Force local (Active Directory) Home directory on (non) startup disk

Similar Messages

• Does Active Directory Support Non English Languages?

  Hi,
  I want to know that does Active Directory Support Non English Languages like japanes, Arabian?
  I think we can have domain name in non english languages also. How active directory handles it.
  Sandeep Gupta

  This actually isn't controlled by Active Directory but by the core operating system and its language packs.
  Server 2012
  http://www.microsoft.com/oem/en/installation/downloads/Pages/Windows-Server-2012-Language-Packs.aspx?mtag=TW-P-S12#fbid=CPJWmInHH14
  Server 2008 R2
  http://www.microsoft.com/en-us/download/details.aspx?id=1246
  Server 2008
  http://www.microsoft.com/en-us/download/details.aspx?id=22681
  Paul Bergson
  MVP - Directory Services MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs
  http://blogs.dirteam.com/blogs/paulbergson < br> Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided AS IS with no warranties, and confers no rights.

• FF wants to access fonts from NON-startup disk repeatedly

  Ever since updating to FF 3.6.4, I keep getting dialog boxes asking I allow or deny FF to use fonts from a non-startup disk. I keep denying the request, but it keeps asking. The fonts look like they are installed on the startup disk. I run OS X v10.6.4 server.
  == This happened ==
  Every time Firefox opened
  == After update to FF 3.6.4

  The initial upload of my question would not accept my OS version correctly. I am running OS X 10.6.4 server.

• Time Machine on non-startup disk?

  Does anyone know if Time Machine can be used on non-startup disks? I have a Dual-Mirrored Door G4 running as a file server with two separate internal hard drives, a boot volume with the operating system on it and a second drive with all the data that is shared. I can run Time Machine to backup the boot volume, but what I really want is to run it for backups on the data volume but I can't quite figure out how. Thanks for any help.

  Oops, I figured this out, nevermind.

• Exchange trying to resolve external e-mail addresses in local Active Directory

  Hi
  On all of my Mailbox Database servers, i'm getting the following warning in my Application log: 
  Level: Warning
  Source: MSExchange Mid-Tier Storage
  EventID: 2009
  Message:
  [Process:w3wp PID:6032 Thread:89] Error occurred while resolving the Active Directory object for from email address field: '[email protected]'. Audit log will not be generated for this case. Exception details:
  Microsoft.Exchange.Data.Storage.ObjectNotFoundException: The Active Directory user wasn't found.
  at Microsoft.Exchange.Data.Storage.ExchangePrincipalFactory.FromProxyAddress(IRecipientSession session, String proxyAddress, RemotingOptions remotingOptions)
  at Microsoft.Exchange.Data.Storage.ExchangePrincipalFactory.FromProxyAddress(ADSessionSettings adSettings, String proxyAddress, RemotingOptions remotingOptions)
  at Microsoft.Exchange.Data.Storage.ExchangePrincipal.FromProxyAddress(ADSessionSettings adSettings, String proxyAddress)
  at Microsoft.Exchange.Data.Storage.COWAudit.GetSubmitEffectiveMailboxOwner(MailboxSession session, CallbackContext callbackContext)
  I have three Exchange Server 2013 MBX/CAS servers, and two Exchange Server 2013 Edge Transport servers in front of them.
  As mentioned earlier, this warning is on all three of the MBX/CAS servers. The external e-mail address vary.
  I've used the Get-MessageTrackingLog to debug, and I can see that this error comes when an internal user sends a "Meeting Forward Notification" to an external e-mail address. Exchange tries to resolve the external e-mail address in Active Directory
  and throws this warning, for some reason.
  Is there anyone that knows how to fix this?

  Hi Allen
  Sorry for the late reply.
  1. No it's not. It gets the EventID "HADISCARD" and SourceContext "ExplicitlyDiscarded". Here's an example:
  RunspaceId : a25e81b2-9f4a-49f2-895b-xxxxxxxxxxxx
  Timestamp : 09-02-2015 13:01:02
  ClientIp :
  ClientHostname :
  ServerIp :
  ServerHostname : MBX01
  SourceContext : ExplicitlyDiscarded
  ConnectorId :
  Source : SMTP
  EventId : HADISCARD
  InternalMessageId : 8907762172963
  MessageId : <[email protected]>
  Recipients : {[email protected]}
  RecipientStatus : {}
  TotalBytes : 17347
  RecipientCount : 1
  RelatedRecipientAddress :
  Reference :
  MessageSubject : Meeting Forward Notification: A subject
  Sender : [email protected]
  ReturnPath : [email protected]
  Directionality : Originating
  TenantId :
  OriginalClientIp :
  MessageInfo :
  MessageLatency :
  MessageLatencyType : None
  EventData : {[DeliveryPriority, None], [PrioritizationReason, ShadowRedundancy]}
  2. Yes, and other mails are routed to our Edge Transport Servers, and from there to Office 365 (Exchange Online Protection). It's only occurs when sending Meeting Forward Notifications, Accepting meetings, and so fourth - and it all comes from Outlook 2013
  clients (RPC over HTTPS).

