Bind Mavericks to Windows Server 2012 R2 domain

I have a Windows 2012 R2 domain controller (only one in the domain) with the forest and domain in native (not mixed) mode.
I am trying to bind a Mavericks Macbook Pro to the domain.
I have checked that I can ping the domain and domain controller by name and IP address.
I have set the NTP on the Macbook to use the domain controller as the time source.
I even set the "Prefer this domain server" to the domain controller.
When I attempt bind the Macbook, the time tested message of "Authentication server could not be contacted."
Any suggestions?  Something about Windows Server 2012 R2 that I am missing?  I admit that I am just learning Windows
Server 2012 R2, so it is possible my lack of knowledge of it is the adding to the problem.
Thank you in advance!

I have 3 Server 2012 DC's here on my network.  No issues binding Macs to the DC.  I haven't had the time to roll out R2 DCs yet, but will be doing so shortly as I am now done with some other upgrades.  I would roll out one right now so I can test this for you, but don't have the time...sorry man.
One of the most important thing with AD is DNS.  1 of my 3 AD's is my DNS and DHCP server.  I have not had to mess with any special settings, just let my Mac get it's IP from the DC and then bind away.  Are your windows machines (if you have any) on the same LAN able to bind?  Also make sure the account you are logged into the mac with is an Admin on the local mac. 
Remove all the custom info you put in, keep it simple, I have never had to fill in any of those details, and make sure you use the FQDN of your DC (host.domain.com).  Once you put in the FQDN, does the utility recognize the Domain and then ask for the AD admin credentials?  If yes, then thats a good sign. 
Let me know if it's still not working.  Also make sure you are using the correct login and password, the admin of your DC. 
Is your DC virtual or Physical?  Do you have the firewall enabled on your DC?  Are you using wireless or wired? 
I'm sure you will get this... S12R2 is really sweet, all my Hyper-V hosts are S12R2. 

Similar Messages

  • Configuring group policy for user profiles in Windows Server 2012 R2 Domain

    Requesting some experts advise on configuring group policy for user profiles.
    We will be building new Windows Server 2012 R2 Domain Controllers (Domain of 400 users).
    The settings which I am concerned:
    1. Folder Redirection: Desktop, Documents, Favorites.
    2. Quota for Folder Redirection - 1 GB per user.
    3. Map a networked drive - 1 GB per user.
    4. Roaming profile - (Will ignore if it does not suit our requirement). 
    The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
    FYI, E-mails hosted on MS Office365 and OST file size of few users more than 25GB. So, in case the user moves from one computer to other, the entire mailbox will be downloaded via internet. This consumes high bandwidth if more than 3-4 users shift per day.
    Thanks a lot for your valuable time and efforts.

    Hi,
    >>The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
    This depends on where our outlook data files are stored. If these data files are stored under
    drive:\Users\<username>\AppData\Local, then these files can’t be redirected, for folder redirection can’t redirect appdata local or locallow.
    However, regarding your question, we can refer to the following thread to find the solution.
    Roam outlook profiles without roaming profiles
    http://social.technet.microsoft.com/Forums/office/en-US/3908b8e0-8f44-4a34-8eb5-5a024df3463e/roam-outlook-profiles-without-roaming-profiles
    In addition, regarding how to configure folder redirection, the following article can be referred to for more information.
    Configuring Folder Redirection
    http://technet.microsoft.com/library/cc786749.aspx
    Hope it helps.
    Best regards,
    Frank Shen

  • Exchange 2007 RTM support with Windows Server 2012 R2 Domain Controller

    Hi All,
    I have not found any TechNet Article which states about the Windows Server 2012 R2 Active Directory domain controller operating system support with Exchange 2007 RTM, can some one please let me know that does Exchange 2007 RTM supports Windows Server 2012
    R2 domain controller operating system, we are in the process of upgrading the domain controllers to 2012 R2 but not the forest and domain functional level to 2012 R2.
    thanks
    If answer is helpful, please hit the green arrow on the left, or mark as answer. Salahuddin | Blogs:http://salahuddinkhatri.wordpress.com | MCITP Microsoft Lync

    There are several likely reasons for this.  The most significant is that Exchange 2007 RTM is no longer supported (outside ot extended support, which is not going to include adding support for new operating systems): 
    http://support2.microsoft.com/lifecycle/default.aspx?LN=en-us&p1=10926
    You'll note from the following -
    http://technet.microsoft.com/library/ff728623(v=exchg.150).aspx - that only Exchange 2007 SP3 is currently supported in any environment.
    HTH ...

