Server 2008R2SP1 Domain Controllers occasionally hanging at switch user screen

The server will respond to ping, but seems to stop processing authentication requests, and has odd behavior with kerberos and LDAP requests. When you access the console, you can see the lock screen, and can get to the switch user button. When you click on
switch user, the screen goes black with a blinking white cursor in the upper right hand screen. It does this immediately, it does not seem to reboot - no BIOS or UEFI passes from the hardware.
Forcing a reboot with the power button will give you the option to start windows normally, and this seems to recover the Domain Controller. This has happened to me now on one Virtual DC and on one Physical DC. There is no common hardware between them.
I would say it looked like hardware issues based on my googling, but now that seems to be ruled out.
Has anyone seen anything like this?
Ok, some more research on event logs looks like it might well have been memory exhaustion:
The server was unable to allocate from the system nonpaged pool because the pool was empty. This was accompanied with many other errors. After reboot, memory use started at 98% for a while, after maybe 10 minutes dropped to 77% and after 45 minutes dropped
to 14% used. 

Hi,
So what is the problem now?
You could use RAMMap to gain understanding of the way Windows manages memory, to analyze application memory usage, or to answer specific questions about how RAM is being allocated.
RAMMap
http://technet.microsoft.com/en-us/sysinternals/ff700229.aspx
Regards.
Vivian Wang

Similar Messages

  • On screen lock screen, the keyboard does not work, switching to the switch-user screen the keyboard works again

    Mac OS-X 10.7.5, Mac Air.
    This began about 5 to 7 days ago.
    Steps to reproduce:
    Step 1:
    Close the lid, or the system 'powers down', or goes to the screen saver mode.
    Step 2:
    Open the lid, press the power button, or what ever to wake up the Mac Air
    The "Enter your password" screen is presented.
    They keyboard is not responsive, I cannot type anything.
    The touch pad works, I can power on/off the machine.
    They keyboard is not functional.
    Result: I cannot log in again.
    Expected behavior: The keyboard should be working I should be able to unlock the screen.
    Workarounds:
    Then click on my name, or any other user of the machine and it works fine.
    I can now unlock the screen and return to where I was.
    Expected behavior:
    I should not have to go to the "Switch User Screen" to log back in.

    More detail:  Some keys on the keyboard do work, ie: caps lock toggles the led, and the function keys across the top seem to work {that is I can adjust brightness, and so forth}
    the letter and numbers, and perhap others do not work.

  • Switch user screen

    Is it possible to go directly from the screen saver or sleep mode to the switch user screen without clicking the switch user button? I know it's minor but I'm just curious if it's possible to change that?
    Thanks

    Hi,
    Open windows Control Panel, open Personalization, click the Screen Saver link in the bottom right and in the following window remove the tick from the box next to 'On resume, display log-on screen'.  Click Apply, then Ok to save this setting.
    Regards,
    DP-K
    ****Click the White thumb to say thanks****
    ****Please mark Accept As Solution if it solves your problem****
    ****I don't work for HP****
    Microsoft MVP - Windows Experience

  • How to avoid the switch user screen after screen saver

    HP Pavilion HPE, Model: h8-1280t, Intel i7,. Win 7 Home Edition - 64 bit - brand new
    Following screen saver, computer returns to a "Switch User" screen.  There is only 1 user and I want to avoid going to that screen since it dramatically slows the recognition and return function.  How can I go from Screen Saver directly back to the screen I was working on without going through the Switch User screen first?
    Seahorse2
    This question was solved.
    View Solution.

    Hi,
    Open windows Control Panel, open Personalization, click the Screen Saver link in the bottom right and in the following window remove the tick from the box next to 'On resume, display log-on screen'.  Click Apply, then Ok to save this setting.
    Regards,
    DP-K
    ****Click the White thumb to say thanks****
    ****Please mark Accept As Solution if it solves your problem****
    ****I don't work for HP****
    Microsoft MVP - Windows Experience

  • How to get back to default user login from 'switch user' screen

    Hi
    I have a macbook air and mistakenly pressed 'switch user' from the login screen. Now I am stuck on a different login screen with now option to go back to the main / usual one?
    Is there a keyboard shortcut or something to go back? The only option I have are to 'sleep' 'restart' or 'shutdown' and I don't want those because of unsaved work?!
    Thanks

