Route mail and Active Directory Sites and Services configuration

Similar Messages

• Replication with Domain and Sub domain in Active directory sites and services

  I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically because
  it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?

  I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically
  because it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?
  Two way transitive trusts are configured automatically when you create a child domain or tree root domain. You don't have to worry about site/subnet or replication part at least from trust perspective. But make sure site's names are unique in each domain.
  How Domain and Forest Trusts Work
  http://technet.microsoft.com/en-us/library/cc773178%28v=ws.10%29.aspx
  http://technet.microsoft.com/en-us/library/cc730868.aspx
  http://blogs.technet.com/b/askds/archive/2008/09/24/domain-locator-across-a-forest-trust.aspx
  Awinish Vishwakarma - MVP
  My Blog: awinish.wordpress.com
  Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

• Active Directory Sites and Exchange 2013 Deployment

  I've recently took over responsibility of an Exchange 2013 Organization that is deployed as follows:
  Active Directory consists of 4 Sites. AD Site A, B, C, D  Exchange 2013 Enterprise resides in 2 of the 4 AD Sites as follows:
  AD Site A - ExchangeServer 1 and ExchangeServer 2
  AD Site B - Exchange Server 3
  AD Site C - No Exchange Servers
  AD Site D - No Exchange Servers
  All 4 AD Sites are 4 different Physical locations/datacenters. All 3 Exchange 2013 servers are multi-role servers.
  The Forest in which Exchange resides in consists of an empty Root domain, a Production (child) domain and a Test (child) domain. Exchange resides in the Production (child) domain.
  Issue: AD Site A contains DC's from all 3 domains: Root Domain, Production child Domain (this is where Exchange lives) and Test child Domain. I notice that Exchange in AD Site A is using DC's from the Root Domain for it's "DefaultGlobalCatalog",
  "DefaultConfigurationDomainController" and "DefaultPreferredDomainControllers" This to me does not seem to be very efficient as any Address Book queries will have to be referred to by the Root Domain DC's to the Production child domain
  where Exchange lives. All of the AD User accounts and mailboxes are in the Production child domain.
  In a situation such as this, would it be advisable to build 2 additional AD sites specifically for Exchange? Rather than re-IP Exchange or risk the impact of moving several other (non exchange) servers to another AD site, I would add the IP address
  of the Exchange servers /32 to the new Exchange dedicated AD Sites and erect a DC in these new sites adding its IP address /32. Any thoughts on this idea? If the subnet that exchange resides on is (for example) 10.60.3.0 /16 in AD Site A, and
  I build a new AD site for Exchange and add the IP address of the Exchange server such as 10.60.3.141/32 for this new Exchange AD Site boundary, I can still leave the 10.60.3.0 /16 unaffected in AD Site A, correct?
  I'm looking for Microsoft's best practices in terms of laying out AD and domain controllers pertaining to Exchange server 2013.

  Hi Anthouyray,
  Thank you for your question.
  We could use the following command to exclude domain controller which is root domain controller:
  Set-ExchangeServer –Identity  <exchange servername> -StaticExcludeDomainControllers <root domain controller>
  Then we could restart the service of “Microsoft Exchange Active Directory Topology” to check if the issue persist.
  If there are any questions regarding this issue, please be free to let me know.
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• Routing issue between two satellites sites and one central hub

  Hi,
  I have 3 Ad sites with one exchange 2010 hub,cas,mailbox server on each sites.
  One of this site (site A) is central Hub and the two other sites  ( B and C) are two satellites of site A.
  The is no connectivity between site B and C, only connectivity between A and B, and A and C.
  When I send a mail from Site B to Site C, Exchange try to deliver the mail directly to site C and don't pass to site A to deliver to site C, some mail stay in queue in site B, and the the queue is in retry.
  I flag the site A as HUB.
  Site toplogy is correct and the cost too.
  Can someone help me??
  Thanks

  what are your AD costs between A, B and C?
  In Exchange 2010, each message recipient is always associated with only one Active Directory site, and there is only one least cost routing
  from the source Active Directory site to the destination Active Directory site
   If the least-cost routing path to the primary site contains any hub sites, the message must be
  routed through the hub sites

