Activity on my DIRECTORY Server

Similar Messages

• Active Directory Server Problem

  Hi All,
  This mail Seeks to get help from people who have worked with Active Directory Server.
  The following is our Current scenario.
  We are in the process of establishing an SSL connection to Active Directory Server from java environment(a standalone class) in Windows 2000.
  1.Active Directory Server is installed in an independent Win 2k machine.
  2.SSL is enabled in the Active Directory Server Machine by installing the Enterprise Root Certificate.
  3.Microsoft High Encryption pack is installed in both the client and the Server(AD)
  4.The .cer file from the AD machine is imported in to the Client's keystore(cacerts) using the keytool utility.
  5.The AD m/c is part of a domain named "rsa" and client m/c is part of the domain named "cts"
  With the above setup,The following code tries to Establish an SSL context to the AD through JNDI.
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDER_URL,"ldap://blr03srv1.rsa.com:636");
  env.put(Context.SECURITY_PROTOCOL, "ssl");
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL,"CN=Administrator,CN=Users,DC=rsa,DC=com");
  env.put(Context.SECURITY_CREDENTIALS,"password");
  try{
       DirContext ctx = new InitialDirContext(env);
       ctx.close();
  }catch (Exception e){
       e.printStackTrace();
  When we try to run this Client we are facing a SSLHandShakeException with a message saying "No trusted certificate found".
  As far as we know the .cer file is successfully imported in to the cacerts which is used by the J2SE as the default keystore.
  Hence we ran out of ideas,as we think that there could be some other issue which is causing this problem.
  We are looking forward to get inputs from AD enlightened people to Solve this issue
  Thanks in Advance,
  Manivannan.A

  I had problem the same and still I did not obtain to decide it, if for perhaps obtaining he passes me the solution.
  thank's
  Fernando Queiroz Fonseca
  Graduando em Engenharia El�trica
  Universidade Federal de Uberl�ndia
  http://www.fernandoqueiroz.com.br
  email : [email protected]

• Active Directory server is not available

  i have just setup and started testing a new exchange 2007 on my network. we did not have a exchange before, so this is a new install.
  my domain, xxx.com is a windows 2000 native AD. the exchange 2007 is a win 2003 sp1 x64, it is also a DC and has all roles assigned to it
  in my network i have
  dc01 win2000 sp4  dc (gc)
  dc02 win2000 sp4 dc (gc)
  exch01 win 2003 sp1 dc, rid, pdc, fmso, gc, infrastucture and naming
  the install went well, and i have been testing it for the past 2 weeks this dummy accounts. test smtp connectors, etc. all was working fine. to the point that i have started planing the migration of the users
   today i did some mods to IIS for a owa free SSL from startcom (as well as the root CAs). i have remove it since.
  i now get the following errors when i start the console, or shell. :
  Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
  It was running command 'get-ExchangeAdministrator'.
  The following error(s) were reported while loading topology information:
  get-ExchangeServer
  Failed
  Error:
  Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
  A local error occurred.
  get-UMServer
  Failed
  Error:
  Active Directory server exch01.xxx.com is not available. Error message: A local error occurred.
  A local error occurred.
  HELP.. i have no idea what it does not like.
   exbpa does not report anything, i even get it to connect to the exch01 for it AD access.
  Any ideas??
  Thanks
  Paul Gartner
  (over all i like what i have been seeing in ex2007) 

  i think that you might be confusing "AD user account" and "profile". you DO NOT delete administrator from your AD Users and Computers. you only delete the Profile (\documents and settings\administrator folder). you can NOT do this while you are logged on using the administrator account.
  be sure to backup any data in your my documents and any favorites
  create another user that is in the domain admin group of your active directory, log on with that account and verify that the exchange tools works. then follow this to remove the profile.
  >1). Logon the Exchange server by using another admin account.
  >2). Open Control Panel, select System.
  >3). Select Advanced tab and click the Settings button of User Profile.
  >4). Delete the Profile of user which encounters this issue.
  >5). Click OK.
  >6). Restart the server and logon it by using Administrator account.
  > 
  once this is done, logon with your administrator account and try the tools again, they should work.tn
  Paul Gartner

• Is it a safe to install DFS namespace service to an Active Directory Server?

