Promote 2012 R2 in a 2008 R2 domain

My shop is all 2008 R2 domain controllers and all workstations are win7 x64 so my question is simple I want to promote a 2012 R2 server to a DC (later this year we are buying win 8.1 workstations and thought that a 2012 R2 DC would make sense) has anyone
ran into any gotchas or issues by doing this?
MSB

Tim is correct. You can add 2012 R2 DCs to a 2008 R2 domain, they will simply run at the lower functional level. My question would be is this necessary? There is no reason to upgrade the domain in order to support the new clients. The biggest concern I can
think of is the new Group Policy administrative templates for Win 8.1, but those are easily added to the central store in the domain by copying them from the new clients.
My general thinking about upgrading the domain is that it should only be done if there is an express need at the domain level. As Tim mentioned, some applications may not function at a higher level. Upgrading a client OS is not a reason to upgrade the domain.

Similar Messages

  • ADprep failure promoting 2012 server to DC on 2003 domain

    Run repadmin /syncall and see if you get errors. If you do not get any run adprep again.

    Hello: I am new and I hope I am posting this in the right place:
    I promoting a 2012 R2 server to DC in a 2003 domain. The account I am using is the Domain Admin, Schema Admin, Enterprise Admin.
    Here's the error:
    Adprep failed to verify whether schema master has completed a replication cycle after last reboot
    Server extended error : 8344 server extended message: 00002098
    Error code: 0x32. Server extended error code: 0x2098, server error message 00002098: secerr: dsid-03151d7d, problem 4003 (insuff_access_rights). Data 0
    This topic first appeared in the Spiceworks Community

  • Add Windows Server 2012 R2 domain controller to Windows 2008 R2 domain

    Hi,
    Have today 2 x Windows Server 2008 R2 domain controllers, and domain and functional level 2008 R2.
    We now want to replace these DC`s with Windows Server 2012 R2.
    My plan is as follow
    - Install and promote a Windows Server 2012 R2 as a 3 DC`s with a temporary hostname and IP as DC3
    - Install and promote a second Windows Server 2012 R2 as a 4 DC`s with a temporary hostname and IP as DC4
    - Decomiss DC1 and remove this host. Change the IP and hostname of the new DC3 to DC1
    - Move FSMO roles from DC2 to DC1 and decomiss DC2
    - Change the IP and hostname of the new DC4 to DC2
    Will this be a ok progress ? I will offcours to have the DC`s replicate information between them before doing each task.
    /Regards Andreas

    Hi,
    Only error i got running dcdiag was the following
     Starting test: NCSecDesc
        Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
           Replicating Directory Changes In Filtered Set
        access rights for the naming context:
        DC=ForestDnsZones,DC=domain,DC=local
        Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
           Replicating Directory Changes In Filtered Set
        access rights for the naming context:
        DC=DomainDnsZones,DC=domain,DC=local
        ......................... DC1 failed test NCSecDesc
    Is this a problem ?
    I would guess not since im not implementing a RODC ? Ref:
    https://support.microsoft.com/en-us/kb/967482?wa=wsignin1.0
    You can ignore it.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Server 2012 std not able to see Domain, DC and DNS on Win SBS 2008 std Domain

