AD Site with no Domain Controller

Similar Messages

• Setting up remote sites with a domain controller at each

  Hello, I am setting up offices at 2 locations for the first time and I was wondering where I should go to get the best step by step information. My goal is to have a Windows 2012 (standard) server at each location acting as primary and secondary DC. User
  log in at each location would act as one and file sharing would be seamless. Since this is my first venture, it goes without saying that I have a lot of questions... To name a few; as I will be using DHCP, are the private IP's at each location the same or
  different? Would it be faster and more efficient to keep user-A files at their home location or put all the data to be accessed on one server? The questions could go on but this is not the place for it. I have done extensive searching on the topic but either
  I get bits and pieces or the sites assumes that you already know a step so much is overlooked in assumptions. Help

  Hi,
  For the 2 questions:
  1. Generally we will setup 2 sites for different locations so that computers know which site they are located.
  2. Local file server is much more efficient - users will always access a local server - access a remote server will be very slow unless you have high network connectivity.
  In order to get users accessing local file server, site-cost need to be set (so we need to use different sites for different locations).
  FYI, here is an article for AD design. As you said it may lead more questions so just feel free to discuss with us.
  If you are going to discuss a different topic, it is recommended to post a new thread for avoiding confusion.
  Best Practice Active Directory Design for Managing Windows Networks
  https://msdn.microsoft.com/en-us/library/bb727085.aspx
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

  Dear All,
  We are having an infrastructure setup of around 500 client computers managed through group policy.
  Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
  Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
  It would be great if you can assist me with the following query.
  How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
  Can we disable Network Tab on the left hand pane ?
  explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

  >   * explorer.exe is blocked already, but users are able to enter the
  >     Windows Explorer by clicking on the name which is visible on the
  >     Start Menu.
  You cannot block explorer.exe when you do not replace the shell - the
  desktop you see effectively IS explorer.exe...
  Your requirement sounds like you need a custom shell:
  http://gpsearch.azurewebsites.net/#2812
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• [Forum FAQ] How to sync time with a Domain Controller for a standalone server

  As we all known, if a computer belongs to an Active Directory domain, it will sync the time automatically by using the Windows Time service that is available on Domain Controllers.
  While a standalone server will synchronize with its local hardware time and Windows time server. (Figure 1)
  Figure 1.
  Under some circumstances, a standalone server is necessary in a product environment. We can sync the time of this standalone server with the Domain Controller using
  the steps below:
  1. Modified the value of the AnnounceFlags:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
  Under this entry we can see the default value of AnnounceFlags is 10 (Decimal), we configure the value as 5 (Decimal). (Figure 2)
  Figure 2.
  2. Confirm the value of the registry key below is set to 0:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer 
  Figure 3.
  3. Configure the standalone server to synchronize with a specific time source (Domain Controller).
  In our test, we configured our Domain Controller (192.168.10.200) as the time source. Used the following commands:
  w32tm /config /syncfromflags:manual /manualpeerlist:192.168.10.200
  4. Sync the time with the Domain Controller using the command below:
  w32tm /config /update
  From the figure below (Figure 4), you can see the after we did all the steps above, the time on the standalone server was synced with the Domain Controller.
  Figure 4.
  (Note: Peerlist is a separated list of DNS servers, or IP Addresses for the time servers)
  More information:
  Windows Time Service Tools and Settings
  http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx#w2k3tr_times_tools_dyax
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  Thank you for the instruction! I am sure it is one of the scenarios that majority of administrators will run into. So I suggest to write a wiki about it and publish it for this month's TechNet Guru in Windows Server section. This month's TechNet Guru can
  be found here:
  Calling All Wise Men! Windows
  Server Gurus Needed! Apply Within! No One Turned Away!
  Thanks for your informative post. :)
  Regards.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Multiple Web Sites with Personal Domain Names - Overview