  Hi All,
  Is it safe and/or best practice to install a DFS namespace server to a server that runs an Active directory services?
  I have read a blog in which, as much as possible, active directory server should only run the directory services and no other installed services. But we're running out of a physical server and our virtual environments were already full so I'm hoping that
  DFS namespace server could be installed to the AD server.
  Also, if its possible , what could be the possible conflicts/problems/errors that we might encounter in the near future of running this 2 services into a single server?
  Appreciate any suggestions and feedbacks.

  Hi,
  >>Is it safe and/or best practice to install a DFS namespace server to a server that runs an Active directory services?
  Yes, we can host DFS namespace on domain controllers. However, as the following article states:
  When deciding whether to host a DFS namespace on a domain controller, consider the following factors:
  Only members of the Domain Admins group can manage a DFS namespace hosted on a domain controller.
  If you plan to use a domain controller to host a DFS namespace, the server hardware must be sized to handle the additional load. As described in the previous question, root servers that host large or multiple namespaces require additional memory.
  Distributed File System: Namespace Server Questions
  http://technet.microsoft.com/en-us/library/hh341468(v=ws.10).aspx
  Best regards,
  Frank Shen

• Integration of MS Active Directory Server & SUN ONE DS 4.1

  I am planning to setup an integration bridge between MS Active Directory and iPlant Directory Server. User sign on information needs to be synched up between the two directories - is there any way to do this ?
  Thanks

  WPSYNC can solve your purpose. but it is still in beta phase.
  Deepak

• User base Synchronization between SAP and MS Active Directory Server

  Dear all!
  I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
  i successfully implemented the synchronization of user data between SAP and the ADS.
  My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
  Currently I don't have a clue how to do this.
  Regards,
  Christoph

  Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
  The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
  Regards,
  Marc g

• Active Directory - Server 2008 R2 and 2012 R2 (Server Formatting or not productive

  Hello guys, I come here to try to clarify a great doubts regarding Server Operating Systems, I will attempt to detail the most of my scenario.
  Suppose I have a Server 2008 R2 in production, and this is my Active Directory server (meudominio.local) and am managing through Group Policy settings my workstations that are around 60-70 computers, guys my doubts the thing is, if I need some time to format
  and perform a fresh installation of my server as it will be my Active Directory? Of course I will have lost my domain controller and I have to accomplish the placement of each workstation again that enters my domain one by one.
  I know there is the option of AD replication, so we call the Active Directory, even for another version of the Operating System, prátia already realized this, but it most often comes not functioning properly, done without replication problems Server 2003 to
  2008 R2.
  Guys like to know a solution to not having to put my plants in my domain network again one by one, is there any way to backup so that when I reinstalled the system and the AD again in my server stations return to "see" again that server as your domain
  controller, even me installing AD with the same domain name before this formatting stations do not respond to this driver in this case do the Network ID or add the station to the area again, so she creates a new user profile for example (Max.meudominio) while
  your old profile "guy" still remains on the machine, I adopted the practice of editing the record of this newly created profile and pointing him well for the old user folder which contains all data and settings, eg edit my key "ProfileImagePath"
  regedit logged in with the newly created profile (Max.meudominio) ->
  (switch "ProfileImagePath" C:\Users\Max.meudominio) thus pointing to the folder before replacing in the field again this season after formatted server, thus ->
  (Switch "ProfileImagePath" C:\Users\Max), detail that we give permission for all such user "C:\Users\Max" folder, after that restart the computer and he comes back with the user profile and all your settings.
  I wonder if there is another method to perform this procedure, do not know even a backup AD to not have to replace all the seasons again "meudominio.local".
  Thank you for your attention!
  Translation with Google translator! Sorry.
  Matias Duarte Coordenador de Suporte Dual Solucoes® | Soluções em tecnologia da informação

  As the practice of replication I know her mostly said she has some flaws when I do the replication of my domain to another server but it works correctly, so having a server "master" and the other ServidorBKP as "slave", in redundancy,
  the problem is when I say, and put the "ServidorBKP" being my primary domain controller and disabling my main controller, to disable or turn off my main controller the stations themselves are unable to login because it does not communicate with the
  my ServidorBKP "slave" even I put it as the main driver of course.
  Regarding the System State as far as I know this option existed in Server 2003.
  I also got some information, confer on the links below.
  http://msdn.microsoft.com/en-us/library/bb727048.aspx
  http://technet.microsoft.com/pt-br/library/cc758435(v=ws.10).aspx
  http://technet.microsoft.com/en-us/library/cc961934.aspx
  I'm still researching other ways, getting communicate any news to everyone. (Google Translate)
  Matias Duarte Coordenador de T.I. Dual Solucoes® | Soluções em tecnologia da informação http://www.matiasduarte.com.br