    Hi There
    I have a HP ML 110 G5 SBS 2008 std server as my DC on my network. I recently added a HP Microserver running Server 2012 std (with no roles or features installed) to act solely as a file server for a 3rd party program as the program was not running efficiently
    on the main server.
    The problem I am having now is that the 2012 server keeps falling off the domain and cannot contact DNS server. I have also had to re-enable remote desktop several times. It also shows the 2012 Server as being on a private firewall profile and not on the
    domain firewall profile but I suspect that this is part of the same problem. 
    the resulting problem that this is causing is that the local machines that need to contact an SQL database on the 2012 fileserver intermittently either time out or are very slow to connect.  
    So far I have tried: 
    Switching from Static IP to DHCP. 
    Re-adding the server to the domain. 
    Stopping and restarting DNS services on the DC.
    Checking physical Network connections and routing.
    Putting the 2012 server into the same Organizational Unit as the 2008 DC. 
    Has anyone else encountered this problem when adding a 2012 server to a 2008 domain?  I have a feeling that the solution is probably something simple that I've overlooked, but I can't think what.  Any help would be greatly appreciated. 
    Regards
    Russ
    Also, as some additional info -
    Event viewer gives the following errors:
    Group Policy Error:
    Log Name:      System
    Source:        Microsoft-Windows-GroupPolicy
    Date:          2015-04-27 01:17:51 PM
    Event ID:      1129
    Task Category: None
    Level:         Error
    Keywords:      
    User:          SYSTEM
    Computer:      [SERVERNAME].[DOMAIN].local
    Description:
    The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has
    successfully processed. If you do not see a success message for several hours, then contact your administrator.
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
    <EventID>1129</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2015-04-27T11:17:51.111942100Z" />
    <EventRecordID>19056</EventRecordID>
    <Correlation ActivityID="{C0CBAF2B-1E93-49C0-B910-069AE43F74B2}" />
    <Execution ProcessID="732" ThreadID="1336" />
    <Channel>System</Channel>
    <Computer>[SERVERNAME].[DOMAIN].local</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <EventData>
    <Data Name="SupportInfo1">1</Data>
    <Data Name="SupportInfo2">1548</Data>
    <Data Name="ProcessingMode">0</Data>
    <Data Name="ProcessingTimeInMilliseconds">0</Data>
    <Data Name="ErrorCode">1222</Data>
    <Data Name="ErrorDescription">The network is not present or not started. </Data>
    </EventData>
    </Event>
    DNS Error:
    Log Name:      System
    Source:        Microsoft-Windows-DNS-Client
    Date:          2015-04-27 04:54:58 PM
    Event ID:      8015
    Task Category: (1028)
    Level:         Warning
    Keywords:      
    User:          NETWORK SERVICE
    Computer:      [SERVERNAME].[DOMAIN].local
    Description:
    The system failed to register host (A or AAAA) resource records (RRs) for network adapter with settings:
               Adapter Name : {3DDD0E46-D879-48C0-9DF6-5FAC0F1A56C4}
               Host Name : [SERVERNAME]
               Primary Domain Suffix : [DOMAIN].local
               DNS server list :
    192.168.2.10
               Sent update to server : <?>
               IP Address(es) :
                 192.168.2.15
    The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running
    at this time. You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <EventID>8015</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>1028</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2015-04-27T14:54:58.599130300Z" />
    <EventRecordID>19105</EventRecordID>
    <Correlation />
    <Execution ProcessID="856" ThreadID="952" />
    <Channel>System</Channel>
    <Computer>[SERVERNAME].[DOMAIN].local</Computer>
    <Security UserID="S-1-5-20" />
    </System>
    <EventData>
    <Data Name="AdapterName">{3DDD0E46-D879-48C0-9DF6-5FAC0F1A56C4}</Data>
    <Data Name="HostName">[SERVERNAME]</Data>
    <Data Name="AdapterSuffixName">[DOMAIN].local</Data>
    <Data Name="DnsServerList"> 192.168.2.10</Data>
    <Data Name="Sent UpdateServer">&lt;?&gt;</Data>
    <Data Name="Ipaddress">192.168.2.15</Data>
    <Data Name="ErrorCode">1460</Data>
    </EventData>
    </Event>

    Can you post an ipconfig /all from the server and the DC?
    Robert Pearman SBS MVP
    itauthority.co.uk |
    Title(Required)
    Facebook |
    Twitter |
    Linked in |
    Google+

  • First 2012 R2 server in 2008 domain (same name and IP)

    Hi all,
    Think I know the answer to this but wanted to double-check. I'm installing a Windows 2012 R2 server. It is our first 2012 server in our 2008 R2 environment. It will also be our first 2012 DC. It will be replacing an old 2008 R2 DC and will have the same
    name and IP as the old 2008 server. I have several other DCs in place and they handle DHCP and DNS. The DHCP server service is not currently running on the old 2008 server to be decommissioned, and the DNS settings in DHCP server/scope options point to other
    servers than the server to be shut down.
    Plan is to demote the old 2008 R2 server, wait 24 hours for directory replication and check that all instances of the old server is gone from AD, then rename the old server and assign different IP address. At that point I'll assign the 2012 server the old
    server's original IP address and name, then run Server Manager to promote the 2012 server to a DC. Then migrate data.
    So, when running DCPROMO to demote the old 2008 server, I'm asked if I want to delete the DNS delegations pointing to this server. Should I? I tend to think I should NOT because the new 2012 server will have the same name and IP as the old one, and that
    the DHCP/DNS settings as configured point to other servers anyway. Does that make sense?
    Thanks in advance,
    Sir_Timbit

