Steps to migrate active directory to new vm
I have just
Please elaborate.
BTW, here's the link to migrate AD : http://technet.microsoft.com/en-us/library/cc731188(WS.10).aspx
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread.
Similar Messages
-
it's possible to migrate AD from Windows server 2003 to Windows server 2012 R2 ?
I believe that you mean upgrading to Windows Server 2012 R2. If that is the question then you can do it with no problems.
The requirement is to have at least Windows Server 2003 as Forest Functional Level. You can raise it as mentioned here: https://technet.microsoft.com/en-us/library/cc730985.aspx
Once done, you can simply add a new server running Windows Server 2012 R2 and promote it as an additional DC with DNS and global catalog. Forest and Domain preparations are done automatically. At the end of the operation, transfer FSMO roles to the new DC
and make sure that time sync is properly configured: http://social.technet.microsoft.com/wiki/contents/articles/18573.time-synchronization-in-active-directory-forests.aspx
Of course, before promoting a new DC or demoting and existing one, you need to make sure that your DCs and AD replication are okay using
dcdiag and repadmin commands. Also, take a system state backup of at least one DC with GC before starting with changes.
Once you added your new Windows Server 2012 R2 DCs and everything is okay, you can demote your old DCs. Once all your DCs are running Windows Server 2012 R2, you can raise your DFL and FFL to Windows Server 2012 R2 and take benefit of the new AD features:
https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels%28v=ws.10%29.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Migrate Active Directory 2003 to 2012 R2 and Exchange Server 2007 to 2013.
My question is which one need to migration first. Active Directory 2003 to 2012 R2 and FFL & DFL or Exchange Server 2007 to 2013.
Md. Ramin HossainMy question is which one need to migration first. Active Directory 2003 to 2012 R2 and FFL & DFL or Exchange Server 2007 to 2013.
Domain. For Exchange installation and upgrading to 2013, you need to make sure that your domain controllers can understand attributes of exchange 2013. Besides if you have DC/Exch on the same server which is 2003 is not supported. Because Windows Server
2003 is not supported.
Migrate your domain to at least 2008 R2 and then proceed with Exchange 2013.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
Migrate Active Directory 2008 to 2012 but need to keep the same ip address and server name
Hi,
Current setup is 2 DCs in one site running 2008 R2 AD.
We are planning to migrate from 2008 R2 to 2012 R2 but need to keep the same ip address and server name. I have came up two plans to do this and hope someone can tell me which one would be the best approach. What is the pros
and cons in Plan A and B or may be plan C if there is a better one?
First, I was planning to do plan A but just had a second thought of Plan B. My concern in Plan A is about changing the server name when the new 2012 R2 already running as DC. Plan B would be changing all the old server
name and ip before they become member sever and DC.
Any information and suggestion would be very appreciated.
Plan A
Run adprep /forestprep on 2008 R2 DC
Build a new 2012 R2 server and promote it as 3rd DCs in current Domain
Transfer FSMO from 2008 R2 to 2012 R2
Run Repadmin /syncall to force replication
Rename the demoted 2008 R2 DC to something else
Change the demoted 2008 R2 ip address to something else
Restart the demoted 2008 R2 server to take effect
Now, run Netdom computername command to change the new 2012 R2 server name to the old 2008 R2 DC server name
Change the new 2012 R2 DC's ip to old 2008 R2 DC's ip
Run ipconfig /flushdns
Run ipconfig /registerdns
DCDIAG to see any error
Plan B
Build 2 new 2012 R2 standalone servers
In 2008 R2 ServerA transfer FSMO to 2008 R2 ServerB
Demote 2008 R2 ServerA to become member server
Rename 2008 R2 ServerA to something else and change the ip address to something else and shut it down
Now, rename one of the new 2012 R2 standalone server to the old demoted 2008 R2 ServerA name
Change the new 2012 R2 standalone server ip to the old demoted 2008 R2 ServerA's ip address
Add the new 2012 R2 standalone server (now with the old 2008 R2 ServerA name and ip) to become member server
Run adprep /forestprep on the 2008 R2 ServerB
Promote the new 2012 R2 (now with the old 2008 R2 ServerA name and ip) as DC
Transfer 2008 R2 ServerB FSMO to the new 2012 R2 DC (now with the old 2008 R2 ServerA name and ip)
Demote 2008 R2 ServerB as member server
Rename 2008 R2 ServerB to something else and change the ip address to something else and shut it down
Now, rename the 2nd new 2012 R2 standalone server to the old demoted 2008 R2 ServerB name
Change the new 2012 R2 standalone server ip to the old demoted 2008 R2 SeverB 's ip address
Add the 2nd new 2012 R2 standalone server to become member server
Promote it as DC
Run DCDIAG to check error
Thanks.Hi,
Renaming a Domain Controller is a risky operation which may lead to issues, therefore, I would suggest you go with the Plan B, rename the server before it becomes DC.
Here is a blog below which could be helpful to you:
Remove an Old DC and Introduce a New DC with the Same Name and IP Address
http://blogs.msmvps.com/acefekay/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address/
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] -
What action required for Cisco Unity 8 if i am migrating Active Directory Forest
HI
Currently we have running cisco unity 8.0 in our environment. Now we are planing to change our domain name ( i.e from abc.com to xyz.com ) for that change what is the procedure to change the Cisco Unity Server domain name. We need to do anything on cisco unity software or just we neeed to change the domain name of the appliance.
Please share your ideas.
