Active Directory Operation on Disater Recovery Drill

Hye everybody,
Need some advice from you guys, i'll have to be ready for the DR Drill in upcoming week, my concern is this scenario, if we have a PDC in HQ, DC (GC) some branchs, and also DC (GC) in DR site. So when we do the DR operation where we disconnect the network
line in HQ and we swing all system apps including AD. it also involve the branch network that will pointing to DR site.
The testing that we have to do in DR Drill is such user authnetication, join domain session, replication, GPO and also make sure all the test are success or we get scold.. 8)
So what is the best practice from microsoft site or old timer here on what i should do to make this AD operation at DR is succcesfully working like normal.
Hope i'llvhave some input from you guys, thanks..

Hello,
for the branch office, make sure that you have at least one DC / DNS / GC server. When a disaster occur on the HQ then you have to change the IP configuration settings of the client computers in the Branch Office so that they will point to this DC as a primary
DNS server. Like that, all should be okay with domain authentication, group policy applicance ...
Now, for FSMO roles, if you don't resize them then you will get problems like
You are unable to perform changes on AD schema
Time Sync problems
If the HQ DCs are unrecoverable then I recommend proceeding by resizing FSMO roles on DCs of the Branch Office. If not, you can:
Wait until these DCs are back
Resize FSMO roles and when the DCs of HQ will be back then force their demotion using
dcpromo /forceremoval. Note that if resized, DCs of HQ should never be online before demotion
Also, after these changes, you have to make sure that there is at least two DC / DNS / GC servers in the branch office. If not, add a new one. Like that, you will reduce risks of losing your domain.
Before a disaster appear, you have to make sure that AD replication is made correctly.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrator

Similar Messages

  • "Active Directory operation failed on DC " when assigning Send As permissions on a distribution group

    I'm trying to give a mailbox user Send As right for a distribution group. But the cmdlet comes back with this:
    Get-DistributionGroup MyGroup | Add-ADPermission -user albert -ExtendedRights Send-As
    Active Directory operation failed on <DC fqdn>. This error is not retriable. Additional information: Access is denied.
    Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
        + CategoryInfo          : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
        + FullyQualifiedErrorId : FE24751F,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
    What could be the problem, considering the items below :
    - inheritance is not broken to the level of the distribution group object
    - the account used to run the cmdlet is a member of the Organization Management group
    - creating a new distribution group in the same OU and running the command works as expected; checking the permission for this group against MyGroup (using Get-DistributionGroup testgroup | Get-ADPermission | Sort-Object User,AccessRights | ft user,accessrights,extendedrights,properties)
    shows no differences.
    - adding the permission using ADUC results in the user being able to Send As the group, however I'm trying to find out the root cause of the Powershell cmdlet execution problem
    - there is no Deny permission on the group's ACL
    - the group didn't have the "Hide Membership" feature of Exchange 2003 applied, so there shouldn't be any non-canonical ACL issues

    Anyone ever come up with a solution to this?  I get something similar when Activesync tries to create objects on user containers.
    Exchange ActiveSync doesn't have sufficient permissions to create the "CN=Test User,OU=Domain Users,DC=domain,DC=com" container under Active Directory user "Active Directory operation failed on DELL7S09.domain.com. This error is not retriable.
    Additional information: Access is denied.
    Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
    Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchActiveSyncDevices" and doesn't have any deny permissions that block such operations.
    Details:%3
    So...I get this after I introduced a MS Exchange 2010 SP3 RU8 server into my environment.  You can find LOTS of people suggesting the same fix but I've not found anything that deviates from those fixes:  check the "inherit permissions",
    and give full permis to msExchActiveSync devices for the Exchange Servers security group, blah blah.
    I got to this point by following a Migrate to Exch2010 paper by MS.  I have no Win2k servers, my old Exchange server is Win2003r2SP2 with Exch2003SP2 fully patched.  The Exch server is also a DC.  I installed a new 2012r2 server and then patched
    it.  Installed Exch2010SP3Ru8 and all seems well.  
    The old Exch2003 server is still in production.  My iPhone army connects remotely for mail, and all works great.  I created a new Test User in AD, gave it a mailbox on the 2003 server, and waited a bit.  It eventually shows up in the Server
    Manager on the new 2010 Exch Server.  I send it a bunch of emails, connect to it with an outook client on a Win7 machine, all works.  I go to the SM on the 2010 box and migrate the mailbox to the new server.  It works.  I can connect with
    outlook, send receive mail to other users in the org.  I then try to connect with my iPhone and I get the message in Event Viewer over and over.
    Went so far as to Promo the new 2012 server to a DC.  seems to be fine.  Now am wondering if I Demote the old Exch2003 server will it help...or cause a new crop of issues....

  • Can not update exchange due to error with Active directory

    Error:
    The following error was generated when "$error.Clear();
     Install-CannedRbacRoles -InvocationMode $RoleInstallationMode -DomainController $RoleDomainController
    " was run: "Active Directory operation failed . This error is not retriable. Additional information: Access is denied.
    Active directory response: 00000005: SecErr: DSID-031520B2, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
    I have tried everything I can find on the web. any assistance would be appreciated. Thank you.

