New 2012 server in a mixed 2003 and 2008 domain (in process of upgrading)

Similar Messages

• Remote desktop connection limit in windows 2003 administration as well as in the mixed environment of windows 2003 and 2008 servers

  RDP protocol i.e. Remote desktop connection is configured to perfrom and manage  software administration of ORACLE application and database servers which runs on windows 2003 server.   Two sessions are allowed on each of these servers for database
  administrators. The question is: 
  a) if network administrators who perform window server administration (50+) are included in
  2 sessions limit or do they manage all these servers through Console Session which is separate from the remote desktop connection limits of 2 sessions.  
  b) How is the 2 sessions  limit prescribed by microsoft (more of a licensing limit) handled in the mix environment of windows 2003 and 2008 server where all these servers are managed on the VMWARE?
  avnish sharma

  Hi Avnish,
  Thank you for posting in Windows Server Forum.
  By default any windows server will provide 2 remote session for administration purpose only. No matter which administrator is accessing that server. If you will connect the console session then 3.One server is accessed by 3 Session (console + Remote +
  Remote). When the particular server reached this limit then any working administrator will receive a message to log out as other user trying to access the session or if we had provided the setting then new user is restricted to login.
  If you want more than 2 remote desktop session than you need to purchase TS\RDS CAL, install TS\RD Licensing role, activate it first and then configure CAL on it. There are 2 types of CAL available (USER & DEVICE). You can purchase CAL according to your
  company requirements.
  Hope it helps to understand!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Password Policy - Mixed servers 2003 and 2008

  I Need help!!!!
  So this is my situation. I'm trying to enforce a Company Wide Password Policy via GPO but running into problems. We have no current Password Policy in place (This is the only one). I'm attempting to use the default global policy in Server 2008 and I'm
  testing the GPO on a specific security group, but does not seem to work. It will prompt to change the password, but the other requirements aren't being enforced.
  This is what I'm trying to enforce.
  Expire after: 90 days
  Complexity: Enabled
  Cant reuse last: 12 password
  Lockout time: 15 minutes
  Lock out after: 5 attempts
  Minimum of :8 characters
  Infrastructure: We have a mix of 2003 and 2008 servers. I'm using our 2008 server to enforce the GPO.
  Once I apply the GPO to a specific security group, it will prompt to change the password for the users in that group, but will not enforce all the other policies. This is a major project and we cant deploy this policy all at once (Helpdesk wouldn't
  be able to handle the call volume) so we decided to deploy it by departments/Security groups. We also tried
  We also tried using a fine-grained password policy but just like the GPO, it was only enforcing the password change aspect and not the other requirements like a minimum of 8 characters. Can any help!!!!

  > What if I apply the GPO on the domain root level, and then in the
  > delegation tab, exclude certain groups until we are ready for it to
  > apply to that department?   Will hat work?
  No. Read again - in 2003, there is ONE password policy for the DOMAIN,
  not for individual accounts.
  Technically this works the following way: Password policies are picked
  up by every member computer. But on these, password policies only apply
  to LOCAL accounts, not to domain accounts.
  On the other hand, there are Domain Controllers. The PDC emulator is the
  only one of these that will pick up Password policies - and only if they
  are linked to the domain. And so, these apply to all "local" accounts on
  the PDC, which in fact are the domain accounts.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• SAP Server upgrade from Windows 2003 and 2008 R2 with Oracle Database

  Hi,
  We need to upgrade upgrade our Windows servers that are running our SAP systems from Windows Server 2003 to Windows Server 2008 R2.  We are using Microsoft Clustering for HA so an inplace upgrade seems not possible.
  Someone has suggested to us that we will need to export our database and reimport it to achieve this upgrade however but I cannot understand why this would be necessary (we are not changing the underlying filesystem!).
  Could someone please confirm whether a database export and import is required for this OS upgrade scenario?  I have done a bit of research but nothing has jumped out and now I need an answer to this quickly.
  We are running
  - ERP 6.0 NW 7.01 (soon to be 7.02 with ABAP stack only)
  - XI(PI) Java & ABAP
  - SRM (Java & ABAP)
  - Portal (Java only)
  - PLM (Java & ABAP)
  - BW (BI 7.0) (Java and ABAP)
  Thank You
  Felicity

