ContentSubmitters AD group: root domain or child domain???
Hi
We have an empty root domain. Mailbox users & Exchange 2013 servers are in a child domain.
As per Microsoft's documentation; we want to create the "ContentSubmitters" group in AD for content index to work properly (article 2807668). However I do not know where to create it!!! The article doesn't address it.
Does it go on the root domain where default exchange groups reside OR OR OR OR OR does it go on child domain where exchange servers reside?????
Thanks
Hi,
Agree with Riaz, you need to create the ContentSubmitters group on the domain that Exchange server is installed using Active Directory Users and Computer (ADUC).
What's more, when you create the active directory security group called ContentSubmitters, follow the steps below to grant Admistrators and NetworkService full access to the group.
Right click the group -> Properties ->Security tab -> add those two groups -> give them full control to the group.
Here is a thread for your reference.
Exchange 2013 Content Catalog Index Failed All Databases
http://social.technet.microsoft.com/Forums/exchange/en-US/fccf9dca-b865-4356-905b-33ac25dcc44d/exchange-2013-content-catalog-index-failed-all-databases?forum=exchangesvravailabilityandisasterrecovery
Hope it helps.
Best regards,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Amy Wang
TechNet Community Support
Similar Messages
-
List of Domains and Child Domains
I am working in Windows Server 2008 R2 SP1.
Is there a way to list Domains and Child Domains entered this way:
http://technet.microsoft.com/en-us/library/cc731541(v=ws.10).aspxHi Philosophiae,
Please refer to the cmdlet
Get-ADDomain on server 2008 R2, it will get abundant domain information.
Best Regards,
Anna -
Hi,
The 2 DCs for our Forest Root took a hit and are non-accessible, however the Child domain is still accessible. Can I recreate the Forest Root from scratch and Trust/Link to current Child Domain? So Im looking for my options to keep an accessible
Child Domain, but recreate a new Forest Root cause the current one is inaccessible.
Thanks for your help! SdeDotHi,
Would you please tell us that what do you mean by they
are non-accessible?
Are you able to log onto any of the two DCs in the forest root domain? If yes, we can use dcdiag.exe to analyze the state of the dc in the forest root domain.
If you have any system state backup of the DCs in the root domain, please restore the DC from backup.
Best Regards,
Erin -
Manage client in parent domain from child domain
My site has a root domain (mydomain.net) and a parent domain (ent.mydomain.net).
My primary SCCM site is installed in ent.mydomain.net and is managing all my clients.
I have 4 DC's installed in mydomain.net that I would like to manage from my child domain (ent.mydomain.net).
It is my understanding that if the schema has been extended in the parent domain, and I manually install the client on the DC, it should be able to be managed from the child domain.
I have installed the client in the parent, but it cannot find the site in the child (I have not extended the schema yet). i know that the client will not be able to find the site until the system management container has been created and populated
(does not currently exist). I know that I can create the container, but how would it get populated with the correct site information.
If anyone has any experience with this kind of configuration, the help would be appreciated.
Thanksi know that the client will not be able to find the site until the system management container has been created and populated (does not currently exist). I know that I can create the container, but how would it get populated with the
correct site information.
You could enable AD publishing to that domain, but site assignment is also a matter of site assignment boundary groups. You can also assign a client to a site manually though.
Torsten Meringer | http://www.mssccmfaq.de -
We currently have a single Windows 2008 R2 Active Directory domain controller, and an Exchange 2010 server. We are in the process of adding a child domain on a second Active Directory server for an offsite office location for a subdivision of our company.
The two locations will be connected via VPN.
Currently users exist on the root domain with Exchange accounts who will be moving to the new offsite company/location. We would like to be able to move these user accounts to the child domain while maintaining their existing Exchange mailboxes and
email addresses. Is this possible, and if so how would we do it?Hi Srinivasa,
According to your description, I think you have done all the preparation.
For DL migration, the following article may give your some hints:
How to Migrate Distribution Groups Across a Forest
Good Luck!
Niko Cheng
TechNet Community Support -
Active Directory Domain Services Child Domains
I am using Windows Server 2008 R2 SP1.
http://technet.microsoft.com/en-us/library/cc771856(v=ws.10).aspx
When I select "Add Roles" I click on "Active Directory Domain Services (Installed)" the "Next>" button is not enabled and can not be selected.
Did I install ADDS wrong?
Is this not how you define Child Domains?
If I use the Command Line or Answer File Methods I get an error message at "ChildName".