• Sun java directory server and Active Directory

  We are using two different directory servers Sun java directory server and active directory.
  My question is how we can have password synchronization between these two directory servers.
  I have checked Sun Java[TM] System Identity Synchronization for Windows 1 2004Q3
  http://www.sun.com/download/products.xml?id=41537425
  It seems that it's supported platforms is only for solaris and windows , but I have installed my Sun java directory server on linux and obviously it doesn't work for me.
  I would be grateful if anyone can suggest a solution to work around this situation.
  I have checked identity manager , I would like to know that if I can do this using this product.
  http://www.sun.com/software/products/identity_mgr/specs.jsp
  --regards.
  Sara

  Yes RHEL 4 is a supported OS with DSEE 6.0.
  Identity Synchronization for Windows is a part of DSEE that allows synchronization of users, passwords and groups between Sun Directory Server and Active Directory bi-directionally without altering the users environments, ie it does not require that users change their current habits.
  Identity Manager is a complete identity management solution that is targetting enterprise work flow when it comes to user provisioning and de-provisioning, but also allows to build authentication and password change forms that will provision the passwords to many different systems including Sun Directory Server and Active Directory but also IBM mainframes, legacy applications, databases...
  If you are implementing a complete identity management solution, then go with Identity Manager. If you need a lightweight and fast solution for just synchronizing users and passwords between Sun DS and MS AD, Identity Synchronization for Windows should be your choice.
  Regards,
  Ludovic.

• Active Directory 2003 and Sun One Directory Server 5.2

  I just installed Sun One Directory Server 5.2 on a Linux machine. I want to configure LDAP on that machine so that it can be authenticated on Active Directory 2003. How do I go about doing this?

  Active Directory server is a "directory server" (and kerberos server.) If your linux client authenticates against Active Directory it doesn't have to involve the Sun Directory Server at all. You have several general approaches you could investigate:
  1. Linux client gets accounts and and authentication via LDAP from Active Directory
  If you use AD to handle unix LDAP authentication (opt 1) you may need to extend schema in AD to add the unix password field. I haven't tried it yet, but hope to.
  2. Linux client gets accounts from AD LDAP and authorization from AD Kerberos.
  There should be docs on support.microsoft.com on enabling kerberos support for non-Win clients.
  3. Linux client (with samba client installed, with winbind or pam_smb to support unix level services) gets accounts and authentication as a "Windows" client from Active directory "Windows server"
  Check the samba.org docn or forums- I think this is a pretty common solution.
  4. Linux client gets account information from Sun Directory server but uses kerberos (against active directory) for authentication.
  There should be docs on support.microsoft.com on enabling kerberos support for non-Win clients.
  5 Linux client gets account and authorization from Sun Directory server, which the sun Directory server configured to use Active Directory as a Kerberos server.
  Probably incredibly complex.

• Replica Active Directory server in windows server 2008 R2

  I installed and configured a secondary active directory server in 2008 R2 for fault tolerance as well as backup active directory server
  what i wanted to know is if  my primary AD goes down??? what changes i need to do my users pc since they are  using primary DNS of of primary AD IP.. i am confused i want to know what need to be done if AD goes Down

  > shall i update my DHCP configuration to assign primary DNS as
  > 192.168.1.225 and secondary DNS as 192.168.3.245 and other DNS as
  > 8.8.8.8 etc.
  Yes. and you shall NOT deploy 8.8.8.8 as a DNS server to your clients,
  but you shall configure this as a forwarder on your DNS servers.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Can you use *Active Directory* in *Linux* as a directory server?

  This is a simple question that I just couldn't find a straight answer to on Google, Oracle forums, Metalink, etc. ... when I use the Net Configuration Assistant on my Linux server, the only option that exists for Directory Usage Configuration -> Directory Type is Oracle Internet Directory. In Windows, however, OID and Active Directory appear as the available options. I can't find an obvious answer to whether AD will work in Linux as a directory option. Does it? If not, is there an add-on or option that I'm missing? Our company only uses Linux hosts for Oracle purposes, and only has Active Directory for directory usage.
  I was also thinking of tweaking ldap.ora and sqlnet.ora to utilize our Active Directory server(s), but I wasn't sure how to manually configure those. Is there a paper out there for more information on such a thing?
  My intention is to synchronize our users in Oracle with AD, so there will be no password and maintenance discrepancies. All of our other applications (Windows, websites, GUIs, etc.) authenticate against AD, and I wanted to tie Oracle in to wrap up user maintenance up in a nice, neat package.
  Thanks ahead of time.