  Hello,
  You need to go for 'Homogeneous System Copy' to achieve this, but since almost all the systems in your landscape include the Java Stack as well - so the system copy with Export/Import is to be carried out.
  Even if you are not going for file system change, but it is a Windows environment and you can't put SAP up on the target Windows (windows 2008 R2) just by copying the contents and file system from source to target. You need SAPinst to create the registry and all. - On top of that you have Java stacks involved, so for java stack you can't carry out just backup/restore method to put SAP up there on target - so you need Export/import because for java stack some OS level dump is to be collected during system copy from source and it needs to be imported on target OS.
  Are you clear on this one ?
  Read system copy guide once and Search in OSS for the Notes to check how to upgrade from Windows 2003 to Windows 2008 R2.
  Thanks

• Limit Administrator Access to only OS Level functions on a Windows 2003 (and up) Domain Controller Server

  <p>I have read several articles such as:</p><p>1.&nbsp; <a href="http://social.technet.microsoft.com/Forums/windowsserver/en-US/9c723f4a-51a7-4844-9dc6-0017355d694c/limited-administrative-on-domain-controller?forum=winserverDS">http://social.technet.microsoft.com/Forums/windowsserver/en-US/9c723f4a-51a7-4844-9dc6-0017355d694c/limited-administrative-on-domain-controller?forum=winserverDS</a></p><p>2.&nbsp;
  Active_Directory_Delegation.doc</p><p>Consider that a domain controller, doing no other functions than domain based functions (ie no file server, printer or app server) - is managed in two parts:&nbsp; The OS-only level, to read log files,
  server health monitoring, install OS-level Micrsoft security patching and the second part being Domain management level - Users and Computers, Domains and Trusts, etc).</p><p>For a given domain controller server, an outsourced support&nbsp;group&nbsp;needs
  to be responsible for the OS-only level access - they need no access to the Domain management level functions so they can fufill contractual obligations (SLAs) for server uptime, patching etc.&nbsp; </p><p>For the same given domain controller
  server above, there is an internal (non-outsourced) support group that will perform all Domain management level functions only.&nbsp; They want to manage the Domain on the Domain Controller servers, want the Outsourcer to manage the VM and OS-related tasks,
  but DO NOT want them to be able to access and change information in Users and Computers, Domains and Trusts etc.&nbsp; </p><p>With that explaination, would putting the Outsourcer's AD-based account IDs in the Server Operators group alone be
  sufficient to allow OS-level management, like patching, reboots, etc but disallow access to Domain Management functionality (Users and Computers etc) - or does it need to be a combination of built in groups and delgated rights?</p><p>Please consider
  that I am seeking a technical solution here&nbsp;- do not respond with "either trust your Domain Administrators or keep your junior admins from the server" as that is not a viable solution.&nbsp; </p>
  Jason B. Allen

  Hi Jason,
  According to your description, you want to assign the OS-level management and Domain management rights to two groups separately, right?
  Based on my research, members of Server Operators group don’t have sufficient rights to install updates for Domain Controllers, you can refer to this article below:
  Default groups
  http://technet.microsoft.com/en-us/library/cc756898(v=WS.10).aspx
  You can configure Allow non-administrators to receive update notifications group policy so that non-administrative users will be able to install all optional, recommended, and important updates content for which
  they received a notification, except some updates which contain User Interface, End User License Agreement and so on, which still require domain admin credentials.
  To enable non-administrator users the ability of logging onto and shutting down DCs,
  Allow logon locally and Shut down the System rights should be granted.
  In addition, reading logs and monitoring server performance rights are included on Performance Log Users and Performance Monitor Users groups.
  More information for you:
  Step 5: Configure Group Policy Settings for Automatic Updates
  http://technet.microsoft.com/en-us/library/dn595129.aspx
  User Rights Assignment
  http://technet.microsoft.com/en-us/library/cc780182(v=WS.10).aspx
  I hope this helps.
  Amy Wang

• How do I add a Mac to a Windows Server 2003 or 2008 domain?