    I see now that you have logged into domain
    Another thing, check if Allowed Inheritance is blocked on this account (bmoore)?
    Cheers,
    Gulab Prasad
    Technology Consultant
    Blog:
    http://www.exchangeranger.com    Twitter:
      LinkedIn:
       Check out CodeTwo’s tools for Exchange admins
    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

  • Exchange 2013 cu3 setup fails with 'problem... validating the state of Active Directory... supplied credential... invalid'

    Windows Server 2013; Exchange Server 2013 with Cumulative Update 1
    Cannot install Cumulative Update 3 for Exchange Server 2013. It fails with
    [xxx] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Active Directory operation failed on . The supplied credential for 'XXX\Xxx' is invalid.  See the Exchange setup log for more information on this error.
    [xxx] [0] [ERROR] Active Directory operation failed on . The supplied credential for 'XXX\Xxx' is invalid.
    [xxx] [0] [ERROR] The supplied credential is invalid.
    (Crosses - XXX - replace original values.)
    I have found that a few others have experienced the same problem but found no solution, nor could come up with anything myself. If it is any hint, Event 40961 was logged in the Event Viewer around the same time on almost all installation attempts to be purely
    conincidental:
    The Security System could not establish a secured connection with the server
    ldap/xxx.xxx/[email protected] No authentication protocol was available.
    Both Windows Server and Exchange Server otherwise work OK, and do not recall any issues with Cumlative Update 1 installation.

    Hi vhr1,
    Based on my knowledge, the Event ID 40961 is a warning message.
    This behavior occurs when we restart the server that was promoted to a DC. The Windows Time service tries to authenticate before Directory Services has started.
    Found some resources for your reference even if the Exchange Version is mismatched:
    http://blogs.technet.com/b/jhoward/archive/2005/04/20/403946.aspx
    http://support.microsoft.com/kb/823712/en-us
    About the error message, "Setup encountered a problem while validating the state of Active Directory: Active Directory operation failed on . The supplied credential for 'XXX\Xxx' is invalid."
    The error message InvalidCredentials means: the wrong password was supplied or the SASL credentials cannot be processed.
    Found a similar thread for your reference, hope it is helpful:
    http://social.technet.microsoft.com/Forums/en-US/98e26ad6-8e43-4ef5-8ff9-e9fee6e76bda/bind-operation-is-invalid?forum=exchangesvrdeploylegacy
    Feel free to contact me if there is any problem.
    Thanks
    Mavis
    Mavis Huang
    TechNet Community Support

  • Changing user password in Active Directory using the JNDI GSS-API/Kerberos5

    Hello,
    I am trying to the JNDI GSS-API to change a user password on an Active Directory Server 2003. I have seen a variation of this using SSL on the thread [*http://forums.sun.com/thread.jspa?threadID=592611&start=0&tstart=0*|http://forums.sun.com/thread.jspa?threadID=592611&start=0&tstart=0]
    but I can't seem to make this work using the GSS-API. I can successfully create a javax.security.auth.login.LoginContext.LoginContext and then call the login method on it to log in as a user. I then call the javax.security.auth.Subject.doAs() method which calls the run method in a class extending the javax.security.PrivilegedActionClass. But when I actually try to change the password using InitialDirContext.modifyAttributes(), I get the exception:
    *javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-03190DC9, problem 5003 (WILL_NOT_PERFORM), data 0*
    *If anyone can help me figure out why it doesn't work, that would be great!*
    P.S: I know the error seems to suggest that there might be some active directory setting that is preventing this from working, but I've checked all relevant settings on the Windows 2003 server Active Directory that I can think of: In the User properties->Account->Account options, I've made sure the user can change password. Also, in the Group Policy->Computer Configuration->Windows Settings->Security Settings->Account Policies->Password Policy, Maximum password age is zero and so is minimum password age.
    Here's my java code:
    {code}import javax.naming.*;
    import javax.security.auth.*;
    import java.security.PrivilegedAction;
    import java.io.UnsupportedEncodingException;
    public void changeSecret((String uid, String oldPassword, String newPassword)
         throws NamingException, ACException{
    try {
         K5CallbackHandler cb = new K5CallbackHandler(uid, oldPassword);
         LoginContext lc = new LoginContext("marker", cb);
         lc.login();
         Subject.doAs(lc.getSubject(), new ChangePasswordAction(rz.getName(), oldPassword, newPassword));
         catch(LoginException e) {
         try {
              lc.logout();
         catch(LoginException e) {
    }ChangePasswordAction.java is:import javax.naming.*;
    import javax.naming.naming.directory.*;
    import java.io.UnsupportedEncodingException;
    private class ChangePasswordAction implements PrivilegedAction {
         private String uid;
         private String quotedOldPassword;
         private String quotedNewPassword;
         public ChangePasswordAction(String uid, String oldPassword, String newPassword) {
              this.uid = uid;
              quotedOldPassword = "\"" + oldPassword + "\"";
              quotedNewPassword = "\"" + newPassword + "\"";
         public Object run() {
              Hashtable env = new Hashtable(11);
              env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
              env.put(Context.PROVIDER_URL, "ldap://ad2k3:389");
              env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
              try {
                   DirContext ctx = new InitialDirContext(env);
                   ModificationItem[] mods = new ModificationItem[2];
                   byte[] oldPasswordUnicode = quotedOldPassword.getBytes("UTF-16LE");
                   byte[] newPasswordUnicode = quotedNewPassword.getBytes("UTF-16LE");
                   mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldPasswordUnicode));
                   mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newPasswordUnicode));
                   ctx.modifyAttributes(uid, mods);
                   ctx.close();
              } catch (NamingException e) {
              } catch (UnsupportedEncodingException e) {
              return null;
    }K5CallbackHandler is:import javax.security.auth.callback.*;
    final class K5CallbackHandler
    implements CallbackHandler {
         private final String name;
         private final char[] passwd;
         public K5CallbackHandler(String nm, String pw) {
              name = nm;
              if(pw == null) {
                   passwd = new char[0];
              else {
                   passwd = pw.toCharArray();
         public void handle(Callback[] callbacks)
         throws java.io.IOException, UnsupportedCallbackException {
              for(int i = 0; i < callbacks.length; i++) {
                   if(callbacks[i] instanceof NameCallback) {
                        NameCallback cb = (NameCallback) callbacks;
                        cb.setName(name);
                   else {
                        if(callbacks[i] instanceof PasswordCallback) {
                             PasswordCallback cb = (PasswordCallback) callbacks[i];
                             cb.setPassword(passwd);
                        else {
                             throw new UnsupportedCallbackException(callbacks[i]);
    }The relevant entry in the JAAS.conf file that is referred to as "marker" in the LoginContext constructor is:
    marker {
    com.sun.security.auth.module.Krb5LoginModule required client=TRUE;