    Hi Aritra,
    Just have a look at the report RSUSR200. This report is part of the AIS (Audit Information System) and will report users who have not logged on for a specified period of time.
    Also have a look at the report RSUSR000.
    You can even find out more reports from SE38 searching for RSUS* & then click f4.
    You can get the names of the tables & the flow if you go through these programs.
    Regards
    Abhii

  • Upgrade to Server 2012 R2 domain controllers from 2003

    I am at a loss as to what I did wrong here. Everything seems to be working fine except for one subnet (which is behind a hardware firewall).
    We had two Server 2003 domain controllers and one of them was failing.  I raised the forest functional level of our old primary domain controllers to 2003.  I built the first replacement Server 2012 R2 domain controller.  Added the AD DS roles
    and promoted it as a domain controller.  I let it sit for a couple days.  The FSMO roles were currently being handled by our other 2003 domain controller.  Once this had been sitting for a while (don't recall how long) I ran dcpromo on the failing
    server and demoted it.  Once demoted I shut it down and pulled it out of the rack.  I then built our second 2012 R2 server and gave it the same IP as the failing one.  Installed the AD DS roles and integrated DNS as prompted by the wizard. 
    I then made it the operations master for Schema master, Domain naming master, PDC, RID pool manager, and Infrastructure master.  Then I ran dcpromo on the second 2003 domain controller to demote it and removed it from the network.  I then demoted
    the first new controller (DC03) changed the hostname and IP to the name and IP of the second 2003 controller and promoted it again.  I'm not sure at what point things broke, but everything works from the same subnet that the domain controllers are in,
    just not a second subnet that is through a hardware firewall.  I don't see anything getting blocked while watching firewall logs so I don't think the firewall is the issue.
    Here is the dcdiag and ipconfig from the first controller (which has all 5 FSMO roles).
    Microsoft Windows [Version 6.3.9600]
    (c) 2013 Microsoft Corporation. All rights reserved.
    C:\Users\username>dcdiag /v /test:dns
    Directory Server Diagnosis
    Performing initial setup:
       Trying to find home server...
       * Verifying that the local machine WGDDC01, is a Directory Server.
       Home Server = WGDDC01
       * Connecting to directory service on server WGDDC01.
       * Identified AD Forest.
       Collecting AD specific global data
       * Collecting site info.
       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wgd,DC=inet,LD
    AP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
       The previous call succeeded
       Iterating through the sites
       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
    ,CN=Sites,CN=Configuration,DC=wgd,DC=inet
       Getting ISTG and options for the site
       * Identifying all servers.
       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wgd,DC=inet,LD
    AP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers
       Getting information for the server CN=NTDS Settings,CN=WGDDC01,CN=Servers,CN=
    Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wgd,DC=inet
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       Getting information for the server CN=NTDS Settings,CN=WGDDC02,CN=Servers,CN=
    Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wgd,DC=inet
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.
       * Found 2 DC(s). Testing 1 of them.
       Done gathering initial info.
    Doing initial required tests
       Testing server: Default-First-Site-Name\WGDDC01
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             Determining IP4 connectivity
             * Active Directory RPC Services Check
             ......................... WGDDC01 passed test Connectivity
    Doing primary tests
       Testing server: Default-First-Site-Name\WGDDC01
          Test omitted by user request: Advertising
          Test omitted by user request: CheckSecurityError
          Test omitted by user request: CutoffServers
          Test omitted by user request: FrsEvent
          Test omitted by user request: DFSREvent
          Test omitted by user request: SysVolCheck
          Test omitted by user request: KccEvent
          Test omitted by user request: KnowsOfRoleHolders
          Test omitted by user request: MachineAccount
          Test omitted by user request: NCSecDesc
          Test omitted by user request: NetLogons
          Test omitted by user request: ObjectsReplicated
          Test omitted by user request: OutboundSecureChannels
          Test omitted by user request: Replications
          Test omitted by user request: RidManager
          Test omitted by user request: Services
          Test omitted by user request: SystemLog
          Test omitted by user request: Topology
          Test omitted by user request: VerifyEnterpriseReferences
          Test omitted by user request: VerifyReferences
          Test omitted by user request: VerifyReplicas
