
http://support.microsoft.com/kb/300684 Information about configuring Windows for domains with single-label DNS names SUMMARY This article contains information about the deployment and operation of Active Directory domains that are configured by using single-label DNS names. The desire to remove...
LDAP Query to list locked accounts. When you need to see a list of all user accounts that are locked using LDP tool, then you might need the following query to query the Active Directory using the LDP tool....
Measures to follow before proceeding with resetting the security database on the DC which is also a SQL Server 1. We need to take the backup of the sql database before we go ahead with resetting the local security...
If we have a Domain Controller in the Active Directory that is also an email server, i.e. both Active Directory and Microsoft Exchange services are installed and enabled on the Server. And now if we want to just demote the...
Ldifde and csvde commands with Examples LDIFDE and CSVDE are quite similar. Both utilities can be used to import and export objects into active directory. The syntax for CSVDE and LDIFDE is the same. The main difference is that CSVDE...
http://technet.microsoft.com/en-us/library/cc782761.aspx Rename a domain controller Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 To rename a domain controller 1. Open Command Prompt. 2. Type: netdom computername CurrentComputerName/add:NewComputerName This command will update...
SD propagator Manually initializing the SD propagator thread to evaluate inherited permissions for objects in Active Directory Manually initializing the SD propagator thread to evaluate inherited permissions for objects in Active Directory http://support.microsoft.com/kb/251343 SUMMARY Microsoft Windows NT 4.0 and earlier...
FSMO Issues Unable to Seize Schema Master Role Unable to Seize Schema Master Role TITLE: Unable to Seize Schema Master Role Problem: Windows 2000 Server Problem Description When you try to seize the Schema Master Role you may recieve the...
Error message when you use the Active Directory Installation Wizard to add a member server in a Windows Server 2003 SP1 domain: "The Directory Service cannot perform the requested operation because a domain rename operation is in progress" When you...
You receive LDAP bind errors after you run Dcpromo to install the first Windows Server 2003 computer in a domain http://support.microsoft.com/kb/834317 SYMPTOMS After you run the Dcpromo.exe tool to install the first Microsoft Windows Server 2003 computer in a domain,...
"Logon failure: the target account name is incorrect" error when promoting domain controllers or creating replicas SYMPTOMS When you try to promote domain controllers in new child domains or create replicas, you may receive the following error message: Logon Failure:...
DCPROMO Error message: The wizard cannot gain access to the list of domains in the forest SYMPTOMS When you attempt to use Dcpromo.exe to move a Windows 2000-based, or a Windows Server 2003-based server into an existing domain, the following...
Dcpromo Demotion of Last Domain Controller in Child Domain Does Not Succeed SYMPTOMS The domain naming master Flexible Single Master Operation (FSMO) role holder is... The domain naming master Flexible Single Master Operation (FSMO) role holder is assigned to the...
DB Upgrade/DC Promotion/DC Demotion http://technet.microsoft.com/en-us/library/cc756637.aspx DB Upgrade/DC Promotion/DC Demotion Applies To: Windows Server 2008 The Security Accounts Manager (SAM) database changes state (active or inactive): During an operating system upgrade. When a server becomes a domain controller. When a server...
How to use the Install from Media feature to promote Windows Server 2003-based domain controllers Kb 311078 System state > Alternate Loc > Dcpromo /adv The Install From Media (IFM) Feature allows System Administrators to actively promote a new Domain...
Active Directory Installation and Removal Issues http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbi_add_fvhd.mspx?mfr=true Active Directory Installation and Removal Issues To install and remove Active Directory, the Active Directory Installation Wizard (Dcpromo) is used. It is important that certain requirements are met to prevent an unsuccessful installation...
Adding or Removing a Domain During Dcpromo Requires Access to the Domain Naming Master FSMO Role Holder http://support.microsoft.com/kb/254933 Adding or Removing a Domain During Dcpromo Requires Access to the Domain Naming Master FSMO Role Holder SUMMARY The domain naming master...
You Cannot Start the Active Directory Users and Computers Tool Because the Server Is Not Operational http://support.microsoft.com/kb/323542 CAUSE: These issues may occur if TCP/IP filtering is configured to permit only port 80 for TCP/IP traffic. RESOLUTION: Port 389 is used...
Protocols and Interfaces to Active Directory API Name Description LDAP C API As described in RFC 1823 for LDAPv3, LDAP API is a C language API to the LDAP network protocol. ADSI COM interface to Active Directory that abstracts the...
How to optimize Active Directory replication in a large network http://support.microsoft.com/kb/244368 How to optimize Active Directory replication in a large network SUMMARY This article describes how to optimize Active Directory replication in large network configurations. MORE INFORMATION...
