Downgrade of Windows 2012 r2 to Windows 2012 Domain Service Active Directory

Similar Messages

• Windows Server 2008 R2 - Active Directory Replication over DynDNS

  Hello,
  I have one server that Windows Server 2008 R2 - Active Directory / DNS
  Now some users shifted to new office with the server
  Some users still in the original place that now don't have ADDS/DNS
  i want to install one replication server in the original place to retrieve AD/DNS form new office via DynDNS
  is that possible of not?
  Best regards,

  Badr, I don't think you want AD replication occurring over the internet - even if that was possible the server would need access to all the SRV records, a records, And all the ports required for communication - See here for an exhaustive list
  http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx - I don't think I have to tell you how bad opening all these ports to the internet would be.
  You may want to look at Setting up a vpn or DirectAccess from the original site to the new site. This will give you more security and generally won't cost to much.
  http://technet.microsoft.com/en-us/network/dd420463.aspx
  Another thing that may work for you would be if you setup remote desktop services in the new location and had the original location remote into via a gateway server -
  http://blogs.technet.com/b/windowsserver/archive/2012/05/09/windows-server-2012-remote-desktop-services-rds.aspx as a starting point. With RDS your users would be able to access the new location from anywhere, although there would be upfront costs associated,
  licensing and server being part of them - I don't recommend turning your domain controller into an RDS server.These are just some ideas to help you with your issue

• Directory Security Strange Permissions Issues (Windows Server 2003 running Active Directory)

  I have a user that all of a sudden was not able to open 70% of her files located on a file server, Windows Server 2003 running Active Directory, from her laptop. The same user can access all the same files from a different machine, logging on with the same
  credentials. Just looking for a point in the right direction and a possible theory as what could cause this problem, an why all of a sudden. I did go back through the logs but nothing sticks out. For the most part the logs on the server and the laptop are
  pretty clean. 
  Both machines are Latitude E5420s running Windows 7 Enterprise Service Pack 1. Both machines are 64bit and connect to the network via hard-wire, not wireless.
  Thanks in advanced.
  Grajek

  I would recommend proceeding that way:
  Check that your DCs are in a healthy state and AD replication is fine: It might be that the user is member of security groups and the membership is not getting replicated properly which can cause this random behavior. You can use
  dcdiag and repadmin for checks and you can refer to my recommendations here: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
  Make  sure that the file server is reachable from the user client computer. Start with
  ping and nslookup. Also, you need to make sure that the traffic between the client and the server is not blocked or filtered. You might want to temporary disable security software for testing
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• VDI 3.4 Inegrate with Windows Server 2008 R2 Active Directory

  OK,I follow the official documents step by step,I installed the vdi 3.4 in Oracle Linux 5.7(oraclevdi.jiayutester.com),then installed a window server 2008 r2 64bit(jiayudc.jiayutester.com) that made it to be the Domain Controller(jiayutester.com) and DNS,at the end,I edit the /etc/krb5.conf.I execute the following commands:
  1.getent hosts jiayudc.jiayutester.com
  --------------------My Note:Normal-----------
  2.kinit -V [email protected]
  Authenticated to Kerberos v5
  This is my krb5.conf------------------------------------
  [logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log
  [libdefaults]
  default_realm = JIAYUTESTER.COM
  default_checksum = rsa-md5
  dns_lookup_realm = true
  dns_lookup_kdc = true
  ticket_lifetime = 24h
  forwardable = yes
  [realms]
  JIAYUTESTER.COM = {
  kdc = space-21pel8ghu.jiayutester.com
  admin_server = space-21pel8ghu.jiayu.com:749
  default_domain = jiayutester.com
  [domain_realm]
  .jiayutester.com = JIAYUTESTER.COM
  jiayutester.com = JIAYUTESTER.COM
  [appdefaults]
  pam = {
  debug = false
  ticket_lifetime = 36000
  renew_lifetime = 36000
  forwardable = true
  krb4_convert = false
  Then,I login to the web console to set company, I select Active Directory to use as User Directory,then I fill up all the needed information(I am sure that all the information I fill in the form is correct),when I click the next,error occured....it's the context:
  Unable to Connect to User Directory
  Failed to connect, no servers available
  Now,I searched everywhere for information,but I can't resolve the problem...Please help me,smart guys