• Apple Mail Server and Active Directory

  Has anyone had any luck in using Active Directory (2003) as the directory service with an Apple Mail Server? We're testing it out, but we're unable to enable mail services for users on teh Mac server.
  If anyone has tried this and can offer up some tips, I'd be grateful!
  Dell Latitude D620   Other OS  

  Me too!
  I also discovered that Mac users who have valid accounts in AD 2003 can't have an email account in WGM enabled for them (WGM acts like its enabling email but then reverts back to "disabled"). I assume the account must be configured in the Active Directory Users and Groups admin tool before it can be enabled in WGM on the OS X email server, but I havent had any luck getting it to work yet.

• The user and the mailbox are in different Active Directory Sites

  Hi All,
  I have 2 site, each site have an Exchange Server 2010 SP1, let say Site HQ and Site DRC I monitored it with SCOM 2007 R2, site HQ successfully monitored, then I continue try to monitor DRC site. I executed new-TestCasConnectivityUser.ps1 at MBX DRC Site
  to create extest user.
  Then I try to execute command to test-connectivity, but it failed.
  Test-OwaConnectivity -TestType:Internal -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true | fl
  RunspaceId                  : 6b709fa5-0719-4be5-ae62-ec4b3617a6e0
  AuthenticationMethod        :
  MailboxServer               : CONMBX02.contoso.com
  LocalSite                   : CONMBX02.contoso.com
  SecureAccess                : False
  VirtualDirectoryName        :
  Url                         :
  UrlType                     : Unknown
  Port                        : 0
  ConnectionType              : Plaintext
  ClientAccessServerShortName : DRCCAS01
  LocalSiteShortName          : CONMBX02
  ClientAccessServer          : DRCCAS01.contoso.com
  Scenario                    : Reset Credentials
  ScenarioDescription         : Reset automated credentials for the Client Access Probing Task user on Mailbox server CON
                                MBX02.contoso.com.
  PerformanceCounterName      :
  Result                      : Failure
  Error                       : [Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while t
                                rying to access mailbox CONMBX02.contoso.com, on behalf of user contoso.com\extes
                                t_xxxxxxxx
                                 Additional information:
                                 [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in
                                different Active Directory sites..
  UserName                    : extest_xxxxxxxx
  StartTime                   : 04/01/2012 20:46:19
  LaCONcy                     : 00:00:00.0156460
  EventType                   : Error
  LaCONcyInMillisecondsString :
  Identity                    :
  IsValid                     : True
  WARNING: No Client Access servers were tested.
  RunspaceId          : 6b709fa5-0719-4be5-ae62-ec4b3617a6e0
  Events              : {Source: MSExchange Monitoring OWAConnectivity Internal
                        Id: 1005
                        Type: Error
                        Message: Couldn't access one or more test mailboxes.
                        The service that is being tested will not run against these mailboxes.
                         Detailed information:
                        Local Site:DRCProduction
                        [Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while trying to
                         access mailbox CONMBX02.contoso.com, on behalf of user contoso.com\extest_xxxxxxxx
                         Additional information:
                         [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in differen
                        t Active Directory sites..
  PerformanceCounters : {Object: MSExchange Monitoring OWAConnectivity Internal
                        Counter: Logon LaCONcy
                        Instance: DRCCAS01.contoso.com|DRCProduction
                        Value: -1000}
  any help appreciate it.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Krisna Ismayanto | My blogs:
  Krisna Ismayanto | Twitter: @ikrisna

  Hi
     Removed existing test account on two site.
     Then created test account on DGC through new-TestCasConnectivityUser.ps1.
     Flushed Health Service on RMS.
  Terence Yu
  TechNet Community Support
  Hi
  What do you mean on DGC ? you mean I have remove both test account or just at DRC site only ?
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Krisna Ismayanto | My blogs:
  Krisna Ismayanto | Twitter: @ikrisna

• Test-OutlookConnectivity fails with '[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in different Active Directory sites'.

