Migration windows 2003 domain controller

Similar Messages

• Does Oracle 10G R2 support installation on Windows 2003 Domain Controller?

  Does Oracle 10g R2 support installation on Windows 2003 Domain Controller? I remember that 10g R1 had issues with the DC? Is it still the case. Does it work now?
  Any help is appreciated.
  Regards,
  Raghav

  We have Oracle 10g R2 running on a Windows 2003 domain controller. It was not a domain controller when Oracle was installed. The domain was created after installation. (I don't recommend that procedure. I spent a long day fixing the installation after they configured the domain.) If Oracle is unhappy with being on a domain controller, it has not shown it yet.

• What is the proper way to demote a Win 2003 Domain Controller running SQL Server 2008 WorkGroup Edition?

  Hi, 
  What is the proper way to demote a Windows 2003 Domain Controller running SQL Server 2008 WorkGroup Edition? 
  I will be migrating AD from Win 2003 to 2012....
  Thanks in advanced. 

  Running SQL on a domain controller is highly not recommended for performance reasons and for complexities it introduces in the management of both systems (You are already facing this situation now).
  I would recommend proceeding like the following before demoting your domain controller:
  Install a new SQL server on a member server
  Migrate your databases to the new SQL server
  Once done, you can safely demote your DC.
  More if you ask them here: http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=sqlserver
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Upgrading windows server 2003 domain controller to windows server 2008

  Hello friedns :
  We have a company with about 2000 users , and two windows server 2003 domain controllers , one of them acts as a primary domain controller , and the other acts as secondary domain controller , all the FSMO s are on the primary DC ,we have decided to upgrade all of our servers from windows server 2003 to windows server 2008 , the first step is to upgrade the domain controllers to windows server 2008 , our domain controllers are so sensitive and has to be active 24 hours a day , i have stress upgrading it to windows server 2008 , what is the best solution to upgrade it with no risk ?
  ( i have an opinion but i am not sure and i dont have any guide about it , i want to install a windows server 2008 and promote it as an additional domain controller to the windows server 2003 DC and the transfer all the FSMOs to it , and then promote the first domain controller !!! is that possible ? if yes , is there any guide about it? )
  If there is a guide available for it please let me know . (Specially if there is a tip & trick)
  thank you guys.
  Network is my LOVE

  Hi,
  This TechNet online article might be helpful for you.
  How to Upgrade Domain Controllers to Windows Server 2008 or Windows Server 2008 R2
  http://technet.microsoft.com/en-us/library/ee522994(WS.10).aspx
  For your convenience, I have list some general steps for your reference.
  Since the following operation have potential damage to Active Directory database, it is highly suggested that you'd better perform a full backup of Active Directory (System State) firstly. Also it is better to test the following procedure in a similar lab environment first.
  General Steps:
  =============
  1. Verify the new server's TCP/IP configuration has been pointed to the current DNS server.
  2. Make the new server become a member server of the current Windows Server 2003 domain first.
  3. Upgrade the Windows Server 2003 forest schema to Windows Server 2008 schema with the "adprep /forestprep" command on old server.
  Please run the "adprep.exe /forestprep" command from the Windows Server 2008 installation disk on the schema master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
  Drive:\sources\ADPREP\adprep.exe /forestprep
  4. Upgrade the Windows 2003 domain schema with the "adprep /domainprep" command on old server.
  Please run the "adprep.exe /domainprep" command from the Windows Server 2008 installation disk on the infrastructure master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
  Drive:\sources\ADPREP \adprep.exe /domainprep
  5. Insert Windows Server 2008 Installation Disc in the new server.
  6. Run "dcpromo" on new server to promote it as an additional domain controller in existing Windows 2003 domain, afterwards you may verify the installation of Active Directory.
  Please refer to:
  How to Verify an Active Directory Installation in Windows Server 2003
  http://support.microsoft.com/kb/816106
  7. Verify the new server's TCP/IP configuration has been pointed to current DNS server.
  8. Enable Global Catalog on new server and manually Check Replication Topology and afterwards manually trigger replication (Replicate Now) to synchronize Active Directory database between 2 replicas.
  Please note: It will some time to replicate GC between DC, please wait some time with patience.
  9. Disable Global Catalog on the old DC.
  10. Transfer all the FSMO roles from the old DC to the new DC.
  Please refer to:
  How to view and transfer FSMO roles in Windows Server 2003
  http://support.microsoft.com/kb/324801
  11. Verify that the old DNS Server Zone type is Active Directory-Integrated. If not, please refer to:
  How To: Convert DNS Primary Server to Active Directory Integrated
  http://support.microsoft.com/kb/816101
  Note: Active Directory Integrated-Zone is available only if DNS server is a domain controller.
  12. Install DNS component on new server and configure it as a new DNS Server (Active Directory Integrated-Zone is preferred). All the DNS configuration should be replicated to the new DNS server with Active Directory Replication.
  13. Make all the clients change TCP/IP configuration to point to new server as DNS.
  14. You may configure TCP/IP on all the clients, or adjust DHCP scope settings to make them use the new DNS server.
  Please note: It is a good practice to make the old DC offline for several days and check whether everything works normally with the new server online. If so, you may let the old DC online and run DCPROMO to demote it.
  Hope it helps.
  Regards,
  Wilson Jia
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Windows 8.1 Professional users from a Windows 2003 domain to Microsoft IDs