  • Deploy Windows Server 2012 R2 domain controller in 2008 domain

    Hi,
    We have three physical windows 2008 enterprise with SP1 32 bit domain controllers, we need to deploy two additional windows 2012 R2 standard as virtual machines on this domain. Do we need to install SP2 on the existing Windows 2008 sp1 DCs or we are fine?
    What are other requirements?  

    It is not required.
    Just your Forest/Domain Functional level should be Windows Server 2003 or higher to be able to add Windows Server 2012 R2 DCs.
    Please note that it is always recommended to have your Windows Operating Systems up-to-date to avoid known security attacks and known bugs.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Add Windows Server 2012 R2 domain controller to Windows 2008 R2 domain

    Hi,
    Have today 2 x Windows Server 2008 R2 domain controllers, and domain and functional level 2008 R2.
    We now want to replace these DC`s with Windows Server 2012 R2.
    My plan is as follow
    - Install and promote a Windows Server 2012 R2 as a 3 DC`s with a temporary hostname and IP as DC3
    - Install and promote a second Windows Server 2012 R2 as a 4 DC`s with a temporary hostname and IP as DC4
    - Decomiss DC1 and remove this host. Change the IP and hostname of the new DC3 to DC1
    - Move FSMO roles from DC2 to DC1 and decomiss DC2
    - Change the IP and hostname of the new DC4 to DC2
    Will this be a ok progress ? I will offcours to have the DC`s replicate information between them before doing each task.
    /Regards Andreas

    Hi,
    Only error i got running dcdiag was the following
     Starting test: NCSecDesc
        Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
           Replicating Directory Changes In Filtered Set
        access rights for the naming context:
        DC=ForestDnsZones,DC=domain,DC=local
        Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
           Replicating Directory Changes In Filtered Set
        access rights for the naming context:
        DC=DomainDnsZones,DC=domain,DC=local
        ......................... DC1 failed test NCSecDesc
    Is this a problem ?
    I would guess not since im not implementing a RODC ? Ref:
    https://support.microsoft.com/en-us/kb/967482?wa=wsignin1.0
    You can ignore it.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • WinX missing for domain users (Windows Server 2012/R2, Windows 8/8.1)

    Hi,
    I recently created a discussion about a Winx (Right Click) issue that I have in my environment. For windows servers 2012/2012 R2 and windows 8/8.1, I don't have the right click menu.
    I don't use roaming profiles. The workaround is to manually copy the Winx folder for each user who log on but I would like to understand why it doesn't work.
    Here is the previous discussion I created.
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/4e80c369-242f-47ba-bd22-aafb9b0a6072/winx-missing-for-domain-users?forum=winserverManagement#ab6deeb2-cbcd-4147-a871-4c76d4cb37af
    I really appreciate your help.
    Thanks

    Hi,
    I could not reproduce the issue.
    When i log in the Windows Server 2012 with domain user, the WinX folder already exists ans the Right Click is ok.
    So you could create a new domain user to check the result.
    Regards.
    Vivian Wang

  • Windows Server 2012 R2 in 2003 forrest

    Hi,
    We have a domain that has Windows 2008 R2 domain controllers, and the domain functional level is 2003, and the forest is 2003. We are looking at installing a Windows Server 2012 R2 as a regular server, not a DC, is that possible or do we have to add a Windows
    Server 2012 R2 domain controller to have regular Windows Server 2012 R2 in the domain ?
    Thanks for reply.
    /Regards Andreas

    Hello,
    by default functional levels apply only to DCs.
    In your case test it in your lab system to be sure there is no influence on the running applications.
    Best regards
    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://blogs.msmvps.com/MWeber
    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
    Twitter:  

  • Windows server 2012 as primary DC and DNS server and windows server 2003 as secondary DC and DNS

    Migration from windows server 2003 AD DC and DNS server to windows server 2012 R2,
    Cannot I set up Windows server 2012 R2 as primary DC and DNS  , windows server 2003 as secondary DC and DNS ? (for backup server when server 2012 fail, user can continue to login and access internet services)

    You can mix both as long as your Forest and Domain Functional level are Windows Server 2003. However, I would like to bring your attention to this blog about known problems when mixing DCs with Windows Server 2003 and 2012 R2 OS:
    http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Is Windows 2003 member servers still able to authenticate against Windows Server 2012 R2 AD after mirgation?