          Starting test: DNS
             DNS Tests are running and not hung. Please wait a few minutes...
             See DNS test in enterprise tests section for results
             ......................... WGDDC01 failed test DNS
       Running partition tests on : DomainDnsZones
          Test omitted by user request: CheckSDRefDom
          Test omitted by user request: CrossRefValidation
       Running partition tests on : ForestDnsZones
          Test omitted by user request: CheckSDRefDom
          Test omitted by user request: CrossRefValidation
       Running partition tests on : Schema
          Test omitted by user request: CheckSDRefDom
          Test omitted by user request: CrossRefValidation
       Running partition tests on : Configuration
          Test omitted by user request: CheckSDRefDom
          Test omitted by user request: CrossRefValidation
       Running partition tests on : wgd
          Test omitted by user request: CheckSDRefDom
          Test omitted by user request: CrossRefValidation
       Running enterprise tests on : wgd.inet
          Starting test: DNS
             Test results for domain controllers:
                DC: WGDDC01.wgd.inet
                Domain: wgd.inet
                   TEST: Authentication (Auth)
                      Authentication test: Successfully completed
                   TEST: Basic (Basc)
                      The OS
                      Microsoft Windows Server 2012 R2 Standard (Service Pack level:
     0.0)
                      is supported.
                      NETLOGON service is running
                      kdc service is running
                      DNSCACHE service is running
                      DNS service is running
                      DC is a DNS server
                      Network adapters information:
                      Adapter [00000010] Broadcom NetXtreme Gigabit Ethernet:
                         MAC address is B0:83:FE:C1:98:07
                         IP Address is static
                         IP address: 10.240.1.23
                         DNS servers:
                            10.240.1.23 (WGDDC01) [Valid]
                            10.240.1.24 (WGDDC02) [Valid]
                            127.0.0.1 (WGDDC01) [Valid]
                      The A host record(s) for this DC was found
                      The SOA record for the Active Directory zone was found
                      Warning: no DNS RPC connectivity (error or non Microsoft DNS s
    erver is running)
                      [Error details: 5 (Type: Win32 - Description: Access is denied
             Summary of test results for DNS servers used by the above domain
             controllers:
                DNS server: 10.240.1.23 (WGDDC01)
                   All tests passed on this DNS server
                   Name resolution is functional._ldap._tcp SRV record for the fores
    t root domain is registered
                DNS server: 10.240.1.24 (WGDDC02)
                   All tests passed on this DNS server
                   Name resolution is functional._ldap._tcp SRV record for the fores
    t root domain is registered
             Summary of DNS test results:
    Auth Basc Forw Del  Dyn  RReg Ext
                Domain: wgd.inet
                   WGDDC01                      PASS WARN n/a  n/a  n/a 
    n/a  n/a
             ......................... wgd.inet passed test DNS
          Test omitted by user request: LocatorCheck
          Test omitted by user request: Intersite
    C:\Users\dsmythe>ipconfig /all
    Windows IP Configuration
       Host Name . . . . . . . . . . . . : WGDDC01
       Primary Dns Suffix  . . . . . . . : wgd.inet
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : wgd.inet
    Ethernet adapter WGD_INET:
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : B0-83-FE-C1-98-07
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.240.1.23(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.240.1.1
       DNS Servers . . . . . . . . . . . : 10.240.1.23
                                           10.240.1.24
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Tunnel adapter isatap.{2C28B0FA-6BF8-4201-A6DA-081AED63B496}:
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    When I try to bind a machine to the domain I get an error message that says "
    The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "wgd.inet":
    The error was: "This operation returned because the timeout period expired."
    (error code 0x000005B4 ERROR_TIMEOUT)
    The query was for the SRV record for _ldap._tcp.dc._msdcs.wgd.inet
    The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:
    10.240.1.24
    10.240.1.23
    Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.
    Please let me know if I'm missing something or if there are other things I can check.
    Thanks!
    I forgot to mention that after the 2003 domain controllers were out of the environment, I raised the domain and forest functional level to 2012 R2.  All clients in the environment are Windows XP Pro or above.  The XP Pro boxes will be going away as
    soon as our vendor supports their software to run on Windows 7.