ThanksRenaming a Cisco Unity 8.x Server or Moving a Cisco Unity 8.x Server to Another Domain
http://www.cisco.com/en/US/docs/voice_ip_comm/unity/8x/upgrade/guide/8xcurug080.html
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk -
SBS 2008 to Server 2012 R2 Active Directory Migration
Is there a tool that i can use to migrate Active Directory from SBS 2008 to Server 2012 R2?
There is no special tool for your situation. While there is a tool called ADMT that you may see mentioned if you search enough, it isn't really well suited for what you want.
With that said, there is also no *need* for a tool as I've already said. Nor do you need to recreate the users and have mismatched SIDs. You will add the 2012 machine to your existing domain and make it a domain controller. Yes, that means you will have
two DCs (for a time.) This is how larger organizations handle multiple DCs all the time, and they obviously don't go and create the same user on each DC. That is where the domain replication comes in. Your new server will be a DC and will replicate
all of the users *and* SIDs from the existing SBS server.
Then, when you are ready, you decommission the SBS 2008 server gracefully and the new 2012 server becomes your sole DC, but has AD completely intact. It is a tried and true practice, both within and outside of the SBS world, and has been done many many times. -
How to authenticate using Active directory!
Hi all!
at present im using a code given below, its working fine! currently we are using mixed mode active directory! we are going to migrate that to Native mode!
import java.util.Properties;
import javax.naming.*;
import javax.naming.directory.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.Vector;
import com.aigss.codegene.utils.PropertyDispatcher;
public class LdapAuthentication//Servlet extends HttpServlet
private java.util.Hashtable cache = new java.util.Hashtable();
* @param loginid
* @param passwrd
* @return boolean
public boolean authenticate(String loginid, String passwrd) {
if(passwrd.trim().equalsIgnoreCase(""))
return false;
Properties props = new Properties();
String ldapHost = "ldap://HDCQ3Q5CDOM01:389";
String DN =
"CN="
+ loginid.trim()+"DN=,CN=Users,DC=pslsdc,DC=legacy,DC=r5,DC=websi,DC=net";
System.out.println("DN: "+DN);
props.put(Context.INITIAL_CONTEXT_FACTORY,com.sun.jndi.ldap.LdapCtxFactory);
props.put(Context.SECURITY_AUTHENTICATION, "simple");
props.put(Context.SECURITY_CREDENTIALS, passwrd);
props.put(Context.SECURITY_PRINCIPAL, DN);
props.put(Context.PROVIDER_URL, ldapHost);
try {
DirContext ctx = new InitialDirContext(props);
System.out.println("successfully authenticate DN: " + DN);
return true;
} catch (Exception ex) {
System.out.println(ex+loginid);
try{
throw new Exception("login failure : "+ex+loginid);
}catch(Exception e){
e.printStackTrace();
return false;
}when i try to connect into Active directory the new one, im unable to get authenticate, user not found error is coming! (data 525)
im unable to continue!
i tried changing the DN to : [email protected]
also DN: mydomain\vijayvignesh
then im getting error:
java.lang.Exception: istar login failure : javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vecei almost tried everything!
if any one can find a solution pls do come forward!
remember my code works fine in Mixed mode active directory, when we shift that to native mode, it is not working!If you would read the Active Directory error message, it actually gives you a hint:
"The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection"
There was a security feature introduced in Windows Server 2003 that would allow administrators to only allow connections over encrypted sessions (eg. SSL/TLS or Kerberos signing and sealing). This setting is configured somewhere in the Domain Controller's Group Policy, called something like "LDAP Server signing"
One solution is to use SSL/TLS. Refer to my previous post titled "JNDI, Active Directory & Authentication (part 2) (SSL)" at
http://forum.java.sun.com/thread.jspa?threadID=581425&tstart=50 -
Hi Scripting Guy. I am a Server Administrator who is very familiar with Active Directory, but new to PowerShell. Like many SysAdmins, I often need to create multiple accounts (ranging from 3-200) and add them multiple groups (ranging
from 1 - 100). Previously I used VBS scripts in conjunction with an Excel .XLS file (not CSV file). Since VBS is essentially out the door and PowerShell is in - I am having to re-create everthing.
I have written a PowerShell script that bulk creates my users and adds them to their corresponding groups - however, this can only use a CSV file (NOT an XLS file). I understand that "CSV is much easier to use than Excel worksheets", but
most times I have three sets of nearly identical groups (for Dev, QA and Prod). Performing Search and Replace on the Excel template across all four Worksheets ensures the names used are consistent throughout the three environments.
I know each Excel Worksheet can be exported as a separate CSV file and then use the PowerShell scripts as is, but since I am not the only SysAdmin who will be using these it leads to "unnecessary time lost", not to mention the reality that even
though you clearly state "These tabs need to be exported using this naming standard" (to work with the PowerShell scripts) that is not the result.
I've been tasked to find a way to modify my existing PowerShell/CSV scripts to work with Excel spreadsheets/workbooks instead - with no success. I have run across many articles/forums/scirpts that let you update Excel or export AD data into an Excel
spreadsheet (even specifying the worksheet, column and row) - but nothing for what I am trying to do.
I can't imagine that I am the ONLY person who is in this situation/has this need. So, I am hoping you can help. How do I modify my existing scripts to reference "use this Excel spreadsheet, and this specific worksheet in the spreadsheet
prior to performing the New-ADUser/Add-ADGroupMember commands".
For reference, I am including Worksheet/Column names of my Excel Spreadsheet Template as well as the first part of my PowerShell script. M-A-N-Y T-H-A-N-K-S in advance.
