New Branch Office Opening. Active Directory Options

Hello.
Our company has a new branch site in Canada that's been in operation for some time now. the "admin" of that branch office is wanting to setup 2 new domain controllers, i was going to suggest that we could add a Canada site via Active directory
sites and services and configure it that way.
he suggested that he would like the to have a separate domain name, for instance if we're contoso.co.uk, they want to be contoso.ca
is the best option in this situation to have them setup there own domain and then just federate between them?
i have good experience with AD but as were a small company (geographically) so i have little knowledge of multi site / federation topology.
any suggestions would be most welcome. 
Many Thanks

Hello
If you decide to deploy new Domain this will lead to new administrative tasks to able to support users(creating trust to support access to resources in other domain, other suit of GPOs etc.). Instead if second site is added this will be more simple solution.
semi -solution is to have child domain which back again will lead to other admin tasks. Also Recommendation by the vendor to have simple solution.

Similar Messages

  • Proper Configuration of DNS server for our new branch office

    Hi All,
    Our new office will setup a new branch office with a routed network link to our HO. In HO, we have 2 domain controllers configured as AD and DNS just for fail over scenarios.
    How will we configure the DNS server of our 3rd domain controller which we will placed in the new branch office. What would be the proper settings of DNS server integrated to AD to work well especially to have a successful replication and communication to
    the 2 DC's located in HO?

    Hi,
    If you have multiple DC's in that site i would recommend using any of the partner DC's IP addresses as preferred one and secondary DNS IP to pointing to itself. Dont use loopback addresses configure it with actual IP addresses.
    If you have only one server in branch office point itself as the primary DNS and HO DC as secondary and tertiary.
    Make sure that all clients in your branch site are pointing to the branch DC as primary DNS server.
    Regards,
    Rafic
    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

  • Not able to open active directory user and computer in windows server 2008r2

    Hi All techies,
    i would like to know one issue which i am facing mostly, i have created 5 virtual machine all with window server2008r2 and one windows 7 on vm-ware now when ever i start my virtual machines everything going rite but when i try to open active directory user/
    computer or domain and trust i get a following error "data from active directory user and computers is not available from dc(null) bcoz unspecified error" even when i chk in events log its give me no help, and after 15-30 min everything works good
    Please let me know the cause of it and really appreciate it .
    Thanks
    Atul

    You need to ensure that
    1. group policy that says "wait for network before logon" is applied to all computers including servers and workstations is applied
    2. DNS record exists for all DCs in DNS
    3. If there are multiple Domain Controllers in Forests, then they point them as secondary DNS server. This way they will be able to resolve IPs if local DNS server service takes time to start.
    As Chris mentioned, you need to start all DCs first, give a time of 5 minutes and then start member servers and workstations for successful logon.
    - Sarvesh Goel - Enterprise Messaging Administrator

  • Server 2008 R2 DNS Server can not open active directory erro 4000

    The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly
    and reload the zone. The event data is the error code. Error 4000
    This just started happening yesterday. Also File service and print server is unable to contact because of this error. I have no lookup zones. When I try and go to the DNS server I get a message The server VETSALDC could be contacted The error was Access
    Denied. Would you like to add it anyway?
    PLEASE HELP

    Hi,
    According to your description, my understanding is that DNS unable to open Active Directory with error 4000.
    This happens when that particular DC/DNS server has lost its Secure channel with itself or PDC. This can also happen in a single DC environment where that DC/DNS server holds all the FSMO roles and is pointing to itself as Primary DNS server.
    You may check AD DS using command line “DCdiag” (run as administrator). besides, you may try to stop and restart AD DS service(detailed steps reference the link:
    http://technet.microsoft.com/en-us/library/cc732714(WS.10).aspx ), make sure that the AD DS is running correctly.
    Then restart the DNS service, detailed steps reference the link:
    http://technet.microsoft.com/en-us/library/cc735673(v=ws.10).aspx .
    If the problem still exits, is there any other DC or DNS on your network? Post the TCP/IP parameters (ipconfig /all) of DC and DNS here.
    Best Regards,           
    Eve Wang     
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • New Branch Office - High Security