  I have read through the last 10 pages of these discussions and have almost worked this out, but I need some help.
  Problem:
  I want to publish and edit two separate web sites with their own, individual, personal web addresses
  from the same user account on the same Mac using iWeb '08 (2.0.2) and my .Mac account
  _So far:_
  I have purchased and registered the two domain names (with Cheap-DomainRegistration.com)
  I have configured the CNAME to point to web.mac.com, and "Set up a Personal Domain" in iWeb successfully, but using a separate Mac for each web site.
  The two sites work great.
  _What (I think) I need to know:_
  (excuse me for copying these posts out, but I can't find a way to link them to this post)
  1) Should I be using iWebSites as suggested by Old Toad (posted Jan 24 in response to StAnNe's "Multiple Websites--HELP!!!")?
  I use iWebSites to manage multiple sites.. It lets me create multiple sites and multiple domain files.
  2) Should I be using Mireille's approach (also posted Jan 24 in response to StAnNe's "Multiple Websites--HELP!!!")?
  Yes you are correct in the thought that with a family pack you can use different accounts and that is the easiest way to upload with one click to .mac. But it is still possible to publish differents sites to one .mac account if that is all one has. Even if the sites are in one domain file each purchased mysite.com domain name purchased can be pointed to a different page in the site
  Look at it this way
  Original Poster has
  site1 page 1 page 2 and so on
  then he/she has brothersite page 1 and so on.
  They each have a domain name purchase wherever
  then site1domain.com is forwarded to site 1 page1
  and brotherdomain.com is forwarded to brothersite page 1.
  Even though both sites are in the same file they do not have anything to do with each other.
  This is one possibility there are others but for a novice user this could be the way to go for simplicity.
  (Mireille, if you're there, can you clarify what you said - thank you)
  3) Would I use Roddy's fix (posted Jan 23 in response to canadensis' "Publishing Multiple Websites?")?
  Here's an example of how you can separate two websites that are on the same domain file.
  Quit iWeb
  Create a new folder on your desktop and call it "iWeb Sites".
  Inside this folder create two more - Website A, Website B.
  Go to Home Folder/Library/Application Support/iWeb and copy your domain file - command C
  Paste this into folders A and B - command V - and also paste a copy of it somewhere else - like in Docs - in case you make a mistake!
  Double click the domain file in the folder Website A - this will launch iWeb.
  In the left column, delete site B, save and quit iWeb.
  Double click the domain file in the folder Website B to launch iWeb.
  Delete website A, save and quit.
  Drop the iWeb sites folder into your Home Folder.
  If you want quick access to this folder you can highlight it and do command L to create an alias to leave on the desktop.
  From now on, to launch any site in iWeb you open its folder in the iWebsites folder and double click the domain file.
  This is not necessary when you are working on only one site as iWeb saves the domain file of the last site you were working on to Home Folder/Library/Application Support/iWeb. When you open the iWeb application, the last site you worked on will be launched.
  Summary:
  I'm not sure if some of the answers in previous discussions allow for personal domain names, which is what I need.
  I would be very grateful for any suggestions as I'm getting bogged down.
  Many Thanks,
  Jeff

  When you said, "you don't need to do CNAME for both sites…", would this method still allow me to use personal web addresses for both sites?
  Yes. With "Ordinary Forwarding" you normally just type your .Mac url (web.mac.com/username/sitename) into a form at the place where you have your name.
  I thought I was using 'web.mac.com' as the 'www' CNAME (alias) for my personal domain name (web address), so that when someone typed in my personal domain name they would 'go' to the domain registration location, which would then pass it on to the .Mac server, where my web site is hosted.
  That's exactly right. It's just not the only way to do that. Ordinary Forwarding is another way, but it differs in terms of what appears in the address bar of the browser. Either you will see web.mac.com/username/.... or, if you add "masking", you will see your personal name for all pages. The CNAME method results in a address bar that reads www.myname.com/sitename/pagename.html.
  Am I way off?
  All help gratefully received,
  Jeff

• How to publish custom web site with own domain name?

