Block XP machines in domain

Similar Messages

• We have created shared folder on multiple client machine in domain environment on different 2 OS like-XP,Vista, etc. from some day's When we facing problem when we are access from host name that shared folder is accessible but same time same computer when

  Hello All,
  we have created shared folder on multiple client machine in domain environment on different 2 OS like-XP,Vista, etc.
  from some day's When we facing problem when we are access from host name that shared folder is accessible but same time same computer when we are trying to access the share folder with IP it asking for credentials i have type again and again
  correct credential but unable to access that. If i re-share the folder then we are access it but when we are restarted the system then same problem is occurring.
  I have checked IP,DNS,Gateway and more each & everything is well.
  Pls suggest us.
  Pankaj Kumar

  Hi,
  According to your description, my understanding is that the same shared folder can be accessed by name, but can’t be accessed be IP address and asks for credentials.
  Please try to enable the option below on the device which has shared folder:
  Besides, check the Advanced Shring settings of shared folder and confrim that if there is any limitation settings.
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Unable to join the client machine into domain in low banswidth 16kbps

  Hi,<o:p></o:p>
  I'm unable to join the client machine into domain which is in low bandwidth 16 kbps.but i can able join other machine into domain which is having
  more bandwidth,please help me on this issue<o:p></o:p>

  Depending on the version of your domain, you could try an offline join.
  http://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step(v=WS.10).aspx
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.
  I would say that it depends on the client OS (Windows 7 or Windows 8) if offline domain join could be used or not, not that much regarding the level of the domain, you can always use the
  /downlevel switch to target a DC running Windows Server 2003 for example.
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• User machine without domain require domain\username authentication.

  Hi,
  When I try to connect in lync 2013 with machine unjoined domain the "domain\username" is required, however in another organization it´s not required. How can I set this?
  Thanks.
  Diego Riera | Linkedin |
  Twitter |
  diegoriera.wordpress.com
  Por favor, lembre-se de clicar em "Marcar como Resposta" no post que o ajuda, e clique em "Desmarcar como resposta" se um post marcado na verdade não responder a sua pergunta. Isto pode ser benéfico para outros membros da comunidade. Esta
  postagem é fornecida, sem garantias e sem direitos.

  Diego,
  if you set the users' UPN to match that of your SIP domain (sign-in name), then AD username should not be required. Check
  http://support.microsoft.com/kb/243629
  http://blog.schertz.name/2012/08/understanding-active-directory-naming-formats/
  Alessio Giombini | Microsoft Solutions Architect | Twitter: @AlessioGiombini
  Lync 2013 Detailed Design Calculator: try it at http://goo.gl/jU1hZR

• Error While Joining a domain.| Adding a virtual box machine to host machine's domain

  Dear All,
             I have a Virtual Box(guest) Where Windows Server 2008 r2 is installed.Virtual box is hosted by a machine which Uses Windows Server 2008 r2. Host machine is a domain controller.I have added guest to another domain
  other than host.But whenever I tried to add guest machine to host domain It shows me following error(See below).
  An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "crmrc.com".
  The error was: "No records found for given DNS query."
  (error code 0x0000251D DNS_INFO_NO_RECORDS)
  The query was for the SRV record for _ldap._tcp.dc._msdcs.crmrc.com
  Could you please suggest me the solution for it?
  Thanks and Regards,
  Yusuf