    Hello
    we plan to have 5 branch offices each with around 40 users. All branches will be in different geographical locations. Best Security needs to be implemented in all branches. All services email, SAP, Portals are hosted in the HeadOffice Datacenter. Each Branch will have dedicated internet 5MB for Voice and DATA
    Guidelines for security  -
    ensure users cannot insert usb or cd on laptops /desktops
    laptops/desktops are allowed to access restrictive internet from Office
    Outside Laptops / Tablets not allowed to connect to network but allowed internet via wireless using Guest
    to access internet from home or Cafe users needs to connect to office VPN and then access from local Internet server (Proxy)
    vendors proposed following ;-
    3921 router for branch
    ASA 5510 for branch
    3945 router for HeadOffice ( VPN )
    Filtering - Web Washer - Mcafee
    Experts can advice what hardware will best fit on branches, what other devices I need to achieve the above goals
    Thanks
    Vishal

    Hello Vishal,
    I would recommend the following:
    For Branches:
    1-  Cisco : 2921 : Voice Licensed (you dont need a higher end above this series for 40 users).
    2-  Cisco ASA 5510: (This will be your Security appliance at each branch).
    For Head Quarter:
    1-  Cisco ASA 5520: (This Will be Your HQ Security Appliance).
    2-  Cisco 3925 or 3945 router (Voice Licensed).
    For Your Security Guidelines, here is my answers:
    ensure users cannot insert usb or cd on laptops /desktops
    FOr this purpose, you Can disable the administrative privelege on the Notebooks and PCs for All users and remove the software driver for thier USPs.
    laptops/desktops are allowed to access restrictive internet from Office
    FOr this Purpose, I would recommend using Cisco IronPort WebFiltering, it Can be easily Integrated with your Active Directory and Enforces all Filtering Policy you would require.
    Outside Laptops / Tablets not allowed to connect to network but allowed internet via wireless using Guest
    For this Purpose, I would recommend deploying Wireless LAN Controller at your HQ to have benefit and full advantage of managing your Wireless Infrastructure.
    to access internet from home or Cafe users needs to connect to office VPN and then access from local Internet server (Proxy)
    FOr this Purpose , I would also say Your Best Option is to have Remote Access VPN & (VPN Client) deployed at all employee's Notebook. Though, You Can have another Option which to have SSL-VPN deployed at your HQ, but this will have additional cost as its added value featured licensed per number of users.
    Let me Know if this answers your Question Or if you require additional assistance.
    Regards,
    Mohamed

  • After rebooting ML server, unable to open active directory.  Error msg is Unable to open requested node error -14006.

    This active directory is a replica of master on 2nd Mac Mini server which still thinks replica is there (perhaps it is) and will not let us delete in order to recreate.  Both servers are running 10.8.4.  Nothing changed on either server, simply did a reboot.  When we logged in, Active Directory was turned off and when trying to turn on or access received message "Unable to open the requested node.  The node LDAPV3/127.0.0.1 could not be opened because of an unexpected error -14006".
    Does any one have experience with this and how can we recover?  Thanks in advance for your help.

    Hi again,
    I've been able to run Reports by changing the "Reports_Tmp" key in the Registry under:
    Hkey_local_machine\software\oracle\home0\
    to the D:\ drive

  • Can not open Active Directory Users and Computers

    Problem Reported:
    Out of the blue this has started happening:
    When I go to "Active Directory Users and Computers" I get this message.
    "MMC cannot open the file C:\WINDOWS\system32\dsa.msc.
    This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file.
    Additional information:
    This is a server that has been in use for 2+ years with active directory users that can and do login everyday.
    As far as I know the system has no backup.
    dsa.msc IS located in the system32 folder
    I am using the administrator account.
    OS:
    Microsoft Windows Server 2003 R2
    Standard x64 Edition
    Service Pack 2
    Please help with detail. Thank you.