Worksheet: Accounts
Columns: samAccountName, CN_DisplayName_Name, sn_LastName, givenName_FirstName, Password, Description, TargetOU
Worksheets: DevGroups / QAGroups / ProdGroups
Columns: GroupName, Members, MemberOf, Description, TargetOU
# Load PowerShell Active Directory module
Write-Host "Loading Active Directory PowerShell module." -foregroundcolor DarkCyan # -backgroundcolor Black
Import-Module ActiveDirectory
Write-Host " "
# Set parameter for location of CSV file (so source file only needs to be listed once).
$path = ".\CreateNewUsers-CSV.csv"
# Import CSV file as data source for remaining script.
$csv = Import-Csv -path $path | ForEach-Object {
# Add '@saccounty.net' suffix to samAccountName for UserPrincipalName
$userPrincinpal = $_."samAccountName" + "@saccounty.net"
# Create and configure new AD User Account based on information from the CSV source file.
Write-Host " "
Write-Host " "
Write-Host "Creating and configuring new user account from the CSV source file." -foregroundcolor Cyan # -backgroundcolor Black
New-ADUser -Name $_."cn_DisplayName_Name" `
-Path $_."TargetOU" `
-DisplayName $_."cn_DisplayName_Name" `
-GivenName $_."givenName_FirstName" `
-SurName $_."sn_LastName" `
-SamAccountName $_."samAccountName" `
-UserPrincipalName $userPrincinpal `Here is the same script as a function:
Function Get-ExcelSheet{
Param(
$fileName = 'C:\scripts\test.xls',
$sheetName = 'csv2'
$conn = New-Object System.Data.OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source = $fileName;Extended Properties=Excel 8.0")
$cmd=$conn.CreateCommand()
$cmd.CommandText="Select * from [$sheetName$]"
$conn.open()
$cmd.ExecuteReader()
It is called like this:
Get-ExcelSheet -filename c:\temp\myfilename.xslx -sheetName mysheet
Do NOT change anything in the function and post the exact error. If you don't have Office installed correctly or are running 64 bits with a 32 bit session you will have to adjust your system.
¯\_(ツ)_/¯
HI JRV,
My apologies for not responding sooner - I was pulled off onto another project this week. I have included and called your Get-ExcelSheet function as best as I could...
# Load PowerShell Active Directory module
Write-Host "Loading Active Directory PowerShell module." -foregroundcolor DarkCyan # -backgroundcolor Black
Import-Module ActiveDirectory
Write-Host " "
# JRV This Function Loads the Excel Reader
Function Get-ExcelSheet{
Param(
$fileName = 'C:\scripts\test.xls',
$sheetName = 'csv2'
$conn = New-Object System.Data.OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source = $fileName;Extended Properties=Excel 8.0")
$cmd=$conn.CreateCommand()
$cmd.CommandText="Select * from [$sheetName$]"
$conn.open()
$cmd.ExecuteReader()
# Set parameter for location of CSV file (so source file only needs to be listed once) as well as Worksheet Names.
$sourceFile = ".\NewDocClass-XLS-Test.xlsx"
# Add '@saccounty.net' suffix to samAccountName for UserPrincipalName
$userPrincinpal = $_."samAccountName" + "@saccounty.net"
# Combine GivenName & SurName for DisplayName
$displayName = $_."sn_LastName" + ". " + $_."givenName_FirstName"
# JRV Call the Get-ExcelSheet function, providing FileName and SheetName values
# Pipe the data from source for remaining script.
Get-ExcelSheet -filename "E:\AD_Bulk_Update\NewDocClass-XLS-Test.xlsx" -sheetName "Create DocClass Accts" | ForEach-Object {
# Create and configure new AD User Account based on information from the CSV source file.
Write-Host " "
Write-Host " "
Write-Host "Creating and configuring new user account from the CSV source file." -foregroundcolor Cyan # -backgroundcolor Black
New-ADUser -Name ($_."sn_LastName" + ". " + $_."givenName_FirstName") `
-SamAccountName $_."samAccountName" `
-UserPrincipalName $userPrincinpal `
-Path $_."TargetOU" `
Below is the errors I get:
Exception calling "Open" with "0" argument(s): "The 'Microsoft.Jet.OLEDB.4.0'
provider is not registered on the local machine."
At E:\AD_Bulk_Update\Create-BulkADUsers-XLS.ps1:39 char:6
+ $conn.open()
+ ~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : InvalidOperationException
Exception calling "ExecuteReader" with "0" argument(s): "ExecuteReader
requires an open and available Connection. The connection's current state is
closed."
At E:\AD_Bulk_Update\Create-BulkADUsers-XLS.ps1:40 char:6
+ $cmd.ExecuteReader()
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : InvalidOperationException -
Powershell Active Directory Account Expiration Script
I am putting together a script that creates a user account in AD, sets the password, adds groups, etc. The part I am having problems with is when the user selects the Contractor employee option and is prompted for the expiration date of the AD account.
The script will create the account, but the expiration date is not set in AD. Any suggestions?