Did I forget to install something about enabling Child Domains when installing ADDS?Hi,
Did you try to create a child domain on the Domain Controller? It seems like that this Server is already a DC, with Active Directory Domain Services installed.
We don’t have to enable anything in the root domain for creating child domains/new trees, we just need to run
Dcpromo or Add Role on another server which is not a DC, and select the existing domain as its parent, then the child domain will be created.
In addition, please make the existing DC as the preferred DNS server on the new server.
I hope this helps.
Amy -
Hi guys
Just a bit of advice needed, we have our domain setup (test.com) running 2008 R2 and with 2dcs and all is well running 1200+ users and 500+ computers on the subnet 10.114.4.0/22, we need a branch office setup and want it managed separately with its
own dcs, would it be best to create a child domain (child.test.com) on a new subnet 10.114.8.0/19 or a new forest entirely?
Thanks
AlI think you will have to define "managed seperately" to be able to give adequate advice.
Microsoft has changed Active Directory in subsequent versions to remove design needs for more complex setups like subdomains or even forests with trusts by removing limits and adding features to allow proper delegations. For example, teh amount of
objects Ad support has significantly increased, fine-grained pw policy is introduced, delagation has been made easy,...
You should only create another domain if you intend not to manage it from your side and/or do not want resources to be shared and/or connectivity is limited and replication traffic unwanted. Otherwise, in most cases, the proper design would be to define
a new site in the existing domain, put some dc's in there and put its resources (computers, users, groups,...) in a separate OU. You can delegate the management of the OU to admins in the branch office.
This allows for central administration (that can be enforcing), as well as autonomy for the local admins.
Another forest would only be the adequate design if both offices do not have to communicate at all.
http://technet.microsoft.com/en-us/library/cc731718(v=ws.10).aspx
MCP/MCSA/MCTS/MCITP -
Migrating 2 domains into child domains in a new forest
I have a unique senario in which my company merged with another.
My Company:
Windows 2003 AD
Exchange 2003 SP3
192.x.x.x
New Company
Windows 2008 AD
Exchange 2010
10.x.x.x
Each domain has its own resources, servers and workstations. For political reasons we still need some management seperation.
My Goals:
Create a new root neutral forest/domain.
Migrate both domains to 2 child domains under this new root
Bring the domain to 2012 R2
Create a single Exchange 2010/2013 cluster with all mailboxes
What is the best way to accomplish this? Where exactly does Exchange sit?
Thanks!Hi,
>>What is the best way to accomplish this?
In Active Directory, we can use ADMT to do the migration. However, if we need Inter-forest migration from Domain Controller 2003 to Domain Controller 2012, at this time MS
has not ADMT for Windows Server 2012. We can downgrade our forest and Domain functional level to Windows Server 2008 R2, add an additional Domain Controller 2008 R2 and use ADMT 3.2 for migration. After migration is completed, we can demote Domain Controller
2008 R2 and raise again FFL & DFT to Windows Server 2012.
Regarding specific procedures for performing the migration, the following article can be referred to as reference.
Interforest Migration with ADMT 3.2 - Part 1
http://social.technet.microsoft.com/wiki/contents/articles/11996.interforest-migration-with-admt-3-2-part-1.aspx
Interforest Migration with ADMT 3.2 - Part 2
http://social.technet.microsoft.com/wiki/contents/articles/16208.interforest-migration-with-admt-3-2-part-2.aspx
Interforest Migration with ADMT 3.2 - Part 3
http://social.technet.microsoft.com/wiki/contents/articles/16621.interforest-migration-with-admt-3-2-part-3.aspx
>>Where exactly does Exchange sit?
For mailbox migration, in order to get better help, we can ask for suggestions in the following exchange forum.
Exchange Server 2013- Setup, Deployment, Updates, and Migration
http://social.technet.microsoft.com/Forums/exchange/en-US/home?forum=exchangesvrdeploy
Best regards,
Frank Shen -
Added existing domain to the parent domain and now permission not inheriting on the child domain
Hi Friends
There was a existing Domain but we bought the company and make that Domain as a child domain of our Domain, problem is that users of Parent domain does not have access to the child domain. permissions are not inheriting from parent domain to child domain.
for e.g i created user on the parent domain i cant even login to the machine in other domain or access the resources which are on the child domain.Simply delegate the permissions you want to grant so that users from the root domain can have access to resources in the child domain.