  I recently started working for a public school district that runs Windows Server 2003 and Windows Server 2008 R2. There are several faculty members, myself included, that would like to get their Macs onto the domain and capable of file sharing, printing to network printers, etc. I cannot find decent instructions anywhere. Could someone please point me in the right direction or give me some directions? It would be greatly appreciated. Thanks.

  I'm also new to the MAC world - I trust you were able to join the MAC's to the domain - I finally figured it out. However, I have not been able to get the MAC's to save to the Windows 2008 server where I have student folders setup. Have you been able to do this? If so can share the info with us.
  Thanks,
  Steve
  [email protected]
  Newport School District

• Windows 8.1 will not allow me to join a domain Setting up a new 2012 server, and am trying to join laptops running Windows 8.1 to this new domain. When I go to properties for This Computer, Join a domain wizard is greyed out. Can I join a Windows 8.1 com

  Windows 8.1 will not allow me to join a domain
  I am trying to join laptops running Windows 8.1 to  domain. When I go to properties for This Computer, Join a domain wizard is greyed out. Can I join a Windows 8.1 computer to a domain?

  Have you verified that your Windows 8.1 is a Pro or Enterprise edition? The Basic edition cannot join a domain.

• ADprep failure promoting 2012 server to DC on 2003 domain

  Run repadmin /syncall and see if you get errors. If you do not get any run adprep again.

  Hello: I am new and I hope I am posting this in the right place:
  I promoting a 2012 R2 server to DC in a 2003 domain. The account I am using is the Domain Admin, Schema Admin, Enterprise Admin.
  Here's the error:
  Adprep failed to verify whether schema master has completed a replication cycle after last reboot
  Server extended error : 8344 server extended message: 00002098
  Error code: 0x32. Server extended error code: 0x2098, server error message 00002098: secerr: dsid-03151d7d, problem 4003 (insuff_access_rights). Data 0
  This topic first appeared in the Spiceworks Community

• How to configure AD on windows 2012 server for Exchange 2013 internal and external email flow

  Dear Experts,
  I have to configure exchange 2013 on Windows server 2012 STD. Company has registered Static IP addresses and can get the MX record pointing to any of this Static IP.  
  The registered domain name is e.g.  contoso.com. 
  a. What should I use as domain name on AD? contoso.com or contoso.local
  b. Is it recommended to have two different servers  for AD and Exchange?
  c. What should be my connector settings for mail flow?
  d. how can I set 2 email servers in company for load balancing?

  Hi,
  a, I suggest use contoso.com as domain name. It is convenient to add urls into our certificate for internal and external mail flow.
  b, Recommended that installing AD
  and Exchange Server on two separate
  Servers. If Exchange Server downed unfortunately, it can prevent AD server from crushing at the same time.
  c, Found some articles for your reference:
  Configure Mail Flow and Client Access
  http://technet.microsoft.com/en-us/library/jj218640(v=exchg.150).aspx
  Configuring Outbound Mail Flow in Exchange Server 2013
  http://exchangeserverpro.com/configuring-outbound-mail-flow-in-exchange-server-2013/
  d, Load Balancing
  http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Best way to spec a new Linux server from existing Windows 2003 server?

  We are looking to upgrade our servers to 11.1.2 and I am looking for some documentation/suggestions on the best way to spec the new box on a Linux platform.
  I do have the current documentation from ORACLE with regard to "Estimating Disk and Memory Requirements" but am looking for some processor suggestions as well..
  Any thoughts or ideas would be welcomed.
  Especially helpful would be anyone who is currently running in a Linux environment any pitfalls or issues you've been having with hardware or software.
  Thanks in advance.
  Adam,