  Would probably need to see your VDI instance cacao log file to see why this is failing, but you might need to add the following to [libdefaults] section of your krb5.conf file, for 2008R2 AD server:
  default_tkt_enctypes = rc4-hmac
  default_tgs_enctypes = rc4-hmac
  And then restart VDI services (/opt/SUNWvda/sbin/vda-service restart)
  Note that VDI will actually try to query individual AD servers as defines as part of your AD Global Catalog when it tries to lookup AD domain data. This means you need to verify that your global calalog referenced servers are valid and having matching forward and reverse DNS information:
  For example:
  $ *nslookup -querytype=any gc.tcp.vdi.com.*
  Server:          win2008.vdi.com
  Address:     192.168.1.100#53
  gc.tcp.vdi.com     service = 0 100 3268 win2008.vdi.com*.
  $ nslookup win2008.vdi.com.
  Server:          win2008.vdi.com
  Address:     192.168.1.100#53
  Name:     win2008.vdi.com
  Address: _192.168.1.100_
  r$ nslookup 192.168.1.100
  Server:          win2008.vdi.com
  Address:     192.168.1.100#53
  100.1.168.192.in-addr.arpa     name = win2008.vdi.com.*
  You'd want to verify that every record returned by the *nslookup -querytype=any gc.tcp.yourdoamin.com* command refers to a server that can be reached and has matching forward and reverse DNS. Otherwise, this may trigger VDI to have failures or delays in performing directory queries.
  Beyond that, you need to look in the cacao.log file for errors that you can find and post.
  Edited by: DoesNotCompute on Oct 13, 2012 11:48 AM

• Sccm 2012 extent the active directory schema error

  Hello
  I am experiecing an issue when attempting to extend my AD Schema for SCCM 2012
  <12-10-2014 20:04:33> Modifying Active Directory Schema - with SMS extensions.
  <12-10-2014 20:04:33> DS Root:CN=Schema,CN=Configuration,DC=,DC=com
  <12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-Site-Code.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=mS-SMS-Assignment-Site-Code.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-Site-Boundaries.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-Roaming-Boundaries.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-Default-MP.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=mS-SMS-Device-Management-Point.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-MP-Name.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-MP-Address.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=mS-SMS-Health-State.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=mS-SMS-Source-Forest.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-Ranged-IP-Low.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=MS-SMS-Ranged-IP-High.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=mS-SMS-Version.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create attribute cn=mS-SMS-Capabilities.  Error code = 8224.
  <12-10-2014 20:04:33> Failed to create class cn=MS-SMS-Management-Point.  Error code = 8202.
  <12-10-2014 20:04:33> Failed to create class cn=MS-SMS-Server-Locator-Point.  Error code = 8202.
  <12-10-2014 20:04:33> Failed to create class cn=MS-SMS-Site.  Error code = 8202.
  <12-10-2014 20:04:33> Failed to create class cn=MS-SMS-Roaming-Boundary-Range.  Error code = 8202.
  <12-10-2014 20:04:33> Failed to extend the Active Directory schema, please find details in "C:\ExtADSch.log".
  any one help me to fix this issue

  Hi,
  It is most likley due to a replication Issue in your AD, check the previous thread on the topic:https://social.technet.microsoft.com/Forums/systemcenter/en-US/1d377109-4fa9-4608-8a3a-cefd436e82ee/error-8224-when-extending-active-directory-schema
  Make sure that all replication issues are solved and try again.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Windows Server 2008 R2-Active Directory

  Hi ,
  I cloned a machine using VMware VSphere 5.1 and did not use sysprep during cloning. The original source machine disappeared from Windows Active Directory. Is there anyway to get the object back ? I also deleted the cloned Virtual machine .
  Thanks in advance.
  Pro1962
  India1947

  You can use my script here: https://gallery.technet.microsoft.com/scriptcenter/Remove-Inactive-user-2caf199a
  All you need to change is
  (objectCategory=person)(objectClass=user)
  by
  (objectCategory=computer)
  and add a comment at the beginning of the command Remove-ADUser.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Windows Server 2012 R2 - Join Domain fails (Active Directory)

