Setting up FTP on Domain Controller using User Isolation
Hi all,
Our FTP site is set on a domain controller (not best practice i know, but i wasn't involved in the implementation of it) However, it currently works with the "FTP Root Directory" option selected, however this is not very secure as everyone has access
to everything. I need to set it up so it uses "Username Directory" as this is a domain controller, and i want them to authenticate via AD User/Group. However when i select that option, i can't connect to the FTP site - Connection attempt failed with
"EAI_NONAME - Neither nodename nor servname provided, or not known". When i change it back to "FTP Root Directory" it connects fine.
Basic Authentication is Enabled and Anonymous Authentication is disabled.
Virtual Directory option is selected under directory listing options.
Our FTP folder structure is E:\FTPRoot it got moved to this drive as it's a bigger drive.
I've set up a Virtual Directory for the FTP site and for the individual folders.
I'm stuck on what else to try, any advice and guidance would be appreciated.
Hi,
FTP setup is related to IIS so you could post the question to IIS forum instead.
http://forums.iis.net/
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Similar Messages
-
Help with setting up active directory domain controller/DNS - need this for Clustering
Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
When I look at my server manager AD DS complain about DNS:
NASE-2012-234 4015 Error Microsoft-Windows-DNS-Server-Service DNS Server 1/14/2014 12:54:06 AM
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
When I click on DNS this is the error:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
Output of DCDiag -v is below.
PS C:\Users\Administrator> dcdiag -v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine NASE-2012-234, is a Directory Server.
Home Server = NASE-2012-234
* Connecting to directory service on server NASE-2012-234.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
e,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
SDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
N=Configuration,DC=lab,DC=nase,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\NASE-2012-234
Starting test: Connectivity
* Active Directory LDAP Services Check
The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
Check the DNS server, DHCP, server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
......................... NASE-2012-234 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\NASE-2012-234
Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : lab
Starting test: CheckSDRefDom
......................... lab passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... lab passed test CrossRefValidation
Running enterprise tests on : lab.nasecom
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
PDC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
Time Server Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
KDC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
......................... lab.nase.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
provided.
......................... lab.nasecom passed test Intersite
PS C:\Users\Administrator>http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions. You might want to post your question there.
.:|:.:|:. tim -
Use old domain controller AD user profile with new domain (profile changed)
Dear All,
I have built Win Server 2012 for Domain migration from Windows Server 2003 to Windows Server 2012. I have tested all thing on VMware including user creation and tested Domain join using power shell for Win 7 and .VBs batch file for Win XP computers all thing
are working fine.
Let 1st I introduce my current environment. I have existing Win Server 2003 domain controller (abc.com) with 130 client computers and 200 users I am going to plan migrate my current environment to Win server 2012 Domain (xyz.com) Keep in mind that Domain
name is changed but Domain Controller (Server) names are same i.e MY-PDC . I have tested domain join on multiple computers using existing clone of client computers and create all existing users using .csv file and power shell with required
credentials and OU.I am facing the user profile issue when I join domain and login with existing user which was previously the user of same computer the required profile does not login and computer creates new user profile in Document and Settings section
of Win XP.
I need your expert opinions because copy old profile data and create new outlook profile for each user is a big headache for any one. Hope you people can understand and help me in this issue.
Please provide best answer and result on priority I will be thankful to all of you.
Regards,
ArsalanHi Arsalan,
Please check if USMT can help you to achieve this target.
User State Migration Tool 4.0 User's
Guide
Meanwhile, please also refer to following articles and check if can help you.
How
to Migrate Windows User Profile to New Account
Keeping user old domain profile
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
does not guarantee the accuracy of this information.
If anything I misunderstand or any update, please don’t hesitate to let us know.
Hope this helps.
Best regards,
Justin Gu -
Greetings,
I promoted a 2012 domain controller, with new name and IP, shutdown the old DC and re-ip'ed new DC with old IP address.
after reboot everything is working fine. I would like to deleted the old DC object name from the AD. can I do so without interruption?
Thank youDemotion using DCPROMO would have been the preferred way to go.
You should however be able to get away with deleting the computer object for the old DC using AD Users and Computers. The metadata cleanup is now included in the modern UI, so you shouldn't need to use NTDSUtil to do the cleanup of references to the
old DC.
I would also manually remove the NS record for the old DC from your DNS zone(s) as this is not handled by the object deletion.
Also, have a good look through the DNS records anyway and see if there are any references to the old name (A, SRV records) and delete them manually if you find some.
Alexei -
Domain Controller deletes user account settings and applications - windows server 2012
once in a month, when the user logs into his account, his settings and some applications get deleted. he has to install the outlook again, dropbox gets deleted, setting on the desktop disappears (files are still there) etc
I am not sure about the cause or the solution. please let me know what i can do to fix thisHi,
All the user has the same issue?
Did the issue occur when you log into the Domain Controller?
Any event id in event viewer?