  Any thoughts on this? I'm kind of bumping it back to the top, because I still can't find any definitive evidence regarding this anywhere on the 'net. Am I phrasing something in a hazy manner? Is there something I can clarify?
  Thanks.

• Ldapclient against Apple Open Directory Server

  Hallo,
  I am trying to integrate a Solaris client into an Apple MacOSX 10.5 directory server.
  Unfortunately, an integration process seems to be documented by Sun only for Microsoft Active Directory.
  Currently, I have generated a keytab file and copied the krb5.conf file on the Solaris box from the MacOS server.
  Then, I ran "ldapclient":
  [root@zion /root]# ldapclient manual -v -a credentialLevel=self -a authenticationMethod=sasl/gssapi -a domainName=loopback.org -a serviceSearchDescriptor=passwd:cn=users,dc=loopback,dc=org -a serviceSearchDescriptor=group:cn=groups,dc=loopback,dc=org -a defaultSearchBase=dc=loopback,dc=org -a searchTimeLimit=60 borg.loopback.org
  And get the following errorchain:
  Starting network services
  start: /usr/bin/domainname loopback.org... success
  start: hosts: dns is not defined in /etc/nsswitch.ldap
  start: sleep 100000 microseconds
  start: system/filesystem/autofs:default... success
  start: sleep 100000 microseconds
  start: system/name-service-cache:default... success
  start: sleep 100000 microseconds
  start: network/smtp:sendmail... success
  restart: sleep 100000 microseconds
  restart: milestone/name-services:default... success
  Error resetting system.
  Recovering old system settings.
  Does anyone have a clue or a working receipe ?
  Thanks,
  -Jan

  This works:
  # ldapclient manual -a credentialLevel=self -a authenticationMethod=sasl/gssapi -a domainName=loopback.org -a serviceSearchDescriptor=passwd:cn=users,dc=loopback,dc=org -a serviceSearchDescriptor=group:cn=groups,dc=loopback,dc=org -a defaultSearchBase=dc=loopback,dc=org -a searchTimeLimit=60 ldap.loopback.org
  And I had to include "dns" in /etc/nsswitch.ldap".
  Regards,
  -Jan

• Configuring a Directory Server for Digital IDs and Certificates

  My company is moving toward using electronic signatures for internal documents. All of the users are on XP machines and have Acrobat Professional 8.0 installed. So far, I've been manually adding trusted IDs for each person who will be receiving signed documents that need to be validated. I'd like to make this a little easier by storing everyone's certificates on a server (Windows 2003) so that people can just go out there and add them all as one .fdf file. What I'm wondering is, what is the difference between doing it this way versus going through Acrobat and configuring a directory server? Will it work either way?
  Thanks!
  Anita

  Hi,
  Sorry for the late reply, regarding the error message: The DHCP services could not Contact Active Directory,
  please check the below KB article to see if it could help here:
  You are unable to authorize DHCP Server in Active Directory
  http://support.microsoft.com/kb/303317/en-us
  Reference for error ID 1059, and
  error ID 10020.
  For The specified server are already present in the directory services,
  please take a look into the below Blog:
  Active Directory DHCP authorisation issues
  The method mentioned in the blog above is trying to move the old information that stored in AD, and then take an action of re-authorisation of the DHCP server.
  Hope this may help
  Best regards
  Michael
  If you have any feedback on our support, please click
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Open directory server crashing every 30 days / clients unable to connect to calendar, contacts server

  Hello everyone,
  I am running an up to date Mavericks Server which serves exclusively as a calendar and contacts server for about two dozens devices. The server is reachable via DynDNS, however, the public IP hardly ever changes (only once or twice a year maybe). Tried setting the OS X DNS Server to serve "all clients" and "some clients".
  For about 6 months (i.e. also under Mountain Lion), I am having a very strange problem. Roughly every 20-30 days, clients will not be able to connect to the server, instead getting a "wrong password" dialog. Restarting the open directory server will help for the next 30 days.
  I have tried repairing the database as detailed here, however, the issue persists.
  Any help would be highly appreciated!
  I would have tried setting up a clean server installation, migrating calendars/contacts manually and re-adding all users by hand, however, I am not aware of an easy way to do so. The terminal command for calendar backup is broken under mavericks (might work with this workaround) and re-adding users manually would apparently involve correcting user UUIDs afterwards in order to match the migrated calendar data. Do you know of a better approach?
  Thanks a lot!
  DPSG-Scout

