Active Directory OU is not reflected on Client PC

Similar Messages

• Does Active directory support for linux/mac/ubuntu clients?

  Hello everyone,
  I am pretty new to Active directory and my company has few requirements which he need to achieve by implementing Microsoft Active directory. I tried reading some blogs/documents on google but was not able to get the clear understanding. So would request
  you all to please help me in getting the correct answers.
  1) Does AD supports linux/mac/ubuntu clients getting authenticated from it?
  2) Does AD supports root/non-root privilege login which is like admin/non-admin rights in windows for linux/mac/ubuntu?
  3) Does Password policy works well on linux/mac/ubuntu cleints?
  4) Does AD support auto-loading application after successful login in linux/mac/ubuntu clients? For eg: Logging into jabber client as soon as user logins IN.
  5) Can AD trace and log the authentication information for linux/mac/ubuntu clients?
  6) Does AD support rules based login for linux/mac/ubuntu clients?
  7) Do we have high availability in AD runing Active-Active?
  8) can we push patched/security policies via AD on linux/mac/ubuntu clients?
  9) Can we schedule crons for linux/mac/ubuntu clients via AD like we have task schedules set-up in Windows?
  10) Can linux/mac/ubuntu cleints be included part of GPO?
  11) Auto-backups or auto mapping of shared drives by AD on widnows/linux/mac/ubuntu cleints?
  12) Can we capture licenses etc(Server management) thing in AD.
  13) Does AD support communication over SSL.
  14) Does AD supports SSO authentication for linux/mac/ubuntu clients?
  Thanks guys in advance
  Regards
  Sam

  While I cannot speak for mac clients, there is a labour intensive method that allows linux distros to be able to connect to AD in a windows environment.  Take a look at 
  http://technet.microsoft.com/en-us/magazine/2008.12.linux.aspx
  for tips.  Please note, it was designed with the Fedora/Red Hat Core in mind, but ubuntu distro's will also work, you just need the appropriate packages.

• Changes in server side java file not reflecting in Client side java code?

  Hi friends,
  iam using eclipse IDE, JBoss server, SWING GUI and Oracle DB
  ( looks like : SWINGGUI (Client) <--> EJB's (serverside) <---oracle )
  my problem is , when i make change in server side bean file, that changes are not reflecting in GUI programs.
  (for ex: iam adding settr and getter for a field and using that in GUI program. but its not identifying that setter or getter).
  please tell me what should i do for every change done to server side program, that should reflect / available to GUI?

  my problem is , when i make change in server side bean file, that changes are not reflecting in GUI programs.
  (for ex: iam adding settr and getter for a field and using that in GUI program. but its not identifying that setter or getter).what do you mean it's not "identifying" the methods?
  you have to call those methods you know
  are you getting NoSuchMethodError?
  please tell me what should i do for every change done to server side program, that should reflect / available to GUI?you haven't posted any code or error messages that might help us debug

• Active Directory server is not available

  i have just setup and started testing a new exchange 2007 on my network. we did not have a exchange before, so this is a new install.
  my domain, xxx.com is a windows 2000 native AD. the exchange 2007 is a win 2003 sp1 x64, it is also a DC and has all roles assigned to it
  in my network i have
  dc01 win2000 sp4  dc (gc)
  dc02 win2000 sp4 dc (gc)
  exch01 win 2003 sp1 dc, rid, pdc, fmso, gc, infrastucture and naming
  the install went well, and i have been testing it for the past 2 weeks this dummy accounts. test smtp connectors, etc. all was working fine. to the point that i have started planing the migration of the users
   today i did some mods to IIS for a owa free SSL from startcom (as well as the root CAs). i have remove it since.
  i now get the following errors when i start the console, or shell. :
  Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
  It was running command 'get-ExchangeAdministrator'.
  The following error(s) were reported while loading topology information:
  get-ExchangeServer
  Failed
  Error:
  Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
  A local error occurred.
  get-UMServer
  Failed
  Error:
  Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
  A local error occurred.
  HELP.. i have no idea what it does not like.
   exbpa does not report anything, i even get it to connect to the exch01 for it AD access.
  Any ideas??
  Thanks
  Paul Gartner
  (over all i like what i have been seeing in ex2007) 