  Well guys - I don't know what to do about this problem anymore...
  I set up a DC for my home network - Windows Server 2012 R2 Foundation. Everything is set up fine - DNS, AD - I suceeded joining the domain with other PCs in the network.
  Problem:
  When I want to join the domain "lionnet.at" it tells me that it cannot find the network address after I typed in the domain admin password.
  The dns entries are fine - checked it with nslookup. The DC name is lionhead.
  nslookup:
  set q=srv
  > set q=srv
  > _ldap._tcp.dc._msdcs.lionnet.at
  Server:  lionhead.lionnet.at
  Address:  10.0.0.150
  _ldap._tcp.dc._msdcs.lionnet.at SRV service location:
            priority       = 0
            weight         = 100
            port           = 389
            svr hostname   = lionhead.lionnet.at
  lionhead.lionnet.at     internet address = 10.0.0.150
  I tried several solutions: editing the lmhosts/hosts file, deactivating IPv6, setting a static IPv4
  Any ideas on this?

  what the hell...it was an external soundcard preventing the join...i installed it a week ago - unplugged it - "Welcome to the domain lionnet.at!"
  Hi CloneBraveB,
  Glad to hear that you have solved this issue and thanks for sharing in the forum. Your time and efforts are highly appreciated.
  Would you please let me know the complete error message that you get when failed to join the problematic client computer to the domain?
  In addition, for a test, please select another computer and install the external soundcard again, then attempt to join the computer to domain. Did you reproduce this issue?
  By the way, would you please let me know more details of that soundcard?
  If any update, please feel free to let me know.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Windows server firewall blocking active directory authentication?

  I'm having problems with authenticating macs on our windows 2003 server domain. When windows firewall is activated, mac clients(10.4) can no longer login. I've tried opening a number of ports e.g.TCP/UDP 53. UDP 464. but no luck. Any ideas which ports are necessary for the AD plugin to work properly?
  Thanks.
  macpro   Mac OS X (10.4.8)   1gb ram

  Why are you enabling Windows firewall on a domain controller?
  My recommendation is to turn it off and protect your entire site with a hardware firewall. The ports you need to open up are the very ones you should be blocking from the world to prevent attacks.
  Short of that:
  http://www.microsoft.com/downloads/details.aspx?FamilyID=c2ef3846-43f0-4caf-9767 -a9166368434e&displaylang=en
  User Login and Authentication
  A user network logon across a firewall uses the following:
  • Microsoft-DS traffic (445/tcp, 445/udp)
  • Kerberos authentication protocol (88/tcp, 88/udp)
  • Lightweight Directory Access Protocol (LDAP) ping (389/udp)
  • Domain Name System (DNS) (53/tcp, 53/udp)
  Computer Login and Authentication
  A computer logon to a domain controller uses the following:
  • Microsoft-DS traffic (445/tcp, 445/udp)
  • Kerberos authentication protocol (88/tcp, 88/udp)
  • LDAP ping (389/udp)
  • DNS (53/tcp, 53/udp)
  Access File Resource
  File access uses SMB over IP (445/tcp, 445/udp).
  Perform a DNS Lookup
  To perform a DNS lookup across a firewall ports 53/tcp and 53/udp must be open. DNS is used for name resolution and supports other services such as the domain controller locator
  ...

• Oracle Non-Windows DB and MS Active Directory

  Question:
  How can one configure a Microsoft Active Directory (LDAP-compliant directory
  service) with an Oracle Database when the Database resides on a unix server
  without the need of the Oracle LDAP? Is it possible ? If yes, please explain.

  Question: I have been looking at examples of using the LDAP packages but I am not sure if the examples are explaining the ldap_base and groups for MS AD OR an example for Oracle OID.
  Can you explain is this Oracle OID
  GC$ldap_user VARCHAR2(256) := 'cn=orcladmin';
  GC$ldap_passwd VARCHAR2(256) := 'welcome1';
  GC$ldap_base VARCHAR2(256) := 'cn=my_cn,dc=my_dc,dc=fr';
  Can you give an example for MS AD?

• Windows Server 2008 R2 Active Directory Report Tool

  I have some computers in 2K8 R2 AD that are no longer in use in our organization. I would like to run a report to see which computers in our AD structure have reported to AD within a certain amount of time so I will know whether to delete them or not.
  Is there a tool I can use specifically to see if computers in our AD domain have logged in within a certain time frame?

  You can use my script here: https://gallery.technet.microsoft.com/scriptcenter/Remove-Inactive-user-2caf199a
  All you need to change is
  (objectCategory=person)(objectClass=user)
  by
  (objectCategory=computer)
  and add a comment at the beginning of the command Remove-ADUser.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Upgrade from Windows Server 2012 Active Directory to Windows Server 2012 R2 Active Directory

  We are currently running Windows Server 2012 Active Directory and would like to upgrade to Windows Server 2012 R2 AD. Is it OK to just do an in-place upgrade, or is it advisable to build new domain controllers on R2? Are there any guides or articles anyone
  can recommend?

