Active Directory Administrative Center For 2012 R2

Similar Messages

• Active Directory Administrative Center (Server 2012 R2) crashes when running global search

  When running a global search in ADAC using the Server 2012 R2 version, it always without fail crashes when initiating a search using the global search option. This occurs when running natively on a server or using RSAT on Windows 8.1. The error seems
  to be due to the .NET Runtime.
  Has anyone else experienced this or found a fix/workaround?

  Just to keep this problem alive... ADAC on Windows 8.0 was running fine (Global search was the best part) and it was super fast when comparing with Windows 7 ADAC version. The problem occured with Windows 8.1 Preview and continued with Windows 8.1.
  It seems the problem lies with some powershell library, because it is also impossible to uninstall RSAT tools because of the "API and Powershell cmdlets" part of WSUS remote server tools. I tried removing this package through DISM commands and it always
  fails. CBS log file show some error about registry entry being deleted. When I've checked TiWorker.exe execution during DISM removal, the problem occure while checking for a particular registry entry about Microsoft.Update.Administration or something, which
  is present as a registry entry and also as a file in the WinSxS folder, so it remains a mistery why this error occure.
  What I've notices is that ADAC crashes also when trying to change DC. The error is the same, but when debugged, it seems that the application is trying to remove the previous PSDrive, which does not exist.
  My assumption is that someone erroneusly tried to connect the console just with the DC with Windows Server 2012 R2 OS, and then made a mistake not to check within the code if the PSDrive was connected. This is the only thing that make sense.

• The box indicating that this domain controller is the last controller for the domain is unchecked. However, no other Active Directory domain controllers for that domain can be contacted

  I have 2 domain controllers running 2003 server, server1 and server2. I ran dcpromo on server1 and removed AD and removed him from the domain and disconnected from network. I then added a 2012 server
  with the same name and IP address server1 with no problem. Replication from sites and services work fine on both controllers.
  The new 2012 server1 is GC. I transferred all FSMO roles to server1. Again no problem and replicating using sites and services. AD on server1 is populated correctly.
  Now what I had intended on doing was a dcpromo to remove server2 from the domain so I can then add another 2012 server. That is when I get the: "The box indicating that this domain controller is the last controller for the domain
   is unchecked. However, no other Active Directory domain controllers for that domain can be contacted.
  I have DNS installed on both servers and both look good with replicating there. Strange thing is when on the 2012 server within DNS if I right click and connect to another DNS server I can add server2 just fine but from server2 adding server1 it tells me it
  is not available.
  Help please!

  Hi,
  As there is server 2012 DC (SERVER1) DC is operational in a domain then "This domain controller is the last controller for the domain" should be remain unchecked when you demote SERVER2 DC. 
  If you are getting error "Active Directory domain controllers for that domain can be contacted" while demoting SERVER2 DC then check the DNS pointing on both as per below article, disable windows firewall on all DC, less possiblities but worth to check if both
  are different site then check the ports are open on firewall. 
  http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
  http://technet.microsoft.com/en-us/library/cc766337(v=ws.10).aspx
  http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
  run “ipconfig /flushdns & ipconfig /registerdns“, restart DNS server and NETLOGON service on each DC and try to demote server2 DC.
  If issue reoccurs, post dcdiag /q result.
  NOTE: If initial replication was completed between both DC (new 2012 and old DC) then you may remove the server2 DC from Active Directory forcefully (DCPROMO /FORCEREMOVAL) and perform metadata cleanup.
  Active Directory Metadata Cleanup
  http://abhijitw.wordpress.com/2012/03/03/active-directory-metadata-cleanup/
  Best regards,
  Abhijit Waikar.
  MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
  Blog: http://abhijitw.wordpress.com
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

• How to create two domains name in one active directory domain service .server 2012 ??