  Hello,
  C:\Users\Administrator>ipconfig/all
  Windows
  IP Configuration
   Host Name . . . . . . . . . . . . : MSCRM
   Primary Dns Suffix  . . . . . . . : crmrc.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : crmrc.com
  Ethernet
  adapter Network Bridge:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : MAC Bridge Miniport
   Physical Address. . . . . . . . . : BA-AC-6F-3F-A3-51
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8573:2122:495b:93bc%16(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.78(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 280669295
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-B1-48-BF-B8-AC-6F-3F-A3-51
   DNS Servers . . . . . . . . . . . : 192.168.1.78
                                       59.144.127.17
   NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel
  adapter isatap.{39C0341C-67DC-405D-B8F4-25DA555D53C0}:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.78%12(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.1.78
                                       59.144.127.17
   NetBIOS over Tcpip. . . . . . . . : Disabled
  Tunnel
  adapter Teredo Tunneling Pseudo-Interface:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
  I suppose here that this is a DC/DNS server. I see that 59.144.127.17 is
  configured as a DNS server. If 59.144.127.17 is
  a public DNS server then please add it as a forwarder.
  Once done, run ipconfig /registerdns and restart netlogon service on the DC.
  Windows
  IP Configuration
   Host Name . . . . . . . . . . . . : MYLYC
   Primary Dns Suffix  . . . . . . . : ow.pearl
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ow.pearl
  Ethernet
  adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT De
   Physical Address. . . . . . . . . : 08-00-27-43-C7-47
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::781f:3c7d:edc:684
   IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 235405351
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-7A-16-5B
   DNS Servers . . . . . . . . . . . : 192.168.1.78
                                       59.144.127.17
   NetBIOS over Tcpip. . . . . . . . : Enabled
  Please delete the second DNS server.
  Also, disable all security softwares and try again.
  Are you able to ping the DC? If not, that may be a problem with your routes.
  Also, use nslookup to check that all is okay with DNS records.
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Microsoft
  Student Partner 2010 / 2011
  Microsoft Certified
  Professional
  Microsoft Certified
  Systems Administrator: Security
  Microsoft Certified
  Systems Engineer: Security
  Microsoft Certified
  Technology Specialist: Windows Server 2008 Active Directory, Configuration
  Microsoft Certified
  Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
  Microsoft Certified
  Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft Certified
  Technology Specialist: Windows 7, Configuring
  Microsoft Certified
  IT Professional: Enterprise Administrator

• DNS Error while joining the machine to domain.

  I get the below error while joining a new Win7 machine to the domain.
  I can ping and successfully resolve nslookup on both server and client machine.
  Both client and server (2008r2) are virtual machines, with private ip's on LAN...
  The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain
  magic.com:
  The error was: "DNS name does not exist."
  (error code 0x0000232B RCODE_NAME_ERROR)
  The query was for the SRV record for _ldap._tcp.dc._msdcs.magic.com
  Common causes of this error include the following:
  - The DNS SRV record is not registered in DNS.
  - One or more of the following zones do not include delegation to its child zone:
  magic.com
  com
  . (the root zone)
  For information about correcting this problem, click Help.
  Looks like some problem with my DNS.
  Also i tried to uninstall/ re-install the DNS role.
  What should be the TCP/IP network configuration???
  System Security analyst at CapG

  I get the below error while joining a new Win7 machine to the domain.
  I can ping and successfully resolve nslookup on both server and client machine.
  Both client and server (2008r2) are virtual machines, with private ip's on LAN...
  The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain
  magic.com:
  The error was: "DNS name does not exist."
  (error code 0x0000232B RCODE_NAME_ERROR)
  The query was for the SRV record for _ldap._tcp.dc._msdcs.magic.com
  Common causes of this error include the following:
  - The DNS SRV record is not registered in DNS.
  - One or more of the following zones do not include delegation to its child zone:
  magic.com
  com
  . (the root zone)
  For information about correcting this problem, click Help.
  Looks like some problem with my DNS.
  Also i tried to uninstall/ re-install the DNS role.
  What should be the TCP/IP network configuration???
  System Security analyst at CapG
  Also something to look in, i do not have the usual folders below 'Forward lookup zone', i.e, Sites, Home, tcp etc..
  I beleive these are required. I am not sure.!!. I did re-install the role, no change :-(
  System Security analyst at CapG