    Have you tried to uninstall ADUC administrative tool and re-install it again? If no, please give a try. 
    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Get Active Directory User Last Logon
    Create an Active Directory test domain similar to the production one
    Management of test accounts in an Active Directory production domain - Part I
    Management of test accounts in an Active Directory production domain - Part II
    Management of test accounts in an Active Directory production domain - Part III
    Reset Active Directory user password

  • New Server 2012 install - Active Directory not working properly

    We recently converted from 2003 to 2012. Our 2012 R2 server seems to be running fine. We did a DCPROMO on the OLD 2003 DC just fine but now there are all sorts of odd errors (Sharepoint can't authenticate users, Can't run Exchange 2013 on another 2012 server
    because it can't find AD, etc.)
    on the DC we have a Group Policy error 1096. "Group Policy Object LDAP://CN=User,cn={2B476B3E-2749-4B1B-8EC1-F5672A66F94F},cn=policies,cn=system,DC=mydom,DC=local\\mydom.local\SysVol\mydom.local\Policies\{2B476B3E-2749-4B1B-8EC1-F5672A66F94F}\User\registry.pol"
    So far I haven't found anything on how to fix this (and the AD itself.) There are some errors in the DCDIAG log, too:
          Starting test: NetLogons
             Unable to connect to the NETLOGON share! (\\ISD-DC1\netlogon)
             [ISD-DC1] An net use or LsaPolicy operation failed with error 67,
             The network name cannot be found..
    Starting test: FrsEvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
    Any suggestions how we can fix these errors are greatly appreciated!

    Hi,
    Did you migrate the Active Directory from Windows server 2003 to Windows server 2012?
    Please refer to this article:
    https://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
    Regards.
    Vivian Wang

  • To make a new site or not? (for branch office with small number of people)

    We have a main office, with our DC (DC01) and a single site (SiteHO), and we are about to open up a new branch office in another city.  This branch office is connected to the head office via a 5 Mbps MPLS network.  The branch office will have around
    5-7 domain joined workstations, and the people there will require access to the existing file and exchange servers in the head office. 
    I was thinking about not adding a RODC in the branch office and not creating another site in AD for the branch office either.  My thinking is that since the number of users is relatively low, it doesn't warrant having a new RODC and site.  The
    traffic generated by the 5-7 user logon activities will be minimal, and the local profiles are stored on the workstations (no roaming profiles), so there shouldn't be much WAN link impact.  Obviously I would have to add the subnet from the branch office
    to the SiteHO site. 
    Can anybody think of something wrong with my reasoning?

    I think the dedicated line has a little to do with AD since its used both to authenticate the users and move the data.
    I am not sure what bandwith you get from an internet provider in your location, but for example you might get a 100Mb internet connection from an ISP. A VPN tunnel over a 100Mb internet connection I am guessing is faster then a 5Mb guaranteed MPLS link.
    The advantage of MPLS is that you can have QoS policies for voice and video traffic.
    If users move 'very large files' perhaps a local file server might be an good option. DFS replication can save a lot of bandwidth in that case. And then you would have 'local resources' in the branch and in case of wan failure the users will not be able
    to access the local file server resource. So you would need a secondary DC in that location.
    And if they are moving the files think (and check) the impact on the MPLS, because authentication requests go through that link, Exchange traffic (RPC MAPI) goes through that link so these might be affected. For example, lets say you have 2GB mailboxes.
    All Outlook users use OST files. One user's profile gets corrupted and needs to be rebuilt. The Outlook client sets up a fresh OST copy of the mailbox so now its downloading a 2GB mailbox copy over a 5Mb MPLS while some other user is moving a 'large file'.
    By local resources I am referring to file servers, printers, applications in the branch location that require AD authentication. Authentication works with both VPN and MPLS and in case the wan/vpn is down users can even log in with
    cached credentials.
    Hope it helps.
    http://mariusene.wordpress.com/

  • DNS and Active Directory error 4000 server 2008

    Hello all,
    My network skills aren't very good and I'm facing a dilemma. First off we have two Windows servers on the network. The newest is 2008 Standard (named Vader) and the other is 2000 (dells3). Obviously I'd like to get rid of the 2000, but the people in charge
    of my budget haven't given me the option to do so and it's the only back up we have.
    Earlier in the week we had lots of problems. One of our nas boxes locked everyone out who was mapped to it and it would only let me log in through the web portal. Two of our Macs our marketing department uses suddenly locked up and wouldn't let them back
    in (both were part of the Active Directory). A second nas box won't let certain people map to it and for awhile I had issues logging into Vader itself.
    I believe all of these problems are connected to some issues on Vader and possibly in conduction with dells3. In Server Manager under DNS I get error 4000 "The DNS server was unable to open Active Directory. 
    This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code."
    Then under Active Directory Domain Services I get error 2042 "It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded
    the tombstone lifetime. Replication has been stopped with this source."
    Followed by more text I can post if needed.
    Under File Services error 1202 "The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the
    next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues."
    And finally if I try to open Active Directory Domains and Trusts "The configuration information describing this enterprise is not available. The server is not operational."
    I'm not sure where to start or what to post that might help. Any and all help is appreciated.
    Edit: Also I can only add dells3 as the DNS on Vader in the DNS Manager if I try to add Vader to itself I get an error.