    This is one of the two Active Directory operations I have never solved using Java/JNDI. (FYI the other one is Cross Domain Move).
    My gut feel is that the underlying problem (which happens to be common to both Change Password & X-Domain Move) is that Java/JNDI/GSSAPI does not negotiate a sufficiently strong key length that allows Active Directory to change passwords or perform cross domain moves when using Kerberos & GSSAPI.
    Active Directory requires at a minimum, 128 bit key lengths for these security related operations.
    In more recent Kerberos suites and Java versions, support for RC4-HMAC & AES has been introduced, so it may be possible that you can negotiate a suitably string key length.
    Make sure that your Kerberos configuration is using either RC4-HMAC or AES and that Java is requesting a strong level of protection. (You can do this by adding //Specify the quality of protection
    //Eg. auth-conf; confidentiality, auth-int; integrity
    //confidentiality is required to set a password
    env.put("javax.security.sasl.qop","auth-conf");
    //require high strength 128 bit crypto
    env.put("javax.security.sasl.strength","high"); in your ChangePasswordAction class.
    You may also want to enable sasl logging in your app to see what exactly is going on and you may also want to check on the Java Security forum how to configure/enforce/check both RC4-HMAC or AES is used as the Kerbeos cipher suite and that a string key length is being used.
    Good luck.

  • Active directory response: 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    Hi All,
    I have just added my first 2010 exchange server to our organisation.
    Upon trying to enter the product key, i get the following:
    Error:
    Active Directory operation failed on DC01.myorg.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
    Active directory response: 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
    The user has insufficient access rights.
    Click here for help...
    http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.1.218.11&t=exchgf1&e=ms.exch.err.Ex6AE46B
    Exchange Management Shell command attempted:
    set-exchangeserver -Identity 'CAS01' -ProductKey 'xxxxx-xxxxx-xxxxx-xxxxx-xxxxx'
    I get a similar error when trying to run the cmdlet New-ClientAccessArray.
    It would appear there is a inheritance of permissions issue somewhere but where. Most other references to this error are on mailbox moved where the error is with the mailbox being moved. where is it here?
    Any thoughts? This is driving me mad :(

    Hi,
    After much research on the forums I found this solution that worked for me:
    Technet
    Article
    Tanks,
    Arthur.

  • MBAM bitlocker-protected removable drives recovery keys saved on sql database not active directory

    Hi Guys
    I need help in saving bitlocker protected removable drives on the sql database instead of active directory .
    I have tried to play around with the policy and I am not winning , currently my GPO : Choose how bitlocker-protected removable drives can be recovered has only the allow data recovery agent chosen and I have left out all the AD DS option unticked
    Please point me in the right direction on how to achieve this , I want all my keys in a SQL database so the users can recover the keys themselves using the mbam helpdesk website

    Under client management, define your endpoint URLs. You can see the help and the description section for that particular policy. Copy and paste the URL removing the port number and replace the name of the Server with that of your MBAM Web server.
    Also, Disable or don't configure the policy "Choose how bitlocker protected removable Drives can
    be recovered".
    This will save your recovery keys to the MBAM DBs.
    Gaurav Ranjan