    Hi Timbit,
    Here is a nice walkthrough article below which is written by Ace:
    Remove an Old DC and Introduce a New DC with the Same Name and IP Address
    http://blogs.msmvps.com/acefekay/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address/
    Best Regards,
    Amy

  • Windows Server 2012 DFS on a Windows 2008 R2 domain

    Hello All,
    Quick question. We would like to take advantage of the improvements in DFS replication provided by Server 2012. However I am hesitant to upgrade our domain controllers (currently running 2008 R2. My question is.
    Can DFS replica partner servers currently running 2008R2 be upgraded (preferably in place) to Server 2012 and managed by 2008 R2 DC's?
    If so what do I lose by not having 2012 DC? Any issues to speak of?
    This topic first appeared in the Spiceworks Community

    The only true intellectual property (IP) for Internet companies is not scale or infrastructure but data, both in terms of quality and quantity, Flipkart's outgoing CTO Amod Malviya said during his keynote address on the future patterns in data processing at The Fifth Elephant conference in Bangalore."Today, I understand better than a Samsung why a particular phone sells less or more as against its competition. I am able to do that because I have access to a lot more fine-grain data about customer behaviour as and when they come on to a product page and what is the actual product that they end up buying." Malviya said."At what point in time I start using that in order to make this IP useful is a separate matter but that doesn't take away the fact that data is really the true IP." he added...Read More
    Read More

  • Downgrading a DC running Server 2012 R2 to Server 2008 R2

    This is NOT a licensing question. All I see when searching this question are answers about licensing. I already have the licensing. My question is, is it possible to downgrade a domain controller that is running Server 2012 R2 to Server 2008 R2? I mistakingly
    raised the functional level of my domain from server 2003 to 2012 R2 before upgrading my exchange server running 2003 and now I have no way to migrate my exchange server. Ideally, I would like to just downgrade the DC to Server 2008 R2 and upgrade everything
    else to that level as well, including Exchange Server 2010. Any relevant input would be greatly appreciated.

    here you go Exchange 2010 Sp3 RU5 .....
    Active Directory Domain Controllers running Windows Server 2012 R2
    Active Directory Forest Function Level and Domain Functional Level of Windows Server 2012 R2
    The following is not supported:
    Installing Exchange Server 2010 SP3 RU5 on a Windows Server 2012 R2 server
    http://exchangeserverpro.com/exchange-server-2010-support-windows-server-2012-r2/
    --oz

  • Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...."

    Hi,
    Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...."
    DC:windows Server 2008 R2
    Domain functional level:Windows Server 2003
    When Winxp join domain, have no this error message.
    I checked http://support.microsoft.com/kb/2018583?wa=wsignin1.0 does't work.
    There have 3 suggestion in this article:
    1.The "Disable NetBIOS over TCP/IP" checkbox has been disabled in the IPv4 properties of the computer being joined.
    Doesnt's work.
    2.Connectivity over UDP port 137 is blocked between client and the helper DC servicing the join operation in the target domain.
    On my DC, I run netstat -an, reslut as below:
     UDP    192.168.20.3:137       *:*
    3.The TCP/IPv4 protocol has been disabled so that the client being joined or the DC in the destination domain targeted by the LDAP BIND is running TCP/IPv6 only.
    We are not using IPV6.
    This server recently updated from Windows Server 2003 to Windows Server 2008 R2. Before upgrade, when Win7 and Win2008 join this domain, also have the same error message.
    Please help to check this issue.
    Thank you very much.
    BR
    Guo YingHui 

    Hi Guo Ying,
    I have faced this critical error which makes over-writes the host names in the domain when you join.
    For example: Already you had a host name called as PC.domain.com in the domain.com Domain.
    When you try to add the another host name called as PC in the domain.com Domain, it doesn't give you the duplicate name error on the network it does over-write the existing host name called as PC.domain.com & it will add the new host name into the domain.
    Host name which got over-written will get removed from the domain. I faced this issue in my project. My DPM host name got removed from the Domain & new host name got joined into the domain which halted my backups for one day.
    Final Resolution is as follows:
    You need to start the dns console on the DC & drop down the domain name.
    Select the _msdcs when you click on _msdcs it will show the Name Server's list on the right hand side.
    You need to add the Domain Naming Master under the _msdcs or add all the domain controllers which you had.
    After you add the Name server's try joining the PC OR Laptop to the domain which is successfully joins it.
    Regards
    Anand S
    Thanks & Regards Anand Sunka MCSA+CCNA+MCTS