• Active Directory for Non-Profit

  I am looking to migrate my non-profit to a hosted email with Office 365. I am not looking for the other MS Applications at this point in time. It is my goal to not have an in-house AD, but to have it 100% hosted in the cloud. My concerns are managing the
  back end. If I terminate an employee how can I archive historical emails and transfer those emails to another staff member. What about email forwarding capabilities and password management?
  Anyone have any thoughts that could help me out wiht this one?

  Hello,
  Thanks for posting!
  Did you want to migrate office 365 to azure AD? I recommend you could refer to those threads (
  http://stackoverflow.com/questions/21109818/office-365-migration-practice-with-windows-azure ) and blog (http://en.share-gate.com/blog/migrate-to-office-365-configure-sharepoint-to-use-active-directory).Also,
  you could refer to the official document via (http://technet.microsoft.com/en-us/library/hh967642.aspx).
  If I misunderstand, please let me know free.
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Non-startup disks wakes up at odd times

  Hi.
  My secondary hard disks keep waking up at inconvenient times, when I'm doing tasks that should have nothing to do with them. For example, launching System Preferences, clicking on a menu item, opening a file in Safari that resides on the boot drive, or simply clicking on an edit point in a file in Fireworks (which doesn't have scratch disk options). I get a beach ball and have to sit there while an irrelevant drive spins up.
  It could be any activity really. The wake-ups aren't at any time, but generally in response to some user input.
  All of my apps reside on the boot SSD drive, as well as current project files. The other drives are for backups and archived projects.
  Is it possible that the system is using non-boot drives for virtual memory? How would I stop this?
  My tower has all 4 HD bays loaded, with the primary startup disc being the SSD drive with with over 400GB free. My energy saver preferences are set to "put the hard disks to sleep when possible" as I prefer the quiet of the SSD and the energy saving benefits.
  I ran a clean system install when I installed the SSD, and reinstalled most software from scratch. I did drag across a couple of minor apps from the former startup disk, now that I think of it.
  BTW I had the same problem with my previous set-up; same, computer but with a standard HDD boot.
  It's driving me bonkers, as it defeats much of the purpose of having an fast SSD with low latency.
  Thanks.

  Are those other drives searchable by Spotlight?  Perhaps Spotlight is looking around for stuff.  If you really don't need those other drives indexed disable spotlight for them using the Spotlight preference's Privacy settings.
  Note, I'm just guessing here.

• Attandent Console - Active Directory and Non-AD users

  We have migrated to AD on CCM 4.1.3. We are now able to call most users in the corporate directory except for a few users who are not in AD - like short term contractors. These people have phones but no AD account. What is the best way to be able to get them into the corporate directory?
  Also, what is the recommended way to put numbers into the corporate directory for external companies. We dont really want to create an AD user for each external number we want in the directory.
  Cheers
  Wayne

  Ok AC will get the users from its autogenerated.txt that gets from the TCD server.
  "AutoGenerated.txt file generated by the Cisco TCD service and stored in the userlist directory on the Cisco CallManager Attendant Console server"
  TCD service will do an LDAP query for the following:
  The issue here is that if you dont want to create AD users TCD wont be able to update them (ie if you create a Contact object in AD, TCD wont see it)
  Basically the LDAP Query that TCD performs is the following: Filter: ((objectclass=User)(!(description=CiscoPrivateUser))(!(description=CiscoPABUser)))
  It looks only for User Objects.
  You can manually edit the AutoGenerated.txt but after the sync it will edit the users unless you check the following:
  "If the Directory Sync Period service parameter does not equal zero, Cisco TCD generates the AutoGenerated.txt file when the Cisco TCD service starts and when the directory sync period expires.
  To modify the Directory Sync Period service parameter, choose Service > Service Parameters. Choose the appropriate server from the Server drop-down list box and choose the Cisco Telephony Call Dispatcher Service from the Service drop-down list box."
  http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a00801ec5a5.html#40987
  HTH
  //G

• Solution for invalid directory item count, startup disk corruption and regular crashes