    Hi,
    We are planning to migrate Windows Server 2008 R2 AD to Windows Server 2012 R2 AD. But we have some Windows 2003 member servers (Running RADIUS for VPN user to authenticate their AD accounts). Does anyone know that existing Windows 2003 member
    servers still able to authenticate on Windows Server 2012 R2 AD after migration and function properly?  Just wanted to make sure Windows Server 2012 AD support Windows 2003 member server.
    Thanks.
    M

    Hi,
    Thanks for your post.
    Is there any Windows server 2003 domain controller in your domian?
    If yes, i think you could refer to this article:
    http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx
    Regards.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Migrate SBS 2003 with AD and Exchange to Windows Server 2012 Standard

    We are using SBS 2003 and we have configured Exchange server and AD with DNS and DHCP. Now we are planning to move SBS 2003 to Separate servers like windows server 2012 standard AD with DNS and DHCP and Windows server 2012 Standard with Exchange
    2010.
    Is it Possible?? we need step by step guide.
    Thanks in advance.

    Hi,
    You probably would not find any step by step guide for this kind of migrations. If you are not comfortable with doing such migrations I would recommend to if you need to do it your self do some test migrations. Or otherwise get help by a local IT company
    that is familiar with migrations.
    But to give you some information, first thing before starting a migration is check the health of your SBS 2003 server / domain. Use tools like dcdiag, netdiag and best practice analyzer. I wrote a blog post about steps to think about before you start this
    might help: http://blog.ronnypot.nl/?p=914
    When every thing is clean you can start adding the new windows server 2012 machines as member servers to your domain. 
    Next you can promote one of the servers to additional domain controller on your domain (Keep in mind SBS needs to hold all FSMO roles so moving these is the last step your should do.) Also promoting a windows server 2012 to domain controller has slightly
    changed, you need to install the ADDS role and follow the wizard to promote the server to a DC.
    With installation of the new DC install DNS allongsite it will automatic replicate settings during confiugration.
    DHCP must be installed manual, depending on your scope and settings it might be as easy to create a new scope and disable the old dhcp server.
    On the server Exchange needs to be installed, make sure you install and do all pre-requirements. Than install Exchange it will automaticly detect you already have an Exchange organization and is installed as additional server. You can configure all settings
    and when everything is configured right you start moving mailboxes.
    When everything is moved away from the SBS 2003 server, uninstall exchange, move the FSMO roles to the new DC and after that demote the sbs 2003 server so it is not listed anymore as an additional DC in the domain. Last would be shutdown the server and remove
    all records left in AD and DNS.
    There is this guide for migrating SBS 2003 to windows server 2008 R2 and Exchange 2010, this might give you some usefull information, not everything will be the same but it is a good start:
    http://demazter.wordpress.com/2010/04/29/migrate-small-business-server-2003-to-exchange-2010-and-windows-2008-r2/ 
    Regards Ronny
    Visit my Blog or follow me on
    Twitter

  • Windows Server 2012 AD topology

    The Windows Server 2012 AD domain controller is in a secure data center only reachable by VPN.  
    Call it Alpha.   After credentials are setup the first time on work station enrolled in the domain, users outside the secure data center are required to use cached credentials to enter the secure data center via a VPN connection
    (Juniper Pulse).   Workstations and users never fully authenticated again which creates many problems.
      A workstation will NOT see the AD controller when it boots. 
    A functional VPN connection is needed.   I need to know if this topology will provide a better solution.
    Add a domain controller to existing domain outside the secure data center.  
    Alpha and Alpha-replicate will have static IP addresses in their respective DNS spaces.  
    Alpha –replicate will connect to the secure data center via a VPN connection. 
    The IP address on the virtual adapter will be unique each time. 
    There is no way to get a static IP address on a VPN.   
    Users will authenticate to Alpha-replicate and then start a VPN connection to connect to mapped drives on a domain member server in the secure data center. 
     The only domain member systems in the secure data center are Alpha and a domain member server acting as a data server.  
    Will this work?   What should I study? 
     Will Alpha and Alpha-replicate see each other and be able to communicate? 
    Thanks

    You should not need another DC outside your secure data center.  Your PCs don't need to connect to a DC during boot.  Users can use cached credentials to log onto the local device and then connect to via a VPN.  I do this all the time. 
    If you do want to put a DC outside your data center, I would highly recommend it be a Read-Only DC.
    What it sounds like you are describing is something Microsoft provides with the operating system called Direct Access.  Does not require the Juniper box - works just with Windows.  Provides a VPN connection and can be transparent to the user -
    when the user connects to the internet, DA tries to connect to the AD DC.  If successful, the connection is just like being connected locally, so all group policies, etc. get updated.
    . : | : . : | : . tim

  • Windows Domain Controller on Windows Server 2012 R2: Hyper-V roaming profiles not loading due to slow connection