Here's the code:
#Script to create Active Directory account
#Add the Active Directory Module if not already present
if (-not (Get-Module ActiveDirectory))
Import-Module ActiveDirectory -Force
Write-Host ""
Write-Host "======================================================" -ForegroundColor DarkYellow
Write-Host ""
Write-Host "Computer Access"
Write-Host "Create Active Directory User Script"
Write-Host "PowerShell 3.0"
Write-Host "Version: 1.2"
Write-Host "Date: 4/14/2014"
Write-Host "Author: "
Write-Host ""
Write-Host "Please review the created Active Directory Account" -ForegroundColor Red -BackgroundColor Yellow
Write-Host ""
Write-Host "Base Business Unit Group Memberships are added only" -ForegroundColor Red -BackgroundColor Yellow
Write-Host ""
Write-Host "======================================================" -ForegroundColor DarkYellow
Write-Host ""
Write-Host ""
Write-Host "======================================================" -ForegroundColor DarkYellow
Write-Host "Creating Active Directory Account" -ForegroundColor Yellow
Write-Host "======================================================" -ForegroundColor DarkYellow
Write-Host ""
#Specify the target OU for new users
$targetOU = "OU=Personnel,OU=ETA,DC=eta,DC=state,DC=tx"
#Find the current domain info
$domdns = (Get-ADDomain).dnsroot # for UPN generation
#Set Account Variables
#Set Username with Dialogue Box
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Font = New-Object System.Drawing.Font("Arial",10)
$objForm.Text = "Username"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
{$global:setusername=$objTextBox.Text;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
{$objForm.Close()}})
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$global:setusername=$objTextBox.Text;$objForm.Close()})
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click(
{$Looping=$False
$objForm.Close()
[environment]::Exit(0)
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,20)
$objLabel.Text = "Please enter the username for the account:"
$objForm.Controls.Add($objLabel)
$objTextBox = New-Object System.Windows.Forms.TextBox
$objTextBox.Location = New-Object System.Drawing.Size(10,40)
$objTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($objTextBox)
$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate(); $objTextBox.focus()})
[void] $objForm.ShowDialog()
#If OK then set variable and continue
$samname = ($setusername | Out-String)
$samname = ($setusername) + ("")
function validateUser
param(
[string]$username
#if the username is passed without domain\
if(($username.StartsWith("domain\")) -eq $false)
$user = Get-ADUser -Filter { SamAccountName -eq $username }
if (!$user)
return $false
else
return $true
elseif(($username.StartsWith("domain\")) -eq $true)
$username = ($username.Split("\")[1])
$user = Get-ADUser -Filter { SamAccountName -eq $username }
if (!$user)
return $false
else
return $true
$usercheck = validateUser -username $samname
if($userCheck -eq $true) {
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[Windows.Forms.MessageBox]::Show("Username already exists in AD please check and retry",`
"Username Check", [Windows.Forms.MessageBoxButtons]::OK, [Windows.Forms.MessageBoxIcon]::Stop)
[environment]::Exit(0)
else {} #Continue
Write-Host ""
Write-Host "USERNAME has been set to" $samname -ForegroundColor Yellow
#Set User Accounts First Name
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Font = New-Object System.Drawing.Font("Arial",10)
$objForm.Text = "First Name"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
{$global:setfirstname=$objTextBox.Text;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
{$objForm.Close()}})
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$global:setfirstname=$objTextBox.Text;$objForm.Close()})
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click(
{$Looping=$False
$objForm.Close()
[environment]::Exit(0)
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,20)
$objLabel.Text = "Please enter the users first name:"
$objForm.Controls.Add($objLabel)
$objTextBox = New-Object System.Windows.Forms.TextBox
$objTextBox.Location = New-Object System.Drawing.Size(10,40)
$objTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($objTextBox)
$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate(); $objTextBox.focus()})
[void] $objForm.ShowDialog()
#If OK then set variable and continue
$givname = ($setfirstname | Out-String)
$givname = ("$setfirstname") + ("")
Write-Host ""
Write-Host "FIRST NAME has been set to" $givname -ForegroundColor Yellow
#Set User Accounts Last Name
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Font = New-Object System.Drawing.Font("Arial",10)
$objForm.Text = "Last Name"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
{$global:setlastname=$objTextBox.Text;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
{$objForm.Close()}})
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$global:setlastname=$objTextBox.Text;$objForm.Close()})
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click(
{$Looping=$False
$objForm.Close()
[environment]::Exit(0)
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,20)
$objLabel.Text = "Please enter the users last name:"
$objForm.Controls.Add($objLabel)
$objTextBox = New-Object System.Windows.Forms.TextBox
$objTextBox.Location = New-Object System.Drawing.Size(10,40)
$objTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($objTextBox)
$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate(); $objTextBox.focus()})
[void] $objForm.ShowDialog()
#If OK then set variable and continue
$surname = ($setlastname | Out-String)
$surname = ("$setlastname") + ("")
Write-Host ""
Write-Host "LAST NAME has been set to" $surname -ForegroundColor Yellow
#Set the Department Number for the Active Directory Account
