Windows Server - Run multiple domains under different accounts

Hi,
I have multiple domains on a Windows Server. I'd like to run these under separate accounts for security reasons.
My options I have so far:
1) Install all Admin servers and managed servers as windows services and set logon appropriately
2) If possible, use multiple node manager instances, one for each domain and set the log on for each node manager windows service
I like the idea of multiple node managers but I can't find any reference in the documentation about this. I'd rather not use option 1 as I won't be able to restart servers from the WebLogic Console
Has anyone had to do this before?

First option might be the cleanest .
For second option make sure that there are separate Node_Manager home directory for different node manager instances.
Edited by: atheek1 on Jun 19, 2010 4:55 AM

Similar Messages

  • Windows Server 2008 R2 Domain Controller NOT logging EventID 4740

    EventID 4740 (account lockout) is not being logged to the event viewer. When searching through the security log there are none to be found. Having accounts locked out and no logging is driving me nuts. Hope someone has run into this before. This is what
    i have checked thus far.
    >Windows Server 2008 R2 Domain Controller
    >Verified the following GPO settings are set and correct:
    >Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ all are set for Success & Failure
    >Computer Configuration\Windows Settings\Security Settings\Advanced Audit Configuration\Logon/Logoff) is set for Success and Failure
    >Powershell command Get-Eventlog -log Security -InstanceId 4740 returns no results which makes sense since there are no entries in the security log file.
    >No 4740 entries in the netlogon.log debug file
    AD and the LockoutStatus tool show the account is locked out but i still have nothing in the logs.
    Anyone have any ideas? From everything i can find online , it appears i have everything set properly.
    Thanks, Chico

    Hi Chico,
    I suggest you try to enable this group policy below:
    Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account management
    More information for you:
    Missing 4740 EventID's
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/c9871d72-7439-46b5-98e6-a7fadfa6ff28/missing-4740-eventids?forum=winserversecurity
    If you have multiple Domain Controllers, check this event on other DCs, too.
    Please feel free to let us know if there are any further requirements.
    Best Regards,
    Amy Wang

  • Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...."

    Hi,
    Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...."
    DC:windows Server 2008 R2
    Domain functional level:Windows Server 2003
    When Winxp join domain, have no this error message.
    I checked http://support.microsoft.com/kb/2018583?wa=wsignin1.0 does't work.
    There have 3 suggestion in this article:
    1.The "Disable NetBIOS over TCP/IP" checkbox has been disabled in the IPv4 properties of the computer being joined.
    Doesnt's work.
    2.Connectivity over UDP port 137 is blocked between client and the helper DC servicing the join operation in the target domain.
    On my DC, I run netstat -an, reslut as below:
     UDP    192.168.20.3:137       *:*
    3.The TCP/IPv4 protocol has been disabled so that the client being joined or the DC in the destination domain targeted by the LDAP BIND is running TCP/IPv6 only.
    We are not using IPV6.
    This server recently updated from Windows Server 2003 to Windows Server 2008 R2. Before upgrade, when Win7 and Win2008 join this domain, also have the same error message.
    Please help to check this issue.
    Thank you very much.
    BR
    Guo YingHui 

    Hi Guo Ying,
    I have faced this critical error which makes over-writes the host names in the domain when you join.
    For example: Already you had a host name called as PC.domain.com in the domain.com Domain.
    When you try to add the another host name called as PC in the domain.com Domain, it doesn't give you the duplicate name error on the network it does over-write the existing host name called as PC.domain.com & it will add the new host name into the domain.
    Host name which got over-written will get removed from the domain. I faced this issue in my project. My DPM host name got removed from the Domain & new host name got joined into the domain which halted my backups for one day.
    Final Resolution is as follows:
    You need to start the dns console on the DC & drop down the domain name.
    Select the _msdcs when you click on _msdcs it will show the Name Server's list on the right hand side.
    You need to add the Domain Naming Master under the _msdcs or add all the domain controllers which you had.
    After you add the Name server's try joining the PC OR Laptop to the domain which is successfully joins it.
    Regards
    Anand S
    Thanks & Regards Anand Sunka MCSA+CCNA+MCTS

