AD Password Sync in a multiple domain controller environment

Do I have to install the AD Password Sync connector to all the domain controllers?

The reason you have to install on all domain controllers is because you never know which one a user will be authenticating to. When the user changes the password it could come from any of the domain controllers and they each need to have it installed so they can capture the change and send it onto oim.
-Kevin

Similar Messages

  • Domain controller environment do we required CAL's license ?

    Domain controller environment do we required CAL's license?
    Do I need any licensing to connect workstations to a domain?
     Where we have License for the AD Server (2008 /2012 )  and there License of  client os (windows 7/ windows 8 ) still we required the CAL's license DC ?
    I have a server running Windows Server 2012. I want to turn this into a domain controller. In order to connect my workstations to my server

    Hi,
    on this link:
    http://www.microsoft.com/licensing/about-licensing/windowsserver2012-r2.aspx#tab=4 we have the following:
    Client Access Licenses (CALs) are required for each user or device accessed. The Windows Server 2012 related CALs provide entitlement to access and use Windows 2012 R2 functionality.
    on th emultiplexing link:
    http://www.microsoft.com/licensing/about-licensing/briefs/multiplexing.aspx you can download th ePDF data who is mentioned that:
    "Multiplexing does not reduce the number of Microsoft licenses required. Users are required to have the appropriate licenses, regardless of their
    direct or indirect connection to the product. Any user or device that accesses the server, files, or data or content provided by the server that is made available through an automated process requires a CAL."
    thanks
    diramoh

  • [Forum FAQ] How to sync time with a Domain Controller for a standalone server

    As we all known, if a computer belongs to an Active Directory domain, it will sync the time automatically by using the Windows Time service that is available on Domain Controllers.
    While a standalone server will synchronize with its local hardware time and Windows time server. (Figure 1)
    Figure 1.
    Under some circumstances, a standalone server is necessary in a product environment. We can sync the time of this standalone server with the Domain Controller using
    the steps below:
    1. Modified the value of the AnnounceFlags:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
    Under this entry we can see the default value of AnnounceFlags is 10 (Decimal), we configure the value as 5 (Decimal). (Figure 2)
    Figure 2.
    2. Confirm the value of the registry key below is set to 0:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer 
    Figure 3.
    3. Configure the standalone server to synchronize with a specific time source (Domain Controller).
    In our test, we configured our Domain Controller (192.168.10.200) as the time source. Used the following commands:
    w32tm /config /syncfromflags:manual /manualpeerlist:192.168.10.200
    4. Sync the time with the Domain Controller using the command below:
    w32tm /config /update
    From the figure below (Figure 4), you can see the after we did all the steps above, the time on the standalone server was synced with the Domain Controller.
    Figure 4.
    (Note: Peerlist is a separated list of DNS servers, or IP Addresses for the time servers)
    More information:
    Windows Time Service Tools and Settings
    http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx#w2k3tr_times_tools_dyax
    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    Thank you for the instruction! I am sure it is one of the scenarios that majority of administrators will run into. So I suggest to write a wiki about it and publish it for this month's TechNet Guru in Windows Server section. This month's TechNet Guru can
    be found here:
    Calling All Wise Men! Windows
    Server Gurus Needed! Apply Within! No One Turned Away!
    Thanks for your informative post. :)
    Regards.
    Mahdi Tehrani   |  
      |  
    www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as
    and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.
    How to query members of 'Local Administrators' group in all computers?

  • AD password Sync connector .. LOAD Balanced

    we are using AD password sync 9.0.4.x connector with 4 domain controllers. OIM is on 9.1.0.2. Is it possible to configure AD password sync with load balanced Domain Controllers. User are binding to all domain controllers. Please let me know how to achieve this. I am not able to find any document on this. Thanks
    Akshay

    In password synch the event stream is as follows:
    User changes password on the user's machine
    The user's machine contacts a "suitable" AD domain controller and updates the user password
    The first AD domain controller contacts other AD DCs in order to replicate the change
    At some point the AD DC that contains the OIM password synch client module gets updated
    The AD password synch client module contacts OIM and updates the password in OIM
    Unless you change the OIM AD password synch client you can't have the connection go through a load balancer. According to the connector manual section 2.2 Installing the Password Synchronization Module(http://download.oracle.com/docs/cd/E11223_01/doc.904/e10450.pdf) you can do this at install time but I don't know if it can be done post installation.
    Best regards
    /Martin

  • Essentials 2012 R2 Exchange Integration with Multiple Domain Controllers

    Attempting to integrate Exchange Server 2012 with the Essentials wizard results in the error message: "This task must be performed on the domain controller." I've found several threads that speculate this is because there are multiple domain controllers
    in the domain. Is there a workaround or patch available to resolve this issue? Why wouldn't Microsoft want the redundancy of multiple DCs?
    Thanks.