  Hi,
  My late 2006 MacBook (10.6.8) has recently started crashing quite frequently. The screen becomes dark and a multi-language dialogue appears stating that the computer must be restarted with the power button. When this occurs any audio which was playing begins to repeat/skip and the computer goes into complete lockdown. This is now happening perhaps twice a day or more under moderate use.
  This morning I ran 'Verify Disk' in Disk Utility and the process was stopped, stating that I had two 'Invalid directory item counts' and 'the volume Macintosh
  HD was found to be corrupt'. Here is a screenshot of the Disk Utility window:
  I have rebooted, run a software update and rerun the disk verification but to no avail. I also booted using CMD-S, advised by an older post in another forum which suggested using 'fsck -yf' which ran and stated that the disk had been repaired.
  I bought the MacBook second hand from an Apple dealer but it didn't come with an install disc so I am unable to reboot and repair the disk like that.
  My questions, therefore, are what does this mean for my computer in the future, will either of these issues cause me more trouble?
  What can I do about it without the install disc
  And are these issues directly related to the crashes? (I have been running the computer connected to an external drive and monitor - for watching movies)
  Thanks in advance for any help you can offer!
  Twitch

  Not much you can do without an install disc which can be purchased from Apple Store >  Mac OS X 10.6 Snow Leopard - Apple Store (U.S.)
  multi-language dialogue appears
  That is referred to as a kernel panic. OS X: About kernel panics
  Regardless of the kernel panics, you will still need the install disc to repair and reinstall OS X if necessary.
  And are these issues directly related to the crashes? (I have been running the computer connected to an external drive and monitor - for watching movies)
  Could be part of the problem.

• Forcing Server Preferences to create shares on non-startup-volume

  I set up several SLS Servers in recent weeks on which I have the System Volume and a different one (mostly RAIDs) for data and shares. What's driving me crazy is that Server Preferences always creates shares on the system volume. Is there any way to specify another default volume for that?
  I know how to do it in Server Admin but it's complicated compared to the One-Click-Functions in Server Preferences.
  Any suggestions?

  PS: here it's meant for the group shares. Seems there is no way in Server Preferences to create a user home folder anyway.

• How can I see what apps are running on a non-startup disk

  I recently changed over to a larger drive from my older startup drive. I want to erase that original drive and clean it up. When I go to Disk Utility and erase it says "erase failed, could not unmount disk". I try to eject it and it says "HD is in use".
  I figure I just need to see what's running on that drive and stop it somehow, or if there is another workaround?

  Twist170 wrote:
  I recently changed over to a larger drive from my older startup drive. I want to erase that original drive and clean it up. When I go to Disk Utility and erase it says "erase failed, could not unmount disk". I try to eject it and it says "HD is in use".
  I figure I just need to see what's running on that drive and stop it somehow, or if there is another workaround?
  If you're willing to use a command in Terminal, try this, where "old_disk" is the name of the old disk. (If the name of the old disk contains any spaces, prefix each space with a back-slash.) It will show you each file on the old disk that's open.
  sudo lsof | grep /Volumes/old_disk
  Spaces doubled for readability. The character just before "sof" is a lower-case letter "L". You'll be prompted for your administrative account's password.

• Tips on enabling SSL in Active Directory!!!

  Finally I can connect to my Active Directory through SSL connection. I don't know what is wrong with my previous settings because I reinstall the server from scratch. Below is the steps I took:
  1. Install Windows 2000 Advanced Server + SP4
  2. Install Windows 2000 High Encryption Pack (128-Bits SSL)
  3. Install Active Directory Service together with MS DNS Server and Enterprise Certificate Authority Service.
  4. Install Windows 2000 Support Tools from Windows 2000 installation CD.
  5. Launch ldp.exe and connect to local Active Directory on port 636.
  6. It should display the rootDSE content if SSL is working properly.
  7. Go to C: drive and get the root CA certificate in root directory. It should be named xxx.crt.
  8. Import the certificate into ${JAVA.HOME}/lib/security/cacerts file.
  9. Right now everything should be OK.
  What surprised me is I didn't follow several 'important' steps suggested by both Microsoft and some other developers in this forum. They are:
  1. Open the Domain Controller Policy using the Group Policy Editor.
  2. Under Computer Configuration , click Windows Settings .
  3. Click Security Settings , and then click Public Key Policies.
  4. Click Automatic Certificate Request Settings .
  5. Use the wizard to add a policy for Domain Controllers.
  I double checked that I didn't enable Automatic Certificate Request Settings. But somehow SSL works. Can somebody explain why?
  Regards,
  WenBin

  I am glad that you can benefit from the tips.
  Regarding to you question, the answer is like this:
  1. A user named David logon
  2. You generate the userPrincipal for him - [email protected]
  3. Bind to ADS with this userPrincipal and the password he typed in
  4. If succeeds, search user container with sAMAccountName=David and meanwhile request any attributes you want. Please refer to JNDI tutorial on how to search LDAP directory and get back some other attributes at the same time.
  Hope this help you.
  Regards,
  WenBin

• Active Directory forest which need to be sync with Office 365 E1 plan

  we have multiple local Active Directory forest which need to be sync with Office 365 E1 plan, how we can do that?