    It's the other way around.  Overall, I'm advising ripping the 2008 server out of AD and adding it back . Let's look at this as a series of steps:
    1.) You do a force demote of the 2008 server because it's tombstoned.  This means the 2008 server is no longer a DC. You are doing a force because it doesn't have the ability to replicate.  If it could replicate, we'd just do a graceful demotion
    and be done with it.
    2.) Once the 2008 server is demoted, we go to the 2000 server which holds the only good copy of AD.  From that server we run a metadata cleanup using the ntdsutil utility.  We use that utility to clean out references to the 2008 server which is
    no longer a DC.
    3.) Once you have a clean AD, you can then promote the 2008 server back into Active Directory.  Make sure Vader is pointing to Dells3 as its primary DNS server before promoting or you'll run into issues.
    Hopefully that clarifies things. 

  • Active directory users and computers wont start on a dc, "the server is not operational"

    In our environment, we have 3 dc's 
    two which run server 2008 (they work perfectly)
    and one never off branch dc that runs server 2008 r2.
    We have been having some problems where we feel the replication isnt up too speed(stuff could take up to 24 hours to replicate) and now when i tried opening active directory users and computers i am met with this error window:
    We have a third party DNS solution.
    How do i troubleshoot this issue?

    dc01 (which replicates perfectly with dc02, and vise versa)
    dcdiag /test:dns
    C:\Users\adminuser>dcdiag /test:dns
    Domain Controller Diagnosis
    Performing initial setup:
    Done gathering initial info.
    Doing initial required tests
    Testing server: Hostingpartner\ourdc01
    Starting test: Connectivity
    ......................... ourDC01 passed test Connectivity
    Doing primary tests
    Testing server: Hostingpartner\ourdc01
    DNS Tests are running and not hung. Please wait a few minutes...
    Running partition tests on : ForestDnsZones
    Running partition tests on : DomainDnsZones
    Running partition tests on : Schema
    Running partition tests on : Configuration
    Running partition tests on : int
    Running enterprise tests on : int.domain.com
    Starting test: DNS
    Test results for domain controllers:
    DC: ourdc01.int.domain.com
    Domain: int.domain.com
    TEST: Delegations (Del)
    Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain domaindnszones.int.domain.com.]
    Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain forestdnszones.int.domain.com.]
    Summary of test results for DNS servers used by the above domain controllers:
    DNS server: xx.xx.xx.32 (ourdc02.int.domain.com.)
    2 test failures on this DNS server
    Delegation is broken for the domain domaindnszones.int.domain.com. on the DNS server xx.xx.xx.32
    Delegation is broken for the domain forestdnszones.int.domain.com. on the DNS server xx.xx.xx.32
    Summary of DNS test results:
    Auth Basc Forw Del Dyn RReg Ext
    Domain: int.domain.com
    ourdc01 PASS PASS PASS FAIL n/a PASS n/a
    ......................... int.domain.com failed test DNS
    dcdiag on dc01(which can replicate with dc02)
    C:\Users\adminuser>dcdiag
    Domain Controller Diagnosis
    Performing initial setup:
    Done gathering initial info.
    Doing initial required tests
    Testing server: hostingpartner\ourdc01
    Starting test: Connectivity
    ......................... OURDC01 passed test Connectivity
    Doing primary tests
    Testing server: hostingpartner\ourdc01
    Starting test: Replications
    [Replications Check,OURDC01] DsReplicaGetInfoW(PENDING_OPS) failed with error 8453,
    Win32 Error 8453.
    ......................... OURDC01 failed test Replications
    Starting test: NCSecDesc
    ......................... OURDC01 passed test NCSecDesc
    Starting test: NetLogons
    [OURDC01] User credentials does not have permission to perform this operation.
    The account used for this test must have network logon privileges
    for this machine's domain.
    ......................... OURDC01 failed test NetLogons
    Starting test: Advertising
    ......................... OURDC01 passed test Advertising
    Starting test: KnowsOfRoleHolders
    ......................... OURDC01 passed test KnowsOfRoleHolders
    Starting test: RidManager