  Hey out there. I wonder if anyone can give me any tips on how to publish a web site with my own domain name.
  I have a web site I'm building and I want to purchase a domain name and then publish the site using that domain name.
  I know how to buy a domain name. I have a .mac account so I'm hoping that .mac can host the site. What I don't quite understand how to do is get .mac to host the site using that domain name. I looked through Apple Support but couldn't find what I was looking for. Just wondering if anyone has been in this situation. Thanks in advance.
  Dave
  [email protected]

  Dave ~ Welcome to the discussions. .Mac was re-branded as MobileMe last July. If you're not building your site with iWeb, it's considered to be a "custom" website. These Apple docs may help:
  MobileMe: How to publish a custom website
  iWeb ’08: Using your own domain name
  ...Use this search page to find such documents:
  http://support.apple.com/kb/index?page=search
  Note that you don't need to have iLife '08 to be able to direct your domain name to your custom website published to MobileMe. As someone wrote on another thread:
  "My personal domain is linked to my MM but i don't even have ilife on my mac. When you go to the options in MM to link your personal domain to your MM it provides directions that will guide you with setting up your godaddy settings."
  ...Where "MM" is MobileMe here:
  http://me.com/account
  ...+Personal Domain+ tab, and "godaddy" is wherever your domain name is registered.

• How to move iWeb site with missing Domain.sites file

  I've been asked to host a friend's iWeb site now that MobileMe is no longer an option.  The problem is that the MacBook it was created with is long gone and the only original files remaining are the image files for the site. No Domain.sites file.  They are also not sure which version of iWeb was used, if that even matters.  Initially I was thinking we could just access the existing site using ftp and go from there - upload the site to my hosting account and use Dreamweaver to maintain it, but everything I've read seems to point to 'Not gonna happen that way'.
  Is there a way to transfer an existing iWeb site hosted on MobileMe to a new hosting account and be able to work on it with another editor, all the while not having the original Domain.sites(2) file?
  Thanks much,
  Mark

  Quite a few people are moving to other drag and drop style editors like Sandvox and RapidWeaver although they aren't really any better - just more expensive.
  I advise people not to use iWeb for new sites and just to keep it going to update existing ones until they are defunct or rebuilt some other way.
  I quit using iWeb about a year ago due to the fact that it, and similar apps, can't create responsive designs for mobile devices although I did figure out a stop gap design for iPhones...
  http://www.iwebformusicians.com/iWeb/Mobile-iWeb.html

• Active Directory integrated LION with offline Domain Controller

  Hi,
  I have some OS X Lion machine, and all of them joined into the Win2008 AD. There is no any issue when the Domain Controller is reahcable, but when it is not reahcable, or the machine is not in the same network as the DC, then I am not able to login with my AD user.
  In Windows the last credential is stored on the local machines. So if the machine is OFFLINE from the DC, then it is able to let the AD user to login.
  Is there any trick or option how I can implement it with my LION clients? Or there is no way to use AD user when the AD is not reachable?
  Thanks in advance!

