Bind Mavericks to Windows Server 2012 R2 domain
I have a Windows 2012 R2 domain controller (only one in the domain) with the forest and domain in native (not mixed) mode.
I am trying to bind a Mavericks Macbook Pro to the domain.
I have checked that I can ping the domain and domain controller by name and IP address.
I have set the NTP on the Macbook to use the domain controller as the time source.
I even set the "Prefer this domain server" to the domain controller.
When I attempt bind the Macbook, the time tested message of "Authentication server could not be contacted."
Any suggestions? Something about Windows Server 2012 R2 that I am missing? I admit that I am just learning Windows
Server 2012 R2, so it is possible my lack of knowledge of it is the adding to the problem.
Thank you in advance!
I have 3 Server 2012 DC's here on my network. No issues binding Macs to the DC. I haven't had the time to roll out R2 DCs yet, but will be doing so shortly as I am now done with some other upgrades. I would roll out one right now so I can test this for you, but don't have the time...sorry man.
One of the most important thing with AD is DNS. 1 of my 3 AD's is my DNS and DHCP server. I have not had to mess with any special settings, just let my Mac get it's IP from the DC and then bind away. Are your windows machines (if you have any) on the same LAN able to bind? Also make sure the account you are logged into the mac with is an Admin on the local mac.
Remove all the custom info you put in, keep it simple, I have never had to fill in any of those details, and make sure you use the FQDN of your DC (host.domain.com). Once you put in the FQDN, does the utility recognize the Domain and then ask for the AD admin credentials? If yes, then thats a good sign.
Let me know if it's still not working. Also make sure you are using the correct login and password, the admin of your DC.
Is your DC virtual or Physical? Do you have the firewall enabled on your DC? Are you using wireless or wired?
I'm sure you will get this... S12R2 is really sweet, all my Hyper-V hosts are S12R2.
Similar Messages
-
Configuring group policy for user profiles in Windows Server 2012 R2 Domain
Requesting some experts advise on configuring group policy for user profiles.
We will be building new Windows Server 2012 R2 Domain Controllers (Domain of 400 users).
The settings which I am concerned:
1. Folder Redirection: Desktop, Documents, Favorites.
2. Quota for Folder Redirection - 1 GB per user.
3. Map a networked drive - 1 GB per user.
4. Roaming profile - (Will ignore if it does not suit our requirement).
The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
FYI, E-mails hosted on MS Office365 and OST file size of few users more than 25GB. So, in case the user moves from one computer to other, the entire mailbox will be downloaded via internet. This consumes high bandwidth if more than 3-4 users shift per day.
Thanks a lot for your valuable time and efforts.Hi,
>>The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
This depends on where our outlook data files are stored. If these data files are stored under
drive:\Users\<username>\AppData\Local, then these files can’t be redirected, for folder redirection can’t redirect appdata local or locallow.
However, regarding your question, we can refer to the following thread to find the solution.
Roam outlook profiles without roaming profiles
http://social.technet.microsoft.com/Forums/office/en-US/3908b8e0-8f44-4a34-8eb5-5a024df3463e/roam-outlook-profiles-without-roaming-profiles
In addition, regarding how to configure folder redirection, the following article can be referred to for more information.
Configuring Folder Redirection
http://technet.microsoft.com/library/cc786749.aspx
Hope it helps.
Best regards,
Frank Shen -
Exchange 2007 RTM support with Windows Server 2012 R2 Domain Controller
Hi All,
I have not found any TechNet Article which states about the Windows Server 2012 R2 Active Directory domain controller operating system support with Exchange 2007 RTM, can some one please let me know that does Exchange 2007 RTM supports Windows Server 2012
R2 domain controller operating system, we are in the process of upgrading the domain controllers to 2012 R2 but not the forest and domain functional level to 2012 R2.
thanks
If answer is helpful, please hit the green arrow on the left, or mark as answer. Salahuddin | Blogs:http://salahuddinkhatri.wordpress.com | MCITP Microsoft LyncThere are several likely reasons for this. The most significant is that Exchange 2007 RTM is no longer supported (outside ot extended support, which is not going to include adding support for new operating systems):
http://support2.microsoft.com/lifecycle/default.aspx?LN=en-us&p1=10926
You'll note from the following -
http://technet.microsoft.com/library/ff728623(v=exchg.150).aspx - that only Exchange 2007 SP3 is currently supported in any environment.
