Installing a Windows 2012 Domain Controller into a 2000/2003 domain with Exchange 2003

Similar Messages

• Windows 2012 Domain Controller NETLOGON error

  We have Sonicwall
  firewall user authentication System active since last two months. We have Windows 2012 Active directory server setup
  with around 1400 user account created. These accounts were created by using following PowerShell scripts
  Import-Module ActiveDirectory
  #Import CSV
  $csv = @()
  $csv = Import-Csv -Path C:\Users\Administrator\Desktop\"College User Ac Password Details"\FE\civil.csv
  FOREACH ($Person in $csv) {
  $name = $Person.UserName
  $displayname = $Person.Name
  $path = "OU=FE,DC=comp,DC=com"
  $password = $Person.Password
  $enabled = $True
  $changePW = $False
  $description="CIVIL"
  new-ADUser -SamAccountName $name -Name $name -Description $description -DisplayName $displayname -Path $path -AccountPassword (ConvertTo-SecureString $password -AsPlainText -force) -Enabled $enabled -ChangePasswordAtLogon $changePW -PassThru}
  Above script reads an CSV file with username and passwords and create user accounts on Active Directory.
  But since today we are facing issue during authentication process. We are unable to logon to Directory server. When Sonicwall firewall tries to authenticate an user, it logged-out same user. When I checked Event logger on Windows Active Directory server it
  shows following message.
  The dynamic registration of the DNS record 'ForestDnsZones.comp.com. 600
  IN A 192.168.0.12' failed on the following DNS server:
  DNS server IP address: 216.37.64.6
  Returned Response Code (RCODE): 5
  Returned Status Code: 9017
  For computers and users to locate this domain controller, this record must be registered in DNS.
  USER ACTION
  Determine what might have caused this failure, resolve the problem, and initiate
  registration of the DNS records by the domain controller. To determine what might have
  caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and
  Support Center. To initiate registration of the DNS records by this domain
  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain
  controller or restart Net Logon service. Or, you can manually add this record to DNS,
  but it is not recommended.
  ADDITIONAL DATA
  Error Value: DNS bad key.
  Above log entry talks about DNS issue. But I did non configured any DNS server on this machine.Authentication was working fine for last
  two months , but suddenly from today we are facing above issue. Kindly help me out in resolving this issue.

  hi,
  Im not sure of you setup and don't understand where your sonic wall comes in.
  The error with the DNS is that the server is trying to register its DNS entries in the server with the public IP address
  216.37.64.6  which I am assuming is your ISP's DNS server?
  How is the DNS configured on your domain controller? The domain controller should point to it'self as it's preffered DNS server.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  Blog: http://www.windows-support.co.uk 
  Twitter:   LinkedIn:

• Downgrade of Windows 2012 r2 to Windows 2012 Domain Service Active Directory

  I have an uncertainty. we used adprep /forest and adprep /domain tools on windows 2012 R2 to update the domain active directory. But after promoting a domain controller to windows 2012 R2, we realized that a tool we use to authenticate computer account not
  supported for domain controllers in Windows 2012 R2. Here comes the question, I can to install direct and promote a domain controller windows 2012 without running the adprep /forest and adprep /domain tools of Windows 2012?.
  I hope be clearly.
  tks.
  migrations

  Hello,
  as others mentioned there is no problem to promote a Windows Server 2012 into the domain as the functional level is fine for this.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

• How do I add my Custom Workflow Activity to FIM 2010 R2 SP1 installed on Windows 2012 server?

  Hellos.
  I have tried and failed to add my custom.dll into the Windows Server 2012  GAC.
  We have a version of FIM 2010 R2 Sp1 running on Windows Server 2008 R2 and that was no problem. There seemed to be a gacutil.exe present on the system which added my assembly.
  I cannot find gacutil.exe on the Windows 2012 Server.
  I have downloaded and installed Windows SDK for Windows 8. However, when I try the gacutil.exe /i <myCustom.dll> nothing seems to happen.
  Are there any guidelines how to add custom workflow activities to FIM when installed on a Windows Server 2012 system?
  TIA
  *HH