  I have a two site DAG, and the command is running from the alternate site where the databases are not currently being hosted. The following command...
  Test-OutlookConnectivity -Protocol:TCP -TrustAnySSLCert:$true -MonitoringContext:$true
  ...errors with the following output:
  An error occurred while trying to access mailbox CurrentlyHostingMBServerName.InternalDomainName, on behalf of user InternalDomainName\extest_bb13200232474
   Additional information:
   [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in different Active Directory sit
  es..
      + CategoryInfo          : OperationStopped: (Microsoft.Excha...onnectivityTask:TestOutlookConnectivityTask) [Test-
     OutlookConnectivity], CasHealthStorageErrorException
      + FullyQualifiedErrorId : F2F8AC0D,Microsoft.Exchange.Monitoring.TestOutlookConnectivityTask
  I thought this command would work based on the 'AllowCrossSiteRpcClientAccess: True' option on the DAG.  The command works well if run a CAS server in the active DB site.

  Hi,
  Exchange 2013 users use Outlook Anywhere to connect to CAS server. You may run the RCA to test the connectivity:
  https://www.testexchangeconnectivity.com/
  Thanks,
  Simon Wu
  TechNet Community Support

• AADSync and Azure Active Directory Device Registration Service

  Now I try to implement Azure Active Directory Device Registration Service with AADSync.
  According to step-by-step guide, it has to execute "Enable-MSOnlineObjectManagement" cmdlet.
  Step-by-Step Guide for On-premises Conditional Access using Azure Active Directory Device Registration Service
  https://msdn.microsoft.com/en-us/library/azure/dn788908.aspx
  Unfortunately, AADsync doestn't have "Enable-MSOnlineObjectManagement", and can't find similar cmdlet.
  I'm looking for cmdlet for device object synchronization.
   Does anyone know alternate cmdlet?

  Hi,
  Thanks for your post.
  You need to use the command import-module DirSync in PowerShell, then running the command "get-command -m Microsoft.Online.Conexistence.PS.config", you will find the cmdlet "Enable-MSOnlineObjectManagement"
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Windows 2008 Server - Cannot run Active Directory Users and Computers

  Hi,
  I am running Windows 2008 Server with latest windows updates installed. Directory Services Role also.
  I attempt to open Active Directory Users and Computers tool and I get a;
  Microsoft Visual C++ Runtime Library error;
  "The Application has requested the runtime to terminate it in a unusual way. Please contact the application's support team for more information"
  I click ok, then get the following debug info;
  Problem signature:
  Problem Event Name: APPCRASH
  Application Name: mmc.exe
  Application Version: 6.0.6001.18000
  Application Timestamp: 47919524
  Fault Module Name: msvcrt.dll
  Fault Module Version: 7.0.6001.18000
  Fault Module Timestamp: 4791ad6b
  Exception Code: 40000015
  Exception Offset: 0000000000029b06
  OS Version: 6.0.6001.2.1.0.272.7
  Locale ID: 3081
  Additional Information 1: 43aa
  Additional Information 2: cf3a46656318492c1997480001b6b0e0
  Additional Information 3: 3837
  Additional Information 4: 92f72e0d0589ff77cef51e0a413aeff6
  Read our privacy statement:
  http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
  If someone could please assist, it would be very much appreciated.
  Regards
  B

   
  Hi,
  To solidly troubleshoot this kind of issue, we need to debug dump file. A suggestion would be to contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
  To obtain the phone numbers for specific technology request please take a look at the web site listed below:
  http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
  However, I am also glad to share my research.
  Some third party applications may lead to this error. Please check if you install other third party applications on Windows server 2008?
  Also, please follow the article below to perform necessary steps to see how it's going?
  FIX: You receive an "invalid page fault in module MSVCRT.DLL" error message after you install the run-time libraries from Visual C++ 6.0
  http://support.microsoft.com/kb/190536/en-us
  Hope this helps.
  Best wishes
  Morgan Che