HTH ... -
Deploy Windows Server 2012 R2 domain controller in 2008 domain
Hi,
We have three physical windows 2008 enterprise with SP1 32 bit domain controllers, we need to deploy two additional windows 2012 R2 standard as virtual machines on this domain. Do we need to install SP2 on the existing Windows 2008 sp1 DCs or we are fine?
What are other requirements?It is not required.
Just your Forest/Domain Functional level should be Windows Server 2003 or higher to be able to add Windows Server 2012 R2 DCs.
Please note that it is always recommended to have your Windows Operating Systems up-to-date to avoid known security attacks and known bugs.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Add Windows Server 2012 R2 domain controller to Windows 2008 R2 domain
Hi,
Have today 2 x Windows Server 2008 R2 domain controllers, and domain and functional level 2008 R2.
We now want to replace these DC`s with Windows Server 2012 R2.
My plan is as follow
- Install and promote a Windows Server 2012 R2 as a 3 DC`s with a temporary hostname and IP as DC3
- Install and promote a second Windows Server 2012 R2 as a 4 DC`s with a temporary hostname and IP as DC4
- Decomiss DC1 and remove this host. Change the IP and hostname of the new DC3 to DC1
- Move FSMO roles from DC2 to DC1 and decomiss DC2
- Change the IP and hostname of the new DC4 to DC2
Will this be a ok progress ? I will offcours to have the DC`s replicate information between them before doing each task.
/Regards AndreasHi,
Only error i got running dcdiag was the following
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=domain,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=domain,DC=local
......................... DC1 failed test NCSecDesc
Is this a problem ?
I would guess not since im not implementing a RODC ? Ref:
https://support.microsoft.com/en-us/kb/967482?wa=wsignin1.0
You can ignore it.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
WinX missing for domain users (Windows Server 2012/R2, Windows 8/8.1)
Hi,
I recently created a discussion about a Winx (Right Click) issue that I have in my environment. For windows servers 2012/2012 R2 and windows 8/8.1, I don't have the right click menu.
I don't use roaming profiles. The workaround is to manually copy the Winx folder for each user who log on but I would like to understand why it doesn't work.
Here is the previous discussion I created.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/4e80c369-242f-47ba-bd22-aafb9b0a6072/winx-missing-for-domain-users?forum=winserverManagement#ab6deeb2-cbcd-4147-a871-4c76d4cb37af
I really appreciate your help.
ThanksHi,
I could not reproduce the issue.
When i log in the Windows Server 2012 with domain user, the WinX folder already exists ans the Right Click is ok.
So you could create a new domain user to check the result.
Regards.
Vivian Wang -
Windows Server 2012 R2 in 2003 forrest
Hi,
We have a domain that has Windows 2008 R2 domain controllers, and the domain functional level is 2003, and the forest is 2003. We are looking at installing a Windows Server 2012 R2 as a regular server, not a DC, is that possible or do we have to add a Windows
Server 2012 R2 domain controller to have regular Windows Server 2012 R2 in the domain ?
Thanks for reply.
/Regards AndreasHello,
by default functional levels apply only to DCs.
In your case test it in your lab system to be sure there is no influence on the running applications.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
Windows server 2012 as primary DC and DNS server and windows server 2003 as secondary DC and DNS
Migration from windows server 2003 AD DC and DNS server to windows server 2012 R2,
Cannot I set up Windows server 2012 R2 as primary DC and DNS , windows server 2003 as secondary DC and DNS ? (for backup server when server 2012 fail, user can continue to login and access internet services)You can mix both as long as your Forest and Domain Functional level are Windows Server 2003. However, I would like to bring your attention to this blog about known problems when mixing DCs with Windows Server 2003 and 2012 R2 OS:
http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Hi,
We are planning to migrate Windows Server 2008 R2 AD to Windows Server 2012 R2 AD. But we have some Windows 2003 member servers (Running RADIUS for VPN user to authenticate their AD accounts). Does anyone know that existing Windows 2003 member
servers still able to authenticate on Windows Server 2012 R2 AD after migration and function properly? Just wanted to make sure Windows Server 2012 AD support Windows 2003 member server.
Thanks.
MHi,
Thanks for your post.
Is there any Windows server 2003 domain controller in your domian?
If yes, i think you could refer to this article:
http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Migrate SBS 2003 with AD and Exchange to Windows Server 2012 Standard
We are using SBS 2003 and we have configured Exchange server and AD with DNS and DHCP. Now we are planning to move SBS 2003 to Separate servers like windows server 2012 standard AD with DNS and DHCP and Windows server 2012 Standard with Exchange
2010.