  I don't think it is possible to recommend you any hardware setup without knowing your environment, budget and expertise.
  If you plan to install Enterprise Linux, like Oracle Linux, you should look into getting server hardware and not a desktop system. You may also want think about using Oracle VM virtualization products.
  Are you looking for rackmount or blade systems? it might be possible to limit your hardware decision between HP, Dell and IBM. I would personally prefer HP, but that's a matter of experience.
  You should probably find out your OS requirements. E-business products and installation instructions are usually designed for the OS version that existed at that time. If you install a newer version of the OS you may run into configuration or backward compatibility issues that may require to install additional software. You should check your OS requirements first before purchasing any hardware. The newest hardware may not support older versions of the OS.
  The HP support side shows a Linux certification matrix at: http://h18000.www1.hp.com/products/servers/linux/hplinuxcert.html which might be helpful should you decide to get HP equipment.
  You might also want to check your current Oracle licensing if you upgrade to a faster or more CPU's.

• Permission and ownership in Server 2003 and 2008 file server

  I have an issue but I am not sure if these are the designs of the file server permissions. I have one user who has the modify rights to modify/read and create folders in a share folder. In the share folder, she had created a subfolder; so she should
  be the owner of the subfolder and her security permission is modify. By right, modify does not have the rights to assign the permission to other users but as owner, she does. Does this mean that the folder owner supersede the security? And is this possible
  to avoid this? eg. folder owner but does not have the rights to assign permissions to other user to access. Thanks a lot.

  Hi Thim,
  >>Does this mean that the folder owner supersede the security?
  If the user is the Owner of the folder, he or she should have Full Control permissions to the folder,
  which means the user can do anything to the folder.
  >>And is this possible to avoid this? eg. folder owner but does not have the rights to assign permissions to other user to access.
  As far as I know, unless we deprive the user of the ownership, we can't achieve this.
  Regarding file and folder permissions, the following article can be referred to for more information.
  File and Folder Permissions
  http://technet.microsoft.com/en-us/library/cc732880.aspx
  Best regards,
  Frank Shen

• Web JetAdmin 10.2 (SR5) Fails to start on server 2003 and 2008

  Web JetAdmin 10.2 Fails to start : console not running - "Waiting for service start"
  Please help to troubleshoot the problem

  The OLD SQL DB has "SQL_Latin1_General_CP1_CI_AS"
  The NEW SQL DB has "Latin1_General_CI_AS"
  The following error is shown in HPWJAService-XXXXXXXXXX.itl under DEVICE:\Documents and Settings\NetworkService\Local Settings\Application Data\Hewlett-Packard\HPWebJetadmin\WjaService\tracing
      * Database initialization failed: Error 468, Level 16, State 9, Procedure -, Line 15, Message: Cannot resolve the collation conflict between "Latin1_General_CI_AS" and "SQL_Latin1_General_CP1_CI_AS" in the equal to operation.
  and
      * Unable to determine managed schema version: Schema version information not found.
  I think this is the problem...

• Zone transfer between 2003 and 2008

  Hi I am new in windows servers and I am studying about it , While doing practical of DNS, I am unable to transfer dns zones from  server 2008 to server 2003. Server 2008 has installed AD and DNS, 2003 server also have installed DNS but it is just
  connected to 2008 and its not part of domain.
  Is it important to make secondary or additional domain controller to 2003 server  of 2008 sever before transferring dns zones?

  Hi,
  According to your description, it seems that it is an AD-integrated zone.
  An AD Integrated is stored in the AD database, and the zone will replicate to other domain controllers within the same replication scope automatically as part of the
  AD replication process. By default, AD integrated zones are configured to not allow zone transfers. Allowing zone transfers is an option provided to support non-DC DNS servers, BIND or any other name brand DNS server that you want to allow zone transfers to
  a secondary on those servers.
  In your case, if you want to make the Windows Server 2003 as an additional DC, then zone transfer is not needed. If not, you can configure zone transfer and add the
  IP address of the Windows Server 2003 to the zone transfer tab in the properties of the zone in DNS console.
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Vb scripts to remove the user from the member of perticular group (say from domain admin) from windows servers 2003 and 2008