  • Configuring group policy for user profiles in Windows Server 2012 R2 Domain

    Requesting some experts advise on configuring group policy for user profiles.
    We will be building new Windows Server 2012 R2 Domain Controllers (Domain of 400 users).
    The settings which I am concerned:
    1. Folder Redirection: Desktop, Documents, Favorites.
    2. Quota for Folder Redirection - 1 GB per user.
    3. Map a networked drive - 1 GB per user.
    4. Roaming profile - (Will ignore if it does not suit our requirement). 
    The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
    FYI, E-mails hosted on MS Office365 and OST file size of few users more than 25GB. So, in case the user moves from one computer to other, the entire mailbox will be downloaded via internet. This consumes high bandwidth if more than 3-4 users shift per day.
    Thanks a lot for your valuable time and efforts.

    Hi,
    >>The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
    This depends on where our outlook data files are stored. If these data files are stored under
    drive:\Users\<username>\AppData\Local, then these files can’t be redirected, for folder redirection can’t redirect appdata local or locallow.
    However, regarding your question, we can refer to the following thread to find the solution.
    Roam outlook profiles without roaming profiles
    http://social.technet.microsoft.com/Forums/office/en-US/3908b8e0-8f44-4a34-8eb5-5a024df3463e/roam-outlook-profiles-without-roaming-profiles
    In addition, regarding how to configure folder redirection, the following article can be referred to for more information.
    Configuring Folder Redirection
    http://technet.microsoft.com/library/cc786749.aspx
    Hope it helps.
    Best regards,
    Frank Shen

  • Biztalk 2013 R2 with Windows Server 2003 R2 Domain Controller

    Hello, I have a client right who has a Windows Server 2003 R2 domain controller with active directory installed. Is there any reason why I can't install Biztalk 2013 on a Windows Server 2012 R2 box and add it to that farm to use active directory?
    Thanks in advance,
    -Adam

    BizTalk Server is only going to use the User Groups created in Domain Controller so ideally i don't think there will be any compatibility issue. Also there isn't any microsoft article which talks about BizTalk compatibility with respect to domain controller.
    You will have to create all the Windows Groups and User Accounts in AD, before BizTalk Server configuration.
    Windows Groups and User Accounts in BizTalk Server
    Thanks,
    Prashant
    Please mark this post accordingly if it answers your query or is helpful.

  • Add Windows Server 2012 R2 domain controller to Windows 2008 R2 domain

    Hi,
    Have today 2 x Windows Server 2008 R2 domain controllers, and domain and functional level 2008 R2.
    We now want to replace these DC`s with Windows Server 2012 R2.
    My plan is as follow
    - Install and promote a Windows Server 2012 R2 as a 3 DC`s with a temporary hostname and IP as DC3
    - Install and promote a second Windows Server 2012 R2 as a 4 DC`s with a temporary hostname and IP as DC4
    - Decomiss DC1 and remove this host. Change the IP and hostname of the new DC3 to DC1
    - Move FSMO roles from DC2 to DC1 and decomiss DC2
    - Change the IP and hostname of the new DC4 to DC2
    Will this be a ok progress ? I will offcours to have the DC`s replicate information between them before doing each task.
    /Regards Andreas

    Hi,
    Only error i got running dcdiag was the following
     Starting test: NCSecDesc
        Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
           Replicating Directory Changes In Filtered Set
        access rights for the naming context:
        DC=ForestDnsZones,DC=domain,DC=local
        Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
           Replicating Directory Changes In Filtered Set
        access rights for the naming context:
        DC=DomainDnsZones,DC=domain,DC=local
        ......................... DC1 failed test NCSecDesc
    Is this a problem ?
    I would guess not since im not implementing a RODC ? Ref:
    https://support.microsoft.com/en-us/kb/967482?wa=wsignin1.0
    You can ignore it.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Group Chat feature in Office Communications Server 2007 R2 does not work in Windows Server 2008 R2 domains

       Hello to all, there are two confliting articles about this topic:
       1-
    http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(v=ws.10).aspx#BKMK_Whatsnew : this one says that it does not work "The Group Chat feature in Office Communications Server 2007 R2 does not work in Windows
    Server 2008 R2 domains". This article was updated in 2013.
       2-
    http://technet.microsoft.com/en-us/library/ee692314(office.13).aspx: this other article says that it will function "Office Communications Server 2007 R2 Group Chat will function in a Windows Server 2008 R2 forest". This article was updated in
    2010 and was refered by the first one.
       What is the correct support position for Group Chat feature in Office Communications Server 2007 R2 and Windows Server 2008 R2 domains?
       Regards, EEOC.