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Domain Controller Logon Users Count
Hi Guys,
I am trying to retrieve a list or numbers of users that are authenticated against a particular Domain Controller. I ran the following command but no luck.
3.21 Finding the Number of Logon Attempts Made Against a Domain Controller
Problem
You want to find the number of logon requests a domain controller has processed.
Solution
The following query returns the number of logon requests processed:
> nltest /server:<DomainControllerName> /LOGON_QUERY
This will produce output similar to the following:
Number of attempted logons: 1054
I recently configured sites within my domain, Now i am after statistics that tell me how many users got authenticated by a domain controller.You can try to run this:
$users = Get-ADUser -filter * -properties lastlogon -Server Server1
foreach ($user in $users)
$info = "" + $user.sAMAccountName + ";" + [DateTime]::FromFileTime($user.lastlogon) + ""
$info
Just replace Server1 with the name of your DC. You will then get the list of all the users with their
lastlogon attribute value on this DC. By filtering the users by this attribute value, you will be able to get the list of users that have recently authenticated against this DC.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Unable to log onto domain controller with user account
Hi,
I am able to log onto my DC as domain admin. I cannot log on as myself. I do not see what I am missing in the GPO to make this happen? I am part of a server admin group and would like the server admin group to be able to log on to the domain controller to
maintain the server.
Any suggestions?
Wave~ChaserLog on to this DC and run rsop.msc and check the following policies:
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on locally
Add your self to Allow log on locally
(in default domain controller policy - as I mentioned above) and make sure your user account not belong to any group that have Deny log on locally.
Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks. -
Set a default LDAP domain if the user does not specify one during logon
We are using LDAP authentication. We have setup the repository to have 3 LDAP servers, with the following domain identifiers: PUBLIC, AGENT, CORPORATE. We would like to default the domain to PUBLIC for external users, so they do not need to provide a domain. AGENT and CORPORATE users would still specifiy the domain. Is there a way to do this? I've tried setting the USER variable in an init block using the following sql.
Init block 1 - populates the USER session variable to prepend with PUBLIC if not specified
select (CASE WHEN substr(':USER',1,instr(':USER','/')-1) is NULL then 'PUBLIC/'||':USER'
ELSE ':USER'
END)
from dual
Init block 2 - LDAP authentication - populates the EMAIL and UID session variables
mail = EMAIL
uid = UID
Because I've defined the USER variable in the previous init block, I can't return the uid into the USER variable. This caused it to think that authentication was successful, and it allows you to login with valid LDAP users, but it will take any password you provide.
ideas?Yes, I have done that. I have removed all other init blocks, and now have just the two. Init block 1 - set the value of the USER_TEMP variable, and init block 2 - the authentication init block. The authentication init block is marked as required for authentication, and the other init block must precede it. It is still allowing a user to login successfully under PUBLIC, when they are not a public user. If I explicitly login as PUBLIC/<user> it fails, as I would expect. But when I login as <user> it is successful. Which is not correct. I've checked in Answers that the variable USER_TEMP is being set to PUBLIC/<user>. So, I'm still confused as to why the LDAP init block is allowing it to go through.
Edited by: user10603068 on Jun 9, 2010 7:26 AM -
Stop using static domain controller
How do I remove the static domain controller used by Exchange? I need it to talk to all the domain controllers on our network. Each time the single DC that it looks to goes down, no one can access the Exchange server.
Hi rudnicke,
Thank you for your question.
We could run the following command to stop using static domain controller:
Set-ExchangeServer -Identity 'servername' -StaticConfigDomainController $null -StaticDomainControllers $null -StaticGlobalCatalogs $null
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support -
10.5.7 server as primary domain controller
Setting up a 10.5.7 server -
Server is setup as a open directory master, I want it also to be a primary domain controller (smb).
But when I try to change it from Standalone Server to primary domain controller, using my directory admin user id and password, it just reverts back to standalone server. tried it with smb running and not running.
Any ideas ?Having the same issue with Leopard Server 10.5.8.
SMB was previously set up as a "Domain Member" and now I want to make it a "Primary Domain Controller".
After reboot, the Role always reverts back to "Domain Member".
Any ideas? -
Central Domain Controller in Solution manager
Hi All,
We have configured ChaRM successfully for ECC and BI system landscapes, by creating domain links between Solution Manager domain controller and individual domain controllers for ECC and BI systems. Now, we are planning to go for a central domain controller (Solman Domain Controller) for all the satellite systems. So basically, we plan to move the individual domain controllers from ECC and BI to solman domain controller and i guess there will not be domain links required anymore.
With regards to above scenario, please help me with below queries:
1 - Will the above strategy work with chaRM or not
2 - If yes, what are the activities that would be required to be redone in satellite system and solman system
3- Any critical pre-requisites that needs to be checked before we can start this exercise
Please help me with the above queries. Appreciate your time and effort.
Thanks in advance.