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Font = New-Object System.Drawing.Font("Arial",10)
$objForm.Text = "Cost Center"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
{$global:setcostcode=$objTextBox.Text;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
{$objForm.Close()}})
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$global:setcostcode=$objTextBox.Text;$objForm.Close()})
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click(
{$Looping=$False
$objForm.Close()
[environment]::Exit(0)
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,20)
$objLabel.Text = "Please enter the cost center for the account:"
$objForm.Controls.Add($objLabel)
$objTextBox = New-Object System.Windows.Forms.TextBox
$objTextBox.Location = New-Object System.Drawing.Size(10,40)
$objTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($objTextBox)
$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate(); $objTextBox.focus()})
[void] $objForm.ShowDialog()
#If OK then set variable and continue
$costcode = ($setcostcode | Out-String)
$costcode = ("$setcostcode") + ("")
Write-Host ""
Write-Host "COSTCODE has been set to" $costcode -ForegroundColor Yellow
#This creates a checkbox called Employee
$objTypeCheckbox = New-Object System.Windows.Forms.Checkbox
$objTypeCheckbox.Location = New-Object System.Drawing.Size(10,220)
$objTypeCheckbox.Size = New-Object System.Drawing.Size(500,20)
$objTypeCheckbox.Text = "Employee"
$objTypeCheckbox.TabIndex = 4
$objForm.Controls.Add($objTypeCheckbox)
#This creates a checkbox called Citrix User
$objCitrixUserCheckbox = New-Object System.Windows.Forms.Checkbox
$objCitrixUserCheckbox.Location = New-Object System.Drawing.Size(10,240)
$objCitrixUserCheckbox.Size = New-Object System.Drawing.Size(500,20)
$objCitrixUserCheckbox.Text = "Citrix User"
$objCitrixUserCheckbox.TabIndex = 5
$objForm.Controls.Add($objCitrixUserCheckbox)
#Set Permanent or Contractor (Expiration Date)
[void][reflection.assembly]::Load("System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089")
[void][reflection.assembly]::Load("System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
[System.Windows.Forms.Application]::EnableVisualStyles()
$form1 = New-Object 'System.Windows.Forms.Form'
$datetimepicker1 = New-Object 'System.Windows.Forms.DateTimePicker'
$radiobuttonPermanent = New-Object 'System.Windows.Forms.RadioButton'
$radiobuttonContractor = New-Object 'System.Windows.Forms.RadioButton'
$buttonOK = New-Object 'System.Windows.Forms.Button'
$InitialFormWindowState = New-Object 'System.Windows.Forms.FormWindowState'
$radiobuttonContractor_CheckedChanged={
if($radiobuttonContractor.Checked){
$datetimepicker1.Visible=$true
}else{
$datetimepicker1.Visible=$false
$Form_StateCorrection_Load=
#Correct the initial state of the form to prevent the .Net maximized form issue
$form1.WindowState = $InitialFormWindowState
$Form_Cleanup_FormClosed=
#Remove all event handlers from the controls
try
$radiobuttonContractor.remove_CheckedChanged($radiobuttonContractor_CheckedChanged)
$form1.remove_Load($FormEvent_Load)
$form1.remove_Load($Form_StateCorrection_Load)
$form1.remove_FormClosed($Form_Cleanup_FormClosed)
catch [Exception]
$form1.Controls.Add($datetimepicker1)
$form1.Controls.Add($radiobuttonPermanent)
$form1.Controls.Add($radiobuttonContractor)
$form1.Controls.Add($buttonOK)
$form1.AcceptButton = $buttonOK
$form1.ClientSize = '508, 262'
$form1.FormBorderStyle = 'FixedDialog'
$form1.MaximizeBox = $False
$form1.MinimizeBox = $False
$form1.Name = "form1"
$form1.StartPosition = 'CenterScreen'
$form1.Text = "Form"
$form1.add_Load($FormEvent_Load)
# datetimepicker1
$datetimepicker1.Location = '160, 91'
$datetimepicker1.Name = "datetimepicker1"
$datetimepicker1.Size = '200, 20'
$datetimepicker1.TabIndex = 3
$datetimepicker1.Visible = $False
# radiobuttonPermanent
$radiobuttonPermanent.Location = '33, 57'
$radiobuttonPermanent.Name = "radiobuttonPermanent"
$radiobuttonPermanent.Size = '104, 24'
$radiobuttonPermanent.TabIndex = 2
$radiobuttonPermanent.TabStop = $True
$radiobuttonPermanent.Text = "Permanent"
$radiobuttonPermanent.UseVisualStyleBackColor = $True
# radiobuttonContractor
$radiobuttonContractor.Location = '33, 87'
$radiobuttonContractor.Name = "radiobuttonContractor"
$radiobuttonContractor.Size = '104, 24'
$radiobuttonContractor.TabIndex = 1
$radiobuttonContractor.TabStop = $True
$radiobuttonContractor.Text = "Contractor"
$radiobuttonContractor.UseVisualStyleBackColor = $True
$radiobuttonContractor.add_CheckedChanged($radiobuttonContractor_CheckedChanged)
# buttonOK
$buttonOK.Anchor = 'Bottom, Right'
$buttonOK.DialogResult = 'OK'
$buttonOK.Location = '421, 227'
$buttonOK.Name = "buttonOK"
$buttonOK.Size = '75, 23'
$buttonOK.TabIndex = 0
$buttonOK.Text = "OK"
$buttonOK.UseVisualStyleBackColor = $True
#endregion Generated Form Code
#Save the initial state of the form
$InitialFormWindowState = $form1.WindowState
#Init the OnLoad event to correct the initial state of the form
$form1.add_Load($Form_StateCorrection_Load)
#Clean up the control events
$form1.add_FormClosed($Form_Cleanup_FormClosed)
#Show the Form
$form1.ShowDialog()
#Set the password for the new user account
#Change P@$$w0rd to whatever you want the account password to be
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Font = New-Object System.Drawing.Font("Arial",10)
$objForm.Text = "Password"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
{$global:setpassword=$objTextBox.Text;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
{$objForm.Close()}})
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$global:setpassword=$objTextBox.Text;$objForm.Close()})
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click(
{$Looping=$False
$objForm.Close()
[environment]::Exit(0)
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,40)
$objLabel.Text = "Please enter the password you wish to set. Press Enter for P@SSw0rd:"