  • Active directory users and computers wont start on a dc, "the server is not operational"

    In our environment, we have 3 dc's 
    two which run server 2008 (they work perfectly)
    and one never off branch dc that runs server 2008 r2.
    We have been having some problems where we feel the replication isnt up too speed(stuff could take up to 24 hours to replicate) and now when i tried opening active directory users and computers i am met with this error window:
    We have a third party DNS solution.
    How do i troubleshoot this issue?

    dc01 (which replicates perfectly with dc02, and vise versa)
    dcdiag /test:dns
    C:\Users\adminuser>dcdiag /test:dns
    Domain Controller Diagnosis
    Performing initial setup:
    Done gathering initial info.
    Doing initial required tests
    Testing server: Hostingpartner\ourdc01
    Starting test: Connectivity
    ......................... ourDC01 passed test Connectivity
    Doing primary tests
    Testing server: Hostingpartner\ourdc01
    DNS Tests are running and not hung. Please wait a few minutes...
    Running partition tests on : ForestDnsZones
    Running partition tests on : DomainDnsZones
    Running partition tests on : Schema
    Running partition tests on : Configuration
    Running partition tests on : int
    Running enterprise tests on : int.domain.com
    Starting test: DNS
    Test results for domain controllers:
    DC: ourdc01.int.domain.com
    Domain: int.domain.com
    TEST: Delegations (Del)
    Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain domaindnszones.int.domain.com.]
    Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain forestdnszones.int.domain.com.]
    Summary of test results for DNS servers used by the above domain controllers:
    DNS server: xx.xx.xx.32 (ourdc02.int.domain.com.)
    2 test failures on this DNS server
    Delegation is broken for the domain domaindnszones.int.domain.com. on the DNS server xx.xx.xx.32
    Delegation is broken for the domain forestdnszones.int.domain.com. on the DNS server xx.xx.xx.32
    Summary of DNS test results:
    Auth Basc Forw Del Dyn RReg Ext
    Domain: int.domain.com
    ourdc01 PASS PASS PASS FAIL n/a PASS n/a
    ......................... int.domain.com failed test DNS
    dcdiag on dc01(which can replicate with dc02)
    C:\Users\adminuser>dcdiag
    Domain Controller Diagnosis
    Performing initial setup:
    Done gathering initial info.
    Doing initial required tests
    Testing server: hostingpartner\ourdc01
    Starting test: Connectivity
    ......................... OURDC01 passed test Connectivity
    Doing primary tests
    Testing server: hostingpartner\ourdc01
    Starting test: Replications
    [Replications Check,OURDC01] DsReplicaGetInfoW(PENDING_OPS) failed with error 8453,
    Win32 Error 8453.
    ......................... OURDC01 failed test Replications
    Starting test: NCSecDesc
    ......................... OURDC01 passed test NCSecDesc
    Starting test: NetLogons
    [OURDC01] User credentials does not have permission to perform this operation.
    The account used for this test must have network logon privileges
    for this machine's domain.
    ......................... OURDC01 failed test NetLogons
    Starting test: Advertising
    ......................... OURDC01 passed test Advertising
    Starting test: KnowsOfRoleHolders
    ......................... OURDC01 passed test KnowsOfRoleHolders
    Starting test: RidManager
    ......................... OURDC01 passed test RidManager
    Starting test: MachineAccount
    ......................... OURDC01 passed test MachineAccount
    Starting test: Services
    ......................... OURDC01 passed test Services
    Starting test: ObjectsReplicated
    ......................... OURDC01 passed test ObjectsReplicated
    Starting test: frssysvol
    ......................... OURDC01 passed test frssysvol
    Starting test: frsevent
    ......................... OURDC01 passed test frsevent
    Starting test: kccevent
    ......................... OURDC01 passed test kccevent
    Starting test: systemlog
    An Error Event occured. EventID: 0xC0002719
    Time Generated: 04/04/2013 15:04:29
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0002719
    Time Generated: 04/04/2013 15:04:50
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0002719
    Time Generated: 04/04/2013 15:10:56
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0002719
    Time Generated: 04/04/2013 15:11:17
    (Event String could not be retrieved)
    ......................... OURDC01 failed test systemlog
    Starting test: VerifyReferences
    ......................... OURDC01 passed test VerifyReferences
    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom
    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom
    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom
    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom
    Running partition tests on : int
    Starting test: CrossRefValidation
    ......................... int passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... int passed test CheckSDRefDom
    Running enterprise tests on : int.domain.com
    Starting test: Intersite
    ......................... int.domain.com passed test Intersite
    Starting test: FsmoCheck
    ......................... int.domain.com passed test FsmoCheck
    The problematic dc03:
    Dcdiag gives the same output as dcdiag /test:dns
    C:\Users\adminuser>dcdiag
    Directory Server Diagnosis
    Performing initial setup:
    Trying to find home server...
    Home Server = OURDC03
    Ldap search capabality attribute search failed on server NTSDC03, return
    value = 81
    We have an infoblox dns server on ip address xxx.y.y.251.
    first error in event logs on dc03:
    error 1863
    This is the replication status for the following directory partition on this directory server.
    Directory partition:
    CN=Configuration,DC=int,DC=domain,DC=com
    This directory server has not received replication information from a number of directory servers within the configured latency interval.
    Latency Interval (Hours):
    24
    Number of directory servers in all sites:
    2
    Number of directory servers in this site:
    2
    The latency interval can be modified with the following registry key.
    Registry Key:
    HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
    To identify the directory servers by name, use the dcdiag.exe tool.
    You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".
    i have also go several warning 2088, 2093, 2087.
    And errors 1863 pointing to different directory partitions like schema/configuration/domaindnszones/forestdnszones