Regards,
ImranHI,
Yes, you could use solman to be set as the main domain controller; either way with domain links, please kindly have a look
at this expert blog by our Charm expert;
/people/dolores.correa/blog/2008/07/26/first-steps-to-work-with-change-request-management-scenario
On transport group matters , you may want to visit this blog, on point no. 3
https://weblogs.sdn.sap.com/cs/junior/view/wlg/15116
Hope this helps.
Cheers
SH -
Login to Domain Controller which is not in network
Scenario
I've taken an online clone of one of my Virtual Window 2003 Enterprise Domain Contoller which doesn't hold any roles. Removed the Clone Domain Controller from Network & powered it on.
Now I want to log into that Domain Controller using my Domain Admin credentials but it's not working.
Is there a way to log in to that Domain Controller which is taken out of network USING DOMAIN ADMIN ID ?
I can log in to Restore Mode but that's not what I'm looking for, I need to log in to that DC using my Domain Admin credentials while It's not in network.
This is for lab purpose.Hi Yankee,
Have you cached credentials on the Domain Controller before you cloned one?
I just tested that if I cache credentials, users are able to log on when domain controllers are offline.
If not, you can try to clone another after cached credentials then test again, please note that do not take the cloned DC online, which will lead USN rollback.
More information for you:
Cached domain logon information
http://support.microsoft.com/kb/172931/en-us
Running Domain Controllers in Hyper-V
http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(v=WS.10).aspx
Best Regards,
Amy -
[Forum FAQ] How to sync time with a Domain Controller for a standalone server
As we all known, if a computer belongs to an Active Directory domain, it will sync the time automatically by using the Windows Time service that is available on Domain Controllers.
While a standalone server will synchronize with its local hardware time and Windows time server. (Figure 1)
Figure 1.
Under some circumstances, a standalone server is necessary in a product environment. We can sync the time of this standalone server with the Domain Controller using
the steps below:
1. Modified the value of the AnnounceFlags:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Under this entry we can see the default value of AnnounceFlags is 10 (Decimal), we configure the value as 5 (Decimal). (Figure 2)
Figure 2.
2. Confirm the value of the registry key below is set to 0:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
Figure 3.
3. Configure the standalone server to synchronize with a specific time source (Domain Controller).
In our test, we configured our Domain Controller (192.168.10.200) as the time source. Used the following commands:
w32tm /config /syncfromflags:manual /manualpeerlist:192.168.10.200
4. Sync the time with the Domain Controller using the command below:
w32tm /config /update
From the figure below (Figure 4), you can see the after we did all the steps above, the time on the standalone server was synced with the Domain Controller.
Figure 4.
(Note: Peerlist is a separated list of DNS servers, or IP Addresses for the time servers)
More information:
Windows Time Service Tools and Settings
http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx#w2k3tr_times_tools_dyax
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.Thank you for the instruction! I am sure it is one of the scenarios that majority of administrators will run into. So I suggest to write a wiki about it and publish it for this month's TechNet Guru in Windows Server section. This month's TechNet Guru can
be found here:
Calling All Wise Men! Windows
Server Gurus Needed! Apply Within! No One Turned Away!
Thanks for your informative post. :)
Regards.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
Promoting a server to a Domain Controller
Quick question - I am just trying to satisfy my curiosity.
I was reviewing our network at our new company and it looks like I have a Domain Controller using a DHCP address.
I know best practice is to use a static address, but is it even possible to promote a server using that is using a DHCP address?
ThanksYes, it is possible to promote a DC using a DHCP address. You will receive a warning that says that you are not using a static IP when promoting your DC.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
Enabling User Isolation on IIS FTP site
We have a FTP site currently set to 'Do not isolate users' and 'FTP root folder'. This works nicely for most of our users however we want to add another user who needs to start in a specific sub directory.
I think this can be achieved using user isolation by setting a home directory in AD for all users as per here: http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-user-isolation-in-iis-7
However that would require setting it for all our other users and potentially disrupting them. Are there any other good approaches that i've missed?Hi,
For the iis question, i would suggest you may ask in:
http://forums.iis.net/
Thanks for your understanding.
Regards.
Vivian Wang
Maybe you are looking for
-
After getting computer repaired it said I had too many computers authorized and couldn't add (I've only had ONE computer to sync with itunes so don't know how it counted 5) Required that I deauthorize all computers and then reauthorize again. Did
-
My Adobe Creative Cloud apps won't work
I just installed the apps from Adobe Creative Cloud. When I launch the apps they'll start up but they'll close right after. Does anybody have a idea what to do?
-
Did the update in iPhone and my mail icon is gone? How do I get it back?
did the update in iPhone and my mail icon is gone? How do I get it back?
-
Regarding exit from the module pool screen
h experts, i have developed a module pool report in which in the selection screen i have four fields which are mandatory ,when i execute the program without entering in the selection screen it do not allow to come out of the module pool screen ...wha
-
Browser asking for Username/Password
I have a website, designed in iWeb 09, and hosted using MobileMe. This site is my 2nd, so I have forwarded the domain. I have heard from some people that when they enter the web address, the browser is asking for my MobileMe username and password. Ca