  • How to Reset Windows 2008/R2 Domain Administrator Password

    How to Reset Windows Server 2008/R2 Domain Administrator password if forgot or lost it?
    It is annoying and bad to forget a Windows Server 2008/r2 Domain administrator login password. It is troublesome unless you have that Windows Server 2008/r2 password reset disk. We can still find several tricks to reset Windows Server Domain password but they require a mass of operations and waste a lot of time. For example, you can reset Windows Server 2008/R2 domain administrator password with an installation disk but it requires you to type a mass of command line. So today I want to share everyone an omnipotent method to reset Windows Server 2008/R2 Domain/local administrator password. You need the following 3 things.
    An accessible PC.
    A USB/CD/DVD flash drive.
    The Windows password reset tool Daossoft Windows Password Rescuer.
    Then it requires 4 steps as below:
    Step 1: Download and install Daossoft Windows Password Rescuer into that accessible computer.
    Step 2: Burn it to the flash drive.
    Step 3: Boot your Windows Server computer from the flash drive.
    Step 4: Follow its instruction and click “Reset Password” button to reset your Windows 2008/R2 Domain/Local administrator password.
    More details in this video: Windows Server 2008 R2 Password Reset - Reset Domain or Local Password.

    It wasn't difficult to reset the domain password and I think Microsoft's policy of not providing an easy forward way is to create an
    illusion of security which is not there. Linux systems that are much more secure that MSFT software allow easy password reset when physical access is there so why not include the same tools in System Repair tools or using F8?
    Anyhow, this guide helped me reset the password in 5 minutes. Read the bottom of it to find the scripted / automatic version of the process:
    http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
    Thanks,

  • Windows 2008 R2 Domain Controller (PDC) - NTP server - time showing local CMOS clock