    Hi HartmannTek,
    I agree with Robert.
    We can get the following information from the article:
    Services Integration Overview for Windows Server 2012 R2 Essentials - Part 1. Please refer to.
    Currently, the Services Integration features, including Windows Azure Active Directory integration, Office
    365 integration, Windows Intune integration, and on-premises Exchange integration, are only supported in a single domain controller environment. In addition, the integration wizard must be run on a domain controller.
    Hope this helps.
    Best regards,
    Justin Gu

  • Password Sync Error Message

    Hi, hope someone can help.
    have installed 32 bit passwordsysnc.dll on ad server 2003 R2 connecting to sun IDM 8.1.1 using the direct method.
    It seems to function correctly and password changes are being synced, but each change results in an event log error on the AD server as follows:
    "While processing account gguava, password sync was unable to connect to the servlet to post the synchronization message. Error: ."
    The trace log seems to indicate that the password change event is submitted successfully and then the error occurs. i.e:
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,48): Connecting to leghorn.cdu.edu.au on port 7777
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'JNDIProperties'=''
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'accountId'='configurator'
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'clientEndpoint'='SHOEBILL'
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'connectionFactory'=''
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'direct'='true'
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'email'='[email protected]'
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'emailEndUser'='false'
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'jmsPassword'='*******'
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'jmsUser'=''
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'password'='*******'
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'queueName'=''
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'resourceAccountGUID'='8241442873f21f419938428b3f3e9a23'
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'resourceAccountId'='CN=gguava(gerri guava),OU=AliceSprings,OU=People,DC=cdu-staff,DC=local'
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'resourcePassword'='*******'
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'resourcetype'='Windows Active Directory'
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,72): Adding request parameter: 'sessionType'=''
    11/29/2010 13.38.03.834000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,97): SendToServlet: opening direct connection
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,221): httpSendRequest succeeded
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,336): Info flag 19 returned 400
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,339): Error retrieving header information from servlet.
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,320): Failed to convert contentLength
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,277): servlet contact failed
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\pwsyncclient.cpp,285): Exit: PwSyncClient::SendToServlet
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\lhpwic.cpp,96): Enter: writeToEventLog
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\lhpwic.cpp,118): Exit: writeToEventLog
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\lhpwic.cpp,351): Enter: EmailNotification
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\lhpwic.cpp,354): Email is not enabled
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\lhpwic.cpp,596): Got initialization mutex
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\lhpwic.cpp,609): Released Mutex
    11/29/2010 13.38.08.475000 [3196] (e:\waveset\build\idm8110-36\src\wps\passwordsync\passwordsyncdll\lhpwic.cpp,230): Exit: SyncPassword
    I have 8.1.1 password sync working OK in a test environment, the main difference being the port is a more standard 80 (instead of 7777 in production)
    Has anyone encountered this? How do I fix it? is it important even?
    Thanks in advance.

    I had this exact error.
    For future reference:
    Double check the user password and status of the account by loging in the user interface with the account you are using.
    I did a password reset on the waveset service account used by the password sync. When I logged in the user interface with that account, it prompted me to enter a new password. Upon entering a new password and reflecting the change in the Password Sync, synchronisation resumed.

  • Unable to execute Test-Mailflow cmdlet. Could not find any available Domain Controller

    I started receiving this error in SCOM while testing Exchange 2007 Mail flow. Normally the tests work just fine, and when I execute"test-mailflow" on the offending server, it works just fine. The alert doesn't have enough details to find out what
    is wrong. Can anyone help out?
    Alert Description:
    Unable to execute Test-Mailflow cmdlet. Could not find any available Domain Controller
    Environment: SCOM 2012 R2 UR4
    MP: Exchange 2007 MP, latest update
    Monitor: Exchange 2007 Test Local Mail Flow Monitor
    Brody Kilpatrick