  Well yes. It is fine when FIM is hosted on Windows Server 2008 R2.My difficulty is that I am using FIM 2010 R2 Sp1 and Windows Server 2012. No GACutility executable.
  However, the problem has been resolved. Powershell can be used to modify the assemblies.
  I opened a RunAs Administrator PS session. My assembly is in folder c:\Temp
  Using Windows Explorer I browsed the folder c:\windows\assembly and noted the System.EnterpriseServices entries: version (2.0.0.0) and public key token (b03f5f7f11d50a3a)
  (My version is 2.0.0.0 because when installing FIM and SharePoint 2013 the instructions I used suggested setting .Net version to be 2.0)
  These powershell commands got me going...
  PS C:\temp> [System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
  GAC    Version        Location
  True   v4.0.30319     C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50...
  PS C:\temp> $publish = New-Object System.EnterpriseServices.Internal.Publish
  PS C:\temp> $publish.GacInstall("c:\temp\RunPowershellLibrary.dll")
  PS C:\temp>
  PS C:\temp>
  PS C:\temp> iisreset
  Amazingly I can see the assembly RunPowershellLibrary in my Windows 2012 GAC. :-)
  Also, what is more cheering is that the custom activity actually works with FIM 2010 R2 Sp1.

• Can A Windows 2000 Client Join A Windows 2012 Domain ?

  I have set up a Server 2012 VM that I have configured as a DC.  The desktop environment consists of Windows 7, Windows XP and a few Windows 2000 machines.  All desktops can JOIN the 2012 domain, but when I try to add domain users to any of the
  Windows 2000 (SP4) workstations, it fails with the error "The trust relationship between this workstation and the primary domain failed".
  Unjoining the workstation from the domain (or going into ADUC and deleting the Win 2000 computer from the domain) and trying again yields the same result.  I do not have this problem when the Windows 2000 machines are joined to a Server 2008 R2 domain.
  At this point, I'm leaning towards setting it up as a 2008 R2 DC, and moving to a 2012 DC once we have weaned ourselves off of the Windows 2000 desktops.  Is there any hope of getting things to work with a 2012 DC from the start ?

  Hi,
  Based on my research, Windows 2000 client is not supported for Windows 2012 DC.
  Windows client and Windows Server operating systems that are supported to join Windows Server 2012 domains
  The following Windows client and Windows Server operating systems are supported for domain member computers with domain controllers that run Windows Server 2012:
  Client operating systems: Windows 8, Windows 7, Windows Vista, Windows XP
  Computers that run Windows 8 are also able to join domains that have domain controllers that run earlier version of Windows Server, including Windows Server 2003 or later. In this case however, some Windows 8 features may require additional configuration or
  may not be available. For more information about those features and other recommendations for managing Windows 8 clients in downlevel domains, see
  Running Windows 8 member computers in Windows Server 2003 domains.
  Server operating systems: Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003
  Cataleya Li
  TechNet Community Support

• Windows 2012 root certification authority in a 2003 Domain/ Forest level

  Hello,
  We are currently on Windows 2003 Domain & Forest Functional Level. Our Root CA is also currently on Windows 2003 DC.
  If  we have to setup a new Root/Issuing CA ( not exporting the current 2003 CA cert) on Windows 2012 R2 servers,   is it then mandatory to first upgrade Domain & Forest levels to 2012 R2 ?  Can we have  a PKI infrastructure with
  Enterprise CA's on a Windows 2012 Platform but the Domain/Forest levels  still on 2003 level ?   i understand it will be good to have everything on 2012 R2 , but can a mix of 2003 domain level  and 2012 CA  work ?

  Hi,
  Look at below tread it might help:
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/fa8cac92-0f71-426c-ac95-e89e90e1c8d1/certificate-authority-and-forestdomain-functional-level?forum=winserversecurity
  Basically the answer is yes you can have  CA on 2012 R2 and DFL/FFL still on 2003.
  Regards,
  Calin

• Install SSAS unattented Install on Windows 2012 Core edition

  Dear People who can help.
  We are trying to offer SSAS as a Self Service solution in our company. this without giving the user SYSADMIN rights.
  When we install this in a vmware environment or on a brick it does not start up SSAS. When we install it on a server with a gui it just work. Does any one know how to solve this problem in Windows 2012 Core edition without a gui?
  Thanks in advance,
  Michael