  • Active Directory Certificate Services setup failed with the following error: Overlapped I/O operation is in progress. 0x800703e5 (WIN32: 997)

    Hi,
    I am trying to install certificate services on a windows 2008 server (R2 ENT SP1) with a PCIe nCipher HSM module installed on it. The version of nCipher SW is = 11.30.  It is a RootCA, and I am trying to use a key that is already stored in the HSM (I
    have done this before with a PCI HSM (older HW version)).  I select “Use existing private key” and “Select an existing private key on this computer” on the wizard, then i change the CSP to nCipher and click on "search" the key I am looking for
    appears and I select that one.  I repeat, I have done this before and it works with a PCI HSM module.
    The installation is finished before being prompted to insert the operator cards, and it ends with two errors:
    <Error>: Active Directory Certificate Services setup failed with the following error: Overlapped I/O operation is in progress. 0x800703e5 (WIN32: 997)
    And:
    <Error>: Active Directory Certificate Services setup failed with the following error: The group or resource is not in the correct state to perform the requested operation.
    0x8007139f (WIN32: 5023)
    The servermanager.log says:
    1856: 2014-07-23 18:27:48.195 [CAManager]                 Sync: Validity period units: Years
    1856: 2014-07-23 18:27:48.928 [Provider] Error (Id=0) System.Runtime.InteropServices.COMException (0x800703E5): CCertSrvSetup::Install: Overlapped I/O operation is in progress. 0x800703e5 (WIN32: 997)
       at Microsoft.CertificateServices.Setup.Interop.CCertSrvSetupClass.Install()
       at Microsoft.Windows.ServerManager.CertificateServer.CertificateServerRoleProvider.Configure(InstallableFeatureInformation featureInfo, DiscoveryResult discoveryResult, ChangeTracker changeTracker)
    1856: 2014-07-23 18:27:48.928 [Provider]                  CAErrorID: 0, CAErrorString: 'Active Directory Certificate Services setup failed with the following error:  Overlapped I/O operation is in progress.
    0x800703e5 (WIN32: 997)'
    1856: 2014-07-23 18:27:48.928 [Provider]                  Adding error message.
    1856: 2014-07-23 18:27:48.928 [Provider]                  [STAT] For 'Certification Authority':
    And:
    1856: 2014-07-23 18:27:49.053 [CAWebProxyManager]         Sync: Initializing defaults
    1856: 2014-07-23 18:27:49.162 [Provider] Error (Id=0) System.Runtime.InteropServices.COMException (0x8007139F): CCertSrvSetup::Install: The group or resource is not in the correct state to perform the requested operation. 0x8007139f (WIN32: 5023)
       at Microsoft.CertificateServices.Setup.Interop.CCertSrvSetupClass.Install()
       at Microsoft.Windows.ServerManager.CertificateServer.CertificateServerRoleProvider.Configure(InstallableFeatureInformation featureInfo, DiscoveryResult discoveryResult, ChangeTracker changeTracker)
    1856: 2014-07-23 18:27:49.162 [Provider]                  CAErrorID: 0, CAErrorString: 'Active Directory Certificate Services setup failed with the following error:  The group or resource is not in the correct
    state to perform the requested operation. 0x8007139f (WIN32: 5023)'
    1856: 2014-07-23 18:27:49.162 [Provider]                  Adding error message.
    Has anyone experienced this before? Am I missing something here?
    Any help will be very appreciated
    Thanks in advance
    Best regards
    Alejandro Lozano Villanueva