As an example, you make users from the parent domain login to computers from the child domain using
Allow logon locally group policy: http://technet.microsoft.com/en-us/library/cc756809%28v=ws.10%29.aspx
You can also make them able to RDP the computers if you add them to Remote Desktop Users
group. This could be done by Restricted Groups Group Policy.
So, for security reasons and depending on your current configuration, it is normal that users from the root domain might not have by default access to resources in the child domain. This could be fixed by doing the proper delegation.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Child Domain Lync Installation
run enable-csadforest on root domain server. Any idea to do csadforest without install Lync deployment tools on root server?
check universal security group is added on root domain.
check child domain didn't replication the universal security group.
Run Enable-CsAdDomain -Domain chil.domain.com for enable child domain user to use Lync.
Any advise? how long time to replication the universal security group?
i will install Lync server into child domain and federation with office 365.
Thanks.Hi,
Did you prepare schema successfully without issue?
You need to prepare the forest on a computer which joined to a domain as a member of the Enterprise Admins group for the forest root domain. You need to prepare the forest with the Lync Lync Server Deployment Wizard or the Lync server Management Shell cmdlets
directly. So you need to install the Lync deployment tools on one of the root server.
You are right, you must verify that global settings have been replicated before running domain preparation.
Please also login the child domain using the account which as a member of the Enterprise Admins group, the check if the replication happens or not.
Best Regards,
Eason Huang
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Eason Huang
TechNet Community Support -
Create user account in Child Domain
Dear all.
Kindly, i have Forest contain two domain Root domain, child domain.
in the child domain i can create a user account using the root domain.
i want to stop this. i want the IT Department there create users for there domain only?
thanks
Ashraf HilalHi Ashraf,
Your query is not clear. Do you want to restrict enterprise administrators from creating user accounts in child domain?
By default, Enterprise Admins group is part of Builtin Administrators group in the child domain.
When child domain is introduced, by default Enterprise Admins group is added to Child Domain\Administrators group (Builtin local Security group).
How to Restrict Enterprise Admins From Child Domain
http://social.technet.microsoft.com/wiki/contents/articles/16919.how-to-restrict-enterprise-admins-from-child-domain.aspx
http://social.technet.microsoft.com/Forums/windowsserver/en-US/a72dc036-3375-4124-9ef7-d30af104451a/enterprise-administrator-and-child-domain?forum=winserverDS
Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing! -
Question about creating child domains "before" parent
Ok, this is most probably a noob question.
My company (A.com), has a DNS zone in a linux server with records pointing to different web pages, example: radio.a.com, www.a.com, webmail.a.com, etc..
For a specific service, I need an Active directory domain called: daas.A.com
Thing is, I don't have an AD domain A.com in place. So my question is:
Do I need to create an AD domain for A.com before creating the one that I need?
If I don't, and I just create the daas.A.com as a new forest, will I be able to add an A.com domain in the future as parent?
As per DNS records in the linux box, I guess I would only need a NS pointing to the DNS of the new domain, and an A record resolving that to an IP. or Something like that..
Thanks!Yes, even if initially it is an empty root, otherwise the child domain will become the forest root.
So the A.com domain will need to duplicate those records that Linux currently hosts otherwise AD clients will start having name resolution issues. If you just need to stand up AD for one application then I would go ahead and standup the empty root, add the
child domain, install the service that needs AD and go from there. That is if you think at some point you will use the a.com domain.
Active Directory will actually create 2 zones (A.com and _msdcs.A.com)
Daas.A.com will have 1 dns zone daas.a.com and will also utilize the _msdcs.a.com
So I have been in environments which have had both a windows dns server and a Linux dns server, eventually after enough duplication of records in both areas and the pain points that caused, we have retired the Linux dns servers and just used the AD DNS servers
(with the exception of DNS servers that were internet facing which we kept on Linux) Primarily the ease of administration and the fact that AD and DNS are tightly coupled.
Brad Held http://windorks.wordpress.com -
VDI 3 + Active Directory Child Domain Setup Question
Hi Everyone,
Quick question. Will this config work because I'm having some issues.
Domain A
Child Domains A.A, B.A, C.A, etc..
Kerbros is setup and pointing at domain A with admin account access.
VDI3 can see all the domains when I pull down the domain selector... however!... I can only log into the parent domain A. Attempts to log into child domains A.A, B.A, etc give me an 'Unknown user/password error'.
Will this config work? All child domains are part of the same forest which I thought was supported.
Many thanks in advanced for any replies.
DonoHello,
yes, forests with multiple child domains are supported and your configuration should be working.