  Hi there 
  I want to try sharepoint foundation and office web apps server .
  I installed server 2012 sharepoint found 2013 sql server 2012 and create a new forest on active directory domain sevice 
  now I want to install office web apps server 2013 but when I run the setup said me can't install office web apps server on the domain name that installed sharepoint .
  how can I create second domain name on this active directory domain service to install office web apps server ?
  help me please I'm new and just want to try sharepoint and office web apps server .
  mostly I need to create MS access custom web app and I need the web place to run my access custom web app on this server and because I live in iran can't create and sign up for office 365 and sharepoint online so i'm forced to run them on my system .help
  me to complete ths server ?
  Greate Regards :
  Raha
  whit the best regard : Raha

  Hi,
  For how to Use Office Web Apps with SharePoint 2013, the below links should be what you want to refer to:
  Configure Office Web Apps for SharePoint 2013
  http://technet.microsoft.com/en-us/library/ff431687.aspx
  Video: Configure Office Web Apps for SharePoint 2013
  http://technet.microsoft.com/en-us/library/dn455088.aspx
  How Office Web Apps work on-premises with SharePoint 2013
  http://technet.microsoft.com/en-us/library/ff431685.aspx
  In addition, for further assistance for Sharepoint, I suggest you post in the SharePoint forum.
  Regards,
  Yan Li
  Regards, Yan Li

• Documentation on Active Directory Domain Rename for VMware

  Aplogies if my questions are elementary. Just getting started with VMware.
  We are looking to update our virtualized Active Directory domain name. I have the documentation for that, but want to make sure I have the list of articles needed to make sure the VMware is properly updated as well.
  I found the following documents:
  configure host to use active directory:
  https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-63D22519-38CC-4A9F-AE85-97A53CB0948A.html
  setting DNS configuration vmware
  http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vcli.examples.doc%2Fcli_manage_networks.11.8.html
  Is there anything else?
  Which do I update first? The VMware info or the Active Directory.

  Hi David,
  Based on my experience, you’d better pay attention to the following  two points:
  1. After you have completed the installation of Exchange 2010, you have to create an Accepted Domain of “uvwxyz.org”.
  2. If you want to use Autodiscover, you need to configure the additional settings for “uvwxyz.org”. You could refer to the article below:
  http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exchange-autodiscover.html
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
  or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  If you have any further questions, please do not hesitate to post back.
  Best regards,
  Eric

• Active Directory RPC Ports - Server 2012 R2

  Hi,
  My networking team are looking to restrict the ports from clients to Domain Controllers. 
  They have opened the following ports:
  TCP and UDP 389
  TCP 636
  TCP 3268
  TCP 3269
  TCP and UDP 88
  TCP and UDP 53
  TCP and UDP 445
  UDP 123
  TCP and UDP 464
  UDP 138
  TCP 9389
  UDP 137
  TCP 139
  TCP/UDP 49152 - 65535
  The question is do we need all of the TCP/UDP RPC Ports (49152 - 65535)? We are running Exchange and Lync. I have found articles (http://support.microsoft.com/kb/224196) which suggest I can use a static port but am concerned what impact this will have on
  services.
  Any help greatly appreciated.

  No you do not need all the high ports open and you can restrict them and be perfectly fine.
  We restrict our high ports to a range of 50,000-51,000
  This is the article we use below:
  http://support.microsoft.com/kb/300083
  Obviously you can't click on Start in 2012 so if you move the mouse to the lower right and then click search you can search and find Component Services. You can also find it in the Administrative Tools.
  Hope this helps!
  If it answered your question, remember to “Mark as Answer”.
  If you found this post helpful, please “Vote as Helpful”.
  Postings are provided “AS IS” with no warranties, and confers no rights.
  Active Directory: Ultimate Reading Collection

• Active Directory Schema Extension for Directory Synchronization - ADFS 3.0, Office 365

  Hi Team,
  We are in a situation with extending the schema for one customer so that these additional exchange attributes may be utilized. They have a single data center where the Primary Domain Controller resides and have multiple remote sites each of which have Additional
  Domain Controllers installed.
  As recommended by Microsoft, I am going to extend the Active Directory Schema with Exchange Setup so that I can leverage targetaddress attribute from Local AD to set primary email address when directory synchronization happens.
  My Query: Do I have to extend the AD Schema with Exchange from each of these ADC's? Or the changes I make on any of them will replicate over the others also?
  Note: The customer will be using ADFS 3.0 'Single Sign On' with Office 365 and does NOT have any On-Premise Exchange deployment.