  Hi Linc,
  This looks the most relevant to me:
  opendirectory.log
  2014-03-11 11:13:09.460675 CET - 333.2628758.2628759 - Client: Python, UID: 93, EUID: 93, GID: 93, EGID: 93
  2014-03-11 11:13:09.460675 CET - 333.2628758.2628759, Node: /Local/Default, Module: PlistFile - predicates with 'AND' are not supported
  2014-03-11 12:09:00.296514 CET - State information (some requests have been active for extended period):
            Sessions: {
                28 -- opendirectoryd:
                            Session ID: 7BFBA6FE-A968-4399-A129-E3A5945E2A81
                            Refs: singleton
                            Type: Default
                            Target: localhost
            Nodes: {
                43 -- authd:
                            Node ID: 6D0E236D-6DBD-4E8C-BC01-B3F50C2C2D8E
                            Nodename: /LDAPv3/127.0.0.1
                            Session ID: <Default>
                            Refs: 1
                            Internal Use: X
  an many more similar ones…
  Thanks for your effort!

• System Landscape Directory server not started

  Hi,
  We are running Solution Manager 4.0 SP13.
  When I log ito the NWA get the message : System Landscape Directory server not started
  We are trying to configure CEN but only the Local System can be administered.
  If I goto the Central SLD and login - Administration - Server Started.
  If I look at the ABAP - Transaction  SLDAPICUST - save configuration - all ok
  I goto the Jco Connectors and ensure all Jco Connections are configured: SAPSLDAPI_SID
  ABAP RFCs; All configured
  ABAP - Transaction - sldcheck .. it returns with success.
  I login to the ABAP stack - smgw - logged in clients and all Jco Connections are available
  I go into the J2ee Admin - navigate to the SLD Data supplier - all tests return success.
  The SLD CIM is version 1.5.20
  The application com.sap.engine.class.download is started ( Note 1017526 )
  However when I login to with the J2ee_admin tool the following  is missing from the CIM Client:
  sap.com/tclmwebadminmainframewd/webdynpro/public/lib/app.jar
  sap.com/tclmwebadminsldwd/webdynpro/public/lib/app.jar
  Please help.

  Hi Anand,
  I verified the SLD Post Processing doc in case I missed something. The doc I used:
  https://websmp106.sap-ag.de/~sapidb/011000358700003772372006E
  I went through every point in the doc and verified that it was completed .
  If I open Monitoring Setup Guide for SAP NetWeaver 7.0 SP Stack 12 ( Can't find 13 ) I go to page 68 :
  6.5.2. Configuring the Connection Between CEN and the SLD ... I have followed all the steps without any error.:
  I followed it Step-by-Step.... however the following CIM Client Genearations do not exist:
  sap.com/tclmwebadminmainframewd/webdynpro/public/lib/app.jar
  sap.com/tclmwebadminsldwd/webdynpro/public/lib/app.jar
  What is available and Activated :
  sap.com/tclmwebadminmainframewd/webdynpro/public/lib/sap.comtclmwebadminmainframe~wd.jar
  sap.com/tclmwebadminsldwd/webdynpro/public/lib/sap.comtclmwebadminsld~wd.jar
  I alos Decided for the purpose of Troubleshooting to Activate All:
  sap.com/tclmwebadmin~mainframe.......
  sap.com/tclmwebadmin~sld..........
  When I go into NWA .. its still says SLD Not started.
  If I go inot the J2ee Admin Tool - SLD Data Supplier - Trigger Data Transfer OK
  I goto the SLD - Administration . SLD Started
  I Can see all the Techinical systems - ABAP and Java.
  All business Systems are there
  SLDCHECK works fine .. no errors !
  But I can't change the status of the NWA System Landscape Selectipon From Local to Central.
  Warning / Error :
  System Landscape Directory server not started
  and
  Only local system can be administered
  I maybe missing something but I can't see what it is....
  Further Help required !