$objForm.Controls.Add($objLabel)
$objTextBox = New-Object System.Windows.Forms.TextBox
$objTextBox.Location = New-Object System.Drawing.Size(10,60)
$objTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($objTextBox)
$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate(); $objTextBox.focus()})
[void] $objForm.ShowDialog()
#If OK then set password and continue
$userpassword = ($setpassword | Out-String)
$userpassword = ("$setpassword") + ("")
if ($userpassword -eq "") {$userpassword = 'P@SSw0rd'}
$password = (ConvertTo-SecureString $userpassword -AsPlainText -Force)
#Set Variables for New-ADUser cmdlet
$dplname = "$surname, $givname"
$upname = "$givname.$surname" + "@" + "$domdns"
$email = "$givname" + "." + "$surname" + "@eta.state.tx.us"
$office = "WBT"
$description = "$costcode"
$description2 = "611IS - Permanent"
$description3 = "611PM - Permanent"
$description4 = "501 - Permanent"
##$loginscript = "yourloginscriptname"
$servername = "teafs2"
$homedir = "\\$($servername)\User\$($samname)"
$homedirpath = "\\$($servername)\User\$($samname)"
$Company= "ETA"
$department = "yourdepartment"
$department4 = "School Finance"
$departmentnumber = "" + "-" + "$costcode"
Write-Host ""
Write-Host "HOME SERVER is" $servername -ForegroundColor Yellow
Write-Host ""
Write-Host "HOME DIRECTORY has been set to" $homedir -ForegroundColor Yellow
Write-Host ""
Write-Host "DEPARTMENT has been set to" $department -ForegroundColor Yellow
Write-Host ""
Write-Host "DESCRIPTION has been set to" $departmentnumber -ForegroundColor Yellow
Write-Host ""
#Create Active Directory Account
New-ADUser -Name $dplname -SamAccountName $samname -DisplayName $dplname `
-givenname $givname -surname $surname -userprincipalname $upname -emailaddress $email `
-Path $targetou -Enabled $true -ChangePasswordAtLogon $true -Department $department `
-OtherAttributes @{'departmentNumber'="$departmentnumber"} -Company $Company -HomeDrive "H" -HomeDirectory $homedir `
-Description $description -Office $office -ScriptPath $loginscript -AccountPassword $password `
#Add User to Active Directory Groups Based on Description Field
If ((Get-ADUser $samname -Properties description).description -eq $description2) {
Add-ADGroupMember -Identity "CN=InformationSystemsPrintGroup,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=InformationSystemsOUDataGroup,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=InformationSystemsNetworkAccess,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=Mail users,OU=Groups,DC=tea,DC=state,DC=tx" -Member $samname
If ((Get-ADUser $samname -Properties description).description -eq $description3) {
Add-ADGroupMember -Identity "CN=ProjectMgmtNetworkAccess,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=ProjectMgmtOUDataGroup,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=ProjectMgmtPrintGroup,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=Cognos ETASE Dev-Test-Prod,OU=Groups,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=PMO ALL,OU=Distribution Groups,OU=Mailbox accounts,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=PMO Permanent,OU=Distribution Groups,OU=Mailbox accounts,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=Mail users,OU=Groups,DC=tea,DC=state,DC=tx" -Member $samname
If ((Get-ADUser $samname -Properties description).description -eq $description4) {
Add-ADGroupMember -Identity "CN=SchoolFinancePrintGroup,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=SchoolFinanceOUDataGroup,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=SchoolFinanceNetworkAccess,CN=Groups,OU=ETA,DC=tea,DC=state,DC=tx" -Member $samname
Add-ADGroupMember -Identity "CN=Mail users,OU=Groups,DC=tea,DC=state,DC=tx" -Member $samname
#Does the user require a mailbox?
$mailbox = New-Object -ComObject wscript.shell
$intAnswer = $mailbox.popup("Does this user require a mailbox?", `
0,"Create Mailbox",32+4)
If ($intAnswer -eq 6) {
Add-ADGroupMember -Identity "YourADGroupName5" -Member $samname
$mailbox.popup("User added to EMail Provisioning Group", `
0,"Created",64+0)
} else {
$mailbox.popup("User has not been added to the EMail Provisioning Group", `
0,"Not Created",64+0)
#Does the user require a LYNC Account?
$lyncaccount = New-Object -ComObject wscript.shell
$intAnswer = $lyncaccount.popup("Does this user require a LYNC Account?", `
0,"Create LYNC Account",32+4)
If ($intAnswer -eq 6) {
Add-ADGroupMember -Identity "YourADGroupName6" -Member $samname
$lyncaccount.popup("User added to LYNC Provisioning Group", `
0,"Created",64+0)
} else {
$lyncaccount.popup("User has not been added to the LYNC Provisioning Group", `
0,"Not Created",64+0)
#Create Home Directory and Set Permissions on Home Directory
New-Item -path $homedirpath -type directory
$acl = Get-ACL -path $homedirpath
$permission = "yourdomainname\$($samname)","Modify","ContainerInherit,ObjectInherit","None","Allow"
$accessrule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessrule)
$acl | Set-ACL -path $homedirpath
##Set Share Permissions on Home Directory
$Computer = $servername
$Class = "Win32_Share"
$Method = "Create"
$name = $sharename
$path = $sharedirpath
$description = ""
$sd = ([WMIClass] "\\$Computer\root\cimv2:Win32_SecurityDescriptor").CreateInstance()
$ACE = ([WMIClass] "\\$Computer\root\cimv2:Win32_ACE").CreateInstance()
$Trustee = ([WMIClass] "\\$Computer\root\cimv2:Win32_Trustee").CreateInstance()
$Trustee.Name = "EVERYONE"
$Trustee.Domain = $Null
$Trustee.SID = @(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0)
$ace.AccessMask = 2032127
$ace.AceFlags = 3
$ace.AceType = 0
$ACE.Trustee = $Trustee
$sd.DACL += $ACE.psObject.baseobject
$mc = [WmiClass]"\\$Computer\ROOT\CIMV2:$Class"
$InParams = $mc.psbase.GetMethodParameters($Method)
$InParams.Access = $sd
$InParams.Description = $description