    Hi, thanks for your support.
    I have been playing around a bit with some ncipher commands and found this:
    C:\Program Files (x86)\nCipher\nfast\bin>cspcheck.exe
    cspcheck: fatal error: File key_mscapi_container-1c44b9424a23f6cddc91e8a065241a0
    9aa719e4f (key #1): 0 modules contain the counter (NVRAM file ID 021c44b9424a23f
    6cddc91)
    cspcheck: information: 2 containers and 2 keys found.
    cspcheck: fatal error occurred.
    If I perform the same command on the original server (the server with the original kmdata folder and with the running RootCA services):
    E:\nfast\bin>cspcheck.exe
    cspcheck: information: 2 containers and 2 keys found.
    cspcheck: everything seems to be in order.
    Strange?
    Moreover, when I do a csptest.exe command (also on both servers, i find this)
    On the new server:
    C:\Program Files (x86)\nCipher\nfast\bin>csptest.exe
    nCipher CSP test software
    =========================
    Found the nCipher domestic CSP named 'nCipher Enhanced Cryptographic Provider'
      Provider name: nCipher Enhanced Cryptographic Provider
      Version number: 1.48
    User key containers:
        Container 'csptest.exe' has no stored keys.
        Container 'Administrator' has no stored keys.
      Machine key containers:
        Container '352dd28a-17cb-4c6f-b6e4-bf39bcf75db5' has a 2048-bit signature key.
        Container 'ROOTCA' has no stored keys.
        Container 'csptest.exe' has no stored keys.
    While in the old server:
    E:\nfast\bin>csptest.exe
    nCipher CSP test software
    =========================
    Found the nCipher domestic CSP named 'nCipher Enhanced Cryptographic Provider'
      Provider name: nCipher Enhanced Cryptographic Provider
      Version number: 1.40
    User key containers:
        Container 'csptest.exe' has no stored keys.
      Machine key containers:
        Container '352dd28a-17cb-4c6f-b6e4-bf39bcf75db5' has a 2048-bit signature key.
        Container 'ROOTCA' has a 2048-bit signature key.
        Container 'csptest.exe' has no stored keys.
    As you can see, the container called ROOTCA, which is the one that I use during the installation, says it has no stored keys.  While on the old server, it says it contains a key.  Why is this happening?  I dont know, I am copying the complete
    key management folder from one server to another and initialize the security world with that folder as I always do, and i dont have any errors during this procedure. 
    Do you know what could be the cause of this? or how can I fix this?  Thanks a lot, best regards.
    Alejandro Lozano Villanueva

  • Connect Active Directory Sync Error - operation-size-error

    We are on Connect 9. We have our Active Directory Sync running once per day. I received a sync log error as follows:
    E-Learning-All-Empl-grps
    G
    error
    Change$Update$Group: SyncTargetException: StatusException$OperationSizeError: <status code="operation-size-error"/>
    The E-Learning-All-Empl-grps is a distribution list in Active Driectory that is used to contain one of 9 sublists. Each sub-list has up to 800 names. This was to get around an earlier issue with their being a limitation when we are on Breeze that only a max of 800 names could be in any group.
    What does this error mean and how can I correct this?
    Dave

    I tried all of this, I still can not bind my Mac 10.6.3 to Microsoft Windows 2003 R2 Active Directory, and the failure I receive that Time settings between both computers is not synced although the time is the same on both machines, and I restart the NNTP on Windows Server, and added the Active Directory IP Address on the Date & time Settings on Mac.
    Any Help

  • Windows 8 Pro (OEM Activation required) operating system recovery disc

    We bought a Thinkcentre M72Z PC with a windows 7 downgrade.  The PC came with the Windows 8 Pro (OEM Activation required) operating system recovery disc but I cannot load Windows 8 from it.  Does anyone know what steps I have to take to use this disc?  It says the media is provided for recovery purposes, but it is not like an install disc.

    First, the discs that you have do not include Windows, so you are stopped right there. What you had in mind might have worked, but the first thumbdrive has to be made bootable before copying the files on the disc to the thumbdrive.
    Have you tried going into Windows and change the language it uses? I am not sure if installing the language pack is all you need to do. I believe it will only get you part way.
    You may also want to check out this.
    Hoov
    Microsoft MVP - Consumer Security
    SpywareHammer.com

  • Operation Not Supported Exception in JNDI/Active Directory

    Hi all,
    When i am trying to change password or create user from JNDI program
    on Active Directory i am getting OperationNotSupported Exception.
    I wonder i am doing a common mistake in both functions.just when the execution comes to
    ctx.createSubcontext("cn=surendra,cn=Users,DC=ABSI,dc=pcs",attrs);
    in createUser method and
    ctx.modifyAttributes(userString, ctx.REPLACE_ATTRIBUTE, testAttrs);
    in changePassword method i am getting the below exception.
    javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-031D0AAB, problem 5003 (WILL_NOT
    _PERFORM), data 0
    ]; remaining name 'cn=surendra,cn=Users,DC=ABSI,dc=pcs'
    at java.lang.Throwable.fillInStackTrace(Native Method)
    at java.lang.Throwable.fillInStackTrace(Compiled Code)
    at java.lang.Throwable.<init>(Compiled Code)
    at java.lang.Exception.<init>(Exception.java:42)
    at javax.naming.NamingException.<init>(NamingException.java:106)
    at javax.naming.OperationNotSupportedException.<init>(OperationNotSupportedException.java:50)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(Compiled Code)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:657)
    at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Compiled Code)
    at com.sun.jndi.toolkit.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:341)
    at com.sun.jndi.toolkit.PartialCompositeDirContext.createSubcontext(Compiled Code)
    at com.sun.jndi.toolkit.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:258)
    at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:183)
    Your help is needed to go ahead......
    Thanks in advance
    Naga