    We now have 2 2012 R2 DCs. The 2003 DCs are gone. Metadata from the old DCs is all cleaned up. DNS seems to be working fine in 3 out of 4 subnets. The 4th is behind a hardware firewall and I can see the IP address of the machine I am trying to bind to the
    domain connecting to the two new domain controllers but the client machine that is trying to bind gives an error.  An Active Directory Domain Controller for the domain wgd.inet could not be contacted.  It seems that this is just a DNS issue for one
    particular subnet (10.240.2.0/24).  This subnet is setup in AD Sites and Services\Sites\Subnets\10.240.2.0/24 (Site: Default-First-Site-Name).
    When trying to do anything with nslookup from the 10.240.2.0/24 subnet it times out.  The route is there and I can watch it connect through our hardware firewall over port 53.
    DC01
    Microsoft Windows [Version 6.3.9600]
    (c) 2013 Microsoft Corporation. All rights reserved.
    C:\Users\dsmythe>netdom query fsmo
    Schema master               WGDDC01.wgd.inet
    Domain naming master        WGDDC01.wgd.inet
    PDC                         WGDDC01.wgd.inet
    RID pool manager            WGDDC01.wgd.inet
    Infrastructure master       WGDDC01.wgd.inet
    The command completed successfully.
    C:\Users\dsmythe>ipconfig /all
    Windows IP Configuration
       Host Name . . . . . . . . . . . . : WGDDC01
       Primary Dns Suffix  . . . . . . . : wgd.inet
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : wgd.inet
    Ethernet adapter WGD_INET:
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : B0-83-FE-C1-98-07
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.240.1.23(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.240.1.1
       DNS Servers . . . . . . . . . . . : 10.240.1.23
                                           10.240.1.24
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Tunnel adapter isatap.{2C28B0FA-6BF8-4201-A6DA-081AED63B496}:
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    C:\Users\dsmythe>
    DC02
    Microsoft Windows [Version 6.3.9600]
    (c) 2013 Microsoft Corporation. All rights reserved.
    C:\Users\dsmythe>netdom query fsmo
    Schema master               WGDDC01.wgd.inet
    Domain naming master        WGDDC01.wgd.inet
    PDC                         WGDDC01.wgd.inet
    RID pool manager            WGDDC01.wgd.inet
    Infrastructure master       WGDDC01.wgd.inet
    The command completed successfully.
    C:\Users\dsmythe>ipconfig /all
    Windows IP Configuration
       Host Name . . . . . . . . . . . . : WGDDC02
       Primary Dns Suffix  . . . . . . . : wgd.inet
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : wgd.inet
    Ethernet adapter NIC1:
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : B0-83-FE-C1-9F-74
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.240.1.24(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.240.1.1
       DNS Servers . . . . . . . . . . . : 10.240.1.24
                                           10.240.1.23
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Tunnel adapter isatap.{4F45E51E-FC2F-49ED-85CF-0750A9EEECF5}:
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    C:\Users\dsmythe>

  • Setting up Time Sync when all domain controllers are virtual machines?

    We have 2 existing server 2008 domain controllers on 2008 Hyper-V.  We plan to set up a third domain controller in a new AD site at a remote site that will be Server 2012 R2 on 2012R2 Hyper-V.
    PDC role DC is on one of the DCs in the original site.
    How should time syncing be set?
    From what I've read, all Hyper-V time synchronization between the virtual domain controllers and their Hyper-V host should be disabled.
    So, do we set up the PDC virtual machine to sync to an external site source and then expect the other 3 domain controllers to automatically sync with the time of the PDC?
    What happens with this process during a PDC reboot or if that PDC role domain controller becomes unavailable for any other reason? Does one of the other DCs then take over the role of domain time source even through they don't have access to the external
    time source?
    Should we also turn off Hyper-V time syncing for every Hyper-V guest that is a member of our domain (since they should also be getting their time from a domain controller) or only turn off the Hyper-V time sync for the domain controllers alone?