    I'm having issues setting an external source on a Windows 2008 R2 domain controller (PDC emulator role for the domain)
    Here is the output showing its source is the Local CMOS clock.
    C:\Windows\System32>w32tm /query /status
    Leap Indicator: 0(no warning)
    Stratum: 1 (primary reference - syncd by radio clock)
    Precision: -6 (15.625ms per tick)
    Root Delay: 0.0000000s
    Root Dispersion: 10.0000000s
    ReferenceId: 0x4C4F434C (source name:  "LOCL")
    Last Successful Sync Time: 06/11/2014 15:44:15
    Source: Local CMOS Clock
    Poll Interval: 6 (64s)
    1) I have performed the following on the DC with the PDC role:
    net stop w32time
    w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org"
    w32tm /config /reliable:yes
    net start w32time
    w32tm /query /configuration 
    [Configuration]
    EventLogFlags: 2 (Local)
    AnnounceFlags: 5 (Local)
    TimeJumpAuditOffset: 28800 (Local)
    MinPollInterval: 6 (Local)
    MaxPollInterval: 10 (Local)
    MaxNegPhaseCorrection: 172800 (Local)
    MaxPosPhaseCorrection: 172800 (Local)
    MaxAllowedPhaseOffset: 300 (Local)
    FrequencyCorrectRate: 4 (Local)
    PollAdjustFactor: 5 (Local)
    LargePhaseOffset: 50000000 (Local)
    SpikeWatchPeriod: 900 (Local)
    LocalClockDispersion: 10 (Local)
    HoldPeriod: 5 (Local)
    PhaseCorrectRate: 7 (Local)
    UpdateInterval: 100 (Local)
    [TimeProviders]
    NtpClient (Local)
    DllName: C:\Windows\System32\w32time.DLL (Local)
    Enabled: 1 (Local)
    InputProvider: 1 (Local)
    AllowNonstandardModeCombinations: 1 (Local)
    ResolvePeerBackoffMinutes: 15 (Local)
    ResolvePeerBackoffMaxTimes: 7 (Local)
    CompatibilityFlags: 2147483648 (Local)
    EventLogFlags: 1 (Local)
    LargeSampleSkew: 3 (Local)
    SpecialPollInterval: 3600 (Local)
    Type: NTP (Local)
    NtpServer: 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org (Local)
    NtpServer (Local)
    DllName: C:\Windows\System32\w32time.DLL (Local)
    Enabled: 1 (Local)
    InputProvider: 0 (Local)
    AllowNonstandardModeCombinations: 1 (Local)
    VMICTimeProvider (Local)
    DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
    Enabled: 1 (Local)
    InputProvider: 1 (Local)
    But still showing the output:
    C:\Windows\System32>w32tm /query /status
    Leap Indicator: 0(no warning)
    Stratum: 1 (primary reference - syncd by radio clock)
    Precision: -6 (15.625ms per tick)
    Root Delay: 0.0000000s
    Root Dispersion: 10.0000000s
    ReferenceId: 0x4C4F434C (source name:  "LOCL")
    Last Successful Sync Time: 06/11/2014 15:58:45
    Source: Local CMOS Clock
    Poll Interval: 6 (64s)
    2. If I resync and rediscover the following error appears: 
    w32tm /resync /rediscover 
    Sending resync command to local computer
    The computer did not resync because no time data was available.
    3. I've also clearing the current time config, by
    net stop w32time
    w32tm /unregister
    w32tm /register
    net start w32time
    But no change, it still shows the Local CMOS clock. 
    4. This event is showing 
    Log Name:      System
    Source:        Microsoft-Windows-Time-Service
    Date:          06/11/2014 15:43:30
    Event ID:      12
    Task Category: None
    Level:         Warning
    Keywords:      
    User:          LOCAL SERVICE
    Computer:      domaincontroller1
    Description:
    Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.
    It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy.
    If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Time-Service" Guid="{06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}" />
        <EventID>12</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2014-11-06T15:43:30.465619200Z" />
        <EventRecordID>77295</EventRecordID>
        <Correlation />
        <Execution ProcessID="256" ThreadID="2056" />
        <Channel>System</Channel>
        <Computer>domaincontroller1</Computer>
        <Security UserID="SID" />
      </System>
      <EventData Name="TMP_EVENT_DOMAIN_HIERARCHY_ROOT">
      </EventData>
    </Event>
    5. If I perform the below it appears DC2 is having problems but I'm not sure if related. 
    C:\w32tm /monitor
    DC1.domain.local *** PDC ***[192.168.1.1:123]:
        ICMP: 0ms delay
        NTP: +0.0000000s offset from DC1.domain.local
            RefID: 'LOCL' [0x4C434F4C]
            Stratum: 1
    DC2.domain.local[192.168.1.2:123]:
        ICMP: 0ms delay
        NTP: -110.4925481s offset from DC1.domain.local
            RefID: (unspecified / unsynchronized) [0x00000000]
            Stratum: 0
    DC3.domain.local[192.168.2.1:123]:
        ICMP: 0ms delay
        NTP: -0.0256084s offset from DC1.domain.local
            RefID: DC1.domain.local [192.168.1.1]
            Stratum: 2
    DC4.domain.local[192.168.2.4:123]:
        ICMP: 0ms delay
        NTP: -0.0011524s offset from DC1.domain.local
            RefID: 80.84.77.86.rev.sfr.net [86.77.84.80]
            Stratum: 2
    Warning:
    Reverse name resolution is best effort. It may not be
    correct since RefID field in time packets differs across
    NTP implementations and may not be using IP addresses.
    Any help would be much appreciated. Thanks. 
    Craig Brand

    I suspected some issue with AV so uninstalled. 
    To resolve the Access Denied I followed these steps: 
    stop w32time
    w32tm /unregister
    reboot
    regsvr32 /u w32time.dll
    w32tm /register
    sc query w32time -- you should see that the service is set to
    shared mode -- this is presumably how it should be -- if you try to start right now, you'll get the expected 1290 SID-related error
    reboot
    w32time should now automatically start at boot up and be running -- that was my result -- it's running as shared, started on its own, and I can do the w32tm /query commands successfully
    After rebooting the time service started. 
    I then repeated the steps: 
    net stop w32time
    w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org"
    w32tm /config /reliable:yes
    net start w32time
    w32tm /query /configuration 
    And all worked. I'll wait a short while to see if this fixes the issue. I also have am SA case with MS so will confirm fix when resolved. 
    Craig Brand

  • Group Chat feature in Office Communications Server 2007 R2 does not work in Windows Server 2008 R2 domains