• Cannot join Server 2012 machine to domain

  I am trying to join a clean  Server 2012 machine configured with Active Directory Domain Services and DNS features enabled to a domain (alekatest.com) which I have purchased. The Active Directory Domain Services option in Server Manager advises me that
  the server requires promotion to a Domain Controller, but if I select "Add a domain controller to an existing domain" and enter "alekatest.com", and supply Domain Admin  credentials I get a message "Encountered an error contacting
  domain alekatest.com. The server is not operational". The DNS server has address 10.0.0.2.
  When I try and change from workgroup to new domain alekatest.com, it fails with the message "No records found for given DNS query. The query was for the SRV record for _ldap._tcp.dc._msdcs.alekatest.com". The server is connected by Ethernet to
  a wireless router in a home network.
  The ipconfig/all data from the server is:
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : SERVER2012
     Primary Dns Suffix  . . . . . . . :
     Node Type . . . . . . . . . . . . : Broadcast
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
  Ethernet adapter Ethernet:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network Connecti
     Physical Address. . . . . . . . . : 00-26-B9-82-D5-76
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.0.0.138
     DNS Servers . . . . . . . . . . . : 10.0.0.2
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:386b:2023:f5ff:fffd(Prefer
     Link-local IPv6 Address . . . . . : fe80::386b:2023:f5ff:fffd%14(Preferred)
     Default Gateway . . . . . . . . . : ::
     DHCPv6 IAID . . . . . . . . . . . : 335544320
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-FC-79-E8-00-26-B9-82-D5-76
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Tunnel adapter isatap.{6945E26E-B530-4271-8CF1-AD4BC13AF147}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Reusable ISATAP Interface {74B5ED96-D12C-413B-9ED4-5B6270328AE0}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Reusable ISATAP Interface {A9E91CEE-5350-4ACA-934D-D2AA5188B694}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  I can ping alekatest.com from the server:
  Pinging alekatest.com [203.170.87.12] with 32 bytes of data:
  Reply from 203.170.87.12: bytes=32 time=86ms TTL=50
  Reply from 203.170.87.12: bytes=32 time=109ms TTL=50
  Reply from 203.170.87.12: bytes=32 time=106ms TTL=50
  Reply from 203.170.87.12: bytes=32 time=81ms TTL=50
  and  nslookup alekatest.com returns
  Server:  UnKnown
  Address:  10.0.0.2
  Non-authoritative answer:
  Name:    alekatest.com
  Address:  203.170.87.12
  if I try to return srv records from alekatest.com as follows, no records are returned
  PS C:\Users\Administrator> nslookup
  Default Server:  UnKnown
  Address:  10.0.0.2
  > set q=srv
  > _ldap._tcp.dc._msdcs.alekatest.com
  Server:  UnKnown
  Address:  10.0.0.2
  _ldap._tcp.dc._msdcs.alekatest.com
          primary name server = ns1.crazydomains.com
          responsible mail addr = dns.crazydomains.com
          serial  = 2010010101
          refresh = 7200 (2 hours)
          retry   = 120 (2 mins)
          expire  = 1209600 (14 days)
          default TTL = 3600 (1 hour)
  In order to add an srv record I would appear to need to access the server ns1.crazydomains.com, which I doubt is possible.
  Any help would be much appreciated

  You're confusing DNS Domains and Active Directory Domains. While there are similarities the two are and do completely different things.
  A DNS domain, in your case alekatest.com hosted by crazydomains.com is used to direct people to resources, for instance on the internet, to get to things like your website, email etc. It's not specific to Windows, and generally speaking after purchasing
  it from a 3rd party you control what the DNS records are through that 3rd party.
  An Active Directory domain is what you're referring to when you talk about joining a machine to a domain, setting up users on a domain, controlling access to resources on your network etc. This doesn't require you to purchase a domain from a 3rd party, and
  could potentially be called anything you like.
  So, in terms of your AD server, assuming you don't already have an AD domain configured on another AD controller on the network, when you do the setup you'll need to select the option to create a new domain. You could then set it to use alekatest.com, but
  that isn't recommended as you can get into all kinds of issues with your local and public DNS records conflicting, so unless you know what you're doing and why you're doing it I'd suggest avoiding that. A better idea would be to set the AD domain to something
  like alekatest.local. That would then become the local domain, so for instance your users would login as akekatest\<username> on the domain, and your local machines can then be joined to that domain.
  Once all that is done, if you did need to have local records for alekatest.com pointing to local resources, there's nothing stopping you from adding that zone into DNS Manager on the AD server and configuring the records accordingly, however be aware that
  once you did that your server would assume that it has all the records for the domain. So if you had a website configured on
  www.alekatest.com and had the DNS records for that pointing to your website hosted somewhere else via your domain provider, if you didn't re-create that same record on your local copy of the domain then you'll be unable
  to reach that website from your local network (since your users will be trying to find it locally rather than on the internet).
  Hope that makes sense.