$InParams.MaximumAllowed = $Null
$InParams.Name = $name
$InParams.Password = $Null
$InParams.Path = $path
$InParams.Type = [uint32]0
$R = $mc.PSBase.InvokeMethod($Method, $InParams, $Null)
switch ($($R.ReturnValue))
0 {Write-Host "Share:$name Path:$path Result:Success"; break}
2 {Write-Host "Share:$name Path:$path Result:Access Denied" -foregroundcolor red -backgroundcolor yellow;break}
8 {Write-Host "Share:$name Path:$path Result:Unknown Failure" -foregroundcolor red -backgroundcolor yellow;break}
9 {Write-Host "Share:$name Path:$path Result:Invalid Name" -foregroundcolor red -backgroundcolor yellow;break}
10 {Write-Host "Share:$name Path:$path Result:Invalid Level" -foregroundcolor red -backgroundcolor yellow;break}
21 {Write-Host "Share:$name Path:$path Result:Invalid Parameter" -foregroundcolor red -backgroundcolor yellow;break}
22 {Write-Host "Share:$name Path:$path Result:Duplicate Share" -foregroundcolor red -backgroundcolor yellow;break}
23 {Write-Host "Share:$name Path:$path Result:Reedirected Path" -foregroundcolor red -backgroundcolor yellow;break}
24 {Write-Host "Share:$name Path:$path Result:Unknown Device or Directory" -foregroundcolor red -backgroundcolor yellow;break}
25 {Write-Host "Share:$name Path:$path Result:Network Name Not Found" -foregroundcolor red -backgroundcolor yellow;break}
default {Write-Host "Share:$name Path:$path Result:*** Unknown Error ***" -foregroundcolor red -backgroundcolor yellow;break}Would you be able to show me how it's done?
Here's an example:
$date = Read-Host 'Enter a date (e.g. 4/23/14)'
Write-Host "Original string: $date"
$dateTime = [datetime]$date
Write-Host "DateTime object: $dateTime"
Don't retire TechNet! -
(Don't give up yet - 12,830+ strong and growing) -
Integration of UCM 11g to Active Directory
I've managed to create an active directory authenticator in weblogic 11g and the users are showing up in the weblogic console under "users and groups". I'm looking for the next steps to configure Active Directory for ECM11g. Is it just configuring an ldap provider in ECM 11g? I've tried that only to get "Invalid credential" when using the AD user to login to ecm.
Thanks.Are the users you can see held in the embedded LDAP that comes with WLS or users in the external LDAP or both? If it's the former only then yes, you need an LDAP provider to the external LDAP and in UCM you should be able to have as many LDAP providers as you like.
I would check that you can access the LDAP via an LDAP viewer using a) the credential you provided as the provider user and b) to authenticate as the user you’re trying to login as. One of them is most likely incorrect. If the users you can see incorporate the external LDAP users, then the Provider's credential is correct and you need only check the login-user credentials, if that makes sense. If the users don't incorporate the external LDAP then the provider's user is credentials are most likely wrong.
Sheesh, must stop writing thoughts before having thought them. Sorry if this is confusing...
Frank. -
Migrating to new Active Directory Domain
Hey people,
I have a OSX Server here at a school which I need to move from an old Active Directory domain to a new one. We are having a restructure of our IT System and 90% of our equipment is PC but have a few macs on site for the specific tasks that we need them to do.
The OSX server was set-up 2yrs ago by some consultant which charged an arm and leg, so its up to me this time round to configure it. It is not a vital part of the IT system so a rebuild is possible, but the quicker it can moved across the better.
So my question is. Is it easier to "modify" the settings on the OSX Server to the new domain? i.e. change field names in Server Admin. or rebuild the server from scratch?
Our configuration is Apple clients authenticate to AD, but grab all their settings and OSX group membership from the OSX server. I have here a guide called "Leveraging Active Directory on OSX" would this be useful if I need to rebuild the server? I am fairly confident that I wont run into too many problems, but things like kerberos settings, etc may confuse me. Any help would be excellent!Hi,
perform homogeneous system copy if you migrate from one server to other.
find document at service.sap.com/systemcopy
if you just add you local system to domain then look following
Domain name change for an existing SAP System
regards,
kaushal -
Active Directory Migration from 2003 to 2012 Process Flow
We are planning to migrate from Windows Server 2003 AD to Windows server 2012 Server for 6000 Users,
Can any one suggest on Following .
1)What is the Best and Safe Way to do Migration
2) What are the Precautions should take,
3) How much downtime it will take,
4) If migration Failed how we can revert to Earlier
5) How to do Migration Step by Step
Current Environment:
Domain Having One PDC(server 2003 R2) and 8 ADC(Server 2003 R2) in Different Locations
PDC having All FSMO Roles and Global Catalog
Exchange server 2007 was integrated to Active Directory
And some Application are integrated to Active Directory1) I would recommend you first run a test of the steps in test before you do this in production. Otherwise your production becomes test.
2) By doing in test, you have taken a large amount of the risk out of the upgrade since, in test you should be able to look for any unforseen issues. The easiest way to test is to build a virtual fence from production and clone the DC's and member
servers that you want to test against (This is assuming you are running in a virtual environment). Ensure that you production environment is error free.
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/01/26/troubleshooting-active-directory-issues.aspx
3) There should be no downtime at all, you can just extend the schema and then promote a new 2012 DC (I would recommend R2 if you can).