  Hi Michael,
  According to your description, when you install the SSAS without GUI, it doesn't start up SSAS. Right?
  When we install SQL Server via command line, we have the many installation parameters for Analysis Services. There's one parameter "/ASSVCSTARTUPTYPE" which specifies the startup mode for the Analysis Services service. You
  should set it Automatic when do the unattended installation. Also you can start the SQL Server Analysis Services service manually via command line:
  net start "SQL Server Analysis Services (MSSQLSERVER)"
  Reference:
  Install SQL Server 2014 from the Command Prompt
  Tips ‘N’ Tricks – Windows – Starting, Stopping, and Restarting Services from Command Line
  If you have any question, please feel free to ask.
  Regards,
  Simon Hou
  TechNet Community Support

• Windows 2012 Domain Controllers and RC4

  We are using Qualysguard as our vulnerability scanner, and we are getting QID 38601, "SSL/TLS use of weak RC4 cipher". While we have created a GPO to disable RC4 on the 2008/2012 servers, we have 4 Domain Controllers that we haven't included in
  the GPO yet. I'm wondering if disabling RC4 on 2012 Domain Controllers will cause problems that I'm not forseeing right now.
  Does someone out there have any knowledge of this through experience or otherwise?
  Thanks in advance.

   
  Hi,
  As far as I know, disable RC4 cipher usage in SSL/TLS wouldn’t affect Kerberos related services on Domain Controller, since Key Distribution Center (KDC) just use the available encryption type to encrypt tickets that requested from our clients with
  RC4_HMAC_NT.
  More information for you:
  Disabling RC4 Cipher KB2868725 relation to Kerberos
  https://social.technet.microsoft.com/Forums/sqlserver/en-US/836eba80-a070-486d-98b2-69b6325cb40e/disabling-rc4-cipher-kb2868725-relation-to-kerberos?forum=winserversecurity
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Can I clean install a Windows 7 Pro System Builder on a Lenovo PC with Windows 8 preinstalled?

  Hi. I would like to clean install windows 7 on a Lenovo PC  that came with Windows 8 core preinstalled. I want to format the entire drive and remove windows 8 and clean install windows 7.  I already tried the clean install of Windows 7 Pro to get all of my drivers in line, and now I would like to buy a Product Key.
  Would  a Windows 7 Pro System Builder work in my case? Would it work just as smoothly as a retail version? I understand that the System Builder is an OEM version that includes the Product Key, COA, and DVD) Just want to make sure before I buy the System Builder version of Windows 7 Pro.  Thanks.
  Grazzie
  Solved!
  Go to Solution.

  that should be retail since it seemed to be used for pc upgrades either way your new system builder key should work. those are called refresh because they re-released them sincea bug was found in thier installers. Do you have any key in the computer atm? or is windows just waiting to be activated? 
  EDIT: its a good copy look here>  http://www.heidoc.net/joomla/technology-science/microsoft/14-windows-7-direct-download-links
  Should you want to use the DVD images permanently, and don't own a product key yet, you can order a Windows 7 OEM or retail version from Amazon. The OEM reinstallation versions contain a DVD with a product key just like the retail versions. They are significantly cheaper, but lack a proper box packaging, and don't include technical support by Microsoft. The OEM key will work with the Digital River downloads, so you can just pick the cheapest one. Sometimes better editions are the cheaper ones, so all of the following links to Amazon offers might be worth checking. I've already tried to find good deals for all editions and linked to them here:
  I own a Y510p SLI, and Yoga 2 Pro

• If I were to buy the 7 Home Premium SP1 64bit, System Builder OEM DVD 1 Pack from Amazon to install Microsoft Windows 7 on my Mac, would it be compatible with my computer when I put it in bootcamp? (I have all of the current software updates)

  If I were to buy the 7 Home Premium SP1 64bit, System Builder OEM DVD 1 Pack from Amazon to install Microsoft Windows 7 on my Macbook Pro, would it be compatible with my computer if I put it in bootcamp? (I have all of the current software updates)

  In order to run Windows Applications, you must own the applications and, since they require Windows, you must own Windows. There are technologies like wine that will allow Windows applications to run without Windows, but they tend to be flakey at best.