    I have racked my brain and done everything that I know to do for about two weeks now.  I am setting up a new system at our fire department and I am having the worst luck with getting the workstations to login to the domain controller with roaming
    profiles.  It keeps telling me that the roaming profile could not be loaded because of a slow connection.  These are workstations that are connected directly to the switch that the DC is connected to.  I have tried multiple connections regarding
    the layout (DC into the router, router into the switch).  The router is a Cisco RV220W.  I have two VLANS, one for public and one for private domain.  The Private VLAN has DHCP turned off since I am providing it through the DC.  I currently
    have a connection from the Private VLAN going to the unmanaged switch that the workstations and server are plugged into.
    The server is a Dell PowerEdge R420 that has 6 NIC ports (1 dual port and 1 quad port).  I have a virtual switch setup on Hyper-V for an external port (let's say Card 2 Port 3) that is assigned to the WS 2012R2 Domain Controller.  The DC can see
    the internet fine and the workstations can connect to the shared folders on the server.  I can retrieve files by just using the computer name or FQDN.  The DC is also running DNS and DHCP.  The DNS has the _msdcs setup from when I installed
    the active directory role.  I have attempted to assign static IP addresses to the workstations:
    IP:                     10.0.0.80
    Subnet:             255.255.255.0
    IPV4 Gateway:  10.0.0.1
    IPV4 DNS:        10.0.0.12
    I've attempted "append the specific DNS suffix", I've "registered the connection in DNS", I've used "use this connections suffix in DNS registration".
    The server is assigned:
    IP:                     10.0.0.12
    Subnet:             255.255.255.0
    IPV4 Gateway:  10.0.0.1
    IPV4 DNS:         10.0.0.12
    The DNS entries have forwarders that forward to my ISP DNS servers for lookup
    I've enabled and disabled DHCP, I've installed a new VM just to create another DC to make sure that I didn't goof up when I created it.
    I've lost my patience with this project and am sinking fast.  Can someone please offer some advice as to what I've done wrong?  I've created this exact scenario at work many times but, I've never done it with Windows Server 2012.  Is this
    possibly something to do with the Dell PowerEdge server (Generation 12) with the SR-IOV?  I am going to attempt to work on it some more tomorrow when I get over there.  I think there may be an issue with the SR-IOV not being enabled on the machine
    through the Dell Bios.  Would the SR-IOV really cause the workstations to report a slow connection?  When I login at the domain controller the roaming profiles and folder redirection work fine so, I know the GPO settings are correct.  I don't
    have "ignore slow connections" or any of those GPO's set.  I need to get it working the correct way so, I didn't want to fool the server when there is another underlying problem.  Any help that someone can offer, I am more than willing
    to listen.  If you need more information, please ask.
    Thanks,
    Jay

    So, I've managed to research this some more since Thursday and I've come to the conclusion that Hyper-V does a horrible job of supporting Qualcomm NIC cards. That's the only thing I can conclude as far as where the issue is originating. I've read many
    post and walkthroughs but nothing that has helped. The issue wasn't with any settings in the domain controller. The issue was that there really is a slow connection originating at the domain controller that is a VM and has network connectivity through the
    virtual switch from Hyper-V. So, next question is, how do I get the DC to have better connectivity through the NIC that Hyper-V won't give it? If hyper-v would allow passthrough, this would be so much simpler. VM-ware is looking really good at this point.
    Im disappointed in MS right now.

  • Windows Server 2012 Standard - HP OfficeJet Pro 8600 Plus printer not working after promoting to Domain Controller / AD Services

    An associate and myself installed the built-in drivers for the HP OfficeJet Pro 8600 Plus multi-function (network) printer on a Windows Server 2012 Standard server installation and everything worked fine whenever I want to print anything directly from the
    Windows Server machine (there's a reason for this, so please understand that ;)  ).
    We were able to print without any problems from the Windows Server 2012 machine, using the drivers from Microsoft.  Mainly, because HP has not listed any specific support for Windows Server 2012, only Windows Server 2008 R2, however, the drivers that
    came with Windows 2012 seem to work very well.
    PROBLEM: I later had to promote the Windows Server 2012 to a Domain Controller, and created the Active Directory configurations, even enabled the Print Services.  After doing all of that, the HP printer will not print anything.  It's like all print
    requests directly from the Windows Server go to Nil.
    Has anyone encountered a problem like this before? The only thing I can think of is that after perhaps something affected printing directly once we promoted the server to being a DC, and added other features / roles.  I even tried installing the
    HP drivers for Windows Server 2008 R2, and the results are still the same...nothing prints.  Trust me, the printer is set as the Default Printer and even when choosing to print, we make sure the HP OfficeJet Pro is selected, and is on, as other Windows
    Client PC's can print to it directly.
    Does anyone have any suggestions we could try?  Thanks in advance.