• Problems to join a virtual machine on Domain.

  Hi Everybody
  Im trying to join my windows 8 virtual machine on a Domain mounted in Windows server 2012, but I.m not able to do it, when I try, i receive the below message.
  Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
  DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "tcsgdl.com":
  The query was for the SRV record for _ldap._tcp.dc._msdcs.tcsgdl.com
  The following domain controllers were identified by the query:
  tcsgdldc01.tcsgdl.com
  However no domain controllers could be contacted.
  Common causes of this error include:
  - Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.
  - Domain controllers registered in DNS are not connected to the network or are not running.
  Thanks in advance, if you require extra information just let me know.

  Hi Susie
  Yes, DC is hosting DNS Role, DC and Client are pointing to DC.
  nslookup on client:
  C:\Users\gdladm>NSLOOKUP
  Default Server:  UnKnown
  Address:  169.254.187.10
  > SERVER 169.254.187.10
  Server:  [169.254.187.10]
  Address:  169.254.187.10
  *** 169.254.187.10 can't find SERVER: Server failed
  Outputs "IPCONFIG / ALL"
  Client:
  C:\Users\gdladm>IPCONFIG /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : PCTEST
     Primary Dns Suffix  . . . . . . . :
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
  Ethernet adapter Ethernet0:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connec
  n
     Physical Address. . . . . . . . . : 00-50-56-3B-E7-C2
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 169.254.187.40(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 169.254.187.10
     DNS Servers . . . . . . . . . . . : 169.254.187.10
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{D09F1650-4E09-4AA8-B2C0-326D66081D0B}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  DC:
  C:\Users\Administrator.TCSGDLDC01>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : TCSGDLDC01
     Primary Dns Suffix  . . . . . . . : TCSGDL.COM
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : TCSGDL.COM
  Ethernet adapter Ethernet0:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connectio
  n
     Physical Address. . . . . . . . . : 00-50-56-39-BD-69
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 169.254.187.10(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 169.254.187.1
     DNS Servers . . . . . . . . . . . : 169.254.187.40
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{D728DFCE-4C40-4236-82BF-2B2BFD10641B}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Thanks for the support, if any information is required please let me know.
    

• Anyconnect 802.1x - "switch user" is blocked in machine authentication

  hi all,
  I know this is not a bug its a feature
  that anyconnect blocks user switching disallowing the computer to have them both logged in. Its desirable and understandable
  however
  I have an environment where I use only machine authentication and remote helpdesk needs to connect to these machines using some application then they "switch user" to do their tasks (its important not to logoff cause there are some transactions in the background ...)
  Is there any chance that the new version of anyconnect will have this feature (maybe its already planned on the roadmap ? )
  for machine authentication there should be a checkbox for profile administrator to "allow/disallow users to switch"
  or maybe there is already some trick/configuration step that I missed and it can be done?
  regards
  Przemek

  hi all,
  I know this is not a bug its a feature
  that anyconnect blocks user switching disallowing the computer to have them both logged in. Its desirable and understandable
  however
  I have an environment where I use only machine authentication and remote helpdesk needs to connect to these machines using some application then they "switch user" to do their tasks (its important not to logoff cause there are some transactions in the background ...)
  Is there any chance that the new version of anyconnect will have this feature (maybe its already planned on the roadmap ? )
  for machine authentication there should be a checkbox for profile administrator to "allow/disallow users to switch"
  or maybe there is already some trick/configuration step that I missed and it can be done?
  regards
  Przemek