• How to setup Autodiscovery for .local internal domains with Exchange 2013

  Hi,
  I need to know about how i set autodiscovery in local domain.I have local domain eg
  abc.local and domin which i received the emails externally is  xyz.com.
  I have deployed Exchange2013 recently with same above scenario inbound and outbound mails are working fine using OWA.But outlook clients cannot connect to Exchange server with in the LAN. 
  Please help me out how set auto discovery in local domain and another help i need how i configure the self sign certificate in this scenario.   

  You cannot use a self signed cert for RPC/HTTP connections (which is how the Outlook client is connecting exchange2013). Please check this http://social.technet.microsoft.com/Forums/exchange/en-US/aed4ede9-57c3-44c3-90b4-bdfb3a7f017d/exchange-2013-self-signed-certs-and-outlook-client-access?forum=exchangesvrgeneral 
  But you can use a certificate from an internal CA which you can install in your network issue a certificate for exchange. Please check this it will help you manage internal certificates for a PC and for a domain.  http://technet.microsoft.com/en-us/library/cc754841.aspx
  You dont need to configure autodiscover for internal domain added clients. If you have clients on the network which are not members of the domain, using Exchange, this could be Windows, MACs or mobile devices, then you should ensure that autodiscover.example.com
  resolves internally to the Exchange server via a split DNS system. http://exchange.sembee.mobi/network/split-dns.asp
  Please configure your external and internal URLs as well
  http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2013/
  I recommend to buy a 3rd party certificate as it may create issue for external clients e.g.Outlook anywhere
  Thanks, MAS
  Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Creating a New Email address policy for users in another Domain with Exchange 2013 powershell?

  Hi
  Everyone
  Is it possible to create a new-emailaddress policy with Exchange
  2013 Powershell, for users within OU´s located on another different
  domain/forest than where Exchange 2013 is installed?
  There
  is a Transitive, two way trust between the domain/forest where the users are
  located - and the Exchange 2013, multi tenant domain.
  Further
  more, and if possible, I need to create linked mailboxes to all these users as
  well.
  Í have been struckling with this issue for weeks, so please anyone -
  advice - and comment.
  Best
  Regards
  Peter
  A-ONE Solutions

  Hi Siddharth
  I want to create a new e-mailaaddress policy - and after that create linked mailboxes/users in my account domain with powershell.
  Can you help me achieve that ?
  I have a powershell CMDlet, but i doesn´t work. (Cannot fint user OU in my account domain)
  CMDlet is as follows:
  New-EmailAddressPolicy -Name $CustomerName   -RecipientContainer "OU=$CustomerName, OU=kunder, DC=Domain, DC=local" -IncludedRecipients 'AllRecipients' -ConditionalCustomAttribute1 $CustomerName -Priority '1' -EnabledEmailAddressTemplates SMTP:%2g%1s@$AcceptedEmailDomain
  Where $Customername = test.dk
  and Account domain is = OU=kunder, DC=Domain, DC=local
  But the command fails with:
  New-EmailAddressPolicy : Couldn't find organizational unit "OU=Test.dk, OU=kunder, DC=Domain, DC=local". Make sure you have typed the name correctly.
  At line:52 char:1
  + New-EmailAddressPolicy -Name $CustomerName   -RecipientContainer "OU=$CustomerNa
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : NotSpecified: (:) [New-EmailAddressPolicy], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : [Server=HE-MBX03,RequestId=2cbe1b51-4af2-4c04-9f7e-e440000975e6,TimeStamp=24-03-2014 12:58:19] 2D00FD2A,Mi 
     crosoft.Exchange.Management.SystemConfigurationTasks.NewEmailAddressPolicy
  So, I cannot find the OU on the Account forest/Domain, even though the OU do exists in the Account domain. 
  Verifying with this: 
  Get-ADOrganizationalUnit -Identity "OU=$CustomerName,OU=kunder,DC=Domain,DC=local" –Server ‘DC01.domain.local’| FL
  This works fine, Can you please help/assist?
  Peter

• Windows 2012 Domain Controller: Failed to open the runspace pool. The Server Manager WinRM plug-in might be corrupted or missing