  We've had a Windows 2003 domain for about 10 years. The original reason we created the Windows 2003 domain is no longer valid. (SQL Server integrated security)
  We would like to convert the domain user profiles on the Windows 8.1 boxes to user profiles associated with Microsoft ID's.
  I tested http://www.forensit.com/domain-migration.html but did not have good results. The challenge was the functionality provided by doing Windows Key + W and entering commands such as user, etc did not work. (ie: the store was messed
  up)
  So I am thinking the best way to do this is to convert the domain users to local users and then convert the local users to Microsoft ID users. I believe the conversion from local users to Microsoft ID users is native to Windows 8.1.
  Questions:
  1) Is the Windows 8.1 conversion from local users to Microsoft ID users reliable?
  2) What is the best method to convert a domain user provide to a local user profile on Windows 8.1?
  Thank you in advance for any assistance you may provide.
  Thank you, Bill

  Karen & Milos,
  Thank you for your assistance on this matter.
  Unfortunately, Windows 8.1 Store Apps represent such a massive change in architecture that I don't believe anyone can be 100% positive that copying user profiles will work properly.
  In summary, I've tried the following:
  1) User Profile Wizard v3.7 from Forensit.com - this was the closest but the Windows Store Apps did not work properly
  2) USMT v5.0 - missed many folders and settings
  3)
  http://www.shofkom.com/2009/03/14/how-to-convert-your-domain-profile-to-a-local-profile/ - had to reconfigure many applications and the Start screen and Task bars were not set properly
  4) Variations of
  http://www.nextofwindows.com/how-to-change-user-profile-location-in-windows-8-without-registry-hack/ - same as #3
  5)
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/fac17d6a-3c1b-4188-913e-ac2ec45b3ad6/transferring-from-workgroup-to-domain-keeping-user-profile?forum=winservergen - same as #3
  In summary, I've decided to create the Local User as a Microsoft ID and then manually copy the Documents, Pictures, Downloads, Music, Pictures and Videos. The other settings such as Outlook, Startup, Task Bar, Desktop, and other app settings will be manually
  configured. :-(
  Thank you, Bill

• Migrating from 2003 domain/forest level to 2008R2 with all DC's at 2008R2 and 2 other Domain External and Forest Trusts

  Is there anything that needs to be done or considered when migrating from 2003 domain/forest level to 2008R2 with all DC's at 2008R2 with 2 other 2003 separate Domain incoming
  and outgoing Trusts, one Trust that is a Forest Trust and the other is an External Trust? Is there any chance or risks that doing this upgrade will break either one of these Trust relationships? Some of the user accounts with SID history have been migrated
  from both Domain Trusts to our domain. Any chance that this upgrade will break these relationships for users that are using SID history for access to folders and files in their old Domains? If so what can be done to protect these trusts and SID history, prior
  to moving the Domain to 2008R2