Is it Possible?? we need step by step guide.
Thanks in advance.Hi,
You probably would not find any step by step guide for this kind of migrations. If you are not comfortable with doing such migrations I would recommend to if you need to do it your self do some test migrations. Or otherwise get help by a local IT company
that is familiar with migrations.
But to give you some information, first thing before starting a migration is check the health of your SBS 2003 server / domain. Use tools like dcdiag, netdiag and best practice analyzer. I wrote a blog post about steps to think about before you start this
might help: http://blog.ronnypot.nl/?p=914
When every thing is clean you can start adding the new windows server 2012 machines as member servers to your domain.
Next you can promote one of the servers to additional domain controller on your domain (Keep in mind SBS needs to hold all FSMO roles so moving these is the last step your should do.) Also promoting a windows server 2012 to domain controller has slightly
changed, you need to install the ADDS role and follow the wizard to promote the server to a DC.
With installation of the new DC install DNS allongsite it will automatic replicate settings during confiugration.
DHCP must be installed manual, depending on your scope and settings it might be as easy to create a new scope and disable the old dhcp server.
On the server Exchange needs to be installed, make sure you install and do all pre-requirements. Than install Exchange it will automaticly detect you already have an Exchange organization and is installed as additional server. You can configure all settings
and when everything is configured right you start moving mailboxes.
When everything is moved away from the SBS 2003 server, uninstall exchange, move the FSMO roles to the new DC and after that demote the sbs 2003 server so it is not listed anymore as an additional DC in the domain. Last would be shutdown the server and remove
all records left in AD and DNS.
There is this guide for migrating SBS 2003 to windows server 2008 R2 and Exchange 2010, this might give you some usefull information, not everything will be the same but it is a good start:
http://demazter.wordpress.com/2010/04/29/migrate-small-business-server-2003-to-exchange-2010-and-windows-2008-r2/
Regards Ronny
Visit my Blog or follow me on
Twitter -
Windows Server 2012 AD topology
The Windows Server 2012 AD domain controller is in a secure data center only reachable by VPN.
Call it Alpha. After credentials are setup the first time on work station enrolled in the domain, users outside the secure data center are required to use cached credentials to enter the secure data center via a VPN connection
(Juniper Pulse). Workstations and users never fully authenticated again which creates many problems.
A workstation will NOT see the AD controller when it boots.
A functional VPN connection is needed. I need to know if this topology will provide a better solution.
Add a domain controller to existing domain outside the secure data center.
Alpha and Alpha-replicate will have static IP addresses in their respective DNS spaces.
Alpha –replicate will connect to the secure data center via a VPN connection.
The IP address on the virtual adapter will be unique each time.
There is no way to get a static IP address on a VPN.
Users will authenticate to Alpha-replicate and then start a VPN connection to connect to mapped drives on a domain member server in the secure data center.
The only domain member systems in the secure data center are Alpha and a domain member server acting as a data server.
Will this work? What should I study?
Will Alpha and Alpha-replicate see each other and be able to communicate?
ThanksYou should not need another DC outside your secure data center. Your PCs don't need to connect to a DC during boot. Users can use cached credentials to log onto the local device and then connect to via a VPN. I do this all the time.
If you do want to put a DC outside your data center, I would highly recommend it be a Read-Only DC.
What it sounds like you are describing is something Microsoft provides with the operating system called Direct Access. Does not require the Juniper box - works just with Windows. Provides a VPN connection and can be transparent to the user -
when the user connects to the internet, DA tries to connect to the AD DC. If successful, the connection is just like being connected locally, so all group policies, etc. get updated.
. : | : . : | : . tim -
I have racked my brain and done everything that I know to do for about two weeks now. I am setting up a new system at our fire department and I am having the worst luck with getting the workstations to login to the domain controller with roaming
profiles. It keeps telling me that the roaming profile could not be loaded because of a slow connection. These are workstations that are connected directly to the switch that the DC is connected to. I have tried multiple connections regarding
the layout (DC into the router, router into the switch). The router is a Cisco RV220W. I have two VLANS, one for public and one for private domain. The Private VLAN has DHCP turned off since I am providing it through the DC. I currently
have a connection from the Private VLAN going to the unmanaged switch that the workstations and server are plugged into.