• How to Add VM XP Machine to Domain Controller

  Hi,
  I have a Server running Windows Server 2008 R2 Enterprise Edition and its a Domain Controller / AD
  in the same Server i have a Hyper-V Virtual Machine running Windows XP and installed the legacy network driver and can see the network icon on the VM and mannually entered the IP for that but i cannot promot it to my Domain can any one help me..

  I take it you have a WS 2008 R2 server with Hyper-V and AD roles installed, with 1 WinXP VM.
  I suppose you mean to join the XP VM to the domain, not promote it.
  I recommend:
  Upgrade your Hypervisor to 2012 R2
  Follow best practices. Only Hyper-V role on the physical machine. Setup a dedicated VM as a DC
  Use Win8.1 not XP. XP is no longer supported.
  If you must use XP temporarily, no need for legacy vNIC, use the regular Network Adapter
  To join the domain, is a matter of troubleshooting networking. Make sure the DNS server IP on the VM is set to the domain DNS servers and they're reachable/pingable
  Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable)

• Block Inheritance and Default Domain Policy

     Hello to all, I will run a cross-forest migration and target forest has a Default Domain Policy. Target domain is Windows 2003 Functional Level, but has almost all DCs on Windows 2008. As first level OUs represents country codes (USA, GBR, FRA,
  etc) and a new country will be created I want to block GPOs from Domain level. The task itself is very easy, just configure "Block Inheritance" on the new country OU. Important: Default Domain Policy is >> not set << to "Enforce"
  on target domain.
     Question: the security configurations (account, password, local policies) from Default Domain Policy will be blocked? If yes, how domain users below this new country OU will have basic configurations for them (password complexity, password length,
  certificates, etc) ?
     Regards, EEOC.

     Question: the security configurations (account, password, local policies) from Default Domain Policy will be blocked? If yes, how domain users below this new country OU will have basic configurations for them (password complexity, password length,
  certificates, etc) ?
  The Domain security policy for passwords etc, is domain-wide, and cannot be blocked.
  It applies to, and is controlled by, the Domain Controllers.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Block Based replication of Domain Controllers to DR site

  I have to bring up a business critical application at a DR site using the same hostname and IP address as in production site. For this purpose, I plan to use a block replication software to replicate data from production servers to a SAN at the DR site.
  For DR invocation or testing, I am planning to take a snapshot from the SAN, create virtual disks and attach them to newly created VM's at the DR site.
  This application depends on Active Directory and hence I need to have a domain controller at the DR site. If I create a new domain controller for the DR site, as it will be in a separate IP subnet, it will have to be in a separate AD site and the application
  servers will not be able to use this domain controllers, as they will look for domain controllers in their AD site (which is from the production site). If I put the domain controller in the same IP subnet as the application servers, the same IP subnet has
  user workstations and hence user authentication requests from production site will start coming to the DR site across the WAN.
  In this scenario, I am proposing to replicate the domain controllers also from the production site to the DR site, like the application servers. But I am not sure if block replication of production DC's to DR site and then when required for testing/invocation,
  can we create a new VM and attaching virtual hard disks with the replicated data, will bring these VM's up as domain controllers in the DR site or will they have any negative effects ? Would this be a supported solution ? Any response will be highly appreciated.
  Thanks in advance.