    Hi,
    I notice the following sentence in the link below “Office Communications Server 2007 R2, Group Chat will not function in a Windows Server 2008 R2 forest or when Group Chat member servers are joined to a Windows Server 2008 R2 domain.
    We know of an issue with changes in Windows 2008 R2 that requires a Group Chat Client and Group Chat Admin Tools hotfix. The Group Chat Client and Group Chat Admin Tools hotfixes are currently scheduled for mid-April 2010.”
    http://blogs.technet.com/b/nexthop/archive/2010/11/06/supportability-for-office-communications-server-2007-r2-and-windows-server-2008-r2.aspx
    So in my opinion, if you update to the latest version of Windows Server 2008 R2, OCS Server 2007 R2 and Group Chat Client, Group Chat Admin Tools to the latest version, it should work.
    However, the best method for you is make a lab to test the problem firstly.
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • I have a "Contact" organization issue I need help with.  I organize multiple customers under their account affiliation. I place the people with their contact info under each account name by their dept/role in the notes section of their account. I am l

    I have a "Contact" organization issue I need help with.  I organize multiple customers under their account affiliation. I place the people with their contact info under each account name by their dept/role in the notes section of their account. I am looking to be able to directly dial / email from this info in yet notes section located within a contact. On Blackberry, the notes area entered in a contact can connect directly but on the iPhone those numbers/emails are inactive. I am trying to avoid having to create each of these individuals as a separate contact and keep them under their account affiliation. It is easier to find them.  This does not seem like that complicated of a request and hoping someone can tell me how or share an app that will enable the "notes" within a contact be "active". Hope this makes sense.

    I seem to recall that this question has been asked before and I'm pretty sure that the answer is that you can't do what you want to do with the native contact app. However, there are lots of contact apps out there that pull from the built app's data but have other features. Perhaps one of them would meet your needs.

  • Need to run swing GUIs under different JRE versions

    I need to run swing GUIs under different JRE versions. Where can I find information about how to use only classes which exist from version 1.1.7 and above?

    Under 1.1.7, Swing (then version 1.0) was under com.sun.java.swing. The package name changed in Swing 1.1 b3/JDK 1.2 to javax.swing. You can see what classes were available under Swing 1.0 at http://java.sun.com/products/jfc/swingdoc-api-1.0.3/frame.html

  • No X window server running

    I can not get an X window server running on my sunrays. Sorry I am new to using SunRays. I installed SunRay Server 3.1 and it seemed to install with no problems. I then configured using ./utadm -A not a problem [I am using a LAN configuration I set up the DHCP server ], then ./utconfig I let it configure my web server and enabled remote admin. I did not enable Controlled Access Mode [don't need it].
    The Web Admin GUI works. Now when I start my first SunRay 170, it undated the firmware [I could see the OSD icon]. But no X server is started?
    I looked up the OSD icons and numeric icon code. I get the Ethernet Address and assigned IP address [looks correct], I get the Auhtentication server IP address [looks correct]. I get an hour glass with 100 F [this means full duplex] and the numeric icon code at the right bottom is 26 D which means: 26 The Sun Ray has connected to the server and is waiting for graphics traffic (this is the GNC state). and D DHCP provided all expected parameters. I looked up this problem on the Admin Guide and it says its the "Wait for Session OSD". the fix is to cp Xservers and Xconfig from usr/dt/config to /etc/dt/config but this does not work. Also the Install guide mentions [page 45] a possible corruption problem. I never had any diff between these files, so I do not know how entries to /etc/dt/config/Xserver are made? I think this might be the problem but I do not know what to do next. The Install guide also mentions that when you replace them Xserver and Xconfig extra lines are automatically rebuilt? from where and how do you force them to do so.
    Just in case i am running intel Solaris 10 on a sunfire v20z
    Thanks in advance
    -James