  Hi all,
  We have been battling a problem for the last couple of days when we try to add the first windows server 2012 DC to an already existing Domain.
  The Server installation goes smoothly and we can add the computer to the domain and its all green.
  After we promote the server to a domain controller the WinRM service starts acting up (not responding anymore).
  The server manager console shows Remote Management as disabled, and when we try to enable it via the console or Powershell it freezes up.
  The AD DS part of the console is saying that there are post-promotion tasks that need to be completed but once we click on the task it takes us to the promotion wizard again, that basically complains that: Failed to open the runspace pool. The Server Manager
  WinRM plug-in might be corrupted or missing.
  In the Remote Management Event log we see the following entry: "The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)" Event ID 138
  We are unable to do anything with the server (demote, add roles, remotely manage...). We tryed the following already:
  1. Recreate from scratch
  2. Checking the GPOs to see if there is anything setup about RM -> came up with nothing
  We just ran out of ideas so HELP PLEASE !
  BR
  Tomaz Praprotnik

  Hi Cicely,
  Yes the error from the Windows Remote Management event log contains (I took out the User and FQDN of the Computer):
  Log Name:      Microsoft-Windows-WinRM/Operational
  Source:        Microsoft-Windows-WinRM
  Date:          3/29/2013 1:38:53 PM
  Event ID:      138
  Task Category: Response handling
  Level:         Error
  Keywords:      Client
  User:         
  Computer:     
  Description:
  The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
      <EventID>138</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>10</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000002</Keywords>
      <TimeCreated SystemTime="2013-03-29T12:38:53.786357100Z" />
      <EventRecordID>6876</EventRecordID>
      <Correlation ActivityID="{18FCFBD2-2B38-0003-D261-FD18382BCE01}" />
      <Execution ProcessID="1084" ThreadID="2924" />
      <Channel>Microsoft-Windows-WinRM/Operational</Channel>
      <Computer></Computer>
      <Security UserID="" />
    </System>
    <EventData>
    </EventData>
  </Event>
  There is also another entry that sometimes comes up:
  Log Name:      Microsoft-Windows-WinRM/Operational
  Source:        Microsoft-Windows-WinRM
  Date:          3/29/2013 1:36:34 PM
  Event ID:      142
  Task Category: Response handling
  Level:         Error
  Keywords:      Client
  User:         
  Computer:     
  Description:
  WSMan operation Invoke failed, error code 2150859046
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
      <EventID>142</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>10</Task>
      <Opcode>2</Opcode>
      <Keywords>0x4000000000000002</Keywords>
      <TimeCreated SystemTime="2013-03-29T12:36:34.076973400Z" />
      <EventRecordID>6869</EventRecordID>
      <Correlation ActivityID="{18FCFBD2-2B38-0001-F328-FD18382BCE01}" />
      <Execution ProcessID="4888" ThreadID="4392" />
      <Channel>Microsoft-Windows-WinRM/Operational</Channel>
      <Computer></Computer>
      <Security UserID="" />
    </System>
    <EventData>
      <Data Name="operationName">Invoke</Data>
      <Data Name="errorCode">2150859046</Data>
    </EventData>
  </Event>
  Best regards
  Tomaz Praprotnik

• Unisphere Host Agent cannot install on Windows 2012 R2 Core

  Cannot install EMC Unisphere Host Agent on Windows Server 2012 R2 Core server. 
  When trying to install into Hyper-V 2012 R2 I get an error informing of the requirement for Feb 2013 updates to Windows 8 and Windows server 2012.

  Cannot install EMC Unisphere Host Agent on Windows Server 2012 R2 Core server. 
  When trying to install into Hyper-V 2012 R2 I get an error informing of the requirement for Feb 2013
  updates to Windows 8 and Windows server 2012.

• RD Connection Broker Fails to install on Windows 2012 R2, fresh install

  I have been fighting this for a week
  Trying to install RD connection broker service on a Server 2012 R2.  I've had multiple errors, ranging from the "Server pending reboot" issue, to the install just hanging for 15-20 minutes and then failing.  This is NOT on a DC, and I've
  tried it on a fresh 2012 R2 server, and a fully updated Server 2012 R2.  It has to be something on the domain I'm joined too, as I can install it with no problem on test servers/domains at my office.

  Hi CitadelTCS,
  Some folk meet this issue because the server is DC, in your case could you try to run SFC /SCANNOW then monitor this issue again.
  The related KB:
  Use the System File Checker tool to repair missing or corrupted system files
  https://support.microsoft.com/en-us/kb/929833?wa=wsignin1.0
  I’m glad to be of help to you!
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]