    Hi!
    I just happened to stumble across your post today looking for something else, but...
    Are you aware that you can only update a password ActiveDirectory/LDAP with a secure network connection? A certificate must be installed on the domain controller and tied to AD, and then the client must support an SSL connection to AD for LDAP. The other attributes in the schema do not have this restriction and can be updated without a secure connection.
    Joel Mussman
    Smallrock Internet Services

  • Active directory issue

    This is the replication status for the following directory partition on this directory server. 
    Directory partition:
    DC=ForestDnsZones,DC=shankarpack,DC=com 
    This directory server has not received replication information from a number of directory servers within the configured latency interval. 
    Latency Interval (Hours): 
    24 
    Number of directory servers in all sites:

    Number of directory servers in this site:

    The latency interval can be modified with the following registry key. 
    Registry Key: 
    HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) 
    To identify the directory servers by name, use the dcdiag.exe tool. 
    You can also use the support tool repadmin.exe to display the replication latencies of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".

    sir, i means that secondary domain server is down due to system motherboard issue.so guide to me that how remove all setting of the secondary domain from primary domain. (shankarpack.com).
    errors are :
    Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more
    domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. 
    Source domain controller: 
     AVS1 
    Failing DNS host name: 
     f0c8f1a9-50fd-4785-8ca4-29b1d824b251._msdcs.shankarpack.com 
    NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1: 
    Registry Path: 
    HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client 
    User Action: 
     1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined
    in MSKB article 216498. 
     2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>". 
     3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns 
      dcdiag /test:dns 
     4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows: 
      dcdiag /test:dns 
     5) For further analysis of DNS error failures see KB 824449: 
       http://support.microsoft.com/?kbid=824449 
    Additional Data 
    Error value: 
     11004 The requested name is valid, but no data of the requested type was found. 
    This is the replication status for the following directory partition on this directory server. 
    Directory partition:
    DC=ForestDnsZones,DC=shankarpack,DC=com 
    This directory server has not received replication information from a number of directory servers within the configured latency interval. 
    Latency Interval (Hours): 
    24 
    Number of directory servers in all sites:

    Number of directory servers in this site:

    The latency interval can be modified with the following registry key. 
    Registry Key: 
    HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) 
    To identify the directory servers by name, use the dcdiag.exe tool. 
    You can also use the support tool repadmin.exe to display the replication latencies of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".
    This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are
    preventing validation of this role. 
    Operations which require contacting a FSMO operation master will fail until this condition is corrected. 
    FSMO Role: DC=shankarpack,DC=com 
    User Action: 
    1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476. 
    2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors.  Correct the error in question. For example there maybe problems with IP connectivity,
    DNS name resolution, or security authentication that are preventing successful replication. 
    3. In the rare event that all replication partners being down is an expected occurance, perhaps because of maintenance or a disaster recovery, you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server.
    This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com. 
    The following operations may be impacted: 
    Schema: You will no longer be able to modify the schema for this forest. 
    Domain Naming: You will no longer be able to add or remove domains from this forest. 
    PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts. 
    RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups. 
    Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.

  • Error while creating a user in Active Directory.

    Hi Guys,
    I am creating a custom connector for AD and Exchnage , I am able to create user in AD using my Java Code... but i am also getting below error, I want to finish the operation smoothly.... Please find below error logs.
    13:51:15,635 ERROR [STDERR] Data AccessException:
    13:51:15,636 ERROR [STDERR] com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: select UD_AD_CHILD_GRP_NAME from UD_AD_CHILD where UD_AD_CHILD_KEY = Description: ORA-00936: missing expression
    SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException
    at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(Unknown Source)
    at com.thortech.xl.dataaccess.tcDataBase.createException(Unknown Source)
    at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(Unknown Source)
    at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
    at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
    at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
    at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
    at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
    at com.thortech.xl.adapterfactory.events.tcAdpEvent.getChildTableFieldValue(Unknown Source)
    at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
    at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
    at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
    at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
    at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    at com.thortech.xl.dataobj.tcScheduleItem.insertResponseMilestones(Unknown Source)
    at com.thortech.xl.dataobj.tcScheduleItem.eventPostUpdate(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    at com.thortech.xl.adapterfactory.events.tcAdpEvent.updateSchItem(Unknown Source)
    at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeProcessAdapter(Unknown Source)
    at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeAdapter(Unknown Source)
    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpCREATEADUSER.implementation(adpCREATEADUSER.java:85)
    at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
    at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
    at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(Unknown Source)
    at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
    at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(Unknown Source)
    at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(Unknown Source)
    at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
    at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
    at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
    at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
    at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
    at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
    at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
    at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
    at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
    at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
    at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
    at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
    at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
    at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
    at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
    at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
    at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
    at org.jboss.ejb.Container.invoke(Container.java:960)
    at sun.reflect.GeneratedMethodAccessor135.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
    at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
    at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
    at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
    at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
    at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
    at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
    at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
    at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
    at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
    at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
    at $Proxy758.setProcessFormData(Unknown Source)
    at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
    at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
    at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
    at $Proxy803.setProcessFormData(Unknown Source)
    at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(Unknown Source)
    at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
    at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
    at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
    at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
    at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
    at java.lang.Thread.run(Thread.java:619)
    Thanks,
    Hemant