       Hello to all, there are two confliting articles about this topic:
       1-
    http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2(v=ws.10).aspx#BKMK_Whatsnew : this one says that it does not work "The Group Chat feature in Office Communications Server 2007 R2 does not work in Windows
    Server 2008 R2 domains". This article was updated in 2013.
       2-
    http://technet.microsoft.com/en-us/library/ee692314(office.13).aspx: this other article says that it will function "Office Communications Server 2007 R2 Group Chat will function in a Windows Server 2008 R2 forest". This article was updated in
    2010 and was refered by the first one.
       What is the correct support position for Group Chat feature in Office Communications Server 2007 R2 and Windows Server 2008 R2 domains?
       Regards, EEOC.

    Hi,
    I notice the following sentence in the link below “Office Communications Server 2007 R2, Group Chat will not function in a Windows Server 2008 R2 forest or when Group Chat member servers are joined to a Windows Server 2008 R2 domain.
    We know of an issue with changes in Windows 2008 R2 that requires a Group Chat Client and Group Chat Admin Tools hotfix. The Group Chat Client and Group Chat Admin Tools hotfixes are currently scheduled for mid-April 2010.”
    http://blogs.technet.com/b/nexthop/archive/2010/11/06/supportability-for-office-communications-server-2007-r2-and-windows-server-2008-r2.aspx
    So in my opinion, if you update to the latest version of Windows Server 2008 R2, OCS Server 2007 R2 and Group Chat Client, Group Chat Admin Tools to the latest version, it should work.
    However, the best method for you is make a lab to test the problem firstly.
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • Change Tracking internals behave differently, SQL Server 2012 vs SQL Server 2008

    <original post by Glenn Estrada>
    Reposting an issue from Stack Overflow that a coworker and I are dealing with.
    In trouble shooting an issue with synchronizing disconnected devices with a central database server using Sync Framework 1.0, we are experiencing a problem after upgrading to SQL Server 2012 on the server. It appears that the CHANGE_TRACKING_MIN_VALID_VERSION
    is returning a value 1 higher than it should (or at least than it did prior to the upgrade.)
    I have been working thru Arshad
    Ali's great walk thru example of how to set up a simple example.
    I have run the scripts from #1 thru #5 to insert, delete, and update a row in the Employee table in both a SQL Server 2008 and a 2012 environment.
    In 2008, the following statement returns a 0:
    SELECT CHANGE_TRACKING_MIN_VALID_VERSION(OBJECT_ID('Employee'))
    In 2012, it returns a 1.
    In working thru a few more scripts (6-8) in the tests, I set the retention period to 1 minute to hopefully force a cleanup action. I left for the day and apparently it ran overnight.
    In the 2008 instance, the CHANGE_TRACKING_CURRENT_VERSION and the CHANGE_TRACKING_MIN_VALID_VERSION are equal (11). In the 2012 instance, the CHANGE_TRACKING_MIN_VALID_VERSION is one higher (12) than the CHANGE_TRACKING_CURRENT_VERSION (11). This could have
    an impact to the synchronization process when a database is idle for extended periods of time. And we have found that process could get caught in a loop, especially when the following test is performed to determine if a re-initialization, as opposed to synchronization,
    is required:
    IF CHANGE_TRACKING_MIN_VALID_VERSION(object_id(N'dbo.Employee')) > @sync_last_received_anchor
    RAISERROR (N'SQL Server Change Tracking has cleaned up tracking information for table ''%s''...
    Has anyone else experienced this change in behavior? Does anyone have an explanation?