    Hi,
    After you execute"test-mailflow" on the offending server, please also look into event logs to check is there any errors or warnings. SCOM is a tool to collect information, from my point of view, this message is collected from Exchange server, so
    you may need to check event viewer.
    In addition, please also make sure your Exchange environment is under monitored. And have you followed the Exchange 2007 MP guide to configure the MP?
    Make sure the Client Access Server is under monitored, you may check the Application Event log on the Client Access Server, and make sure there are no errors or warnings indicating a problem with the Client Access Server.
    Regards,
    Yan Li
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Server 2012 Domain Controller / DNS Issue

    If you did ipconfig /registerdns, I'm assuming you did ipconfig /flushdns prior to that correct? Just want to make sure...
    Once you are sure you did both, go ahead and type in nslookup in the command prompt. What does it display as the current DNS server? Once you type that in, you can type in the IP address of your new DC and see what it resolves to. Please get back to us with those results when possible.

    We had a domain controller go down in a multi domain controller environment. We set a new one up and promoted it to the domain. Assigned it all the necessary roles and joined it to the domain. It has been 4 days since we did this and we cannot ping it by host name. We can ping it by IP address. I have forced replication, which allowed me to ping it by host name for a few hours, but then it stopped working. I have tried to change the DNS primary to a different DC, making the host a secondary DNS, that didn't fix it. I am looking for any suggestions on how to fix it. I have done a ipconfig /registerdns , restarted DNS services but still not able to ping host name of DC on a consistent basis.
    Any suggestions ?
    [email protected]
    This topic first appeared in the Spiceworks Community

  • Version number for GPO's not in sync with the version number for GPO's on the Baseline domain controller

    Hi
    I accidentally removed one of our domain controller's hyper-v image (DC-02) from the hyper-v manager and to bring it back online launched a new virtual machine using the same virtual hard drive. This brought back the domain controller machine and I set the
    original IP address to the same assuming that everything would just working fine.
    Sadly, that wasn't the case as when I tried to open the group policy manager on that machine I started getting "Access is denied" error. I was then presented with an option to open the group policy manager with the first available DC which I did
    and was able to open it with showing the same machine as the baseline domain controller under the status tab (DC-01 is actually the baseline DC). I then clicked Detect now and noticed it was showing 1 DC under replication in progress with problems in GPO version.
    I then did the same thing on the primary DC (DC-01) and even there it was showing this only (images attached).
    So I started exploring over the internet going through various articles but couldn't find a solution which I could apply without worrying about corrupting something somewhere. I also went to the SYSVOL folder on both the DC's to check the version number
    in GPT.ini files which are mentioned below:
    \\CC-DC01\sysvol\cloudchowk.lab\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}
    [General]
    Version=3
    \\CC-DC01\sysvol\cloudchowk.lab\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
    [General]
    Version=5439513
    \\cc-dc02\SYSVOL\cloudchowk.lab\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}
    [General]
    Version=3
    \\cc-dc02\SYSVOL\cloudchowk.lab\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
    [General]
    Version=5308439
    Could anyone please help me sort this out? I am no system admin and whatever knowledge I have of setting up DC, AD etc is from following one article or the other over the internet.
    Regards
    Sajat Jain