The server is a Dell PowerEdge R420 that has 6 NIC ports (1 dual port and 1 quad port). I have a virtual switch setup on Hyper-V for an external port (let's say Card 2 Port 3) that is assigned to the WS 2012R2 Domain Controller. The DC can see
the internet fine and the workstations can connect to the shared folders on the server. I can retrieve files by just using the computer name or FQDN. The DC is also running DNS and DHCP. The DNS has the _msdcs setup from when I installed
the active directory role. I have attempted to assign static IP addresses to the workstations:
IP: 10.0.0.80
Subnet: 255.255.255.0
IPV4 Gateway: 10.0.0.1
IPV4 DNS: 10.0.0.12
I've attempted "append the specific DNS suffix", I've "registered the connection in DNS", I've used "use this connections suffix in DNS registration".
The server is assigned:
IP: 10.0.0.12
Subnet: 255.255.255.0
IPV4 Gateway: 10.0.0.1
IPV4 DNS: 10.0.0.12
The DNS entries have forwarders that forward to my ISP DNS servers for lookup
I've enabled and disabled DHCP, I've installed a new VM just to create another DC to make sure that I didn't goof up when I created it.
I've lost my patience with this project and am sinking fast. Can someone please offer some advice as to what I've done wrong? I've created this exact scenario at work many times but, I've never done it with Windows Server 2012. Is this
possibly something to do with the Dell PowerEdge server (Generation 12) with the SR-IOV? I am going to attempt to work on it some more tomorrow when I get over there. I think there may be an issue with the SR-IOV not being enabled on the machine
through the Dell Bios. Would the SR-IOV really cause the workstations to report a slow connection? When I login at the domain controller the roaming profiles and folder redirection work fine so, I know the GPO settings are correct. I don't
have "ignore slow connections" or any of those GPO's set. I need to get it working the correct way so, I didn't want to fool the server when there is another underlying problem. Any help that someone can offer, I am more than willing
to listen. If you need more information, please ask.
Thanks,
JaySo, I've managed to research this some more since Thursday and I've come to the conclusion that Hyper-V does a horrible job of supporting Qualcomm NIC cards. That's the only thing I can conclude as far as where the issue is originating. I've read many
post and walkthroughs but nothing that has helped. The issue wasn't with any settings in the domain controller. The issue was that there really is a slow connection originating at the domain controller that is a VM and has network connectivity through the
virtual switch from Hyper-V. So, next question is, how do I get the DC to have better connectivity through the NIC that Hyper-V won't give it? If hyper-v would allow passthrough, this would be so much simpler. VM-ware is looking really good at this point.
Im disappointed in MS right now. -
An associate and myself installed the built-in drivers for the HP OfficeJet Pro 8600 Plus multi-function (network) printer on a Windows Server 2012 Standard server installation and everything worked fine whenever I want to print anything directly from the
Windows Server machine (there's a reason for this, so please understand that ;) ).
We were able to print without any problems from the Windows Server 2012 machine, using the drivers from Microsoft. Mainly, because HP has not listed any specific support for Windows Server 2012, only Windows Server 2008 R2, however, the drivers that
came with Windows 2012 seem to work very well.
PROBLEM: I later had to promote the Windows Server 2012 to a Domain Controller, and created the Active Directory configurations, even enabled the Print Services. After doing all of that, the HP printer will not print anything. It's like all print
requests directly from the Windows Server go to Nil.
Has anyone encountered a problem like this before? The only thing I can think of is that after perhaps something affected printing directly once we promoted the server to being a DC, and added other features / roles. I even tried installing the
HP drivers for Windows Server 2008 R2, and the results are still the same...nothing prints. Trust me, the printer is set as the Default Printer and even when choosing to print, we make sure the HP OfficeJet Pro is selected, and is on, as other Windows
Client PC's can print to it directly.
Does anyone have any suggestions we could try? Thanks in advance.While it is quite a while since this was posted - I can concur a similar issue exists.
We have spent the better part of a day trying to work out why other HP printers work fine but our 8620 prints are not printing and going to Nil. The print server is hosted on a shared DC. Comparing to the initial posters details, for some reason
it seems to be most commonly related to the OfficeJet Pro 8600/8610/8620/8630 series printers.
I ended up doing a print server migration from the domain controller to stand alone host and all printers now work from a single server rather than a mix. Domain controller OSes varied from 2008, 2012, 2012 R2 (tested with multiple) and only after
all of those failed then tried a stand alone server os machine as a last resort which worked fine. Printing directly from Win 7 / 8 /8.1 clients to the IP always worked. -
Hi,
I need to find out how to do something?