  Hi,   
  Based on my knowledge,
  the Upgrade of the function level do not affect the trust relationship.
  Besides, before you upgrade the Functional Level,
  verify that all DCs in the domain are, at a minimum, at the OS version to which you will raise the functional level.
  Once the Functional Level has been upgraded, new DCs on running on downlevel versions of Windows Server cannot be added to the domain or forest.
  For more information about function level, we can refer to following links:
  Understanding Active Directory Domain Services (AD DS) Functional Levels
  http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
  What is the Impact of Upgrading the Domain or Forest Functional Level?
  http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
  Best Regards,
  Erin

• WIndows 7 and Windows 2008 authentication failed in Windows 2003 Domain

  Hi,
  We have Domain with Windows 2003 and recently Windows 2008 Doamin controllers also added.
  We are facing authentication failure for Windows 7 and Windows 2008 Domain members when user is trying to login.
  Schema Master is on Windows 2003 and remaining roles on Windows 2008 Domain controller.
  Windows XP clients login is working fine.
  Problem si for Windows 7 and Windows 2008 Domain members login.
  Any hint/solution will be really great help.
  Pls share if you have any solutions.
  Regards:Mahesh

  Hi,
  I found some more details about issue
  Below are the events getting generated. It looks like due to encryption mismatch with Windows 2003 Domain and Windows7 and Windows 2008 clients. However i am looking for solution if someone tested this case.
  Event Type:        Error
  Event Source:    KDC
  Event Category:                None
  Event ID:              26
  Date:                     08/06/2014
  Time:                     9:41:04 AM
  User:                     N/A
  Computer:          AAAAAA
  Description:
  While processing an AS request for target service krbtgt, the account ADDADA$ did not  have a suitable key for generating a Kerberos ticket (the missing key has an ID of 2). The requested etypes were 17.  The accounts
  available etypes were 23  -133  -128  3  -140.
  For more information, see Help and Support Center at
  http://go.microsoft.com/fwlink/events.asp.
  Event Type:        Error
  Event Source:    Kerberos
  Event Category:                None
  Event ID:              4
  Date:                     08/06/2014
  Time:                     9:34:17 AM
  User:                     N/A
  Computer:          AAAAAA
  Description:
  The kerberos client received a KRB_AP_ERR_MODIFIED error from the server ADADDFHDHDH$.  The target name used was . This indicates that the password used to encrypt the kerberos service ticket is different than that on the
  target server. Commonly, this is due to identically named  machine accounts in the target realm (DOMAINNAME.COM), and the client realm.   Please contact your system administrator.
  For more information, see Help and Support Center at
  http://go.microsoft.com/fwlink/events.asp.
  Regards:Mahesh

• Logon failure after upgrade Windows 2003 domain functional level and schema

  Before upgrade:
  Windows 2003 Std server: Domain functional level 2000, Schema verion 30
  Crystal Report XI R2: Authentication: Windows AD
  Logon OK.
  After Upgrade:
  Windows 2003 Std + Windows 2008: Domain functional level 2003, Schema verion 44
  Crystal Report XI R2: Authentication: Windows AD
  Logon Error: An error has occurred: java.lan.NullPointerException
  Is it a Tomcat problem?  OR Java runtime problem?  OR XI R2 problem?
  Anyone can help to fix it!?  Thanks!!