    Hi
    Apologies for responding late. I followed through all the points mentioned by Frank and even did a non-authoritative restore synchronization but still no luck.
    I am attaching the output from the dcdiag /q and the from the event viewer after doing to non-authoritative restore synchronization.
    DCDIAG /Q
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may cause
    Group Policy problems.
    ......................... CC-DC03 failed test DFSREvent
    Unable to connect to the NETLOGON share! (\\CC-DC03\netlogon)
    [CC-DC03] An net use or LsaPolicy operation failed with error 67,
    The network name cannot be found..
    ......................... CC-DC03 failed test NetLogons
    An error event occurred. EventID: 0x0000164A
    Time Generated: 01/18/2015 17:52:17
    Event String:
    The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\cloudchowk.lab\SCRIPTS. The following error occurred:
    An error event occurred. EventID: 0x0000164A
    Time Generated: 01/18/2015 17:54:12
    Event String:
    The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\cloudchowk.lab\SCRIPTS. The following error occurred:
    An error event occurred. EventID: 0x00000422
    Time Generated: 01/18/2015 17:54:41
    Event String:
    The processing of Group Policy failed. Windows attempted to read the file \\cloudchowk.lab\sysvol\cloudchowk.lab\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    An error event occurred. EventID: 0x00000422
    Time Generated: 01/18/2015 17:55:42
    Event String:
    The processing of Group Policy failed. Windows attempted to read the file \\cloudchowk.lab\sysvol\cloudchowk.lab\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    An error event occurred. EventID: 0x00000422
    Time Generated: 01/18/2015 17:59:41
    Event String:
    The processing of Group Policy failed. Windows attempted to read the file \\cloudchowk.lab\sysvol\cloudchowk.lab\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    An error event occurred. EventID: 0x00000422
    Time Generated: 01/18/2015 18:04:42
    Event String:
    The processing of Group Policy failed. Windows attempted to read the file \\cloudchowk.lab\sysvol\cloudchowk.lab\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    An error event occurred. EventID: 0x0000164A
    Time Generated: 01/18/2015 18:05:10
    Event String:
    The Netlogon service could not create server share C:\Windows\SYSVOL\sysvol\cloudchowk.lab\SCRIPTS. The following error occurred:
    An error event occurred. EventID: 0x00000422
    Time Generated: 01/18/2015 18:09:42
    Event String:
    The processing of Group Policy failed. Windows attempted to read the file \\cloudchowk.lab\sysvol\cloudchowk.lab\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    An error event occurred. EventID: 0x00000422
    Time Generated: 01/18/2015 18:14:42
    Event String:
    The processing of Group Policy failed. Windows attempted to read the file \\cloudchowk.lab\sysvol\cloudchowk.lab\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    An error event occurred. EventID: 0x00000422
    Time Generated: 01/18/2015 18:19:43
    Event String:
    The processing of Group Policy failed. Windows attempted to read the file \\cloudchowk.lab\sysvol\cloudchowk.lab\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    An error event occurred. EventID: 0x00000422
    Time Generated: 01/18/2015 18:24:43
    Event String:
    The processing of Group Policy failed. Windows attempted to read the file \\cloudchowk.lab\sysvol\cloudchowk.lab\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    ......................... CC-DC03 failed test SystemLog
    EVENT VIEWER LOGS
    The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner CC-DC01.cloudchowk.lab. If the server was in the process of being promoted to a domain controller, the domain controller will not advertize and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the synchronization partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.
    Additional Information:
    Replicated Folder Name: SYSVOL Share
    Replicated Folder ID: 4689406D-D6D8-49E0-8079-2B1D4AE61BC6
    Replication Group Name: Domain System Volume
    Replication Group ID: 6B162096-2EFA-4D4C-BF13-62CC5B112B97
    Member ID: 566943F9-D2FB-4304-823D-10DC972F831A
    Read-Only: 0
    Should I just start over again by removing DC03 and setting up another DC?
    Regards
    Sajat Jain

  • Server 2008 Domain Controller won't sync with domain for time

    Hi,
    I have a Windows Server 2008 Domain Controller, a physical machine. When I run w32tm /query /status it shows the source as: Local CMOS clock. What ever I seem to try I cannot get it to look at the PDC to sync for time. Using RsOP I can see the correct policy
    is in place, pointing to the correct server. I have checked the registry key and the correct server is in there under \HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Paramaters.
    I have tried various w32tm commands such as seeting the /manualpeerlist to the correct server, /syncfromflags:DOMHIER. I have also used w32tm /config /update, making sure to restart the w32time service.
    But whatever I do I cannot get it to sync from the network, it always shows Local CMOS clock. The time on the server is starting to drift now. When I use w32tm /resync /rediscover I get an error message:  "The computer did not resync because no time
    data was available". There is no firewall between the 2 servers blocking port 123.
    Any ideas why this is happening?
    Thanks