In order to troubleshoot the problem, please follow the instructions at:
http://wikis.sun.com/display/VDI3/End-users+cannot+access+their+virtual+machines.
The cacao logs should contain more details about the error.
Thanks,
Katell -
AD User Cannot reset their password on Child Domain
I have windows server 2008r2 which is my Parent Domain and child domain on windows server 2003. All my users on Child domain stuck on resetting their password
and following error message appears
"The password does not meet the password
policy requirements"
Although I have not applied any password policy, don't know why this error message is appearing.
Please help...Hi,
In addition to the above information, you can check the resultant password policy settings applied for an AD user account by following the below steps,
- Login to a client machine as AD user
- Go to Start -> Run -> Type RSPO.msc.
- In the RSOP console, navigate to the node Computer Configuration\ Windows Settings\ Security Settings\ Account Policies\ Password Policy.
- In Password Policy page, you can confirm, what is the current password settings applied to that AD user.
- Now based on the password policy settings you can try to change the password.
Regards,
Gopi
JiJi
Technologies -
Establishing Lync Server 2013 on a Child Domain
Hi,
We want to establish Lync Server 2013 Enterprise Edition on a child-domain. I finished the installation. Now, if i add to users to child domain and enable from Lync Server Control Panel for test, users can be signed in. However, we use child domain for only
domain computers. We want to keep users on parent domain, not child domain.
I can enable users which are on parent domain, but users can not sign in. When i look Lync troobleshooting program, i got this error: "user is not sip enabled"
How can i solve this problem not adding users to child domain?Check whether the SIP address is enabled for the user
Get-CSUser -Identity <Alias>
SipAddress : sip:[email protected]
Enable-CsUser –Identity "Raji" –RegistrarPool Pool01.Lync.com –SipAddress "sip:[email protected]" –SipDomain Lync.com
Verify the output
Get-CsAdUser | Select-Object DisplayName, SipAddress, UserPrincipalName
Or
Construct a SIP address using the user’s SamAccountName and domain name
The SamAccountName is the user’s logon name: it’s the kenmyer portion of litwareinc\kenmyer. To use the SamAccountName as the SIP address use the –SipAddressType parameter followed by the parameter value SamAccountName:
Enable-CsUser –Identity "Ken Myer" –RegistrarPool atl-cs-001.litwareinc.com –SipAddressType SamAccountName –SipDomain litwareinc.com
Note that you also need to include the –SipDomain parameter followed by the appropriate SIP domain. With both FirstLastName and SamAccountName you must explicitly indicate the SIP domain; Enable-CsUser won’t try to make a “best guess” at determining the domain
name for you.
Use the user’s email address as his or her SIP address
This is kind of a nice option: it simply grabs the user’s email address and uses that same value for his SIP address. (That way, users have just one address to remember.) To use this option, simply include the –SipAddressType parameter followed by the parameter
value EmailAddress:
Enable-CsUser –Identity "Ken Myer" –RegistrarPool atl-cs-001.litwareinc.com –SipAddressType EmailAddress
Reference: https://blogs.technet.com/b/csps/archive/2010/06/06/howtoenableusers.aspx
Exchange Queries
Maybe you are looking for
-
Accounts Payable - Tracking of Advances & Partial payment against Invoice
I want to co-relate the advance payment and various partial payments made to one vendor with the specific Invoice. Can you please suggest the wayout? Suppose I have made down payment to Mr. A. Then I have booked the invoice against which various part
-
Payment advice generation for payment already done ?
Hi Gurus How can we create the payment advice for the payment already completed for a vendor. Payment program is ING-2 for Netherlands - banks transfer ( T) payment method. Print out prgoram is : RFFOAVIS_FPAYM Please let me know. Thanks Meenakshi.N
-
HR_INFOTYPE_OPERATION called inside Dynamic action
I am writing a subroutine called by dynamic action. Where using FM 'HR_INFOTYPE_OPERATION' i have to delimit or delete the records of infotype 0167. Although, HR_INFOTYPE_OPERATION, is executing with return is 0. but there is no change in the infotyp
-
Using Media Browser - Can't Import Songs
I'm trying to use the media browser to import a song from iTunes. It is an aiff file and it is unprotected for sure. When I drag and drop it on to the timeline, however, nothing loads. What should I do? -Hunt
-
When I try to access iTunes Connect I receive the following error: Your Apple ID isn't enabled for iTunes Connect. Everything I have read says to use your Apple ID, which I have used. But I still cannot sign into iTunes Connect. I have enrolled in th