4) Before you do the schema extension you should take 2 backups on two different DC's. Taking two gives you less of a chance of a problem if one of the backups fails.
5)
Take a backup
Extend the schema
Join the 2012 R2 servers to the domain
Add the ADDS role to the 2012 R2 member servers
Promote the 2012 R2 DC's
Transfer the FSMO roles to the 2012 R2 DC's (Not required but recommended)
If you want to retire the 2003 DC's, then you will need to make sure that any clients pointing to the 2003 DC's for DNS are pointing to other DC's.
If you do retire the 2003 then you can think about updating the DFL and FFL of the domain and forest.
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
Migrate local OS X profile to Active Directory account
I need to add our MACs to our Active Directory domain.
How do I go about migrating their settings, preferences, and files to the new AD account?
On my test system, when I signed on, it created a new profile and everything had to be reconfigured.
How can I prevent this?Oh good! Its not just me....
I raised this issue months ago when the version changed to 10.6.x and was told by Apple Lion would fix it...
It didnt, it fact it made it work... the version of Snow Leopard on the mac mini worked perfectly!
I have had mixed results so far... Initially binding to my 2008 mixed mode domain only worked if we specificed a specific Domain Controller and that has worked with a number of machines, our initial fleet of 5 machines for instance
A few weeks ago my lion client was rebooted and on power up it ahd lost its domain binding and nothing would work to get it back on. Im now stuck using a mobile account version of my account...
My new Lion Server just arrived and im following the same procedure and it doesn't work either giving me fairly generic error messages like the one you initially mentioned that leave me confused... In the middle of this project we upraded to 2008 DCs but are still running in 2000 mode...
We are looking at swapping to mac hard ware for our client base and if this issue isnt resolved I cannot move forward; joining a domain is step 1 of a Windows Install usually...
Thanks
Andrew -
Active Directory migration from domain X to Y
Hey Guys
Planning to migrate Child domain to another child domain inter forest with ADMT
we do have a small environment with Active directory integrated DNS, I do have a rough knowledge of migrating domains but still if there is any checklist kind of thing on priority (i.e migrate users first then do groups then computers then GPO) and let me
know how much time it will take for 500 users 800 machines and 400 groups approximately .
We do not have techinical Architecture guys to plan up , Please list out any excel sheets for migration if any
Went through n number of blogs but still did not get any proper info about this , Thank you in advance1) I would recommend you first run a test of the steps in test before you do this in production. Otherwise your production becomes test.
2) By doing in test, you have taken a large amount of the risk out of the upgrade since, in test you should be able to look for any unforseen issues. The easiest way to test is to build a virtual fence from production and clone the DC's and member
servers that you want to test against (This is assuming you are running in a virtual environment). Ensure that you production environment is error free.
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/01/26/troubleshooting-active-directory-issues.aspx
3) There should be no downtime at all, you can just extend the schema and then promote a new 2012 DC (I would recommend R2 if you can).
4) Before you do the schema extension you should take 2 backups on two different DC's. Taking two gives you less of a chance of a problem if one of the backups fails.
5)
Take a backup
Extend the schema
Join the 2012 R2 servers to the domain
Add the ADDS role to the 2012 R2 member servers
Promote the 2012 R2 DC's
Transfer the FSMO roles to the 2012 R2 DC's (Not required but recommended)
If you want to retire the 2003 DC's, then you will need to make sure that any clients pointing to the 2003 DC's for DNS are pointing to other DC's.
If you do retire the 2003 then you can think about updating the DFL and FFL of the domain and forest.
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
New Server 2012 install - Active Directory not working properly
We recently converted from 2003 to 2012. Our 2012 R2 server seems to be running fine. We did a DCPROMO on the OLD 2003 DC just fine but now there are all sorts of odd errors (Sharepoint can't authenticate users, Can't run Exchange 2013 on another 2012 server
because it can't find AD, etc.)
on the DC we have a Group Policy error 1096. "Group Policy Object LDAP://CN=User,cn={2B476B3E-2749-4B1B-8EC1-F5672A66F94F},cn=policies,cn=system,DC=mydom,DC=local\\mydom.local\SysVol\mydom.local\Policies\{2B476B3E-2749-4B1B-8EC1-F5672A66F94F}\User\registry.pol"
So far I haven't found anything on how to fix this (and the AD itself.) There are some errors in the DCDIAG log, too:
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\ISD-DC1\netlogon)
[ISD-DC1] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
Any suggestions how we can fix these errors are greatly appreciated!Hi,
Did you migrate the Active Directory from Windows server 2003 to Windows server 2012?
Please refer to this article:
https://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
Regards.
Vivian Wang
Maybe you are looking for
-
null Post relates to: Treo 755p (Verizon)
-
Secure link to itunes store failed (redux)
Hi: I'm trying to solve this problem for a friend. I've read and tried the suggestions for solving this problem but am having no luck. I've done the netsh winsock reset several times without success though have not yet done the flushdns or autorun ap
-
Issue in publishing InfoPath form to SharePoint
Issue: When I am publishing the form to server it is giving me "The form template has been published to the server but it can only be opened in the InfoPath filler" error. Background: I have created a form which has data connections, some of w
-
How do I get annoying AI "buy now" pop up to stop opening?
How do I get annoying AI "buy now" pop up to stop opening everytime I open or save a PDF? It's been happening ever since I downloaded a free 30 day trial of the AI software (which has since expired).
-
Confirmation Dialog in ADF box if validation fails
Hello All, When the user hits Go, validations are run in myClass. Some of the validations are not mandatory but I still want to confirm with the user if he/she is sure to proceed. So when the validation fails I want to dialog box asking the user "Are