    at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
    This is definitely a Custom Adapter because OOTB Adapter name is adpADCSADDUSERTOGROUP and NOT adpADDUSERTOADGROUP
    So, it is your custom code and in the code you are passing incorrect value of the Active Directory Child process form...
    The correct name is UD_ADUSRC and the Group Name column name is UD_ADUSRC_GROUPNAME.
    While you are passing UD_AD_CHILD as the child process form and UD_AD_CHILD_GRP_NAME as Group Name column name..
    Use OOTB Adapter... Correct these discrepancies... Your addition of group will work
    And since you are creating custom adapter, you need to be more careful and remain consistent throughout..
    Then if you want to use UD_AD_CHILD_GRP_NAME, use it everywhere consistently... Pass only this value in the adapter...
    And even in lookups, if any... Search everywhere... Keep things consistent... They will work... Because good news is that you are able to create user in AD via Java Code...
    And if any post is even slightly helpful, it is a good habit to mark it with helpful or correct ... And also mark the entire question as answered so that other people also are benefited.

  • Laptop (Running Windows 8.1) no longer able to print and now see message Active Directory Domain Services is not available

    Have a very recent Lenovo Ideapad Laptop running Windows 8.1. Connected via USB port to HP LaserJet Pro CM1415 frw Color MFP Printer. Was able to print fine nearly 2 weeks ago, but something recently happened - either a new windows or office 2013 update
    or perhaps I blew away a certain file by mistake. I can see the printer installed but cannot print to it from anything (Word, Notepad, IE, Firefox etc.). The one thing to note is that usually when I plug or unplug a USB related device, Windows 8.1 recognizes
    this and makes a certain chime noise, but with the printer USB cable it never makes that noise - making me think that it never fully recognizes the printer. Also when I select the printer (from within the control panel) and right click for properties (via
    admin rights) It never lets me fully connect to it.
    I have tried all the usual remedies - remove, install all drivers, reinstall printer, Windows update, start/stop print spooler and all other printer related services,  etc. Its really annoying because this printer was working fine nearly 2
    weeks ago. Looking for any advice now. Thanks.
    -Chris

    Hi Chris,
    à
    I have tried all the usual remedies - remove, install all drivers, reinstall printer, Windows update, start/stop print spooler and all other printer related services, etc.
    I noticed that you had reinstalled the printer. Just a confirmation, when un-install this printer, please check
    if this printer still exist in registry. For more details, please refer to following KB.
    Registry entries for printing
    If printer entry still exist in registry, please delete that printer entry and re-install this printer again,
    then check if this issue still exists. (Please backup registry entries before operating registry. It will help us to avoid unexpected issue.)
    àand now see
    message Active Directory Domain Services is not available
    By the way, would you please let me know where/when get this
    Active Directory Domain Services is not available error message? Or provide a screenshot of it?
    (Please hide all protected or private information) Please check if all services are running correctly on the computer. Meanwhile, please refer to following article and check if can help you.
    Printer
    Problem: Active Directory Domain Services is currently unavailable – Why does windows say no printers are installed?
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
    does not guarantee the accuracy of this information.
    If any update, please feel free to let me know.
    Hope this helps.
    Best regards,
    Justin Gu

Maybe you are looking for

  • Posting Limits for Parked Documents

    In our office, user X is having a posting limit set in (using OBA4 and OB57 ) is Rs 1000 only and he is parking a document. Another user Y who is having authorisation to post the parked document using FBV0 has a posting limit of Rs 800 only. Whereas

  • My Applications, Mail, Contacts, Calendars, Reminders, Safari, Notes, Documents, & Data, Find My iPad,  Because of  Inactivity iCloud not open.

    My Applications, Mail, Contacts, Calendars, Reminders, Safari, Notes, Documents, & Data, Find My iPad,  Because of  Inactivity iCloud not open. Habibullah Allah Yar <Personal Information Edited by Host>

  • Two docks?

    I use two monitors on one computer. One is the iMac, the other is an interactive drawing tablet/display, like a Wacom Cintiq. I have them set up as double-wide extended desktop, which works fine, but to address the iMac requires a mouse, the other us

  • Font Names at top of first help topic

    I'm using Robohelp for Microsoft Word X5.0.1. For all of our legacy apps, we have been generating our help file from Word documents in the WinHelp 4 format. I am currently involved with a long term project upgrading all of our legacy applications to

  • Oracle AS 9.0.4 and ojdbc14 - 4k blob issue

    Greetings, Perhaps someone has faced this issue before and could offer some help.. I'm trying to insert a blob (>4k) into an Oracle 10g database. To verify that it is an oracle-specific issue that I am having, I've tried with the following configurat