  i think that you might be confusing "AD user account" and "profile". you DO NOT delete administrator from your AD Users and Computers. you only delete the Profile (\documents and settings\administrator folder). you can NOT do this while you are logged on using the administrator account.
  be sure to backup any data in your my documents and any favorites
  create another user that is in the domain admin group of your active directory, log on with that account and verify that the exchange tools works. then follow this to remove the profile.
  >1). Logon the Exchange server by using another admin account.
  >2). Open Control Panel, select System.
  >3). Select Advanced tab and click the Settings button of User Profile.
  >4). Delete the Profile of user which encounters this issue.
  >5). Click OK.
  >6). Restart the server and logon it by using Administrator account.
  > 
  once this is done, logon with your administrator account and try the tools again, they should work.tn
  Paul Gartner

• DNS The Zone cannot be deleted - the active directory service is not available

  Hello TechNet Members,
  As you can see from the Summery, I got this message when I'm trying to delete DNS Zone.
  It's not matter if the DNS Zone newly created or its an Old One.
  After this message the computer is telling you "The Computer is about to make Restart".
  It's so strange and i really don't know what to check first.
  More Information:
  5 Servers that Replicate together.
  The Operation System is Windows Server 2012R2 for all the entire DC's
  1 Domain In the Forest.
  Thanks,

  Hi Jesper,
   DCdiag /fix and no errors in there everything marked as PASSED.
   I did Demotion for one of the DC to troubleshoot, but with no luck i'm back to the same point i started
   I tried to delete the brand new Zone from the commandline using DNScmd it's still not working and the  computer is reboot himslef.
  I've checked the permissions from the ADSIEdit.msc:
  Inherit from MicrosoftDNS section to the ROOT
  DNSAdmins > Full Control
  Domain Admins > Full Control
  From "DNS Server" section at the EventViewer
  The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS
  data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet
  Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
  "The DNS server was unable to complete directory service enumeration of zone TestZone1.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active
  Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error. "
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  Thanks,

• Active Directory cn field not updated from sap HR using ldap.

  Hi,
  Apologies if this is in the wrong forum area.
  I am using the LDAP facility to create and modify Active Directory records from sap HR. Initially, the name field cn that was coming across into AD was in the format of the logical system and employee number, eg, RD4CLNT22000000711.
  I then implemented the BADI HRLDAP_ATTRIBUTES which then changed this name field cn in the active directory listing to the format; surname, forename.
  It works fine when I create a new user, however the problem comes when I update the persons name in the sap hr module. The data that comes across into Active Directory shows the change to the persons surname sn, forename and displayname fields is there but the cn field is still showing as the previous name.
  In short, when a new user is created, the cn field in active directory is correct
  (surname, forename) but when the employee’s name is modified, that change is not brought across to the cn field even though the surname, forename and displayname fields are updated correctlyon AD.
  We are on release 4.70.
  Anyway, if anyone could help I would be very grateful.
  Thanks
  David

  Hi
  The problem it is causing us is that the cn field is incorrect and does not mirror the change in sap HR, therefore the Active Directory entry for the employee is not totally accurate.
  When an employee changes their name in SAP HR - usually their surname, we would then want to update the employee’s active directory account to show this change and this includes the cn field also. At the moment the firstname, lastname fields do get updated with the change so we would want the cn field to show this as well otherwise the cn field would be incorrect and not match up with the employee's AD firstname & lastname fields.
  Dave

• Activity types cost Elements not reflecting in Cost Centre Report.