  My Query: Do I have to extend the AD Schema with Exchange from each of these
  ADC's? Or the changes I make on any of them will replicate over the others also?
  Schema extension is done against the Schema Master. Once done, it gets replicated to other DCs with the AD forest.
  For more details about Schema Extension by Exchange, you can refer to that: http://www.resdevops.com/2013/02/13/extend-ad-schema-to-allow-greater-office-365-management/
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Dynamics CRM 2015 Install requires Active Directory on VM Windows 2012 R2 Server

  Hello,
  I'm trying to install Dynamics CRM 2015 on a standalone VM not connected to a domain (it's running under WIndows 8.1 Professional). The VM was configured using WIndows Server 2012 R2. I'm getting an error message shortly into the install process stating
  it needs to access Active Directory.
  How can I get around this issue - I just want to Install this CRM on the VM without getting into complicate network/AD issues.
  Can you please advise ?
  SO many thanks,
  John

  CRM requires AD no way around that so the most likely solution is to install it on that server or on a VM not connected to your other networks
  Jason Lattimer
  My Blog -  Follow me on Twitter -  LinkedIn

• Upgrade from Windows Server 2012 Active Directory to Windows Server 2012 R2 Active Directory

  We are currently running Windows Server 2012 Active Directory and would like to upgrade to Windows Server 2012 R2 AD. Is it OK to just do an in-place upgrade, or is it advisable to build new domain controllers on R2? Are there any guides or articles anyone
  can recommend?

  Hi Ginandtonic,
  To upgrade DC(Domain Controller) from windows server 2012 to windows server 2012 r2, please refer to these articles:
  Upgrade from windows Server 2012 to 2012 R2                                 
  Upgrade Active Directory from 2012 to 2012 R2
  I hope this helps.
  Best Regards,
  Anna

• Using Active Directory and ACS for Concentrator 3000 VPN

  Has anyone gone down the path of using Cisco ACS for network access control AND authenticating it with their W2K Active Directory for VPN 3000 concentrators? I did some research on Google, Cisco web, and this group, I did not find a definite answer on the best practice for the architecture and design, can anyone share your experience how you approached this?
  Below is my understanding, I appeciate any help to piece some or all the below together
  (1) The end state is once a VPN user is successfully authenticated, it is assigned to certain network access privilege based on its group's policy. How to accomplish this?
  (2) AD stores a central user database for user authentication. Each user may belong to one or more groups on the AD; ACS is reponsible for network access control for the specific groups and enforces these controls to the users via the concentrators.
  (3) Concentrator is the NAS, and ACS is the RADIUS server
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800949b4.shtml
  (4) Concentrator can link to the AD as an external database: http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_1/gs/gs3mgr.htm
  (5) A single "Tunnel Group" is created on the concentrator
  (6) Mulpile Groups, per corporate infosec policies are created on the AD
  (7) Mulpile Groups, per corporate infosec policies are also created on ACS, need to match with what're in the AD
  TIA.

  In order to restrict access for a specific AD group to specific SSID this is what you need to perform.
  When the WLC sends an authentication request to the  ACS, it will include  the SSID that the user is connecting to, in the  attribute  Calling-Station-Id(31). We can use this information to create  multiple  rules in ACS 5.x in order to take actions based on the  information  contained in the attribute.
  Under the  Users and Indetity Stores > click on Directory Groups > select  > check the group name you want to add and hit ok. Save the changes.
  We  just need to  create a DNIS rule that includes the name of the SSID and  use it as a  condition in any rule that we create for authentication.  The * is  required because the attribute not only contains the SSID but  also a MAC  address so the * is use as a regular expression.
  Now go to access-policies > default-network access > identity should be AD1.
  Go  to authorization > click on customize > move the  AD1:ExternalGroups and end-station filter attribute on the right side  and hit ok.
  After that slect the appropriate ad group for teachers and end-station filter.
  Save changes.
  Jatin Katyal
  - Do rate helpful posts -

• How to handle SQL connection if password Active directory always change? (Connection using Active directory via network SQL 2012 )

  I have 3 server (Web server, database sql 2012 server and Active directory). I'm using sqlsvr version 3.0,  PHP version 5.3 ,IIS version 7 and windows server 2008.
  Right now my php connection to SQL 2012 using AD id, so How to handle if password on active directory change?