• Active directory users and computers wont start on a dc, "the server is not operational"

  In our environment, we have 3 dc's 
  two which run server 2008 (they work perfectly)
  and one never off branch dc that runs server 2008 r2.
  We have been having some problems where we feel the replication isnt up too speed(stuff could take up to 24 hours to replicate) and now when i tried opening active directory users and computers i am met with this error window:
  We have a third party DNS solution.
  How do i troubleshoot this issue?

  dc01 (which replicates perfectly with dc02, and vise versa)
  dcdiag /test:dns
  C:\Users\adminuser>dcdiag /test:dns
  Domain Controller Diagnosis
  Performing initial setup:
  Done gathering initial info.
  Doing initial required tests
  Testing server: Hostingpartner\ourdc01
  Starting test: Connectivity
  ......................... ourDC01 passed test Connectivity
  Doing primary tests
  Testing server: Hostingpartner\ourdc01
  DNS Tests are running and not hung. Please wait a few minutes...
  Running partition tests on : ForestDnsZones
  Running partition tests on : DomainDnsZones
  Running partition tests on : Schema
  Running partition tests on : Configuration
  Running partition tests on : int
  Running enterprise tests on : int.domain.com
  Starting test: DNS
  Test results for domain controllers:
  DC: ourdc01.int.domain.com
  Domain: int.domain.com
  TEST: Delegations (Del)
  Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain domaindnszones.int.domain.com.]
  Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain forestdnszones.int.domain.com.]
  Summary of test results for DNS servers used by the above domain controllers:
  DNS server: xx.xx.xx.32 (ourdc02.int.domain.com.)
  2 test failures on this DNS server
  Delegation is broken for the domain domaindnszones.int.domain.com. on the DNS server xx.xx.xx.32
  Delegation is broken for the domain forestdnszones.int.domain.com. on the DNS server xx.xx.xx.32
  Summary of DNS test results:
  Auth Basc Forw Del Dyn RReg Ext
  Domain: int.domain.com
  ourdc01 PASS PASS PASS FAIL n/a PASS n/a
  ......................... int.domain.com failed test DNS
  dcdiag on dc01(which can replicate with dc02)
  C:\Users\adminuser>dcdiag
  Domain Controller Diagnosis
  Performing initial setup:
  Done gathering initial info.
  Doing initial required tests
  Testing server: hostingpartner\ourdc01
  Starting test: Connectivity
  ......................... OURDC01 passed test Connectivity
  Doing primary tests
  Testing server: hostingpartner\ourdc01
  Starting test: Replications
  [Replications Check,OURDC01] DsReplicaGetInfoW(PENDING_OPS) failed with error 8453,
  Win32 Error 8453.
  ......................... OURDC01 failed test Replications
  Starting test: NCSecDesc
  ......................... OURDC01 passed test NCSecDesc
  Starting test: NetLogons
  [OURDC01] User credentials does not have permission to perform this operation.
  The account used for this test must have network logon privileges
  for this machine's domain.
  ......................... OURDC01 failed test NetLogons
  Starting test: Advertising
  ......................... OURDC01 passed test Advertising
  Starting test: KnowsOfRoleHolders
  ......................... OURDC01 passed test KnowsOfRoleHolders
  Starting test: RidManager
  ......................... OURDC01 passed test RidManager
  Starting test: MachineAccount
  ......................... OURDC01 passed test MachineAccount
  Starting test: Services
  ......................... OURDC01 passed test Services
  Starting test: ObjectsReplicated
  ......................... OURDC01 passed test ObjectsReplicated