  OK, I try again in the testing lab and simplify the combination.  We only consider Windows 2003 ONLY.
  Before AD upgrade:
  AD/Domain Controller: Windows 2003 Std server: Domain functional level 2000, Schema verion 30
  Crystal Report XI R2: run on Windows 2003 memeber server
  Operating OS: Windows XP/Vista/7: Authentication: Windows AD
  Logon OK.
  Upgrade cmbination 1
  Step 1:
  Upgrade Domain controller: Windows 2003 to Windows 2003 R2 (Domain functional level 2000, Schema verion 31 )
  Crystal Report XI R2: run on Windows 2003 memeber server
  Operating OS: Windows XP/Vista/7: Authentication: Windows AD
  Logon OK.
  Step 2:
  Upgrade Domain Functional Level: Windows 2003 R2 (Domain functional level 2003, Schema verion 31)
  Crystal Report XI R2: run on Windows 2003 memeber server
  Operating OS: Windows XP/Vista/7: Authentication: Windows AD
  Logon Fail
  Logon Error: An error has occurred: java.lan.NullPointerException
  Upgrade combination 2
  Direct upgrade Domain Functional Level: Windows 2003 (Domain functional level 2003, Schema verion 30)
  Crystal Report XI R2: run on Windows 2003 memeber server
  Operating OS: Windows XP/Vista/7: Authentication: Windows AD
  Logon Fail
  Logon Error: An error has occurred: java.lan.NullPointerException
  In this testing, we can conclude that the Domain Functional Level upgrade from 2000 to 2003. The MI logon will fail.
  Q1. Crystal Report XI R2 cannot run on Windows 2003 server (Domain Functional Level: 2003)?
  Q2. If Crystal Report XI R2 can run on Domain Functional Leve: 2003, how to fix our problem?
  Do you have any idea to help us?  Thanks!
  Edited by: Initiator on Jul 20, 2010 6:22 AM

• CERT_TRUST_IS_NOT_SIGNATURE_VALID when installing a 3rd-party cert in Windows 2008 Domain Controller

