How to configure secondary domain controller read only, but prevent write in replication?

Similar Messages

• Secondary Domain Controller Not Authenticating Domain Users

  Hi.
  I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
  DC USA
  Installation & replication of AD went fine
  India domain users login is damn slow.
  When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
  Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
  Please find the dcdiag results below and any help much appreciated
  Performing initial setup:
     Trying to find home server...
     Home Server = server2
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: INDIA\server2
        Starting test: Connectivity
           ......................... server2 passed test Connectivity
  Doing primary tests
     Testing server: INDIA\server2
        Starting test: Advertising
     Warning: DsGetDcName returned information for \\server1.tst.mycompany.com, when we were trying to reach
     server2.
     SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
           ......................... server2 failed test Advertising
        Starting test: FrsEvent
           ......................... server2 passed test FrsEvent
        Starting test: DFSREvent
           There are warning or error events within the last 24 hours after th
           replication problems may cause Group Policy problems.
           ......................... server2 failed test DFSREvent
        Starting test: SysVolCheck
           ......................... server2 passed test SysVolCheck
        Starting test: KccEvent
           ......................... server2 passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... server2 passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... server2 passed test MachineAccount
        Starting test: NCSecDesc
           ......................... server2 passed test NCSecDesc
        Starting test: NetLogons
           Unable to connect to the NETLOGON share! (\\server2\netlogon)
           [server2] An net use or LsaPolicy operation failed with error 67,
           ......................... server2 failed test NetLogons
        Starting test: ObjectsReplicated
           ......................... server2 passed test ObjectsReplicated
        Starting test: Replications
           ......................... server2 passed test Replications
        Starting test: RidManager
           ......................... server2 passed test RidManager
        Starting test: Services
           ......................... server2 passed test Services
        Starting test: SystemLog
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 02/22/2015   17:10:30
              Event String: Intel(R) 82574L Gigabit Network Connection
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 02/22/2015   17:11:24
              Event String: The WinRM service is not listening for WS-Manageme
           An error event occurred.  EventID: 0x0000271A
              Time Generated: 02/22/2015   17:11:24
              Event String:
              The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not regist
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 02/22/2015   17:12:41
              Event String: Intel(R) 82574L Gigabit Network Connection
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 02/22/2015   17:19:36
              Event String:
              Name resolution for the name mycompany.com timed out after none
           A warning event occurred.  EventID: 0x00001796
              Time Generated: 02/22/2015   17:28:54
              Event String:
              Microsoft Windows Server has detected that NTLM authentication i
  his server. This event occurs once per boot of the server on the first time
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 02/22/2015   17:33:35
              Event String: The WinRM service is not listening for WS-Manageme
           A warning event occurred.  EventID: 0x00001796
              Time Generated: 02/22/2015   17:35:54
              Event String:
              Microsoft Windows Server has detected that NTLM authentication i
  his server. This event occurs once per boot of the server on the first time
           ......................... server2 failed test SystemLog
        Starting test: VerifyReferences
           ......................... server2 passed test VerifyReferences
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValida
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValida
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidat
     Running partition tests on : tst
        Starting test: CheckSDRefDom
           ......................... tst passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... tst passed test CrossRefValidation
     Running enterprise tests on : tst.mycompany.com
        Starting test: LocatorCheck
           ......................... tst.mycompany.com passed test LocatorChec
        Starting test: Intersite
           ......................... tst.mycompany.com passed test Intersite

  Hi.
  I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
  DC USA
  Installation & replication of AD went fine
  India domain users login is damn slow.
  When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
  Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
  Firstly make sure that you have configured sites and subnets correctly. According to your information which you have two locations, you should have at least 2 sites and 2 subnets associated to them. If you have forgotten to configure subnets of India in your
  site and services and assigned them to the India site you are experiencing this issue. Also make sure if clients in India has appropriate network connectivity to the domain controllers in India.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• How to configure multiple domains in Active directory

  HI,
  How can I configure multiple domains on Active Directory. When I installed AD it asked for a domain name, there I gave ravigupta.com as domain name. But now I find no way of creating another domain.
  I am a java developer and my task is to write a programme which returns all the domains available in LDAP server.
  To start with ,I tried to create few domains in LDAP server ( AD ) but stuck up ,as i found there could exist only one domain.
  Please tell me how to configure multiple domains in LDAP server ( Active Directory).
  I skiped DNS configuration while AD installation.
  -ravi

  I'm sorry, but you should be asking on a different forum. This has nothing to do with Java.