  Starting test: frssysvol
  ......................... OURDC01 passed test frssysvol
  Starting test: frsevent
  ......................... OURDC01 passed test frsevent
  Starting test: kccevent
  ......................... OURDC01 passed test kccevent
  Starting test: systemlog
  An Error Event occured. EventID: 0xC0002719
  Time Generated: 04/04/2013 15:04:29
  (Event String could not be retrieved)
  An Error Event occured. EventID: 0xC0002719
  Time Generated: 04/04/2013 15:04:50
  (Event String could not be retrieved)
  An Error Event occured. EventID: 0xC0002719
  Time Generated: 04/04/2013 15:10:56
  (Event String could not be retrieved)
  An Error Event occured. EventID: 0xC0002719
  Time Generated: 04/04/2013 15:11:17
  (Event String could not be retrieved)
  ......................... OURDC01 failed test systemlog
  Starting test: VerifyReferences
  ......................... OURDC01 passed test VerifyReferences
  Running partition tests on : ForestDnsZones
  Starting test: CrossRefValidation
  ......................... ForestDnsZones passed test CrossRefValidation
  Starting test: CheckSDRefDom
  ......................... ForestDnsZones passed test CheckSDRefDom
  Running partition tests on : DomainDnsZones
  Starting test: CrossRefValidation
  ......................... DomainDnsZones passed test CrossRefValidation
  Starting test: CheckSDRefDom
  ......................... DomainDnsZones passed test CheckSDRefDom
  Running partition tests on : Schema
  Starting test: CrossRefValidation
  ......................... Schema passed test CrossRefValidation
  Starting test: CheckSDRefDom
  ......................... Schema passed test CheckSDRefDom
  Running partition tests on : Configuration
  Starting test: CrossRefValidation
  ......................... Configuration passed test CrossRefValidation
  Starting test: CheckSDRefDom
  ......................... Configuration passed test CheckSDRefDom
  Running partition tests on : int
  Starting test: CrossRefValidation
  ......................... int passed test CrossRefValidation
  Starting test: CheckSDRefDom
  ......................... int passed test CheckSDRefDom
  Running enterprise tests on : int.domain.com
  Starting test: Intersite
  ......................... int.domain.com passed test Intersite
  Starting test: FsmoCheck
  ......................... int.domain.com passed test FsmoCheck
  The problematic dc03:
  Dcdiag gives the same output as dcdiag /test:dns
  C:\Users\adminuser>dcdiag
  Directory Server Diagnosis
  Performing initial setup:
  Trying to find home server...
  Home Server = OURDC03
  Ldap search capabality attribute search failed on server NTSDC03, return
  value = 81
  We have an infoblox dns server on ip address xxx.y.y.251.
  first error in event logs on dc03:
  error 1863
  This is the replication status for the following directory partition on this directory server.
  Directory partition:
  CN=Configuration,DC=int,DC=domain,DC=com
  This directory server has not received replication information from a number of directory servers within the configured latency interval.
  Latency Interval (Hours):
  24
  Number of directory servers in all sites:
  2
  Number of directory servers in this site:
  2
  The latency interval can be modified with the following registry key.
  Registry Key:
  HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
  To identify the directory servers by name, use the dcdiag.exe tool.
  You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".
  i have also go several warning 2088, 2093, 2087.
  And errors 1863 pointing to different directory partitions like schema/configuration/domaindnszones/forestdnszones