  Hello,
  I'm facing with a problem while trying to install a 3rd-party digital certificate on a Windows 2008 Domain Controller.
  Basically, I'm following this TechNet
  http://technet.microsoft.com/en-us/library/cc783835(v=ws.10).aspx
  1) I did create the file Reqdccert.vbs on the Domain Controller
  2) then I did generate the inf file
  cscript reqdccert.vbs DomainController E
  3) and then I generated a certificate request
  certreq -new AD.inf AD.req
  4) also I've imported RootCA and SubCA into the Certificate Store of the DC
  5) I got a signed certificate from our 3rd-party CA running on Windows 2000
  6) when importing the certificate I get the below error
  C:\>certreq -ACCEPT ad.p7c
  Certificate Request Processor: The signature of the certificate cannot be verifi
  ed. 0x80096004 (-2146869244)
  Here is the verbose log from CAPI2:
  + System 
    - Provider 
     [ Name]  Microsoft-Windows-CAPI2 
     [ Guid]  {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} 
     EventID 11 
     Version 0 
     Level 2 
     Task 11 
     Opcode 2 
     Keywords 0x4000000000000003 
    - TimeCreated 
     [ SystemTime]  2014-06-13T09:33:02.604870500Z 
     EventRecordID 304 
     Correlation 
    - Execution 
     [ ProcessID]  1700 
     [ ThreadID]  3032 
     Channel Microsoft-Windows-CAPI2/Operational 
     Computer ad.eac.igs 
    - Security 
     [ UserID]  S-1-5-21-4171312682-976198474-2692596432-500 
  - UserData 
    - CertGetCertificateChain 
    - Certificate 
     [ fileRef]  4DA02894B4AFB76F8D6B8722A96A3444041573C6.cer 
     [ subjectName]  ad.eac.com 
    - AdditionalStore 
    - Certificate 
     [ fileRef]  691847ADD248AEB8579462249B063A1555716B21.cer 
     [ subjectName]  SubCA 
    - Certificate 
     [ fileRef]  4DA02894B4AFB76F8D6B8722A96A3444041573C6.cer 
     [ subjectName]  ad.eac.com
    - Certificate 
     [ fileRef]  0175DDA12776ED8CA4657E921E9AE3C6B0698F71.cer 
     [ subjectName]  RootCA 
     ExtendedKeyUsage 
    - Flags 
     [ value]  0 
    - ChainEngineInfo 
     [ context]  user 
    - AdditionalInfo 
    - NetworkConnectivityStatus 
     [ value]  1 
     [ _SENSAPI_NETWORK_ALIVE_LAN]  true 
    - CertificateChain 
     [ chainRef]  {0B005F9F-F15B-4FE2-A630-7BBEE6AB5C0A} 
    - TrustStatus 
    - ErrorStatus 
     [ value]  8 
     [ CERT_TRUST_IS_NOT_SIGNATURE_VALID]  true 
    - InfoStatus 
     [ value]  0 
    - ChainElement 
    - Certificate 
     [ fileRef]  4DA02894B4AFB76F8D6B8722A96A3444041573C6.cer 
     [ subjectName]  ad.eac.com 
    - SignatureAlgorithm 
     [ oid]  1.2.840.113549.1.1.11 
     [ hashName]  SHA256 
     [ publicKeyName]  RSA 
    - PublicKeyAlgorithm 
     [ oid]  1.2.840.113549.1.1.1 
     [ publicKeyName]  RSA 
     [ publicKeyLength]  2048 
    - TrustStatus 
    - ErrorStatus 
     [ value]  8 
     [ CERT_TRUST_IS_NOT_SIGNATURE_VALID]  true 
    - InfoStatus 
     [ value]  4 
     [ CERT_TRUST_HAS_NAME_MATCH_ISSUER]  true 
    - ApplicationUsage 
    - Usage 
     [ oid]  1.3.6.1.5.5.7.3.1 
     [ name]  Server Authentication 
    - Usage 
     [ oid]  1.3.6.1.5.5.7.3.2 
     [ name]  Client Authentication 
    - Usage 
     [ oid]  1.3.6.1.4.1.311.20.2.2 
     [ name]  Smart Card Logon 
     IssuanceUsage 
    - ChainElement 
    - Certificate 
     [ fileRef]  691847ADD248AEB8579462249B063A1555716B21.cer 
     [ subjectName]  SubCA 
    - SignatureAlgorithm 
     [ oid]  1.2.840.113549.1.1.5 
     [ hashName]  SHA1 
     [ publicKeyName]  RSA 
    - PublicKeyAlgorithm 
     [ oid]  1.2.840.113549.1.1.1 
     [ publicKeyName]  RSA 
     [ publicKeyLength]  2048 
    - TrustStatus 
    - ErrorStatus 
     [ value]  0 
    - InfoStatus 
     [ value]  101 
     [ CERT_TRUST_HAS_EXACT_MATCH_ISSUER]  true 
     [ CERT_TRUST_HAS_PREFERRED_ISSUER]  true 
    - ApplicationUsage 
     [ any]  true 
     IssuanceUsage 
    - ChainElement 
    - Certificate 
     [ fileRef]  0175DDA12776ED8CA4657E921E9AE3C6B0698F71.cer 
     [ subjectName]  RootCA 
    - SignatureAlgorithm 
     [ oid]  1.2.840.113549.1.1.5 
     [ hashName]  SHA1 
     [ publicKeyName]  RSA 
    - PublicKeyAlgorithm 
     [ oid]  1.2.840.113549.1.1.1 
     [ publicKeyName]  RSA 
     [ publicKeyLength]  2048 
    - TrustStatus 
    - ErrorStatus 
     [ value]  0 
    - InfoStatus 
     [ value]  10C 
     [ CERT_TRUST_HAS_NAME_MATCH_ISSUER]  true 
     [ CERT_TRUST_IS_SELF_SIGNED]  true 
     [ CERT_TRUST_HAS_PREFERRED_ISSUER]  true 
    - ApplicationUsage 
     [ any]  true 
    - IssuanceUsage 
     [ any]  true 
    - EventAuxInfo 
     [ ProcessName]  certreq.exe 
     [ startTime]  2014-06-13T09:32:53.369Z 
     [ endTime]  2014-06-13T09:33:02.604Z 
     [ duration]  PT9.232850S 
    - CorrelationAuxInfo 
     [ TaskId]  {A8DC7725-FEE9-4E09-905A-FEFF7FAE9B8B} 
     [ SeqNumber]  27 
    - Result The signature of the certificate cannot be verified. 
     [ value]  80096004 
  Any idea what the problem is?
  Thanks in advance,
  Davide.