    We have 2 existing server 2008 domain controllers on 2008 Hyper-V.  We plan to set up a third domain controller in a new AD site at a remote site that will be Server 2012 R2 on 2012R2 Hyper-V.
    PDC role DC is on one of the DCs in the original site.
    How should time syncing be set?
    Simply make sure that time sync is disabled on your Hyper-V VM. For time configuration in AD domain, I have documented that here: http://social.technet.microsoft.com/wiki/contents/articles/18573.time-synchronization-in-active-directory-forests.aspx
    From what I've read, all Hyper-V time synchronization between the virtual domain controllers and their Hyper-V host should be disabled.
    So, do we set up the PDC virtual machine to sync to an external site source and then expect the other 3 domain controllers to automatically sync with the time of the PDC?
    They don't take over the role of PDC. The downtime of your PDC should not take a long time. That is why it is important to regularly monitor the health status of your DCs using SCOM or third party tools. The one I usually recommend is
    Lepide Auditor - Active Directory: http://www.lepide.com/lepideauditor/active-directory.html. The solution allows you also to trackchanges
    in your AD domain.
    Should we also turn off Hyper-V time syncing for every Hyper-V guest that is a member of our domain
    (since they should also be getting their time from a domain controller) or only turn off the Hyper-V time sync for the domain controllers alone?
    I would recommend turning off the Hyper-V time sync on all your Hyper-V VMs that are domain-joined.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Upgrading windows server 2003 domain controller to windows server 2008

    Hello friedns :
    We have a company with about 2000 users , and two windows server 2003 domain controllers , one of them acts as a primary domain controller , and the other acts as secondary domain controller , all the FSMO s are on the primary DC ,we have decided to upgrade all of our servers from windows server 2003 to windows server 2008 , the first step is to upgrade the domain controllers to windows server 2008 , our domain controllers are so sensitive and has to be active 24 hours a day , i have stress upgrading it to windows server 2008 , what is the best solution to upgrade it with no risk ?
    ( i have an opinion but i am not sure and i dont have any guide about it , i want to install a windows server 2008 and promote it as an additional domain controller to the windows server 2003 DC and the transfer all the FSMOs to it , and then promote the first domain controller !!! is that possible ? if yes , is there any guide about it? )
    If there is a guide available for it please let me know . (Specially if there is a tip & trick)
    thank you guys.
    Network is my LOVE

    Hi,
    This TechNet online article might be helpful for you.
    How to Upgrade Domain Controllers to Windows Server 2008 or Windows Server 2008 R2
    http://technet.microsoft.com/en-us/library/ee522994(WS.10).aspx
    For your convenience, I have list some general steps for your reference.
    Since the following operation have potential damage to Active Directory database, it is highly suggested that you'd better perform a full backup of Active Directory (System State) firstly. Also it is better to test the following procedure in a similar lab environment first.
    General Steps:
    =============
    1. Verify the new server's TCP/IP configuration has been pointed to the current DNS server.
    2. Make the new server become a member server of the current Windows Server 2003 domain first.
    3. Upgrade the Windows Server 2003 forest schema to Windows Server 2008 schema with the "adprep /forestprep" command on old server.
    Please run the "adprep.exe /forestprep" command from the Windows Server 2008 installation disk on the schema master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
    Drive:\sources\ADPREP\adprep.exe /forestprep
    4. Upgrade the Windows 2003 domain schema with the "adprep /domainprep" command on old server.
    Please run the "adprep.exe /domainprep" command from the Windows Server 2008 installation disk on the infrastructure master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
    Drive:\sources\ADPREP \adprep.exe /domainprep
    5. Insert Windows Server 2008 Installation Disc in the new server.
    6. Run "dcpromo" on new server to promote it as an additional domain controller in existing Windows 2003 domain, afterwards you may verify the installation of Active Directory.
    Please refer to:
    How to Verify an Active Directory Installation in Windows Server 2003
    http://support.microsoft.com/kb/816106
    7. Verify the new server's TCP/IP configuration has been pointed to current DNS server.
    8. Enable Global Catalog on new server and manually Check Replication Topology and afterwards manually trigger replication (Replicate Now) to synchronize Active Directory database between 2 replicas.
    Please note: It will some time to replicate GC between DC, please wait some time with patience.
    9. Disable Global Catalog on the old DC.
    10. Transfer all the FSMO roles from the old DC to the new DC.
    Please refer to:
    How to view and transfer FSMO roles in Windows Server 2003
    http://support.microsoft.com/kb/324801
    11. Verify that the old DNS Server Zone type is Active Directory-Integrated. If not, please refer to:
    How To: Convert DNS Primary Server to Active Directory Integrated
    http://support.microsoft.com/kb/816101
    Note: Active Directory Integrated-Zone is available only if DNS server is a domain controller.
    12. Install DNS component on new server and configure it as a new DNS Server (Active Directory Integrated-Zone is preferred). All the DNS configuration should be replicated to the new DNS server with Active Directory Replication.
    13. Make all the clients change TCP/IP configuration to point to new server as DNS.
    14. You may configure TCP/IP on all the clients, or adjust DHCP scope settings to make them use the new DNS server.
    Please note: It is a good practice to make the old DC offline for several days and check whether everything works normally with the new server online. If so, you may let the old DC online and run DCPROMO to demote it.
    Hope it helps.
    Regards,
    Wilson Jia
    This posting is provided "AS IS" with no warranties, and confers no rights.