    ......................... OURDC01 passed test RidManager
    Starting test: MachineAccount
    ......................... OURDC01 passed test MachineAccount
    Starting test: Services
    ......................... OURDC01 passed test Services
    Starting test: ObjectsReplicated
    ......................... OURDC01 passed test ObjectsReplicated
    Starting test: frssysvol
    ......................... OURDC01 passed test frssysvol
    Starting test: frsevent
    ......................... OURDC01 passed test frsevent
    Starting test: kccevent
    ......................... OURDC01 passed test kccevent
    Starting test: systemlog
    An Error Event occured. EventID: 0xC0002719
    Time Generated: 04/04/2013 15:04:29
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0002719
    Time Generated: 04/04/2013 15:04:50
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0002719
    Time Generated: 04/04/2013 15:10:56
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0002719
    Time Generated: 04/04/2013 15:11:17
    (Event String could not be retrieved)
    ......................... OURDC01 failed test systemlog
    Starting test: VerifyReferences
    ......................... OURDC01 passed test VerifyReferences
    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom
    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom
    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom
    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom
    Running partition tests on : int
    Starting test: CrossRefValidation
    ......................... int passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... int passed test CheckSDRefDom
    Running enterprise tests on : int.domain.com
    Starting test: Intersite
    ......................... int.domain.com passed test Intersite
    Starting test: FsmoCheck
    ......................... int.domain.com passed test FsmoCheck
    The problematic dc03:
    Dcdiag gives the same output as dcdiag /test:dns
    C:\Users\adminuser>dcdiag
    Directory Server Diagnosis
    Performing initial setup:
    Trying to find home server...
    Home Server = OURDC03
    Ldap search capabality attribute search failed on server NTSDC03, return
    value = 81
    We have an infoblox dns server on ip address xxx.y.y.251.
    first error in event logs on dc03:
    error 1863
    This is the replication status for the following directory partition on this directory server.
    Directory partition:
    CN=Configuration,DC=int,DC=domain,DC=com
    This directory server has not received replication information from a number of directory servers within the configured latency interval.
    Latency Interval (Hours):
    24
    Number of directory servers in all sites:
    2
    Number of directory servers in this site:
    2
    The latency interval can be modified with the following registry key.
    Registry Key:
    HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
    To identify the directory servers by name, use the dcdiag.exe tool.
    You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".
    i have also go several warning 2088, 2093, 2087.
    And errors 1863 pointing to different directory partitions like schema/configuration/domaindnszones/forestdnszones

  • TMG 2010 to connect Branch Office

    We have TMG 2010 installed for proxy solution. Recently we opened new branch office but they are unable to internet through proxy. I have added the route add command in TMG Server.
    route add 10.24.84.0 mask 255.255.255.224 10.24.30.20 -p           - Branch 1
    route add 10.24.86.0 mask 255.255.255.224 10.24.30.20 -p                           - Branch 2
    10.24.30.20 is our core router IP...
    Is there any configuration required in core router and branch office router...Branch office users can access all server service except proxy solution.Please advice

    HI
    In your branch office,
    YOu need to ensure that internal Branch office subnet is able to reach TMG server. Need route to TMG networ from branch office on branch office Router,
    TMG should have route to reach Branch office network.
    Add branch office subnet as internal in TMG network range

  • How to list all the Fields for an Active Directory Object

    How do I list all the fields that an Active Directory object contains? I know the most common ones, but would like to enumerate through all the fields and obtain the type of fields and their values...