  One common reason for that error is that the wrong SubCA certificate had been imported accidentally - e.g. an earlier 'version' of that SubCA with the same Subject CA name but a different key. In this case the validating client will try to build a chain
  based on name only but finally the signature check fails.
  Could you cross-check if the extension Authority Key Identifier in your DC certificate is the same as the field
  Subject Key Identifier of the SubCA certificate? (These are typically hashes of the keys though it is not standardized - it should be a unique string characteristic for the CA)
  For the client cert. CERT_TRUST_HAS_NAME_MATCH_ISSUER is indicated in your log - thus Isser name in client cert. matches Subject Name in CA cert, but we don't know about SKI/AKI.
  Elke

• Join a mac in a windows 2003 domain

  Hi @ all
  since over 20 years i work as systemengineer. with os , as:
  novell netware,
  microsoft dos , all versions
  micosoft windows 3.1 up to windows 7 and all server versions from ms windows.
  and was certified lotus notes domino developper
  since 2008 i work at home with an macbook, and i love the macintosh very much.
  So i have a new task in my company.
  I have to integrate MacBooks, MacPro, Imac, all with the actual os, in our large windows 2003 domain.
  Please give me help, how i can do this task.
  1. How to install the AppleFileProtocol
  2. Have i install the afp of all servers ? Domain Controllers, Fileservers, Printservers, Exchange Emailservers and so on ?
  3. How can i manage the mircosoft ads with my macintosh.
  Please give me a detailed answer. I need tips, and the solution, because i am very interested, that
  we use more and more macintosh in our company.
  Many thanks
  Stefan .. from Germany

  ok i can work until 19th of july
  on my mac i update to os x lion. what is changed.
  i try to connect with the 2008 windows fileserver and get the offer to connect 3 shares.
  OK., i connect with 3 shares, and have of all the modify right
  on one share i get no access. (could it be that the macuser guest is connected?)
  the local username on the mac is the same username as in the win 2k3 ads
  the passwort is also the same
  since 10.7 lion there is no samba more,
  So how can i connect without problems in the windows network.

• Transferring the Business Objects Server to a another Windows 2003 Domain

  Greeting Everyone
  I am in the process of moving the BOX1 Server (Windows Member) from one Windows 2003 Domain to another and want to make the movement as smooth as possible.
  I am in the process of making a checklist on what needs to be done before and after the movement of the BOX1 Server. With your expertise can you please advise me on the points to be considered on this movement.
  Thanks in advance
  Regards
  Venkat

  Hi Tim
  As usual thanks for your prompt response.
  I am using BOX1 R1 which is working in an unique way (defy all rules) in my environment. The server is located in Domain ABC and the users are located in domain XYZ. That means user is in one domain and server in another domain. Now we going to place the server in the same domain where the users are.
  The answers to your questions are
  Is this just the server that is moving?  Yes. The server is moving from ABC to XYZ
  Is the domain in the same forest as the original? No, They are independent Forests with 1 way trust relationship
  Are all the users that login going to keep using the same domain? Yes.
  What I am worried is that if I move my server between independent forests then all the SIDs (not sure) of the server will also change to my understanding. Worrying part is that will it hamper the the functionality of the server.
  Please also note that FQDN and the IP address will also change.
  Please advise and Thanks once again
  Venkat VS