    While it is quite a while since this was posted - I can concur a similar issue exists.
    We have spent the better part of a day trying to work out why other HP printers work fine but our 8620 prints are not printing and going to Nil.  The print server is hosted on a shared DC.  Comparing to the initial posters details, for some reason
    it seems to be most commonly related to the OfficeJet Pro 8600/8610/8620/8630 series printers.
    I ended up doing a print server migration from the domain controller to stand alone host and all printers now work from a single server rather than a mix.  Domain controller OSes varied from 2008, 2012, 2012 R2 (tested with multiple) and only after
    all of those failed then tried a stand alone server os machine as a last resort which worked fine.  Printing directly from Win 7 / 8 /8.1 clients to the IP always worked.

  • Windows 8.1 pro client on a Windows server 2012 R2 Essentials domain, how to change lock when idle?

    Hi,
    I need to find out how to do something?
    I have Windows 8.1 pro running on my PC and its part of a domain which is Windows Server 2012 R2 Essentials, it all runs perfectly except for a little niggle where my Win 8.1 PC locks after its not used for a short time.  What I want to find out is
    how to change this so it no longer locks when idle?  I know this is a security feature but as its just my home pc it can be very annoying to log in again after walking away from the PC for a few min's.
    I've had a look through the default domain policy but there are so many settings that I can't find it, that's even if there is a setting there?
    Anyway can anyone help?
    Thanks
    JK
    JK MCP

    Hi,
    We can try to implement by use High performance power plan or GPO to prevent computer from locking down:
    Refer to the solution here:
    http://social.technet.microsoft.com/Forums/en-US/0863112d-ee54-4808-9d27-0380d7bf04b0/gpo-to-disable-lock-computer-?forum=winserverGP
    Also, you can check if there is any task scheduled for idle:
    Task Conditions
    http://technet.microsoft.com/en-us/library/cc721902.aspx
    Hope these could be helpful.
    Kate Li
    TechNet Community Support

  • Windows Server 2012 Foundation, in a Workgroup - "The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller"...

    Every few days we see two dialogs with the following messages:
    Dialog 1, title: Check for Licensing Compliance is Incomplete
    The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller.
    Dialog 2, title: Check for Licensing Compliance is Incomplete
    The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller. If the license compliance check cannot be completed, the server will automatically shut
    down in 8 day(s) 23 hour(s) 0 minute(s).
    The server is not (and never has been) joined to a domain or had any DC roles installed. In fact its still connected to the default Workgroup.
    The server was configured in our office and never showed this message until it was installed on site. The main difference from what I can see is that when installed on site it was given a static IP address and does not have any DNS settings in the network
    adapter properties. 
    I have scoured a number of forums on this error but in almost every other instance of this error message the servers are connected to a Domain Controller and the solutions generally are linked to dis-joining and rejoining the domain. Unfortunately this is
    not an option for this scenario.
    I initially thought that adding some relevant DNS server IP address may resolve the issue, however, we have the exact same model server configured exactly the same running at a different site that does not experience this problem. This server also has no
    DNS server configured.
    I have seen a post that suggests turning off the servers "Foundation Checking", but I'm unsure how to do this.

    Thanks for your response Vivian.
    I can confirm that this server is not (and never has been) a member of any active directory, it is configured as a Workgroup server. It was initially configured on a network that does have an active directory, but was never joined to it. During that time it
    never displayed these messages.
    The server was moved into production on a different site and network and setup with a static IP address.The site network does have its own active directory but the server was not joined to it. It is whilst on this new network that these messages began.
    Since my original post DNS servers have been added and the Microsoft activation has been verified, however, the messages are still appearing.
    There are only 2 user accounts configured on this server. The local admin account and another local admin user.
    The remote desktop services roles have been installed but not yet configured. I don't think that has any bearing on this scenario though.
    The description of this error in the above "Introduction to Windows Server 2012 Foundation" link states:
    This error occurs when the server cannot finish checking the requirements for the root domain, forest trust configuration, or both. It usually happens when the server cannot connect to a domain controller. If the situation persists, the server will
    shut down 10 days after the first time the compliance check failed. Each time this error message occurs, it will state the actual time remaining before the server will shut down. If you restart the server after it has shut down because of non-compliance, the
    server will shut itself down again in 3 days.
    The above description leads me to the following question - In a Workgroup environment, does the server still try to contact a domain controller to establish a level of trust? If this is the case could it be that the server can no longer see the initial DC
    on its new network and this is what is triggering the messages?
    Am I clutching at straws here?

Maybe you are looking for