    Here is my complete code - I only put snippets so that the post was not too huge...
    Option Explicit
    Const ADS_SCOPE_SUBTREE = 2
    Const ForReading = 1, ForWriting = 2, ForAppending = 8
    Dim adoCommand, adoConnection, adoRecordSet
    Dim dtmDate, dtmValue
    Dim j
    Dim lngBias, lngBiasKey, lngHigh, lngLow, lngValue
    Dim objADObject, objClass, objDate, objFile, objFSO, objRootDSE, objShell
    Dim pathToScript
    Dim strAdsPath, strConfig, strDNSDomain, strHex, strItem, strProperty, strValue
    Dim strFilter, strQuery
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objShell = CreateObject("Wscript.Shell")
    pathToScript = objShell.CurrentDirectory
    Set objFile = objFSO.CreateTextFile(pathToScript & "\TestAD.csv")
    ' Determine Time Zone bias in local registry.
    ' This bias changes with Daylight Savings Time.
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias")
    If (UCase(TypeName(lngBiasKey)) = "LONG") Then
    lngBias = lngBiasKey
    ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
    lngBias = 0
    For j = 0 To UBound(lngBiasKey)
    lngBias = lngBias + (lngBiasKey(j) * 256^j)
    Next
    End If
    ' Determine configuration context and DNS domain from RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strConfig = objRootDSE.Get("configurationNamingContext")
    strDNSDomain = objRootDSE.Get("defaultNamingContext")
    Set adoCommand = CreateObject("ADODB.Command")
    Set adoConnection = CreateObject("ADODB.Connection")
    adoConnection.Provider = "ADsDSOObject"
    adoConnection.Open "Active Directory Provider"
    adoCommand.ActiveConnection = adoConnection
    adoCommand.CommandText = "SELECT * FROM 'LDAP://" & strDNSDomain & "'WHERE objectClass=user'"
    adoCommand.Properties("Page Size") = 1000
    adoCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
    Set adoRecordSet = adoCommand.Execute
    Set adoRecordSet = adoCommand.Execute
    adoRecordSet.MoveFirst
    Do Until adoRecordSet.EOF
    strAdsPath = adoRecordSet.Fields("ADsPath").Value
    ' Bind to Active Directory object specified.
    Set objADObject = GetObject(strAdsPath)
    Set objClass = GetObject(objADObject.Schema)
    ' Write which object is grabbed from AD
    objFile.Write(Replace(strAdsPath, ",", ";;;"))
    ' Enumerate mandatory object properties.
    For Each strProperty In objClass.MandatoryProperties
    On Error Resume Next
    strValue = objADObject.Get(strProperty)
    If (Err.Number = 0) Then
    On Error GoTo 0
    If (TypeName(strValue) = "String") Or (TypeName(strValue) = "Long") Or (TypeName(strValue) = "Date") Then
    objFile.Write("," & strProperty & "|||" & Replace(CStr(strValue), ",", ";;;"))
    ElseIf (TypeName(strValue) = "Byte()") Then
    strHex = OctetToHexStr(strValue)
    objFile.Write("," & strProperty & "|||" & CStr(strHex))
    ElseIf (TypeName(strValue) = "Variant()") Then
    For Each strItem In strValue
    On Error Resume Next
    objFile.Write("," & strProperty & "|||" & Replace(CStr(strItem), ",", ";;;"))
    If (Err.Number <> 0) Then
    On Error GoTo 0
    objFile.Write("," & strProperty & "|||Value cannot be displayed")
    End If
    On Error GoTo 0
    Next
    ElseIf (TypeName(strValue) = "Boolean") Then
    objFile.Write("," & strProperty & "|||" & CBool(strValue))
    Else
    objFile.Write("," & strProperty & "|||Type:" & TypeName(strValue))
    End If
    Else
    Err.Clear
    sColl = objADObject.GetEx(strProperty)
    If (Err.Number = 0) Then
    For Each strItem In sColl
    objFile.Write("," & strProperty & "|||" & CStr(strItem))
    If (Err.Number <> 0) Then
    objFile.Write("," & strProperty & "|||Value cannot be displayed")
    End If
    Next
    On Error GoTo 0
    Else
    Err.Clear
    Set objDate = objADObject.Get(strProperty)
    If (Err.Number = 0) Then
    lngHigh = objDate.HighPart