• Server 2012 Secondary Domain Controller not picking up AD nor DNS responsibilities

  I had a single Domain Controller providing AD, DNS and  DHCP.  I went through the steps to add a Secondary Domain Controller.  All the AD and DNS info shows up in the Secondary Server, however, when my original Domain Controller is turned
  off, the second Domain Controller is not taking over for AD and DNS.

  Hi Bayousmurf,
  Good that you made some progress. However, can you please provide us the information on how you acheived transfering FSMO role to another DC since you had some issue earlier?
  Your initial intention was to demote the original DC. Please follow the below link for the steps to demote the DC.
  http://technet.microsoft.com/en-in/library/jj574104.aspx
  Still if I power off the original DC the new one isn't taking up DNS.  Still looking into the DNS...
  Can you please elaborate what exactly you are looking for? When you power off original DC, you don't see DNS in new DC? Is your DNS active directory integrated? If not please follow the below procedure to make it as a AD integrated. Once done, then, power
  off original DC and look in new DC to see if DNS shows up.
  http://www.tomshardware.com/faq/id-1954324/configure-active-directory-integrated-dns-zone-windows-server-2012-dns-server.html
  Thanks,
  Umesh.S.K

• Secondary domain controller not able to connect from work stations.

  We are using primary and secondary domain controllers. In which the secondary domain controller act as a replication server. actually the problem occurs while accessing the secondary domain controller from work stations I get the following error:
   "The trust relationship between this workstation and the primary domain failed".
  Any one please give as a solution.
  Thank you.

  Hi,
  Most simple resolution would be unjoin/disjoin the computer from the domain and rejoin the computer account back to the domain.
  There might be multiple reasons for this kind of behavior.
  Here are a few of them:
  Single SID has been assigned to multiple computers.
  If the Secure Channel is Broken between Domain controller and workstations
  If there are no SPN or DNS Host Name mentioned in the computer account attributes
  Outdated NIC Drivers.
  According your description, the second one may be the cause of your problem.
  When a Computer account is joined to the domain, Secure Channel password is stored with computer account in domain controller. By default this password will change every 30 days (This is an automatic process, no manual intervention is required).
  Upon starting the computer, Netlogon attempts to discover a DC for the domain in which its machine account exists. After locating the appropriate DC, the machine account password from the workstation is authenticated against the password on the DC.
  If there are problems with system time, DNS configuration or other settings, secure channel’s password between Workstation and DCs may not synchronize with each other.
  A common cause of broken secure channel [machine account password] is that the secure channel password held by the domain member does not match that held by the AD. Often, this is caused by performing a Windows System Restore (or reverting
  to previous backup or snapshot) on the member machine, causing an old (previous) machine account password to be presented to the AD.
  Follow below link which explains typical symptoms when Secure channel broken,
  Typical Symptoms when secure channel is broken
  http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx
  For detailed information, please refer to the link below,
  Troubleshooting AD: Trust Relationship between Workstation and Primary Domain failed
  http://social.technet.microsoft.com/wiki/contents/articles/9157.troubleshooting-ad-trust-relationship-between-workstation-and-primary-domain-failed.aspx
  Hope this helps.
  Steven Lee
  TechNet Community Support

• How to create sharepoint Group with read only permissions using powershell for entire site ?

  How to create sharepoint Group with read only permissions using powershell for entire site (including subsites and top level site)

  Hi
  using (SPSite site = new SPSite(url))
  using (SPWeb web = site.OpenWeb())
  SPUserCollection users = Web.AllUsers;
  SPUser owner = users[string.Format("{0}{1}", "Domain", "Owner Username")];
  SPMember member = users[string.Format("{0}{1}", "Domain", "Default Member Username")];
  SPGroupCollection groups = Web.SiteGroups;
  string GroupName = “Super Exclusive”;//your group name
  string GroupDescription = “Super exclusive group description.”;
  groups.Add(GroupName, owner, member, GroupDescription);
  SPGroup NewSPGroup = groups[GroupName];
  SPRoleDefinition role = Web.RoleDefinitions["Read"];
  SPRoleAssignment roleAssignment = new SPRoleAssignment(NewSPGroup);
  roleAssignment.RoleDefinitionBindings.Add(role);
  Web.RoleAssignments.Add(roleAssignment);
  Web.Update();
  Please 'propose
  as answer' if it helped you, also 'vote
  helpful' if you like this reply.