  He actually didn't specify much about dynamic updates requirements for old domains, if they don't need secure dynamic updates then a primary zone would work:
  The DNS Server service allows dynamic update to be enabled or disabled on a per-zone basis at each server that is configured to load
  either a standard primary or directory-integrated zone.
  REF: Understanding Dynamic updates
  This post is provided AS IS with no warranties or guarantees, and confers no rights.
  ~~~
  Questo post non fornisce garanzie e non conferisce diritti

• NTLM Authentication with a domain controller/active directory

  Hi,
  I have a requirement to do an NTLM authentication with the MS active directory.
  I am aware that JNDI doesn't support this protocol to communicate with the AD.
  I have looked into couple of online solutions available but that doesn't seem to meet my requirement. Most of the solutions like (Apache commons NTLMScheme/NTCredentials and java.net.Authenticator etc...) are used for only NTLM proxy authentication (where both username, password is sent to the proxy server which does the actual NTLM authentication with the Active Directory.)
  What I need is a solution in Java where I can directly contact Active directory for negotiation of challenge/response mechanism.
  Can any of you guys suggest any alternative to achieve this ?

  it really depends to be honest. I'd probably go something like this though:
  One Small physical server to act as a domain controller - you could put DHCP on this too
  One or Two physical, quite powerful servers to act as Hyper-V hosts - these can be domain joined. 
  Then for your VM's create the following:
  1 x additional domain controller
  For remote desktop services:
  1 x Remote Desktop Session Host
  1 x Connection Broker
  1 x Gateway and web server
  For additional services
  1 or 2 x Exchange
  1 x sharepoint
  1 x IIS
  but it really depends what you want to achieve. 
  The benefit from Virtual machines is that you can keep separate virtual servers for separate applications. 
  If you have two hosts you could then replicate the virtual machines between them if you wanted some layer of fault tolerance. 
  Hope this helps you a bit more. And thanks for positive blog feedback - its appreciated. 
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  My Blog
  LinkedIn:

• .Mac gallery in iweb site with custom domain name

  This is my first post on the boards and I want to say that switching from pc to mac has been one of the greatest moves of my life. Anyways Im a photographer and have my own domain name. Ive created a site in iweb with .mac photo galleries on it. To upload the site I used an external ftp loader. The site looks great but when I click on the galleries it takes me to the .mac gallery page and there is no link to get back to the home page.

  When you create the link to a .Mac gallery, check the box "Open link in new window" in the "link" inspector.

• How to publcish new Muse Site with existing domain name

  We've created a new site in MUSE and we are ready for it to go live via BC. can we just use the same domain name of our existing site that is hosted by others? Will it replace it? Or do I have to cancel my existing hosting service first?
  Thanks!
  Shari
  http://www.pinterest.com/pin/create/extension/

  Hi
  You may create site using Muse, have the Muse project published to Business catalyst.Once done, have the site launched as either free site you get or as paid one based on you requirements.
  Once the site is launched, you may have the domain added to the site via site settings > site domains > new domain.
  When you add the domain you have two options :
  1. Use our DNS service
  2. Use External DNS service
  Based of your requirement , you will need to add the domain and have the domain redirected to Business catalyst where the site is now hosted.
  As far your existing site is concerned, you may want to keep it until the muse site is ready and published to business catalyst. However, once you are ready and domain is redirected , you may cancel your subscription with third party hosting service .
  You may find some links listed below helpful ( are related to process explained above) :
  1.Business Catalyst Help | Creative Cloud Sites / Upgrade and launch a site
  2. Business Catalyst Help | Business Catalyst for Muse users
  3. Adding a domain name to your site and taking site live

• .mac iWeb site with yahoo domain- much trouble

  I have 5 websites made with iweb hosted by .mac.
  I just got a yahoo domain name, (organizedmayhemmusic.com).
  I want to set that domain name to only one of my sites within iWeb,
  but I'm having allot of trouble. Right now I have my yahoo domain settings
  set to a masked forward, but I'd like it to work how I originally intended it to.
  Which would be when you go to (www.organizedmayhemmusic.com) it shows my iweb site
  without any weird stuff or tricks or redirects, if possible. Under yahoo Advanced DNS Settings