  Hi Ginandtonic,
  To upgrade DC(Domain Controller) from windows server 2012 to windows server 2012 r2, please refer to these articles:
  Upgrade from windows Server 2012 to 2012 R2                                 
  Upgrade Active Directory from 2012 to 2012 R2
  I hope this helps.
  Best Regards,
  Anna

• ACS 4.1 support with Windows Server 2012 Domain controller

  I am upgrading my Domain Controller / Active Directory from Windows Server 2003 to Windows Server 2012.
  In my environment, I am using Cisco ACS 4.1 which is integrated with Windows Server 2003 Active Directory.
  Will ACS4.1 will work fine with my new domain controller (Windows server 2012) or I need to upgrade my ACS too?
  Regards,
  Junaid

  Junaid,
  ACS 4.x code doesn't even support Windows 2008 R2. Your best bet is to migrate the ACS from 4.x to ACS 5.4 Patch 2 or stay with windows 2003 or 2008 (Non-R2).
  ACS 5.4 patch 2 supports Windows 2012 AD.
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/release/notes/acs_54_rn.html
  Regards,
  Jatin
  **Do rate helpful posts**

• SSO using Windows Active Directory but without EP or Java stack

  Good morning and thank you in advance for your help.
  The question is:
  our environment includes windows domain with Active Directory, ECC 6.0 ABAP (DEV, QAS, PROD), BW 7.0 (DEV, QAS, PROD) only ABAP stack.
  I would like to know if we can enable SSO using only this configuration without introducing EP or Java stack.
  Best regards
  Max

  Hi Willi,
  It won't be that easy to understand each other... as my english is not that good either
  Most of the points introduced in the SAP help link are automatically performed by sapinst.
  Almost all my customers running on MS are not using an AV, and neither get into troubles...
  but no user ever connect on the SAP server, only admin, for maintenance purpose or SAP admin when needed...
  Internet explorer should not be used on a sever, MS itself says it should be uninstalled...
  Best regards
  SAP on SQL General Update for Customers & Partners April 2014
  10. Do Not Install SAPGUI on SAP Servers
  Windows Servers have the ability to run many desktop PC applications such as SAPGUI and Internet Explorer however it is strongly recommended not to install this software on SAP servers, particularly production servers.
  To improve reliability of an operating system it is recommended to install as few software packages as possible.  This will not only improve reliability and performance, but will also make debugging any issues considerably simpler
  “A server is a server, a PC is a PC”.  Customers are encouraged to restrict access to production servers by implementing Server Hardening Procedure. 
  SAP Servers should not be used as administration consoles and there should be no need to directly connect to a server. Almost all administration can be done remotely
  SAP on SQL General Update for Customers & Partners September 2013
  Internet Explorer (and any other non-essential software) should always be removed from every SAP DB or Application server. 
  The following command line removes IE from Windows 2008 R2, Windows 2012 and Windows 2012 R2:
  Open command prompt as an Administrator ->  dism /online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64

• How to handle SQL connection if password Active directory always change? (Connection using Active directory via network SQL 2012 )

  I have 3 server (Web server, database sql 2012 server and Active directory). I'm using sqlsvr version 3.0,  PHP version 5.3 ,IIS version 7 and windows server 2008.
  Right now my php connection to SQL 2012 using AD id, so How to handle if password on active directory change?

  Solved : Using Kaberos

• Window Active Directory users cannot see home drive when logon to Macs

  This problem just occurred, so that tells me either 10.4.9 has done it or a security update to Windows 2003 Server.
  Looking for any tech saavy network guru to help.
  Windows 2003 Server houses active directory. Users in the past were able to log on to a Macintosh computer and their home drive would appear on the desktop.
  Now 'all of a sudden' any user that logs onto a Macintosh computer with an AD account does not see their home drive on the desktop.
  Has anyone else had this problem? Any suggestions on how to resolve it? I haven't unbound the Mac from AD yet will try that tomorrow.
  JTS

  Fixed this...a corrupted keychain item that contained the users prior used network password was the culprit.
  Once I delted the corrupted keychain, active directory users can log on a Mac and see their home directory on the desktop.
  JTS