    If (Err.Number = 0) Then
    lngLow = objDate.LowPart
    If (lngLow < 0) Then
    lngHigh = lngHigh + 1
    End If
    lngValue = (lngHigh * (2 ^ 32)) + lngLow
    If (lngValue > 120000000000000000) Then
    dtmValue = #1/1/1601# + (lngValue / 600000000 - lngBias) / 1440
    On Error Resume Next
    dtmDate = CDate(dtmValue)
    If (Err.Number <> 0) Then
    objFile.Write("," & strProperty & "|||<Never>")
    Else
    objFile.Write("," & strProperty & "|||" & CStr(dtmDate))
    End If
    Else
    objFile.Write("," & strProperty & "|||" & FormatNumber(lngValue, 0))
    End If
    Else
    objFile.Write("," & strProperty & "|||Value cannot be displayed")
    End If
    Else
    On Error GoTo 0
    objFile.Write("," & strProperty)
    End If
    On Error GoTo 0
    End If
    End If
    Next
    ' Enumerate optional object properties.
    For Each strProperty In objClass.OptionalProperties
    On Error Resume Next
    strValue = objADObject.Get(strProperty)
    If (Err.Number = 0) Then
    On Error GoTo 0
    If (TypeName(strValue) = "String") Then
    objFile.Write("," & strProperty & "|||" & Replace(CStr(strValue), ",", ";;;"))
    ElseIf (TypeName(strValue) = "Long") Then
    objFile.Write("," & strProperty & "|||" & Replace(CStr(strValue), ",", ";;;"))
    ElseIf (TypeName(strValue) = "Date") Then
    objFile.Write("," & strProperty & "|||" & Replace(CStr(strValue), ",", ";;;"))
    ElseIf (TypeName(strValue) = "Byte()") Then
    strHex = OctetToHexStr(strValue)
    objFile.Write("," & strProperty & "|||" & CStr(strHex))
    ElseIf (TypeName(strValue) = "Variant()") Then
    For Each strItem In strValue
    On Error Resume Next
    objFile.Write("," & strProperty & "|||" & Replace(CStr(strItem), ",", ";;;"))
    If (Err.Number <> 0) Then
    On Error GoTo 0
    objFile.Write("," & strProperty & "|||Value cannot be displayed")
    End If
    On Error GoTo 0
    Next
    ElseIf (TypeName(strValue) = "Boolean") Then
    objFile.Write("," & strProperty & "|||" & CBool(strValue))
    Else
    objFile.Write("," & strProperty & "|||Type:" & TypeName(strValue))
    End If
    Else
    Err.Clear
    sColl = objADObject.GetEx(strProperty)
    If (Err.Number = 0) Then
    For Each strItem In sColl
    objFile.Write("," & strProperty & "|||" & CStr(strItem))
    If (Err.Number <> 0) Then
    objFile.Write("," & strProperty & "|||Value cannot be displayed")
    End If
    Next
    On Error GoTo 0
    Else
    Err.Clear
    Set objDate = objADObject.Get(strProperty)
    If (Err.Number = 0) Then
    lngHigh = objDate.HighPart
    If (Err.Number = 0) Then
    lngLow = objDate.LowPart
    If (lngLow < 0) Then
    lngHigh = lngHigh + 1
    End If
    lngValue = (lngHigh * (2 ^ 32)) + lngLow
    If (lngValue > 120000000000000000) Then
    dtmValue = #1/1/1601# + (lngValue / 600000000 - lngBias) / 1440
    On Error Resume Next
    dtmDate = CDate(dtmValue)
    If (Err.Number <> 0) Then
    objFile.Write("," & strProperty & "|||<Never>")
    Else
    objFile.Write("," & strProperty & "|||" & CStr(dtmDate))
    End If
    Else
    objFile.Write("," & strProperty & "|||" & lngValue)
    End If
    Else
    objFile.Write("," & strProperty & "|||Value cannot be displayed")
    End If
    Else
    On Error GoTo 0
    objFile.Write("," & strProperty & "||| ")
    End If
    On Error GoTo 0
    End If
    End If
    Next
    objFile.WriteLine("")
    adoRecordSet.MoveNext
    Loop
    objFile.Close
    ' Function to convert OctetString (Byte Array) to a hex string.
    Function OctetToHexStr(arrbytOctet)
    Dim k
    OctetToHexStr = ""
    For k = 1 To Lenb(arrbytOctet)
    OctetToHexStr = OctetToHexStr _
    & Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
    Next
    End Function
    I have been able to obtain all the Computer, Contact, Group and OU objects without issue with this code...