  Hello SAP Gurus,,
  1. Here we are facing one issue in Zreport. total is not matching, compare with KSB1.
  Values are more in Zreport, in other words activity type cost elements are not reflecting in Zreport, but it reflecting in KSB1.
  example: flow from PM module.
  Actually we had used logic based on the Cost Centres, in that cost centre by taking Object number and it passes to COEP table, then we are getting values as same as KSB1.
  As per investigation i found that the object number is differ from COEP table and CSKS table.
  Exapmple : 1410000 object number in CSKS table, 1410000EL in COEP table, thats why in Zreport these values are not reflecting.Finally our requirment is , Zreport values should same as KSB1 vlaues.
  2. We need same functionality as same as KSB1 for match code or drop down menu functionality for Cost Centre Group and Cost Element Group,  but while user wants select from match code or drop menu (F4), as of now i didnt given any logic to abap for match code functionality or drop down menu (F4),so in this case which logic or table i have to use.
  So please give me inputs or logic how to over come the above points.
  Regards,
  Raj.

  The OBJNR field structure is as follows :-
  AABBBBCCCCCCCCCCDDDDDD
  AA = object type eg. KS (cost center)
  BBBB = controlling area
  CCCCCCCCCC = cost center
  DDDDDD = activity type
  Based on the structure, you will be able to filter the relevant cost center/activity types. You can also use other fields eg. cost element, partner object, source object, value type, etc. to get your desired figures as per KSB1.

• Active Directory Provisioning : CheckForGroupAssigments not working

  Hi All,
  I am using SAP IDM 7.1 SP5 Patch 2. When i try to provision Active Directory with a small number of users, the standard framework works perfect.
  As soon as the list of users becomes long(more than 100), the task  CheckForGroupAssigments gives a false result even if there groups to add the user to. I am trying to investigate this and i do not know where this variable  "%AUDITID%" is defined.
  The check used is : SELECT count(userid) FROM mxpv_audit WHERE auditid = %AUDITID%
  I know what auditid is used for, but i do not know what value "%AUDITID%" holds and where it is defined.
  Any ideas are appreciated.
  Thanks

  Hi Thomas,
  I came across the same problem with that view. We simply changed the SQL command to use mxp_audit instead of mxpv_audit. I also opened a support case at SAP and they told me they will fix this in a future version of the provisioning framwork.
  Best regards
  Holger
  Edited by: Holger Flocken on Nov 30, 2010 4:02 PM

• Active Directory credentials will not update

  <p>When updateing the Active Directory credentials, no update occurs. BOXI R2 does not appear to talk to the Active Directory server and eventually times out.</p><p>the time out has been set to 1200 (Default 120) but still no response from teh active directory server.</p>

  There is a fairly detailed section in the Admin guide for setting up AD (p250). Â
  Make sure you have set up the IIS server as detailed in that section
  Thanks
  Kevin

• Active Directory Mobile Account not working

  Hello all. I've successfully joined a few macs to an Active Directory domain. However, I have a laptop that needs to be able to authenticate even when away from the network. The "Create Mobile Account" checkbox seems perfect for the job. From my reading, it seems that it is supposed to cache login authentication info from network login users. Then when the computer doesn't have a network connection, it uses the cached credentials. Upon 1st login it asks if I want to create a mobile account, and I say yes. However, it doesn't work accross a reboot.
  If I reboot the computer without an network connection, and then try to authenticate at the login screen with my network user, the password field "shakes" as if I got it wrong.
  However, I know it is sorta working because if I type >console into the user field, I get dumped to the console, where I can successfully login using the network user's credentials. Even without a network connection. But not from the gui login screen.
  Any ideas?
  Thanks!

  Abbas,
  You can find active directory synchronization option under PWA settings >> Operation Policies
  1.In Project Web App, click the Settings icon, and then click Project Web App Settings.
  2.On the Project Web App Server Settings page, in the Operational Policies section, click Active Directory Resource Pool Synchronization
  3. On this page, you need to enter the Active directory Group which contains the users you want to sync and then click on save and synchronize.
  You can check the status of the Enterprise Resource Pool synchronization by returning to the Active Directory Enterprise Resource Pool Synchronization page and reviewing the information in the
  Synchronization Status section. It contains information such as when the last successful synchronization occurred.  If last synchronization failed for any reason, it will also post a timestamp of when it occurred if you wanted to search
  for more information in the ULS logs.
  Let us know the results.
  You can find more information on AD sync at
  http://technet.microsoft.com/en-us/library/gg982985(v=office.15).aspx
  Thank you,
  Kiran K.