  I added a record, and it asks for a source, and destination. The source example was
  info.thesitename.com. but I don't want any thing in front of it, I'm actually still confused on
  all of that. I ended up setting the source to (www), and the destination to (web.mac.com).
  Then I created the settings on the .mac account page for a personal domain. And after I typed in
  my address it got me to (www.organizedmayhemmusic.com/OrganizedMayhem/OrganizedMayhem.html)
  Its my iweb site adress but it replaced web.mac.com with my new domain name.
  I want it to be just (www.organizedmayhemmusic.com) and worst of all you can type my other
  site/page names after (www.organizedmayhemmusic.com/) and get to my other sites but with
  my new domain name in the address. If anyone has any help to offer I would greatly appreciate it.
  I never ask for help unless I'm pretty desperate. Thanks in advance, -Terodil-

  If anyone has any help to offer
  Your choices are to go back to forwarding/masking or move your site to Yahoo.

• Muse uploading multiple sites with same domain?

  It seems that when i upload my site via FTP, if i type the domain without www. and only Http, it is uploading and creating a separate site then when i submit an update with www.
  www.threesistersgarden.org
  http://threesistersgarden.org/
  How can i fix this issue?

  Hi Ho Yin Wong,
  Are you referring to entering the domain name in the 'FTP server' field or the 'Site URL' field?
  - Abhishek Maurya

• How does work Azure web sites with custom domain?

  I am new in Azure. I am going to create a website or cloud service in Azure. Then I would like client to access them from custom domain, such as myweb.mydomain.com actually will map to real site/service in Azure.
  In this case, will client see the real URL in browser? Or they can see this redirection from their network traffic monitoring?
  I wonder their IT may only allow user access *.mydomain.com and block any traffic to third party DNS.

  Hi
  Your Azure website in terms of hosting web apps is just like other web hosting services so when you register a tenant and add a domain, you need to verify that domain by setting the DNS for the tenant you created to your domain's admin control panel.
  Here is the reference on how you can do this:
  https://msdn.microsoft.com/en-us/library/azure/hh969247.aspx
  Regards
  Aram

• Hyper-V host fails with "RPC Server unavailable" error when I try to promote Windows Server in virtual machine to a domain controller

  Host: Windows Server 2012 R2 with Hyper-V and RRAS (for Internet over NAT)
  VM: Windows Server 2012 R2 with installed Active Directory Domain Services
  When I open AD DS configuration window (“promote this server to a domain controller”) many services and programs on my host (include Hyper-V, RRAS & Server Manager) fails with RPC Server unavailable error.

  Hello Aleksandr,
  There wasn't any configuration information, ipconfig /all, network setup, etc. So it's difficult to tell.
  More importantly, are you trying to promote the host server? If yes, that is not advised, for one, because it's a Hyper-V server, (not suggested at all), and two, RRAS is installed. RRAS is problematic with any domain controller because it turns it into
  a multihomed domain controller.
  Active Directory communication fails on multihomed domain controllers
  http://support.microsoft.com/kb/272294/
  Multihomed DCs (with more than one unteamed NIC or multiple IPs) with DNS, RRAS, iSCSI, Clustering interfaces, management interfaces, backup interfaces, and/or PPPoE adapters - A multihomed DC is not a recommended configuration, however there are ways to
  configure a DC with registry mods:
  http://blogs.msmvps.com/acefekay/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters/
  7 Reasons not to Make Hyper-V a Domain Controller
  http://www.altaro.com/hyper-v/reasons-not-to-make-hyper-v-a-domain-controller/
  Domain Controller as Hyper-V host
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/4ff14bec-a815-473b-8d2a-33e91e17197b/domain-controller-as-hyperv-host?forum=winserverhyperv
  Networking?
  I don't know how your networking is setup, whether there are multiple NICs on the host server, if they are teamed, if you have the host interface set to allow the operating system to share administration, or if there are separate interfaces for each. Can
  the host OS ping/communicate with the DC virtual machine?
  If there are more than one NIC, you have the choice to team the NICs and share the Teamed NICs for the Hyper-V OS and the VMs, or keep them separate where one is devoted for the Hyper-V OS, and one for the VMs.
  Hyper-V Server VLAN Network Configuration
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/0aa71d2a-ebf9-4a3e-bbf5-94db55339fa2/hyperv-server-vlan-network-configuration?forum=winserverhyperv 
  Recommendation:
  Why not just create another VM DC?
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.