    see:
    http://jorgequestforknowledge.wordpress.com/2010/09/26/configuring-and-managing-the-windows-time-service-part-1/
    http://jorgequestforknowledge.wordpress.com/2010/09/26/configuring-and-managing-the-windows-time-service-part-2/
    http://jorgequestforknowledge.wordpress.com/2010/09/26/configuring-and-managing-the-windows-time-service-part-3/
    http://jorgequestforknowledge.wordpress.com/2010/09/26/configuring-and-managing-the-windows-time-service-part-4/
    <o:p></o:p>
    Cheers,<o:p></o:p>
    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER: http://jorgequestforknowledge.wordpress.com/disclaimer/
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL: http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL: http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------<o:p></o:p>
    "akira251" wrote in message news:[email protected]...
    Hi,
    I have a Windows Server 2008 Domain Controller, a physical machine. When I run w32tm /query /status it shows the source as: Local CMOS clock. What ever I seem to try I cannot get it to look at the PDC to sync for time. Using RsOP I can see the correct policy
    is in place, pointing to the correct server. I have checked the registry key and the correct server is in there under \HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Paramaters.
    I have tried various w32tm commands such as seeting the /manualpeerlist to the correct server, /syncfromflags:DOMHIER. I have also used w32tm /config /update, making sure to restart the w32time service.
    But whatever I do I cannot get it to sync from the network, it always shows Local CMOS clock. The time on the server is starting to drift now. When I use w32tm /resync /rediscover I get an error message:  "The computer did not resync because no time
    data was available". There is no firewall between the 2 servers blocking port 123.
    Any ideas why this is happening?
    Thanks
    Jorge de Almeida Pinto [MVP-DS] (http://jorgequestforknowledge.wordpress.com/)

  • How to reset Windows 2008 R2 Domain Controller "Administrator" password?

    Hello Everyone,
    I have lost Administrator password for the following system:
    Windows 2008 R2
    Domain Controller setup on same machine
    Stand alone server - no workstations or other servers invovled
    I still have the "Directory Service Restore Password" but I don't think that helps me for lost Administrator password. I beleive I need to boot from an .iso file to gain access. I already tried "Offline NT Password & Registery Editor" and it has set
    Administrator password to (blank) but that is not allowing me access as it seems that I have to login to domain controller Administrator. So, how can I reset that password?
    Thanks

    It wasn't difficult to reset the domain password and I think Microsoft's policy of not providing an easy forward way is to create an
    illusion of security which is not there. Linux systems that are much more secure that MSFT software allow easy password reset when physical access is there so why not include the same tools in System Repair tools or using F8?
    Anyhow, this guide helped me reset the password in 5 minutes. Read the bottom of it to find the scripted / automatic version of the process:
    http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
    Thanks,

  • OIM AD reverse password sync from one AD instance to multiple OIM instances

    Hi All,
    I have a followind scenario. My client is having multiple offices across the globe. They have OIM installed and configured in each location in each country to manage there local applications. Client also has a Global LDAP which is common across all the offices worldwide.
    My requirement is then i need to setup reverse password sync from Global LDAP to all the OIM sysem across the Globe. As per the reverse password sync connector i can only define one OIM system to sync the password.
    Can you please suggest me some way to achieve this functionality? Is it possible to install more than one password sync connector and configure them with different OIM systems?
    Thanks
    Yogesh

    I have one AD instance and n OIM instances. Can i install multiple AD-OIM passwordd sync components on the same AD machine and configure each component with various OIM's?

  • One Domain Controller, multiple Transport Landscapes - possible?

    I would like to have ONE domain controller - configured in Solution Manager - to manage TMS configuration for ECC, BI, etc.  I am looking at this domain controller to be the central point for CTS+ and ChaRM.   This means multiple Development systems and associated Quality Assurance systems. 
    DECC -->  QECC -->  PECC
    DBI  -->  QBI -->  PBI
    Is this even possible?   
    The issue seems to be the standard '/SAP/' transport group for the 'SAP target for Default Layer'.   Is there a way to set up the standard SAP transport group to be uniquely identified in the domain controller if there are multiple SAP components supported by one domain controller?
    Thanks in advance for the assistance ...

    Hi Peter,
    Thanks for the response.    My concern was the SAP default transport layer.   Another team member and I worked on this in more detail and I was able to successfully a specific SAP default transport layer for each of the Development systems and give each one a unique name.   I created the transport layers and transport groups and STMS accepted them, but we haven't actually used any of this yet so whether or not this is actually successful remains to be seen!    If
    Regards,
    Laura

  • Exchange 2003 migrate to Exchange 2010 - single forest multiple domain. Active Sync problem