• Active Directory, created users not showing up in list of all users

  I created a user name "test".  However, when I look at a list of all users I only have the 4 users that were created on installation.  When I search for "test"
  it shows up.  Why isn't my user showing up in the list of users?
  I am looking in Active Directory Administrative Center:
   <my Domain> (local) -> Users
  Global Search
  Sorry I cannot provide pictures; I am waiting for my account to be activated.

  You need to look to your search criteria to understand what might be wrong.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Active Directory Replication, have not been performed for a long time

  Good afternoon, 
  Situation: in the organization with a lot of domain controllers, with one of the sites lost contact. From the period of 18.07.2014 - for the present time, the replication of the two domain controllers did not happen. Now, the connection is reestablished in
  magazines replication errors occurred. Replication is performed using DFS. 
  errors: 
  The journal replication DFS: 
  The DFS Replication service has detected an error in the connection to the partner for replication group Domain System Volume. 
  For more information: 
  Error 1825 (Error in the security package.) 
  Connection ID: F29C3738-AF90-4CE8-BFC0-48C1B36A5819 
  The ID of the replication group: 72D953C6-FD0A-4DA0-8D91-2C0B144E45A1 
  In the system log: 
  The Kerberos client received an error from the server KRB_AP_ERR_MODIFIED SERVERNAME $. Used the final name DNS \ SERVERNAME $. This means that the target server failed to decrypt the ticket provided by the client. This may be due to the fact that the SPN
  is the destination server (SPN) is registered on an account other than the account used by the ultimate service. Make sure that the final SPN is registered only on the account that is used by the server. This error may also be that the final service is using
  a different password for the account of finite life that is different from the password key distribution center Kerberos (KDC) for the account of finite life. Make sure that the service on the server and the KDC are updated to use the current password. If
  the server name is not fully defined, and the target domain is different from the client's domain, check for server accounts with the same name in these two domains, or use the full name to identify the server. 
  This error occurs when you try to access any network resource problem servers. 
  Storage of deleted AD objects installed by default 180 days. 
  Solutions found, can someone faced with similar circumstances. I would not want to lower the domain controllers on the problematic servers and deploy them again. After all objects created will be lost during this period, they are the whole domain is not much,
  but they are
  The result of repadmin / showrepl - this error, on all servers: 
     SITE \ SERVER via RPC 
           DSA - GUID of the object: 5f01bea8-b74b-4876-b475-be712a191431 
           Last attempt @ 15/10/2014 13:00:35 completed with an error, the result - 
  2146893022 (0x80090322): 
               Principal Name is incorrect. 
           7579 consecutive errors. 
           Last success @ 07/28/2014 14:15:41. 
          SITE \ SERVER via RPC 
           DSA - GUID of the object: 436c1016-4363-47b5-a34d-2e5b3e2b0038 
           Last attempt @ 15/10/2014 13:00:35 completed with an error, the result of 5 
    (0x5): 
               Access is denied. 
           7579 consecutive errors. 
           Last success @ 07/28/2014 14:15:42. 
          SITE \ SERVER via RPC 
           DSA - GUID of the object: b677e990-f7cb-4daf-8f87-16602bc119e0 
           Last attempt @ 15/10/2014 13:00:35 completed with an error, the result - 
  2146893022 (0x80090322): 
               Principal Name is incorrect. 
           7579 consecutive errors. 
           Last success @ 07/28/2014 14:15:43. 
          SITE \ SERVER via RPC 
           DSA - GUID of the object: 5afbb9b1-7558-4f97-b941-84e1845b48ce 
           Last attempt @ 15/10/2014 13:00:35 completed with an error, the result - 
  2146893022 (0x80090322): 
               Principal Name is incorrect. 
           7579 consecutive errors. 
           Last success @ 07/28/2014 14:15:43.
  netdom resetpwd / s: NameWorkDC / ud: domain \ administrator_domen / pd: password 
  Failed to reset the password for the local computer account. 
  Login failure: The target account name is incorrect. 
  Failed to execute the command. 
  If I execute the command, and as a server pointing, use the second server of the same site (which have not replicated on the same site). The command is executed successfully. 
  If I specify as the /server - IP address of work DC, operating a server running KDC - the command is executed successfully. 
  Generally, the problem with the controller, I can not get access to any of the listed on the main market, produces an error. You might not have permission to use this resource. 
  BUT if we turn on the IP, - let without the need to enter login and password.
  Please help, what Microsoft's recommendations in this regard. Thanks in advance.