• 7210 doesn't authenticate to secondary domain controller

  We've been testing a 7210 configured to authenticate to a domain controller's MS active directory. Our testing indicates that when our primary domain controller is off line that the 7210 does not attempt to authenticate to the secondary domain controller. I would have expected it to behave like any other device set to authenticate on our domain and to use the secondary controller if the primary domain controller becomes unavailable.
  Has anyone else noticed this behaviour and more importantly is there a way to configure the 7210 to ensure it will use the secondary if need be?
  Cheers.

  For others who may come across this we ended up putting a support call in to Sun. The answer from Sun is:
  "... have been informed that this is by design to occur like this. Many people don't believe it should so there is an
  RFE raised and development is occurring to resolve this under an internal bug."
  regards
  Stephen Meatheringham

• How to configure User domain in Weblogic..........

  How to configure User domain in Weblogic Application Server 8.1 from Command prompt on windows Xp?
  Thanks in Advance.

  <p>
  You can use WLST or weblogic.Admin command. WLST is the recommended appraoch. Here are a few links for both of the above:
  </p>
  <p>
  http://edocs.bea.com/wls/docs81/admin_ref/cli.html
  http://e-docs.bea.com/wls/docs91/config_scripting/using_WLST.html
  http://edocs.bea.com/wls/docs90/config_scripting/domains.html
  http://dev2dev.bea.com/blog/hoos/archive/2005/09/what_no_wlst_1.html
  http://dev2dev.bea.com/pub/a/2005/01/wlst_offline.html
  http://dev2dev.bea.com/blog/hoos/archive/2005/10/environment_pro_1.html
  </p>
  <p>
  Hussein Badakhchani
  London Middleware
  </p>
  Edited by hoos at 01/07/2007 3:50 AM
  Edited by hoos at 01/07/2007 3:51 AM

• How to make a DFF in read only mode

  Hi All
  There is a requirement to male an descriptive flexfield (in Puchasing PO Headers) i read only mode for all the users.
  So that user must not select any values, Is any way to do this. Any workaround is possible ?
  Regards

  Hi;
  Please follow below and see its helpful:
  [Solved] How to make a DFF segment 'Read-Only' using Form Personalization?
  Also check:
  http://download-west.oracle.com/docs/cd/A60725_05/html/comnls/us/fnd/ogenff03.htm
  Regard
  Helios

• How to make a DFF as Read only field

  How to make a DFF as Read only field

  Hi,
  You can add the read only token ($RO$) to any of the segments in the list. For example:
  segmentlist = "Context1|Segment1($RO$)|Segment2..."
  Thanks,
  Kumar

• How to configure evaluations at level task only for released projects?

  Hi,
  Does anyone know how to configure evaluations at level task only for released projects?
  What we need is that the evaluation will be executed only when project has released status. Is that possible?
  Thanks a lot,
  CAMILO URIBE

  Hi CAMILO,
  After the notes 1422722 & 1465106 is a service method  available, which allow the customer to dis-able the evaluation.
  CL_EVE_EXTRACT_FACTORY        SET_ACTIVE
  You can put a codes in some BADI method, which is called during save. Within the Badi-Implementation, call the SET_ACTIVE method, so that the evaluation not be tiggered (until the project get released.)
  KInd regards,
  Zhenbo

• How can I have both functions "Read Only" & "Write" mode on the same form?

  Dear all,
  How can I have both functions "Read Only" & "Write" mode on the same form? Is it possibile for this?
  Please advice,
  Amy