• 10.4.6 and Active Directory Problem - Volume cannot be found??

  I have bound six 10.4.6 to active directory. All went sweet with no problems. I have "force local home folder" off in Directory Access for AD. I can login to the Mac no problem using any user account from AD. If I login with a user the first time all goes well. The desktop icons show and the home directory is that of the users network home folder and can browse it. All good until I log out and login again. I get the desktop icons but the users home directory give the error "The Volume for %username% Cannot be found" when trying to access. I can browse the network to the user home folder without having to authenticate. The server (2003) shows no login errors, all looks fine. I have upgraded one Mac to 10.4.7 but made no differnce.
  I have installed "services for Mac and Appletalk" on the server but from what I have been told this shouldn't need to be installed but I did as I was getting no where anyway.
  Any ideas?
  PowerPC   Mac OS X (10.4.6)  

  Hi Chris!
  Before I comment, I want to define a couple of things. A "Mac home folder" stores a user's files (Documents, Library, etc.). This home folder can be stored locally on the workstation or it can be stored on a server. A "Windows home folder" is defined in a user's Active Directory account and can be used as the Mac home folder or simply as a network user folder for storage.
  While the idea of a network-based Mac home folder is nice, it can be clunky simply because the entire user experience is dependent on network speed and/or good file synchronization between your server and workstation. As someone who works in a group supporting about 300 Macs, I suggest enabling local home folders and not using a network-based Mac home folder.
  Next, File Services for Macintosh (AFP protocol) built into Windows Server will not support network-based Mac home folders. This is a dead end. You can install a third party product from Group Logic called ExtremeZ-IP, which does support network-based home folders over AFP.
  Therefore, what's happening in your network is that the network-based Mac home folders are being mounted via the SMB protocol, which uses Windows style file sharing. SMB in Mac OS X is good for limited use but I wouldn't recommend it for extensive use, which would include network-based Mac home folders.
  Here's what I suggest for your AD settings: 1.) Enable local home folders. 2.) Connect via SMB. This will keep your users' Mac home folders local to the machine but if their Windows network home folder is properly defined in their AD account settings then these should automatically mount on the Desktop via SMB at login.
  If you can get your Windows home folders to mount automtically on the users' Desktops then you can experiment with synchronization. After logging in, each user can visit Apple menu --> System Preferences... --> Accounts and the synchronization options will be available. A user can synchronize all or part of his local Mac home folder to his mounted Windows home folder.
  Hope this helps! bill
  1 GHz Powerbook G4   Mac OS X (10.4.7)  

• DNS and Active Directory error 4000 server 2008

  Hello all,
  My network skills aren't very good and I'm facing a dilemma. First off we have two Windows servers on the network. The newest is 2008 Standard (named Vader) and the other is 2000 (dells3). Obviously I'd like to get rid of the 2000, but the people in charge
  of my budget haven't given me the option to do so and it's the only back up we have.
  Earlier in the week we had lots of problems. One of our nas boxes locked everyone out who was mapped to it and it would only let me log in through the web portal. Two of our Macs our marketing department uses suddenly locked up and wouldn't let them back
  in (both were part of the Active Directory). A second nas box won't let certain people map to it and for awhile I had issues logging into Vader itself.
  I believe all of these problems are connected to some issues on Vader and possibly in conduction with dells3. In Server Manager under DNS I get error 4000 "The DNS server was unable to open Active Directory. 
  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code."
  Then under Active Directory Domain Services I get error 2042 "It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded
  the tombstone lifetime. Replication has been stopped with this source."
  Followed by more text I can post if needed.
  Under File Services error 1202 "The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the
  next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues."
  And finally if I try to open Active Directory Domains and Trusts "The configuration information describing this enterprise is not available. The server is not operational."
  I'm not sure where to start or what to post that might help. Any and all help is appreciated.
  Edit: Also I can only add dells3 as the DNS on Vader in the DNS Manager if I try to add Vader to itself I get an error.

  It's the other way around.  Overall, I'm advising ripping the 2008 server out of AD and adding it back . Let's look at this as a series of steps:
  1.) You do a force demote of the 2008 server because it's tombstoned.  This means the 2008 server is no longer a DC. You are doing a force because it doesn't have the ability to replicate.  If it could replicate, we'd just do a graceful demotion
  and be done with it.
  2.) Once the 2008 server is demoted, we go to the 2000 server which holds the only good copy of AD.  From that server we run a metadata cleanup using the ntdsutil utility.  We use that utility to clean out references to the 2008 server which is
  no longer a DC.
  3.) Once you have a clean AD, you can then promote the 2008 server back into Active Directory.  Make sure Vader is pointing to Dells3 as its primary DNS server before promoting or you'll run into issues.
  Hopefully that clarifies things. 