    Hi All, 
    I have AD single forest and multiple domain. for example, the forest domain is jakarta.co.id, and the other domain is bali.co.id.
    Exchange 2003 deployed in jakarta.co.id, User mail enabled in domain jakarta.co.id and bali.co.id.
    Then, I upgrade to Exchange 2010 (deploy in jakarta.co.id) and move mailbox from Exchange 2003 to Exchange 2010.
    All users in bali.co.id are able to access email from Owa, BlackBerry (BIS), Outlook, but cannot access from Android, Windows Phone. (Active-Sync).
    I got error information generated from https://testconnectivity.microsoft.com, as following:
    Attempting the FolderSync command on the Exchange ActiveSync session.
    The test of the FolderSync command failed.
    Tell me more about this issue and how to resolve it
    Additional Details
    Exchange ActiveSync returned an HTTP 500 response (Internal Server Error).
    Active-Sync still not work even I check option "Include inheritable permissions from this object" in security tab.
    any idea to fix this issue?
    Thanks.
    Endrik
    Endrik | blog: itendrik.wordpress.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
    the thread.

    Hi Sathish, 
    We are planning to migrate Exchange 2003 to Exchange 2013, all user already in Exchange 2010 and Exchange 2003 was decommissioned
    Event Viewer log as following:
    Log Name:      Application
    Source:        MSExchange ActiveSync
    Date:          1/17/2014 10:00:48 PM
    Event ID:      1008
    Task Category: Requests
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      EXC2010.jakarta.co.id
    Description:
    An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case,
    Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization. 
    URL=/Microsoft-Server-ActiveSync/default.eas?Cmd=Sync&User=bali%5Csteveng&DeviceId=SAMSUNG123456789&DeviceType=SAMSUNGGTN7000
    --- Exception start ---
    Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
    Exception message: A null value was received for the NTSD security descriptor of container CN=ExchangeActiveSyncDevices,CN=Steven Gerrard,OU=IT,DC=bali,DC=co,DC=id.
    Exception level: 0
    HttpStatusCode: 500
    AirSyncStatusCode: 110
    XmlResponse: 
    This request does not contain a WBXML response.
    Exception stack trace:    at Microsoft.Exchange.AirSync.ADDeviceManager.SetActiveSyncDeviceContainerPermissions(ActiveSyncDevices container)
       at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDeviceContainer(Boolean retryIfFailed)
       at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime, Boolean retryIfFailed)
       at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime)
       at Microsoft.Exchange.AirSync.Command.UpdateADDevice(GlobalInfo globalInfo)
       at Microsoft.Exchange.AirSync.Command.CompleteDeviceAccessProcessing()
       at Microsoft.Exchange.AirSync.Command.WorkerThread()
    --- Exception end ---.
    I think KB817379 is not related because Exchange 2003 was decommissioned.
    Regards, 
    Endrik
    Endrik | blog: itendrik.wordpress.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
    the thread.

  • Domain Controller require ADC to sync before DC come online

    Hi,
    I have an urgent query that my domain controller I think might not working properly. The reason for this if I restart my DC and ADC and when try to open Active Directory console it gives error until the ADC comes online completely. I don't know why DC is
    doing such behavior that depend on ADC. The all FSMO roles are on DC and ADC is only DNS and GC.
    Kindly suggest what is the cause of this issue.
    Please help

    Hello,
    What is the error message says ? what is the error you see in event viewer ?
    Thanks
    Dishan M. Francis
    MVP – Directory Services
    Dishan M. Francis www.rebeladmin.com

Maybe you are looking for

  • Problems with Std BI Content Extractor.

    Hi Experts, We are using the std isu extractor 0FC_OP_01 to get the weekly and monthly dunning procedure and dunning levels for Business Partner's,When we use this extractor we are getting some BP's where the dunning has not been done at all,why it i

  • How can I format a movie file so it plays on FF3.6? my mp4 files are blocked due to a quicktime issue.

    Creating a landing page for a client with embedded video. She prefers not to embed a YouTube video on her site. Is there a way I can embed an mp4 file in her site so that it will play in firefox 3.6? Now it is trying to launch quicktime, which firefo

  • Want to reinstall maverick in my mac book pro

    i upgraded to maverick but i want to clean my mac so i want to reinstall it in a clean way and put my mac book pro like coming  from factory is it possible to do that from internet?

  • Apple's bluetooth?

    I JUST bought my iPhone the other day. So far, I'm in love. I'm thinking of buying a bluetooth headset for it soon (even though I think people who wear them 12 hours a day look like Robots), since I have a manual transmission. What is everybody's exp

  • IMac slow start up

    my iMac OS x 10.7.3..is 8 months old and now takes over 2 minutes to start up. ???imac slow start up