  Hi,
  I need VB script which to checks the perticular user in AD and if it exists;that user needs to be removed from the member of perticular group
  Ex:- Lets say
  I have a user 783562 , I need to search this user in AD to verify user exists or not. If not then I no need to remove the mebership from perticular group
  Second scenario:-
  If user exists then I need to remove the user membership from the perticular group.I want to do it in automation
  Manual Path:-
  1.Type dsa.msc in run command of IT session(we using it to connect remote desktop).
  2. Select the domain & right click (EX:-corp.ds.xxyyzz.com) and select "Find" to find the user form the domain.
  3. Type the user name in the Name field and click on "Find Now" button user name will be displayed in search result.
  4. Double click on this user ID and select "Member Of" tab.
  5. Select any member of group from the Name section then click on "Remove" button.
  6. Finally click on "Apply" and "OK" button.
  Kindly help me out to do this by using vb script.
  Thanks
  Raja

  Usage: CScript NameOfVBS.vbs //NOLOGO /User:Jane.Doe /GroupDN:CN=Group1,DC=Contoso,DC=com
  Option Explicit
  On Error Resume Next
  Dim str_User
  Dim str_GroupDN
  Dim obj_Connection
  Dim obj_Command
  Dim obj_RootDSE
  Dim str_DNSDomain
  Dim str_Base
  Dim str_Filter
  Dim str_Attributes
  Dim str_Query
  Dim obj_RecordSet
  Dim obj_Group
  Dim str_ADsPath
  Dim obj_User
  str_User = WScript.Arguments.Named("User")
  str_GroupDN = WScript.Arguments.Named("GroupDN")
  If Len(Trim(str_User)) > 0 And Len(Trim(str_GroupDN)) > 0 Then
  Set obj_Connection = CreateObject("ADODB.Connection")
  Set obj_Command = CreateObject("ADODB.Command")
  obj_Connection.Provider = "ADsDSOOBject"
  obj_Connection.Open "Active Directory Provider"
  Set obj_Command.ActiveConnection = obj_Connection
  Set obj_RootDSE = GetObject("LDAP://RootDSE")
  str_DNSDomain = obj_RootDSE.Get("defaultNamingContext")
  str_Base = "<LDAP://" & str_DNSDomain & ">"
  str_Filter = "(&(objectCategory=person)(sAMAccountName=" & str_User & "))"
  str_Attributes = "cn,ADsPath"
  str_Query = str_Base & ";" & str_Filter & ";" & str_Attributes & ";subtree"
  obj_Command.CommandText = str_Query
  obj_Command.Properties("Page Size") = 1000
  obj_Command.Properties("Timeout") = 1
  obj_Command.Properties("Cache Results") = False
  Set obj_RecordSet = obj_Command.Execute
  obj_RecordSet.MoveFirst
  If obj_RecordSet.RecordCount = 0 Then
  WScript.Echo str_User & " was not found"
  Else
  Set obj_Group = GetObject("LDAP://" & str_GroupDN)
  str_ADsPath = obj_RecordSet.Fields("ADsPath")
  Set obj_User = GetObject(str_ADsPath)
  obj_Group.Remove(obj_User.AdsPath)
  If Err.Number = 0 Then
  WScript.Echo str_User & " was removed from group " & str_GroupDN
  ElseIf Err.Number = -2147016651 Then
  WScript.Echo str_User & " not a member of group " & str_GroupDN
  Else
  WScript.Echo str_User & " error removing from group " & str_GroupDN
  End If
  End If
  End If

• Windows swerver 2003 and 2008

  group policy apply win server2003, 2008r2 pen drive only not work remaning all usb keyboard, mouse, printer, scanner, data card all work guide me  give me the best guide  for this  group policy

  Hi jaysheelan,
  Would you please share us more details of the issue ?Which group policy have you configured ?
  What is the exact need here ,restrict the USB hardware ?
  If that is the issue ,you may be interested in this link:
  Managing Hardware Restrictions via Group Policy
  https://technet.microsoft.com/en-us/magazine/2007.06.grouppolicy.aspx
  Best regards
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]