How to perform an authoritative restore to a domain controller in Windows 2000 http://support.microsoft.com/kb/241594 How to perform an authoritative restore to a domain controller in Windows 2000 SUMMARY This article discusses how to perform an authoritative restore of the Active...
ADVISORY: Set a custom attribute as confidential & delegate read perms to a group TITLE: ADVISORY: Set a custom attribute as confidential & delegate read perms to a group The issue we are currently experiencing is: "How to change viewable...
Determining the product option of a Windows NT setup HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType WinNT = Client = Windows NT workstation, Windows XP/2000 Professional, Windows XP Home LanmanNT = DC = Windows NT/2000/2003 Server domain controller (primary or backup) ServerNT = Member Server =...
Considerations when hosting Active Directory domain controller in virtual hosting environments http://support.microsoft.com/kb/888794 Things to consider when you host Active Directory domain controllers in virtual hosting environments SUMMARY A virtual hosting environment lets you run multiple guest operating systems on a...
Error Message: Logon Failure: The Target Account Name Is Incorrect http://support.microsoft.com/kb/310340 Error Message: Logon Failure: The Target Account Name Is Incorrect SYMPTOMS When you try to gain access to a child domain controller from the parent domain, you may receive...
How to mark an attribute as confidential in Windows Server 2003 Service Pack 1 http://support.microsoft.com/kb/922836 How to mark an attribute as confidential in Windows Server 2003 Service Pack 1 SUMMARY In the Active Directory directory service for Microsoft Windows Server...
Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003 Domain http://support.microsoft.com/kb/555040 Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003 Domain SUMMARY This KB helps avoiding common mistakes while upgrading their system. SYMPTOMS A...
Restartable AD DS Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc732714.aspx Restartable AD DS Step-by-Step Guide Applies To: Windows Server 2008, Windows Server 2008 R2 You can use Microsoft Management Console (MMC) snap-ins, or the Net.exe command-line tool, to stop or restart Active...
Restartable AD DS Restartable Active Directory Domain Service As taken from: Restartable AD DS Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc732714.aspx You can change the default by modifying the DsrmAdminLogonBehavior registry entry. By modifying the value for that registry entry, you can log on...
Active Directory domain controllers are not supported as Exchange Server cluster nodes http://support.microsoft.com/kb/898634 INTRODUCTION Whether you are using a Microsoft Cluster Server (MSCS)-based clustering solution or a third-party clustering solution, we strongly recommend that you install Microsoft Exchange Server...
Windows Server 2000, Windows Server 2003, and Windows Server 2008 cluster nodes as domain controllers How to use Windows Server cluster nodes as domain controllers http://support.microsoft.com/kb/281662 SUMMARY Note The information in this article addresses a situation that you do not...
How to view and set LDAP policy in Active Directory by using Ntdsutil.exe http://support.microsoft.com/kb/315071 SUMMARY This step-by-step article describes how to manage Lightweight Directory Access Protocol (LDAP) policies by using the Ntdsutil.exe tool. To make sure that domain controllers can...
To delegate control of the group priority attribute CN=Group-Priority,CN=Schema,CN=Configuration,DC=tsged,DC=com Assessment: ================= <Suggestions for troubleshooting, data collection, etc> 1. Open up ADSIEdit.msc. 2. Right click on the domain name, and select Properties 3. Click on the "Security" tab. 4. Click the...
Cannot do metadata cleanup for a Domain Controller because other child or tree root domains are dependent on it Domain Management ntdsutil domain management delete NC <> ISSUE: You might receive the following error message while trying to do metadata...
"DsRemoveDsDomainW error 0x2015" error message when you use Ntdsutil to try to remove metadata for a domain controller that was removed from your network in Windows Server 2003 Root | | | |→Child.Root |→Tree : DC 1) Meta for DC...
How to delete orphaned domain controllers from domain Orphaned DC This article tells you the Action Plan on How to delete an Orphaned Domain Controller from the Active Directory Domain. To delete orphaned domain controllers from domain in future, follow...
How to detect Stale Accounts from AD Stale Account Detection Stale account detection is required so that unused computer and user accounts can be removed from Active Directory. On domain controllers running Windows Server 2003 and Windows Server...
How to use the Showmeta command Showmeta is a switch of the Repadmin Support tools utility. You can use the showmeta command to find data related to a particular Object. It helps in finding the originating write for the deletion...
How to restore deleted user accounts and their group memberships in Active Directory How to restore deleted user accounts and their group memberships in Active Directory http://support.microsoft.com/kb/840001/en-us?spid=12925&sid=1614 + LDP + Adrestore : Need to run it multiple times You can...
Ø This comes if you change the password for a user for whom you don't have the delegation for. Article ID : 236374 http://support.microsoft.com/kb/236374 Error Messages When Trying to Change User Properties This issue can occur if...