  Solved : Using Kaberos

• Active directory management pack and 2012 R2

  I'm getting the following alert from SCOM 2012 R2:
  "Alert description: AD Op Master Response : The script 'AD Op Master Response' could not determine the PDC Op Master.The error returned was: 'LDAP://server01.domain.local/RootDSE' (0x8007203A)"
  DCDiag shows no errors.
  The error did not show up when we were running 2012 DC:s.

  Resolution: Logged into the server, attempted to open Active Directory Domains and Trusts and received the message: “The configuration information describing this enterprise is not available. The server is not operational.” Debugging, rebooting the server.
  After reboot the issue opening Active Directory Domains and Trusts no longer occurred. Closed the alerts generated to see if they would recur
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• How to Name the Active Directory Domain Service for Local Server

  Hello to everyone, I am Karthick from India, currently I am working as a System Engineer in a esteemed institution.  So far we have only workgroup network setup now we are planning to migrate our workgroup to domain network.  So we planned to install
  Windows Server 2008 R2 64 bit server on Wipro Netpower Z1531 server and we have totally 150 systems in our premises and also a broadband connection with 512 kbps download speed and 144 kbps upload speed.
  My questions starts here,
  1.) what should be my FQDN name for my first domain controller? Our server will be connected to internet for downloading the updates only, so what settings I have to configure?
  2.) We don't want other clients communicate with our server i.e. outside of our premises via router or any other.
  3.) If suppose in future if we want to access our server from outside either from different town or different country what should I do for that access
  Thanks in advance
  S.R. Karthick

  FQDN name for my first domain controller
  - FQDN is (by default) is your server name + FQDN of the Domain name
  Domain Name - you can select whatever you want.  It is an internal name.   However, you can also, configure to match with your external domain name. Do you some search of
  Split DNS structure.
  My recommendation is to review the IPD guide for AD. You should be able to get all information.
  http://technet.microsoft.com/en-us/library/cc268216.aspx
  Santhosh Sivarajan | Houston, TX
  Windows 2012 Book - Migrating from 2008 to Windows Server 2012
  http://www.sivarajan.com/
  This post is provided ASIS with no warran

• Active Directory, created users not showing up in list of all users

  I created a user name "test".  However, when I look at a list of all users I only have the 4 users that were created on installation.  When I search for "test"
  it shows up.  Why isn't my user showing up in the list of users?
  I am looking in Active Directory Administrative Center:
   <my Domain> (local) -> Users
  Global Search
  Sorry I cannot provide pictures; I am waiting for my account to be activated.

  You need to look to your search criteria to understand what might be wrong.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• ADMGS with AD Administrative Center

  Hello.
  I have installed ADMGS on my win 2003 R2 SP2 server (it is one of my 2 DC, second also win 2003 r2 sp2).
  In logs i see that AD web services works correct and listen on ports: 3268, 3269. Telnet connects to this ports.
  I have another win 2008 r2 server with AD Administrative center and can't connect to domain (can't find server with running ADWS).
  What is the problem?

  Hi Yury,
  My apologies for the delay.
  Do you have any progress by now?
  If not, would you please post out related error messages from Event Logs for further analyzing?
  Here are some similar threads below for your references:
  Cannot find an available server in the domain that is running the Active Directory Web Service(ADWS)
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/636daae2-b3b1-4dbd-a4c3-b2c337cf30ed/cannot-find-an-available-server-in-the-domain-that-is-running-the-active-directory-web-serviceadws?forum=winserver8setup
  Error setting up Active Directory Domain Services (AD DS)
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/93a31aac-3d48-4b38-9acd-8fd9c3bf44df/error-setting-up-active-directory-domain-services-ad-ds?forum=winserverDS
  How can I connect to a remote domain using Active Directory Administrative Center (ADAC)?
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/2b2758bb-56cf-4aa4-a249-09ed8950c333/how-can-i-connect-to-a-remote-domain-using-active-directory-administrative-center-adac?forum=windowsserver2008r2management
  Regards,
  Amy