    <original post by Glenn Estrada>
    Reposting an issue from Stack Overflow that a coworker and I are dealing with.
    In trouble shooting an issue with synchronizing disconnected devices with a central database server using Sync Framework 1.0, we are experiencing a problem after upgrading to SQL Server 2012 on the server. It appears that the CHANGE_TRACKING_MIN_VALID_VERSION
    is returning a value 1 higher than it should (or at least than it did prior to the upgrade.)
    I have been working thru Arshad Ali's
    great walk thru example of how to set up a simple example.
    I have run the scripts from #1 thru #5 to insert, delete, and update a row in the Employee table in both a SQL Server 2008 and a 2012 environment.
    In 2008, the following statement returns a 0:
    SELECT CHANGE_TRACKING_MIN_VALID_VERSION(OBJECT_ID('Employee'))
    In 2012, it returns a 1.
    In working thru a few more scripts (6-8) in the tests, I set the retention period to 1 minute to hopefully force a cleanup action. I left for the day and apparently it ran overnight.
    In the 2008 instance, the CHANGE_TRACKING_CURRENT_VERSION and the CHANGE_TRACKING_MIN_VALID_VERSION are equal (11). In the 2012 instance, the CHANGE_TRACKING_MIN_VALID_VERSION is one higher (12) than the CHANGE_TRACKING_CURRENT_VERSION (11). This could have
    an impact to the synchronization process when a database is idle for extended periods of time. And we have found that process could get caught in a loop, especially when the following test is performed to determine if a re-initialization, as opposed to synchronization,
    is required:
    IF CHANGE_TRACKING_MIN_VALID_VERSION(object_id(N'dbo.Employee')) > @sync_last_received_anchor
    RAISERROR (N'SQL Server Change Tracking has cleaned up tracking information for table ''%s''...
    Has anyone else experienced this change in behavior? Does anyone have an explanation?
    sql-server sql sql-server-2012

  • Cannot generate Account Logon Events (Event ID 4624) in Security Event Log on Server 2008 R2 Domain Controller

    I have configured the Default Domain Controller's policy to log SUCCESS for Account Logon Events in the Server 2008 R2 Domain Controller, but these events are not logging in the Security Event log.
    Default Domain Controllers Policy
    Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policies/Audit Account Logon Events = Success.
    What tools can I use to troubleshoot this further? The results of "Auditpol.exe /get /category:*" are below.
    System audit policy
    Category/Subcategory                      Setting
    System
      Security System Extension               No Auditing
      System Integrity                        No Auditing
      IPsec Driver                            No Auditing
      Other System Events                     No Auditing
      Security State Change                   No Auditing
    Logon/Logoff
      Logon                                   No Auditing
      Logoff                                  No Auditing
      Account Lockout                         No Auditing
      IPsec Main Mode                         No Auditing
      IPsec Quick Mode                        No Auditing
      IPsec Extended Mode                     No Auditing
      Special Logon                           No Auditing
      Other Logon/Logoff Events               No Auditing
      Network Policy Server                   No Auditing
    Object Access
      File System                             No Auditing
      Registry                                No Auditing
      Kernel Object                           No Auditing
      SAM                                     No Auditing
      Certification Services                  No Auditing
      Application Generated                   No Auditing
      Handle Manipulation                     No Auditing
      File Share                              No Auditing
      Filtering Platform Packet Drop          No Auditing
      Filtering Platform Connection           No Auditing
      Other Object Access Events              No Auditing
      Detailed File Share                     No Auditing
    Privilege Use
      Sensitive Privilege Use                 No Auditing
      Non Sensitive Privilege Use             No Auditing
      Other Privilege Use Events              No Auditing
    Detailed Tracking
      Process Termination                     No Auditing
      DPAPI Activity                          No Auditing
      RPC Events                              No Auditing
      Process Creation                        No Auditing
    Policy Change
      Audit Policy Change                     No Auditing
      Authentication Policy Change            No Auditing
      Authorization Policy Change             No Auditing
      MPSSVC Rule-Level Policy Change         No Auditing
      Filtering Platform Policy Change        No Auditing
      Other Policy Change Events              No Auditing
    Account Management
      User Account Management                 No Auditing
      Computer Account Management             No Auditing
      Security Group Management               No Auditing
      Distribution Group Management           No Auditing
      Application Group Management            No Auditing
      Other Account Management Events         No Auditing
    DS Access
      Directory Service Changes               No Auditing
      Directory Service Replication           No Auditing
      Detailed Directory Service Replication  No Auditing
      Directory Service Access                No Auditing
    Account Logon
      Kerberos Service Ticket Operations      No Auditing
      Other Account Logon Events              No Auditing
      Kerberos Authentication Service         No Auditing
      Credential Validation                   Success

    Hi Lawrence,
    After configuring the GPO, did we run command gpupdate/force to update the policy immediately on domain controller? Besides, please run command gpresult/h c:\gpreport.html to check if the audit policy
    setting was applied successfully.
    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
    Best regards,
    Frank Shen

  • Running two instances of Windows Server 2012 Essentials R2 on the same domain

    We have Windows Server 2012 Essentials R2 running as a domain controller -- and have installed another licensed copy of the same thing on the same domain.  We want to use the 2nd server for running an LOB application and provide backup for the
    AD services. 
    The 2nd server is a member of the domain. Can I do this and have the 2nd server provide AD failover services like they do with 2012 Standard? 