    I have gone ahead and unistalled I ran ./utinstall -u and the program uninstalled but I figure it did not uninstall everything [go figure].
    I again reinstalled and checked the log file everything said it installed successfully. I ran ./utadm -A subnet# then ./utrestart then ./utconfig, sync sync init 6.
    I think at this point it has messed something up with the web admin bit, or did not uninstall its previous configuration. I still get the Wait for Session OSD, but in the web admin I can not edit the policy it says an error has occured and I can not restart it either [I could before]. This does take me to the next question because it is setting a group policy somewhere:
    utpolicy: [ID 702911 user.info] # Reading policy file: /etc/opt/SUNWut/policy/utpolicy # Current Policy: /opt/SUNWut/lib/utgenpolicy -a -g -z both
    I want Access All Users to be set this is just one Sun Ray server not belonging to a group and I do not have any card readers [another annoying thing that loads why?]. Does anyone know how to use command line utpolicy to set up all user access? maybe this is the problem?
    I have also downloaded the new Sun Ray Software 4 which is really just Sun Ray 3.1 [kind of pissed off about this], but does have Sun Desktop Manager. I do not know what this is but does anyone think it might give me more control in accepting or authenticating sun ray clients? I now think it is an authentication problem [from my previous errors] and might be something to do with the default policy [from these new errors].
    I will again uninstall this software and try it again. If anyone knows how to uninstall this cleanly [better than ./utinstall -u ] or knows of better software for unix terminals than sun ray please let me know.
    Thanks in advance.
    -James

  • Exchange 2007 RTM support with Windows Server 2012 R2 Domain Controller

    Hi All,
    I have not found any TechNet Article which states about the Windows Server 2012 R2 Active Directory domain controller operating system support with Exchange 2007 RTM, can some one please let me know that does Exchange 2007 RTM supports Windows Server 2012
    R2 domain controller operating system, we are in the process of upgrading the domain controllers to 2012 R2 but not the forest and domain functional level to 2012 R2.
    thanks
    If answer is helpful, please hit the green arrow on the left, or mark as answer. Salahuddin | Blogs:http://salahuddinkhatri.wordpress.com | MCITP Microsoft Lync

    There are several likely reasons for this.  The most significant is that Exchange 2007 RTM is no longer supported (outside ot extended support, which is not going to include adding support for new operating systems): 
    http://support2.microsoft.com/lifecycle/default.aspx?LN=en-us&p1=10926
    You'll note from the following -
    http://technet.microsoft.com/library/ff728623(v=exchg.150).aspx - that only Exchange 2007 SP3 is currently supported in any environment.
    HTH ...

  • App tells me it was bought under different account

    I had to send phone back and after I installed one of programs back with iTunes now if I try to buy upgrade it tells me it was bought under different account. But that is not true!

    Contact iTunes support to reslove this.
    https://expresslane.apple.com/Issues.action

  • Can't connect windows server 2003 with domain account

    I have installed an agent on windows 2003 server successfully but I cannot add domain account as a preferred credential to connect to windows. My OMS is 11g running on RHEL 5 and I am trying to deploy sql server plugin to windows 2003 server. I could deploy the plugin with the same domain account to windows 2008 without any error but for some reason, but I cannot use the same domain account on windows 2003. This domain account is part of administrator group on both 2003 & 2008 servers so I don't know what I need to do different for 2003. Please help me. Thank you.

    Can you provide some more details and/or screenshots?
    I'm not sure exactly what you mean here: "I cannot add domain account as a preferred credential to connect to windows"
    Are you in the Agent preferred credentials page? What is the error?

  • HT204655 Can you use one Photos library under different accounts?

    I, like many, have recently migrated from iPhoto to the new Photos App. I'm having one significant issue that is bothering me, using a single Photos library under two different accounts on my Mac. In iPhoto, I could easily point both accounts at one library. The only minor issue with doing this was that both accounts couldn't have it open at the same time. However, everything else worked great, including setting the screensaver on both accounts to be the iPhoto library.
    Now that I use Photos, everything works fine on one account, but if I try and open the same Photos library on a different account, it gives a generic error and fails. What am I doing wrong? Is this not possible? That's a pretty obnoxious issue if so.