I have Windows 8.1 pro running on my PC and its part of a domain which is Windows Server 2012 R2 Essentials, it all runs perfectly except for a little niggle where my Win 8.1 PC locks after its not used for a short time. What I want to find out is
how to change this so it no longer locks when idle? I know this is a security feature but as its just my home pc it can be very annoying to log in again after walking away from the PC for a few min's.
I've had a look through the default domain policy but there are so many settings that I can't find it, that's even if there is a setting there?
Anyway can anyone help?
Thanks
JK
JK MCPHi,
We can try to implement by use High performance power plan or GPO to prevent computer from locking down:
Refer to the solution here:
http://social.technet.microsoft.com/Forums/en-US/0863112d-ee54-4808-9d27-0380d7bf04b0/gpo-to-disable-lock-computer-?forum=winserverGP
Also, you can check if there is any task scheduled for idle:
Task Conditions
http://technet.microsoft.com/en-us/library/cc721902.aspx
Hope these could be helpful.
Kate Li
TechNet Community Support -
Every few days we see two dialogs with the following messages:
Dialog 1, title: Check for Licensing Compliance is Incomplete
The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller.
Dialog 2, title: Check for Licensing Compliance is Incomplete
The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller. If the license compliance check cannot be completed, the server will automatically shut
down in 8 day(s) 23 hour(s) 0 minute(s).
The server is not (and never has been) joined to a domain or had any DC roles installed. In fact its still connected to the default Workgroup.
The server was configured in our office and never showed this message until it was installed on site. The main difference from what I can see is that when installed on site it was given a static IP address and does not have any DNS settings in the network
adapter properties.
I have scoured a number of forums on this error but in almost every other instance of this error message the servers are connected to a Domain Controller and the solutions generally are linked to dis-joining and rejoining the domain. Unfortunately this is
not an option for this scenario.
I initially thought that adding some relevant DNS server IP address may resolve the issue, however, we have the exact same model server configured exactly the same running at a different site that does not experience this problem. This server also has no
DNS server configured.
I have seen a post that suggests turning off the servers "Foundation Checking", but I'm unsure how to do this.Thanks for your response Vivian.
I can confirm that this server is not (and never has been) a member of any active directory, it is configured as a Workgroup server. It was initially configured on a network that does have an active directory, but was never joined to it. During that time it
never displayed these messages.
The server was moved into production on a different site and network and setup with a static IP address.The site network does have its own active directory but the server was not joined to it. It is whilst on this new network that these messages began.
Since my original post DNS servers have been added and the Microsoft activation has been verified, however, the messages are still appearing.
There are only 2 user accounts configured on this server. The local admin account and another local admin user.
The remote desktop services roles have been installed but not yet configured. I don't think that has any bearing on this scenario though.
The description of this error in the above "Introduction to Windows Server 2012 Foundation" link states:
This error occurs when the server cannot finish checking the requirements for the root domain, forest trust configuration, or both. It usually happens when the server cannot connect to a domain controller. If the situation persists, the server will
shut down 10 days after the first time the compliance check failed. Each time this error message occurs, it will state the actual time remaining before the server will shut down. If you restart the server after it has shut down because of non-compliance, the
server will shut itself down again in 3 days.
The above description leads me to the following question - In a Workgroup environment, does the server still try to contact a domain controller to establish a level of trust? If this is the case could it be that the server can no longer see the initial DC
on its new network and this is what is triggering the messages?
Am I clutching at straws here?
Maybe you are looking for
-
ALV download to Excel onto desktop using OLE concept.
Hi Experts, I requriement is , through my se38 program i need to download report output to excel. i did this using OLE concepts code and excel is being downloaded good. But problem is all columns data is dumped into First column. But in my ALV i have
-
Not merging the XML files in single file using BPM file to file payload
Dear All, i am working on BPM N:1 Scenario my design and config looks correct . it is picking the file and appending into my defined "ContainerList" but in receiver side .i mean Inbound side it is putting the data of one one file with the contents o
-
Windows performed an automatic update on my PC this morning. Now, Firefox does not work other than in SAFE mode. I get "Firefox can't establish a connection to the server..." I downloaded and reinstalled the latest version of Firefox and get the same
-
Hi Friends.. Please help me to fix this issue.. Query requirement is to find out the number of lines where the time effort is zero. Row Column1 Column2 Group Time effort Count = 0 If a create a formula with DELTA(time effort) then on
-
I can find no help on this, it says it cant print file, I have tried 3 printers. I have had this program over a year with no problems.