  This is what I use in some dialogs:
  PROCEDURE SET_QUERY_ONLY IS
    -- Procedure Set_query_only
    -- Rend les blocks non modifiables   --
    -- Disable menus Insert/Delete/Clear --
    -- Entree               :
    -- Sortie               :
    -- Ent/Sortie     :
    -- Creation               : FD    10/2003
    -- Modification     : 
       LC$Block     Varchar2(30) ;
  BEGIN
    Set_Menu_Item_Property('Edit.Insert', ENABLED, PROPERTY_FALSE ) ;
    Set_Menu_Item_Property('Edit.Remove', ENABLED, PROPERTY_FALSE ) ;
    Set_Menu_Item_Property('Edit.Clear', ENABLED, PROPERTY_FALSE ) ;
    Set_Menu_Item_Property('Action.Save', ENABLED, PROPERTY_FALSE ) ;
    LC$Block := get_form_property( NAME_IN('System.Current_Form'), FIRST_BLOCK ) ;
    -- Tous les blocs en Query only --
    While LC$Block is not null Loop
         Enable_Block( LC$Block, FALSE ) ;
         LC$Block := get_block_property( LC$Block, NEXTBLOCK ) ;
    End loop ;
  END;
  PROCEDURE ENABLE_BLOCK
            PC$Block in Varchar2,
            PB$Enable in Boolean Default TRUE
       ) IS
    -- Procedure Enable_block
    -- Rend le bloc Enable / Disable --
    -- Entree          : PC$Block (nom du bloc Forms)
    --               : PB$Enable (TRUE ou FALSE)
    -- Sortie          :
    -- Ent/Sortie             :
    -- Creation          : FD    10/2003
    -- Modification     : 
  BEGIN
       If PB$Enable Then
            Set_Block_Property( PC$Block, INSERT_ALLOWED, PROPERTY_TRUE ) ;
            Set_Block_Property( PC$Block, UPDATE_ALLOWED, PROPERTY_TRUE ) ;
            Set_Block_Property( PC$Block, DELETE_ALLOWED, PROPERTY_TRUE ) ;
            Set_Menu_Item_Property('Edit.Insert', ENABLED, PROPERTY_TRUE ) ;
            Set_Menu_Item_Property('Edit.Remove', ENABLED, PROPERTY_TRUE ) ;
            Set_Menu_Item_Property('Edit.Clear', ENABLED, PROPERTY_TRUE ) ;
            Set_Menu_Item_Property('Action.Save', ENABLED, PROPERTY_TRUE ) ;
       Else
            Set_Block_Property( PC$Block, INSERT_ALLOWED, PROPERTY_FALSE ) ;
            Set_Block_Property( PC$Block, UPDATE_ALLOWED, PROPERTY_FALSE ) ;
            Set_Block_Property( PC$Block, DELETE_ALLOWED, PROPERTY_FALSE ) ;
            Set_Menu_Item_Property('Edit.Insert', ENABLED, PROPERTY_FALSE ) ;
            Set_Menu_Item_Property('Edit.Remove', ENABLED, PROPERTY_FALSE ) ;
            Set_Menu_Item_Property('Edit.Clear', ENABLED, PROPERTY_FALSE ) ;
            Set_Menu_Item_Property('Action.Save', ENABLED, PROPERTY_FALSE ) ;
       End if ;
  END;Francois

• How to configure the iTunes,to display only folder name as Album.

  How to configure the iTunes,to display only folder name as Album under Music.
  I have a folder with name "English" under this I have plenty of folders which are either movie names or custom names created by me,inside of these are the music files. I just want all the files to be copied to the iPod with out any album artwork(which the itunes display under "Album By Artist" contains).The "Album By Artist" doesnt seem to contain just the folder name,it gets something else like the website from where the music file downloaded. This makes me irritating to browse through iPod or iTunes.
  Please help me in configuring,so that I can just see the same folder/music hierarchy I see in my windows machine in the iPod.

  Yep, I agree with Jurjen. It is not only limited to ACTVT, but rather fields of other objects as well which are "action" or "activity" related.
  I would start the other way around - give them '03' only and investigate any transaction specific claims that it is not enough. There will be a few...
  Cheers,
  Julius

• Trying to modify PDF w/ no security, says it's opened as "read only to prevent modification"

  what am I missing here?
  The PDF in question can be found here:
  http://wndw.net/
  The PDF has a Creative Commons license saying I can:
  "Copy, distribute and display the book. Make derivative works, including books and articles. Make commercial use of the book"
  When I download and open the PDF, it is listed as having no security, but there's a blue info bar along the top in Acrobat X saying "The file you have opened complies with the PDF/A standard and has been opened read-only to prevent modification."
  I actually just trying to remove any hyperlinks and color information on some of the pages so we can reduce our printing costs.
  any ideas on how to open this NOT in read-only mode?

  You can temporarily disable PDF/A mode in Acrobat and/or remove the PDF/A information: http://blogs.adobe.com/acrolaw/2011/05/how-to-remove-pdfa-information-from-a-file/

• I cant able to copy my files from my macbook to external hard disk,its showing "read-only",but i can able to transfer files in windows os,why cant i able to do tht in here?

  i cant able to copy my files from my macbook to external hard disk,its showing "read-only",but i can able to transfer files in windows os,why cant i able to do tht in here?

  to frederic1943
           Its in NTFS Format...and i hav downloaded the file NTFS-3G,but still i dont know wht to do with that.will u pls help me here.