    It should be fine... it certainly works with iTunes for Windows. You just need to run the same version of iTunes on each machine you want to connect to.
    tt2

  • Website hosted in particular windows server prompting continuous domain authentication

    Hi
    There are 2 domains A & B .In domain A, there are few websites hosted in 4 windows servers identical in software and hardware configurations ....mean to say in IIS Managers , all the settings are same.I am not aware of IIS technically. but all the settings
    visually are the same.
    The problem 2 days before happened the Domain B users (except 2 users)are continuously prompted for the domain authentication when they try to access this website through the URL which they always use when the URL hits one particular server out of these
    4 windows 2008 R2 servers
    The sharepoint site admin cut a ticket to Windows team with the comment : Check this BAD Windows server
    Error posted is :
    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          3/14/2015 8:14:04 AM
    Event ID:      4625
    Task Category: Logon
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      xxxxxx
    Description:
    An account failed to log on.
    Subject:
                    Security ID:                         NULL SID
                    Account Name:                 -
                    Account Domain:                             -
                    Logon ID:                             0x0
    Logon Type:                                       3
    Account For Which Logon Failed:
                    Security ID:                         NULL SID
    Account Name:
                    Account Domain:                             xxxxxxxx
    Failure Information:
    Failure Reason:                                The user has not been granted the requested logon type at this machine.
                    Status:                                  0xc000015b
                    Sub Status:                         0x0
    Process Information:
                    Caller Process ID:             0x0
                    Caller Process Name:     -
    Network Information:
                    Workstation Name:        xxxxxxxxxxxxxxx
                    Source Network Address:            xxx.xxx.xxx.xxx
                    Source Port:                       53827
    Detailed Authentication Information:
                    Logon Process:                  NtLmSsp
                    Authentication Package:               NTLM
                    Transited Services:          -
                    Package Name (NTLM only):       -
                    Key Length:                        0
    This event is generated when a logon request fails. It is generated on the computer where access was attempted.
    The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or
    Services.exe.
    The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
    The Process Information fields indicate which account and process on the system requested the logon.
    The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
    The authentication information fields provide detailed information about this specific logon request.
                    - Transited services indicate which intermediate services have participated in this logon request.
                    - Package name indicates which sub-protocol was used among the NTLM protocols.
                    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
    If the problem existed in this particular server, how those exceptional 2 users are having the access.I agree they are the sharepoint admins...
    How and where to check the investigation?
    Thanks & Regards S.Swaminathan Live & let others live!!!

    Hi,
    >>The problem 2 days before happened the Domain B users (except 2 users)are continuously prompted for the domain authentication
    Based on the description, we can check the following article to see if it's helpful.
    Troubleshooting: I Keep Getting Prompted for a User Name and Password
    https://msdn.microsoft.com/en-us/library/cc750194.aspx
    Besides, for this question, in order to get better help, we can ask for suggestions in the following two forums.
    IIS Forum
    http://forums.iis.net/
    SharePoint Forum
    https://social.technet.microsoft.com/Forums/office/en-US/home?category=sharepoint
    Best regards,
    Frank Shen
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Maybe you are looking for

  • Excel Readpage Save as another file problem

    Hi, I have attached the VI needed If you have any problems please let me know. This VI reads a excel page the user points to and displays the results. I have added a single cell where you can change the position of a single cell coordinates so that y

  • HOW DO I ENCRYPT A PDF DOCUMENT

    I AM TRYING TO FIGURE OUT HOW TO ENCRYPT A PDF FILE.  I HAVE THE PDF PACK AND ADOBE DOCUMENT SOLUTIONS.  I LOOKED UNDER THE TOOLS TAB AND SECURITY TABS AND I STILL CAN'T FIND AN OPTION TO ENCRYPT THE DOCUMENT

  • XI config for MM-SUS

    Hi, I am trying to configure XI for the MM-SUS scenario. I know there are predefined business scenarios available. I tried according to the configuration guide, but was not successful. Could anyone send me any document which describes any additional

  • Scheduling problem in planned order.

    Hi all, I have a problem in scheduling of planned orders. I had mentioned the following parameters. 1. Available capacity in the work center as 06:00:00 to 12:00:00 2.Set up time is 10mins in the routing. 3. The planned order qty is 100 nos. While do

  • SXI_CACHE refresh fails with RunTimeError

    We see the status in SXI_CACHE as "Cache contents are obsolete". When we try a delta cache refresh , it gives a runtime error like below and we are stuck unable to test XI objects!! Runtime Errors         OBJECTS_OBJREF_NOT_ASSIGNED Date and Time