• 10.4 and Windows 2003 Domain

  Hello,
  We're a 40% Mac environment where all the Macs are bound to our domain and users log in with Mobile accounts. When we first decided to do this, all the Macs played very nicely with our Windows 2000 domain.
  About three months ago, we upgraded our Windows 2000 domain to a Windows 2003 domain and began enforcing stronger password security. Now all of the Mobile accounts on all of our 10.4 machines refuse to let the users change their passwords. Doing so through the Log In window when a password expires does not work. Neither do the controls in System Preferences/Accounts. Neither do the controls in the Kerberos app. It sits and pinwheels for a few minutes, then returns an error about not being able to change the user's password to the password specified.
  I tried adding myself to a few of these computers as a Mobile user and then changing my password, but that didn't work either. So it isn't something held over in the user accounts from the old domain, and it isn't a permissions thing since I'm an administrator on the domain.
  I've dumped all the Directory Access preferences files. Doesn't help.
  Sometimes this behavior can be fixed by unbinding a machine from the domain, deleting the computer's account in Active Directory, then rebinding it to the domain. Lately, that fix has stopped working, and if I remove a machine from the domain, I cannot rebind it to the domain unless I do so using a different computer name - even though the computer account in Active Directory has been deleted.
  Mobile accounts on all of our 10.5 machines can change their passwords without a problem.
  I'm stumped. Anybody got any brilliant ideas? Information on Macs interacting with Windows domains is pretty scarce.

  Hi Scott, and a warm welcome to the forums!
  What Workgroup do you have set on the Mac in Directory Access Utility?
  See if these 2 links help also...
  http://www.macosxhints.com/article.php?story=20050302023720578
  http://allinthehead.com/retro/218/accessing-a-windows-2003-share-from-os-x

• Installing a Windows 2012 Domain Controller into a 2000/2003 domain with Exchange 2003

  Hello,
      I have a client that we are planning to migrate to 2012 over time.  They currently have a Windows 200 DC and 2 member servers running Windows 2003, one of which is running Exchange 2003.
      We first are going to introduce a 2012 server into the domain and my plan was to DCPromo the 2003 server that isn't running Exchange and raise domain level to 2003 and then demote the 2000 server.  I was then going to install the
  2012 server into the domain and make it a backup Domain Controller for the time being and leave the newly promoted Windows 2003 server as the primary Domain Controller with all the roles and global catalog.  My question is will Exchange 2003 still function
  normally in this scenario?
     I've been doing research and read some things about Exchange 2003 not working with 2012 Domain Controllers, but I was thinking if the 2003 is still the primary, it might work.  We will eventually migrate to 2003, they just don't want to
  do it all at once, due to costs and other issues.
  Thanks.

  I didn't ask if it was supported, I just wanted to know if Exchange 2003 would continue
  to function if the Windows 2003 DC still held all the FSMO roles and Global Catalog.
  A not supported situation means that it is a situation where Microsoft made no testing or do not guarantee that you can operate with no problems. Following a not supported scenario could be done but is on your own risk.
  If it won't, can the 2012 server be a member server in the 2003 AD?  The 2000
  DC it is replacing, just shares files on the network in addition to being the lone AD server
  Yes, it can be a member server.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Windows 8.1 cannot change password in Windows 2003 domain level domain

  On several installations of windows 8.1 enterprise, users cannot change passwords by using <ctrl> + <al> + <del> keys and choosing change password. 
  The error is: "The security database on the server does not have a computer account for this workstation trust relationship"
  Fresh Windows 8.1 enterprise installs with no patches to fully patched windows 8.1 enterprise workstations have the problem.  Backed out patches one by one and tested password change without success.  Tried various dell laptops, tablets, and workstations
  but same issue.  Tried VMware guest workstation with windows 8.1 enterprise.  The domain functional level is 2003 with a mixture of Windows 2008 R2 DC's and Windows 2003 DC's.
  The add/remove from domain did not help.  What troubleshooting steps should I take from this point?  Is this related to secure channel failures?  Note: did not find event log entries for the failures in the DC's nor on the workstation. 
  Perhaps I did not search  for the proper entry on the DC's.

  Hi,
  Please find below several possible cause of error “The security database on the server does
  not have a computer account for this workstation trust relationship”
  Secure channel is broken (Can fix by rejoin problematic client to domain)
  AD replication issue. The computer account exists on one domain controller but not others.
  Duplicated SPN (seems not possible)
  So, to narrow down the issue, you need to make sure the AD replication is working fine. Please run command
  repadmin /showrepl * on a DC, then post the result here.
  After that, please run
  set l on a problematic client, then post the result here.
  Moreover, please check on system event log and check if there have any related error of the issue.
  Thanks.