  • Free Self Service Active Directory Account Unlock and Reset Solution:

    ....I’m testing a new self service suitefor Active Directory,(Call2unlock).  It is based on IVR and a web config tool.    This is the Link.   http://www.call2unlock.com/So far I’m impressed, the configuration is simple and the users just need to dial by phone to an internal extension to unlock or reset their accounts.  It can be integrated to any PBX.    The good part is that they have a free version up to 500 users.  
    This topic first appeared in the Spiceworks Community

    Hello,
    also Microsoft provides the option with FIM 2010 and Forefront Identity manager to have self service for password reset:
    http://blog.msresource.net/2011/05/03/fim-self-service-password-reset-sspr-and-active-directory-password-policy/
    http://blog.msresource.net/2011/11/24/self-service-password-reset-sspr-question-and-answer-qa-gate-complexity-criteria-in-fim-2010-r2/
    http://technet.microsoft.com/en-us/edge/Video/ff945082 http://technet.microsoft.com/en-us/library/ee534892(WS.10).aspx
    http://support.microsoft.com/kb/2443871
    And your tool is as trial to download.
    http://www.sysoptools.com/password-reset-pro.aspx http://www.tools4ever.com/products/self-service-reset-password-management/
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • Windows 2008 Server - Cannot run Active Directory Users and Computers

    Hi,
    I am running Windows 2008 Server with latest windows updates installed. Directory Services Role also.
    I attempt to open Active Directory Users and Computers tool and I get a;
    Microsoft Visual C++ Runtime Library error;
    "The Application has requested the runtime to terminate it in a unusual way. Please contact the application's support team for more information"
    I click ok, then get the following debug info;
    Problem signature:
    Problem Event Name: APPCRASH
    Application Name: mmc.exe
    Application Version: 6.0.6001.18000
    Application Timestamp: 47919524
    Fault Module Name: msvcrt.dll
    Fault Module Version: 7.0.6001.18000
    Fault Module Timestamp: 4791ad6b
    Exception Code: 40000015
    Exception Offset: 0000000000029b06
    OS Version: 6.0.6001.2.1.0.272.7
    Locale ID: 3081
    Additional Information 1: 43aa
    Additional Information 2: cf3a46656318492c1997480001b6b0e0
    Additional Information 3: 3837
    Additional Information 4: 92f72e0d0589ff77cef51e0a413aeff6
    Read our privacy statement:
    http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
    If someone could please assist, it would be very much appreciated.
    Regards
    B

     
    Hi,
    To solidly troubleshoot this kind of issue, we need to debug dump file. A suggestion would be to contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
    To obtain the phone numbers for specific technology request please take a look at the web site listed below:
    http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
    However, I am also glad to share my research.
    Some third party applications may lead to this error. Please check if you install other third party applications on Windows server 2008?
    Also, please follow the article below to perform necessary steps to see how it's going?
    FIX: You receive an "invalid page fault in module MSVCRT.DLL" error message after you install the run-time libraries from Visual C++ 6.0
    http://support.microsoft.com/kb/190536/en-us
    Hope this helps.
    Best wishes
    Morgan Che

Maybe you are looking for

  • Newbie: form doesn't display any records

    Forgive me, I am new to forms. I created a form with a tab canvas. I have 3 blocks (2 related to the first). When I run the form, it comes up with a blank record. I can't navigate to any records, I get an error that says record must be entered or del

  • Audio problems importing Supertintin files

    We use Premiere Pro to edit small videos as part of our work, but none of us are professional video editors. We've been recording Skype interviews with Supertintin, which produces MP4 files. When we brought these into PP, we were getting horrendous a

  • Why do photos take up so much space on my phone?

    I have an iPhone 5, 16 gigs. I have 174 photos and 22 videos and it says that the photos take up 3.6g of my memory... My friend has over 2k photos and hers is at 4gigs. I saved my photos to iPhoto and I deleted all my photos and ran a test, I made su

  • Can you make VOIP Calls with an iPod Touch ?

    I know you can surf the web. Can you use skype or other browser based phone companies? Are you Sure? Why or Why not?

  • Termination fee

    If your contract term results from your purchase of an advanced  device, your early termination fee will be $350 minus $10 for each full  month of your contract term that you complete. What does this mean?