  Hiya,
  you need to use either FIM or AAD. I would recommend the AAD, even though it's in beta, it will properly be a better choice.
  Windows Azure Active Directory Connector for FIM 2010 R2 Quick Start Guide
  http://technet.microsoft.com/en-us/library/dn511002%28v=ws.10%29.aspx
  New sync capabilities in preview: Password Write Back, New AAD Sync and Multi-forest support
  http://blogs.technet.com/b/ad/archive/2014/04/21/new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-support.aspx

• Force Active Directory Users to Log Into a Shared Local Profile.

  I've searched long and hard for an answer to this but I've found very little info on it so I'm starting to wonder if it's at all possible.
  On some of our "Presenter PC's" at work it has been deemed that the creation of a new account from the Default profile takes too long when logging into Active Directory and slows presenting down too much. Our Default profile is probably around 120Mb due to
  the contents of the image after deployment and how every application is tailored for use hence the AppData folder takes the bulk of the size up and it's not an option to remove it.
  These PC's are (for now at least but hopefully not for much longer) locked down by Deep Freeze which resets all changes to all files when the PC is rebooted so a shared profile is not a problem at this point in time.
  What I want to know is whether there is ANY way to make it so that a user authenticating to Active Directory can ALWAYS be forced into a pre-configured, local profile running on Win 7 32/64 Pro?
  I've been looking at credential providers and replacing USERINIT.exe. I'm just not 100% sure which part of the process actually tells the PC which profile to use. I know that the registry is checked for the user GUID and if not present creates a new entry and
  copies the Default profile but I don't know quite where this is called and how to modify it.
  My programming knowledge limited to a bit of CMD and AutoIt but I do know a few coders so if we really have to get our hands dirty on this it isn't the end of the world.
  I should also add I've recently been toying with taking the AppData folder outside of the Default profile and creating a SymLink to it but upon copying the Default profile to a new profile (much quicker and more acceptable) the SymLink is lost and replaced
  with a relatively empty set of folders which can't be deleted and replaced with a SymLink because the LSASS.exe process is using it and obviously you can't stop that process...
  Making the PC log into a local profile on startup is also not an option because a user MUST log into AD to not be in breach of our AUP and all network drives must be availalbe (mapped by GPo and login script).
  Any help is more than welcome at this point in time as I've pretty much exhausted all avenues that I know of and have turned to you helpful folk.  Cheers

  Hi,
  For mandatory profile, I suggest you refer to the following articles:
  Customize the default local user profile when preparing an image of Windows
  http://support.microsoft.com/kb/973289
  mandatory profiles
  http://social.technet.microsoft.com/Forums/en/w7itproinstall/thread/d2406a55-e053-45c5-b064-bf009c4bfafc
  Hope this helps.
  Vincent Wang
  TechNet Community Support

• How do I create Local Network Home Folders for Users from an Active Directory binding?

  My situation is this... I run an iMac lab at my school.  I have a server set up to manage the network user accounts in the lab.  Currently, I can sucessfully create Local Network Users and log in to them from any of the iMacs.  My school has an Active Directory set up for all the students on campus.  What I'd like to be able to do is configure the server to allow the students to use their user names and passwords from their school accounts to log in to the iMacs and have it automatically build a network user folder on the server for them to use during the lab. 
  So far, I have been able to configure access for the Active Directory accounts to use the services on the server, mainly File Sharing, but I cannot figure out how to allow them to log into a user account on the client's machines using their same Active Directory credentials.  I have even attempted to allow the user accounts to create mobile accounts, but that's not working out either.  Entering indivual network user accounts into the server for every student every semester will be a nightmare.  I'm sure there's a way to do it automatically using the exisitng Active Directory structure.
  The live server is running 10.8.5 Server still, but I've also got a clone running OS X Server in case it matters.  Please help!

  ok reinstalled everything dns seems to be working have done sudo changeip -checkhostname and it says that both names match but then i started open directory and can't seem to get Kerberos started, i've tried changing it to stand alone then back again but it does nothing. I'm wondering why this would happen? i've tried adding a kerberos record but it doesn't do it just does nothing so i don't know what i'm doing wrong. I wondered if it might be a problem with the two network cards and dns as on ethernet one it is getting the dns name xserve.xxxx.ac.uk (which matches what the college server wants to call us) but on ethernet 2 gets xserve-2.local because it tells me that it already exists on ethernet one and renames it to this. I need to set up NAT so have ethernet coming in on port one and out again on port two. I wonder if my dns is backwards as its got the 192. address the NAT uses but its linked to the ethernet port one dns maybe this is the problem. would this cause open directory not to start kerberos?