• Migrating windows 2003 standard edition  to windows 2008 enterprise edition

  Hi
  We are using ECC 5.0 and our PRD system is running on windows 2003 standard edition,and recently we have got some physical memory problem.as windows 2003 standard edition supports only 4 GB of RAM. and we want to extend our RAM for that we are planning to upgrade os to windows 2008 enterprise edition,is that possible.and after upgrading OS what are the activities that need to be performed for SAP to run succesfully,kindly suggest.
  Regards
  Pranav

  Hi Markus
  I read note SAP Note 690432 - Windows 2003 Support in it regarding upgradation of os  windows 2003 standard edition to windows 2003 enterprise edition.
  Upgrade of Your Operating System
  If you upgrade an existing SAP system to Windows Server 2003 perform the
  following actions:
  o Install the latest R3DLLINS
  You find the latest dynamic link libraries R3DLLINS for Windows
  Server 2003 on the EXT-Kernel CD in the NTPATCH directory.
  o Replace the R/3 kernel with the EXT-Kernel.
  If you do not replace it you will get error "SICK" after the first
  logon attempt after the start.
  In this case, download the disp+work package(s) from the SAP
  Service Marketplace at service.sap.com/patches and unpack the
  patch(es) to directory usr\sap\exe:
  dw*_<patch-level>
  Use at least patch level 186.
  o Use the latest saposcol version.
  This version supports the changed performance counter of Windows
  Server 2003 to determine values for ST06 and RZ20.
  You can find the latest version in file saposcol_<Patch Level>.CAR.
  in the SAP Service Marketplace.
  o SAP DB only: See SAP Note 315237.o Compatibility of the Hardware with Windows Server 2003
  You can perform the upgrade to Windows Server 2003 only if the
  hardware has been explicitly released for this purpose. To check,
  do one of the following:
  - If the Windows Server 2003 CD is available, check compatibility
  with WINNT32.EXE in the \I386 directory. The exact statement
  is: <DRIVE:>\I386\WINNT32 /CHECKUPGRADEONLY. The result is
  stored as text file WINNT32.LOC in the present Windows
  directory (e.g. C:\WINNT).
  - The hardware has successfully passed SAP hardware certification
  (http://www.addon.de).
  - The hardware is contained in the Microsoft Hardware
  Compatibility List (http://www.microsoft.com/hcl).
  - The hardware has been released for Windows Server 2003 by the
  manufacturer. This information is published on the
  corresponding website.
  o Kerberos Single Sign-On
  When the SAP system is installed on Windows Server 2003 you can
  setup the Kerberos Single Sign-On. If you use the kerberos protocol
  the information exchanged between the SAP frontend and the
  application server for authentication is encrypted.
  The procedure for setting up Single Sign-On is described in all
  recent installation guides which you can download from the SAP
  Service Marketplace at: service.sap.com/instguides.
  o SAP domain under Windows Server 2003
  Follow the instructions of the Windows documentation for the
  migration of a Windows NT 4 domain to Windows 2003. For the SAP
  environment some additional points need to be observed.
  For Windows NT 4 there are two models for the SAP system domain:
  - Single domain
  All users and the SAP system build one single domain. This
  domain can be migrated to Windows Server 2003 and exist there
  as single domain.
  - Additional domain
  There is one domain for the users and a second domain for the
  SAP system(s). For a migration to Windows Server 2003 the SAP
  system domain has to be created as child domain under the user
  domain. A "Top-down" procedure is to be used. The higher domain
  (the user domain) must be migrated prior to the SAP child
  domain. If the user and SAP domain is part of a larger domain
  structure the complete domain structure for Windows Server 2003
  needs to be planned in a preparing phase. Usually, the
  structure created under Windows NT 4 has to be re-arranged and
  consolidated.
  The name space of the root domain and all sub-ordinated domains
  has to be defined and the distribution of the DNS services
  needs to be determined.
  Note the following:
  The SAP domain has to be created as child domain.
  The SAP domain must not be converted into an organizational
  unit (OU). OUs are not supported by R3SETUP and R3up.
  in it nowhere it is mentioned about system copy so plz suggest.