    Two things to consider. In the XP and 2003 era, the OS was not written in a security-first fashion. While XP did have LUA, almost nobody used them. Then came Vista and UAC, and those prompts were a major pain point because nobody wrote for security. Fast
    forward 6 years and standard accounts are a normal best practice. Almost nobody in business recommends running daily tasks as administrator.
    I mention all this to illustrate that, similar to admin accounts, what you used to get away with no longer applies. Running LOB apps on a DC is just bad. Many times, the app just doesn't work. But even if you could get it to work, it is a terrible idea.
    If the stories of Home Depot, Target, and most recently Sony don't already give it away, I'll spell it out. We no longer live in an age where you can take shortcuts and expect to be safe. Large organizations make national news when they screw up. But small
    businesses are targeted just as often and are at just as much risk. From "leaking" their client info to having their data held for ransom, the small business is abused regularly, but never makes national news because they are, by definition, small.
    If you can take simple easy steps to help minimize that risk, such as keeping a domain controller free of other software and locked down, then it is almost unethical to do Otherwise in the modern computing era. The world ha changed. It is our responsibility
    as I.T professionals to change with it. That's why we get to call ourselves "professionals" in relation to I.T.
    So, what bad things? Risking the customer's very livelihood. I consider that pretty darn bad.

  • Windows Server 2008 R2 Domain Controller NOT logging EventID 4740

    EventID 4740 (account lockout) is not being logged to the event viewer. When searching through the security log there are none to be found. Having accounts locked out and no logging is driving me nuts. Hope someone has run into this before. This is what
    i have checked thus far.
    >Windows Server 2008 R2 Domain Controller
    >Verified the following GPO settings are set and correct:
    >Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ all are set for Success & Failure
    >Computer Configuration\Windows Settings\Security Settings\Advanced Audit Configuration\Logon/Logoff) is set for Success and Failure
    >Powershell command Get-Eventlog -log Security -InstanceId 4740 returns no results which makes sense since there are no entries in the security log file.
    >No 4740 entries in the netlogon.log debug file
    AD and the LockoutStatus tool show the account is locked out but i still have nothing in the logs.
    Anyone have any ideas? From everything i can find online , it appears i have everything set properly.
    Thanks, Chico

    Hi Chico,
    I suggest you try to enable this group policy below:
    Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account management
    More information for you:
    Missing 4740 EventID's
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/c9871d72-7439-46b5-98e6-a7fadfa6ff28/missing-4740-eventids?forum=winserversecurity
    If you have multiple Domain Controllers, check this event on other DCs, too.
    Please feel free to let us know if there are any further requirements.
    Best Regards,
    Amy Wang

Maybe you are looking for

  • Work Item Not getting Deleted

    Hi We have a starge issue. We use the table SWWUSERWI to see all the work items in the user's inbox. If we delete the work item in this table it will remove the same from user's inbox. We have a problem now. Even after we deleted all the work items t

  • Imported XML errors "java.io.UTFDataFormatException: Invalid UTF8 encoding"

    Hi, I had to display a mutli select table region in a Oracle Standard Supplier Site Manage page in R12. So I had a created a custom Stack Layout region and imported in to the database. The import went through fine. Then using Personalization i had cr

  • BEx queries hitting aggregates

    Hi Gurus,     Is there anyway we can findout queries hitting aggregates. I mean any table where we can check which queries have ran by pulling the data from aggregates rather than cube. Thanks in advance. Gurantee of award points. Regards Baba

  • My apple account has been blocked cuz I tried to purchase apps but I forget the answers of the security q.how can I activate it ??

    My Apple ID has been blocked cuz I tried to purchase apps but when it ask for answers of the security Q.I forget them and I tried to guess the answers several times PLZzzzzzzz I want to reactivate my account plus I want to know the right answers of S

  • Matrix  Row delete

    Hi I have been observing that my matrix row deleted before executing my code for delete the matrix row. I write my code in BeforeAction=False and I use the menu id to delete the row in matrix. Some code snap If pval.BeforeAction = False Then