  To get a better idea of the DCs' config, let's see an unedited ipconfig /all from the DCs, please.
  Is there are third party AV on the DCs?
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Active Directory Group Discovery not picking up Workstation OSs

  We don't use the default 'workstation' container in AD. We have a OU called:i.e. 'contoso workstations'. Within 'contoso workstations are other OUs by location: i.e.: 'Bangalore'; 'Harare'; 'Bangkok': and 'Djibouti'. AD Group discovery dumps everything
  into All Systems with no logical organization of locations. We need those location folders so we can throttle client deployment. How do I get Discovery to pick up OU 'locations' and populate those locations with workstations?  

  Are you talking about AD site? If so, that's collected by system discovery and heartbeat discovery.  Thus, if you aren't using System Discovery, you'll have to wait until heartbeat discovery reports in for the client. Based on this info you can create
  appropriate query based membership rules for collections that have you manually created. However, this is a bit of chicken and the egg if you want to use it for client agent installation since heartbeat discovery is only reported by client agents themselves.
  Thus, you should either enabled AD System Discovery or choose an alternate deployment method like a startup script.
  Jason | http://blog.configmgrftw.com

• Windows 2008 R2 Active Directory User can not change their password

  Our AD domain already having two domain controllers with windows 2008 (not R2),  last week we added one more domain controler with windows 2008 R2 for that we run domain prep and forestprep. After this domain no  users can change their password by pressing ALT+CTRL+Del--Change password. Administrators can still reset the password, and if administrator provide the option change password and at next logon, it works, users can reset the password. But after login they can not.
  The error telling the new password does not meet length,complexity, history requirements. We are sure their is no Group policy which setting password/account policy. And even we tried to attach a simple password policy domain level with out complexity.
  Please provide a feedback..waiting for your response.
  Thanks

  additional info: up to Server 2008 R2, Windows ONLY supports ONE Password policy PER Domain. (exept: the R2 supports more pw-policies, but not with gpo, it has to be congifured with ADSI-Editor)
  So, in case you still use the 2008 / R2 - you Need to know that ;))
  regard..
  Stephan Ertel - MCITP/MCSA -
  From Windows 2008(Non R2) and higher is supported for more than one password policy with fine granted password polcy.DFL should be 2008.
  HTH
  Biswajit Biswas
  My
  Blogs|MCC
  |
  TNWiki
  Ninja  
  Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

• Active Directory System Discovery not discover 'correctly'

  Hi,
  I am having a very strange problem with some devices in my environment.
  The operating system of these is discovered as 'Windows 7 Entreprise 6.1' which causes a lot of my queries to fail.
  Normal from my point of view would be 'Microsoft Windows NT Workstation 6.1' (which is correct at 90% of devices in the same OU)
  Where is the difference to others?
  I already deleted those devices fully from SCCM and I checked the AD for 'Operating System' attribute (which is the same for both types of devices.

  i checked my console and i see all the entries for operating system are start with ' Microsoft windows NT'.the value that you are referring in the screen is custom attribute called 'operatingSystem' and that value cannot be seen in the console .and it
  is not added to the discovery method by default. May be you can try deleting the computer object from SCCM and let the discovery happens again.
  Eswar Koneti | Configmgr Blog: www.eskonr.com | Linkedin: Eswar Koneti
  | Twitter: eskonr