  • Automatically switch user every 2 hours

    Hi my name is Khari
    I'm wondering if someone will help me create a script in .bat to Automatically go to the
    switch users screen every 2 hours but before it does so, it ask me for a pin number to keep it from going to the switch users screen.

    This is well beyond the scope of both, this forum and simpla bat script file. Try to first search internet including MS Script center and then, if you find nothing appropriate, place the task in MSDN forum. My advice is: Do not narrow the task to simpla
    bat file. It will be a service running in background.
    HTH
    Milos

  • Constant Log In-Switch User pages interrupti​ng work

    T510 I keep getting "John locked"  "switch user" screens, sometimes every two minutes, followed by a john Administator log in page.
     I am the only user. This happened over a year ago and someone told me it is caused by Webshots screensaver settings.
    I've tweaked these to no avail. 
    Is deleting Switch User and Lock from the Shut Down menu a good idea?
    If so how wouold that be done

    hey ozman,
    looking at this, i would recommend that you check in your program list and see if there is a Webshots program installed.
    if there is remove it.
    WW Social Media
    Important Note: If you need help, post your question in the forum, and include your system type, model number and OS. Do not post your serial number.
    Did someone help you today? Press the star on the left to thank them with a Kudo!
    If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
    Follow @LenovoForums on Twitter!
    Have you checked out the Community Knowledgebase yet?!
    How to send a private message? --> Check out this article.

  • Projector keeps running when switch user

    Hi All..
    when I pressed windows + L button (locking the computer to switch user screen) and the projector keep running in the background, how to solve it?
    please help me..
    thanks..

    Send Apple feedback. They won't answer, but at least will know there is a problem. If enough people send feedback, it may get the problem solved sooner.
    Feedback
    Or you can use your Apple ID to register with this site and go the Apple BugReporter. Supposedly you will get an answer if you submit feedback.
    Feedback via Apple Developer

  • Can't edit default domain controllers policy on windows 8 or server 2012

    I have found that I can't edit the "Default Domain Controllers Policy" from a Windows 8 or Server 2012 machine.  I can edit and save changes fine from a Windows 7 machine.  The domain controllers are running Windows 2012 Standard upgraded
    from Windows 2008 R2.  Is there a security setting I am missing?

    Posting the resolution from the other thread.  Hope it helps!
    I just accidentally resolved this issue today.  I added the GPMC to a 2008 R2 server so I could make a needed firewall
    change within the Windows Firewall with Advanced Security section of the Default Domain Controllers GPO (I enabled the Remote Event Log management rule for the Domain profile).  About an hour later, I forgot I was using my Windows 8 machine and I went
    to edit the Default Domain Controllers GPO and opened for edit without a problem.  I can now edit it from Windows 8 and from Windows Server 2012.  Until now, I was using a Windows 7 VM to make the edits, so in my case the problem was resolved by
    editing the GPO once from a 2008 R2 machine.