• How to create "folders" in Active Directory Users and Computers?

  Hello Community
      In Windows Server 2008R2 when you go to Active Directory Users and Computer
  you will see icons of folders such as:
      -  Builtin has a folder icon
      - Computers has a folder icon
      - ForeignSecurityPrinicpals has a folder icon
      - Domain Controller as a folder icon
      - Managed Service Accounts has a folder icon
      - Users has a folder icon
      All of the above folders are visually identical.
      If you right click and select “File” –  “New”
   on any of the selections the icon
  will not look like the folder icon they have their own icons which look different
  from the "Folder" icon.
      I would like to create a “Folder” that looks just visually exactly like the ones
  mentioned above, how can I create those types of Folders in Active Directory User
  and Computers?
      Note: I would like to put users in the folders.
      Thank you
      Shabeaut

  Hi,
  you should use OUs (an OU is they type of object (folder) that is available for you to easily create.
  The object type you are asking about is a "container", and there are various reasons why an OU is more flexible (applying GPO, etc).
  Refer: Delegating Administration by Using OU Objects
  http://technet.microsoft.com/en-us/library/cc780779(v=ws.10).aspx   
  and the sub-articles:
  Administration of Default Containers and OUs
  http://technet.microsoft.com/en-us/library/cc728418(v=ws.10).aspx
  Delegating Administration of Account and Resource OUs
  http://technet.microsoft.com/en-us/library/cc784406(v=ws.10).aspx
  Also: http://technet.microsoft.com/en-us/library/cc961764.aspx
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Not able to open active directory user and computer in windows server 2008r2

  Hi All techies,
  i would like to know one issue which i am facing mostly, i have created 5 virtual machine all with window server2008r2 and one windows 7 on vm-ware now when ever i start my virtual machines everything going rite but when i try to open active directory user/
  computer or domain and trust i get a following error "data from active directory user and computers is not available from dc(null) bcoz unspecified error" even when i chk in events log its give me no help, and after 15-30 min everything works good
  Please let me know the cause of it and really appreciate it .
  Thanks
  Atul

  You need to ensure that
  1. group policy that says "wait for network before logon" is applied to all computers including servers and workstations is applied
  2. DNS record exists for all DCs in DNS
  3. If there are multiple Domain Controllers in Forests, then they point them as secondary DNS server. This way they will be able to resolve IPs if local DNS server service takes time to start.
  As Chris mentioned, you need to start all DCs first, give a time of 5 minutes and then start member servers and workstations for successful logon.
  - Sarvesh Goel - Enterprise Messaging Administrator

• Active Directory Users and Computer not displaying column data?

  I am running Windows 8.1 Enterprise with RSAT installed.  My Domain controllers are Server 2008 R2.
  I am having and issue with Active Directory Users and Computers.  Typically I will turn on Advanced Features and then add Columns for Email address and Display Name.  This for example allows me to easily export lists of users and there email
  addresses among other things.
  The issue is that on my Windows 8.1 client, the columns for Email and Display Name are empty.  It simply will not display this information.  It only displays Name, TYpe and Description.
  If I use a Windows 7 client, the information displays correctly.
  Has anyone run into this issue or heard of this problem when using ADUC on Windows 8.1?

  ADUC is an AD tool that is no longer being improved, with Microsoft now focusing on ADAC (Administrative Center). In 8.1, it has improved quite a bit since 7. You can also just try using the
  ActiveDirectory PowerShell Module, which is easy to use and fairly powerful. It can be simple to export lists, and the module for AD is included with RSAT tools.
  Example:
  Import-Module ActiveDirectory
  Get-ADUser -Filter {Manager -eq "John.Smith"} -Properties DisplayName,Mail | Export-Csv dump.csv -NoTypeInformation
  So, recommendation: either use ADAC, or PowerShell -- ADUC is part of the wave of deprecation.