  You don't want to run any type of duplicated software to clone the DC, that is a bad idea.  You could end up with lingering objects and/or Directory Service corruption. 
  If you want the DC's to exist in the same subnet then you are in a quandry.  You can start to modify srv records so the DC won't authenticate clients (BUt you will have to manually change that at DR time).
  I have a Blog that talks about lag site replication that blocks clients from ever attempting to authenticate to the DC, you should be able to use this same logic.
  http://blogs.dirteam.com/blogs/paulbergson/archive/2013/05/14/how-to-build-an-ad-replication-delay-lag-site.aspx
  You will want to create yourself a group policy that prevents the DC in the DR site from registering records that will advertise itself as an authenticating DC.  If you need to use the DR site, you will need to remove the gpo and either reboot the DC
  or run a gpupdate and restart NetLogon on the DC so it will register the records so the clients can then use this DC.
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.

• Existing machines ignore domain policies

  I have a Mac OS X Tiger Server installation on which I've dictated several configuration policies to computer in my "Macs" group. For example, I point Software Update at the Server's SU Service, and I dictate a Login Window message, and that Network Users should appear in the Login Window list (among other things)
  On a machine where I install a brand-new version of Tiger on a clean disk, everything works as it should. So, I believe the server is setup right.
  However, on existing machines (installations that existed before there was a Mac OS X server around) it's kinda half and half. Policies like the Software Update setting took and work fine.
  However, the Login Window settings are entirely ignored. I can't access any Network users as they're not in the list. I can't select "Other" (enabled by policy). The message does not appear. I can't turn on Fast User Switching on the machine (it's supposed to be on by policy, but I can't even enable it manually - the control is greyed out)
  With Spotlight's help, I looked at the MCX files and both the working and non-working machines appear to be getting the proper policies locally in the plist files. It seems to me that the existing installations have some file or setting somewhere that prevent them from honoring domain policies.
  Is there any way to get them to start working without doing a clean reinstall?

  Have you recently changed the Open Directory server's IP or search path? Regardless, try deleteing the MCX cache on the clients and reboot. You can also try to remove the server from Directory Access and then add it back.

• OSX Server constantly drops Windows machines from domain

  We have a 100 or so windows xp machines joined to the windows domain running on our Leopard server. Sometimes the xp machine cannot login to the domain. Says cannot connect to domain controller. This happens a LOT and happend in 10.4 and 10.5 server as well. Seems to be worse in 10.6.
  The only way to fix the XP machine is to remove it from the domain, then readd it. This works until the next day when the server decides to forget about the machine again. All DNS and WINS entries are correct. The XP machine can connect to the domain controller and browse it by name and ip.
  Does anyone now how to make the OSX server remember xp machines and quit doing this? It happens about 5 times a week so it's frustrating. If I join the XP machine to our real domain controller on a windows 2003 server it never loses it connection. Only when I join it to the PDC running on the mac server does it lose the domain abilities.
  Lannie
  PS Is there something under the hood I need to check, something misconfigured? Same symptoms on 10.4 through 10.6. Each version was a fresh build from scratch.

  With Apple using domain technology from 10 years ago and not supporting Windows 7 I think I got my answer. Plus the fact you cannot buy a xserve now. Moving on to Windows boxes.

• Router blocks random IP or Domain Addresses

  This appears to be a rather unusual problem and has only been noticed in the past month. Suddenly without any apparent warning, certain web sites are no longer accessible. This was first noticed when I was unable to access my pop3 email from the www.doteasy.com domain. I also was unable to access my web page located on that domain. On top of that I even was unable to access other web sites located on the same domain.
  After 3 days of not being able to access the domain, I shut down my modem (a Speedstream 5100) and my Linksys WRT54G router, and my Dell Dimension 3000 computer. When everything came back up I was once again able to access my web domain and homepage.
  A week later it happened again. This time I just pulled the plug on the router for 10-15 seconds and plugged it back in. Once again I was in business. It happened again today, 2/8/2008 and this time it was a Ventrilo VOIP site. Once again I pulled the plug for 10 seconds and again everything was fine.
  This has me scratching my head. Anyone have any ideas what might be going on here? No changes have been made to the router setup in months.

  Try updating firmware of router. Do a reset after update and it may get fixed.