  • Announcing the availability of enabling Windows Server 2012 R2 Essentials' integration of Microsoft online services in environments with multiple domain controllers

    In Windows Server Essentials 2012 R2, all of our online services integration features, including Azure Active Directory and Office 365, are supported only in environments that
    have a single domain controller. In environments with more than one domain controller, integration of these services is blocked due limitations in the user account and password synchronization mechanism in Windows Server Essentials. 
    I am happy to announce that with the recent Windows August Update released on (8/12/2014, PST), this limitation has been removed.  This update adds support for both Azure
    Active Directory integration and Office 365 integration features in domain environments consisting of a single domain controller, multiple domain controllers, or Windows Server Essentials as a domain member server.
    For more information, please go to
    http://support.microsoft.com/kb/2974308

    Hi JoeBeck,
    Thanks for the comment. Could you please tell which link you clicked to download?
    Please go to PinPoint check details and start download
    http://pinpoint.microsoft.com/en-US/applications/Dynamics-CRM-Online-Add-in-12884966386
    Thanks,
    Shanghai Wicresoft

  • Domain group validation hangs during ECC 6.0 install on windows server 2008

    Hello to the group.
    We are installing ECC 6.0 R3 on a windows server 2008 system (with SQL 2008) and the install is hanging in the user/group creation steps. Specifically, the install is able to create a group at the domain level but hangs when it tries to verify that group.
    What's funny is the system is able to create two local domain groups without any issues.
    Have any of you run into this same issue? We've tried updating sapinst and restarting the install process using a known good domain admin account (we are also creating a ticket to SAP support).
    Thanks for any help!
    J. Haynes

    > This is actually a Domain based install.
    ok
    > So far after 12 hours the install is still hung. So we are looking at both network and issues with the AD related DLLS.
    You can doubleclick on the orange icon (the sapinst backend process) next to the clock on the desktop and scroll down. There you may find a hint why it's taking so long.
    Maybe you have a wrong/missing DNS server entry so the server is unable to find the domain controller, maybe the firewall is enabled and blocking asynchronous answers.
    Markus

  • URGENT!! Demoted SBS server and now no other Domain Controllers are functioning

    Last night we were demoting a 2003 SBS in a domain. We have 3 other domain controllers that were online and appeared to be functional. All were shown in Sites and Services as GC. However, after demoting the SBS server, our other Domain controllers are not
    functioning as GCs or as DCs.
    I can get into Sites and Services if I let it fail when it tries to connect to the domain and then tell it to connect to the specific domain controller. But then things don't look quite right. I can't see all the tabs when I drill down to NTDS Settings and
    go to properties. The only tabs that show up are Security and Attribute Editor. Same thing with ADUC, I only get some of the tabs. It is like only half of AD is there.
    I need some urgent help if anyone can assist.

    Hi,
    In order to identify the cause, I suggest you run
    DCDiag command on a Domain Controller, and post out the results for troubleshooting:
    Dcdiag
    http://technet.microsoft.com/en-us/library/cc731968.aspx
    What does DCDIAG actually… do?
    http://blogs.technet.com/b/askds/archive/2011/03/22/what-does-dcdiag-actually-do.aspx
    Best Regards,
    Amy Wang

Maybe you are looking for

  • Process type in Process chain

    HI all; I want to cancel the process type if it takes let's say more than 2 hrs.; the reason is sometimes the rollup job don't finish and just hang it forever...until more than 12 hrs and we have to manually cancel the job in the morning when we come

  • COBRA issue for Domino Notes

    Hi,ALL This is a strange Question, please help me to figure it out. I have a HttpServlet Aplication, It will connect with Domino server to search database as CLIENT. So, When It connect with Domino server. I use Notes Cobra connection: NotesFactory.c

  • White Screen- New Hard Drive Same issue

    I had a white screen. The MacBook Pro would do nothing. The only way I could get it to work was by pressing option when powering on but even then I tried everything reinstalling Lion. When I tried to reinstall lion it would pop up with an error messa

  • Use of Apple System Voice for commercial purposes.

    I apologise if this is posted in the wrong category (I could see no other alternative however). My question is: I'd like to be able to make use of Apple's In-Built Voices for both web content and e-book use (recording samples of phrases and including

  • How to display masked links in PDF when printing?

    Hello I have several PDF's which contain hyperlinks masked behind words. I would give readers of this document to print out the PDF. However, as the links are masked they wouldnt be able to use the document in print form. Is there any way to have the