Stop using static domain controller

How do I remove the static domain controller used by Exchange?  I need it to talk to all the domain controllers on our network.  Each time the single DC that it looks to goes down, no one can access the Exchange server.

Hi rudnicke,
Thank you for your question.
We could run the following command to stop using static domain controller:
Set-ExchangeServer -Identity 'servername' -StaticConfigDomainController $null -StaticDomainControllers $null -StaticGlobalCatalogs $null
If there are any questions regarding this issue, please be free to let me know. 
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support

Similar Messages

  • How to find which devices are still using affected domain controller

    Hi Everyone,
    We have a 5 Domain controller's in a Site. And we are going to decommisson one of our affected DC in a site.
    Can you please let me know how to find  the log files to see which devices are still using this domain controller.
    Regards,
    Neel kamal
    Neel kamal

    Neel,
    From strictly an Active Directory perspective, there is nothing special you need to do to decommission a domain controller in a site.  There are many processes that automatically balance out and recreate connections as needed without any user intervention. 
    The DC Locator process will automatically direct clients to active domain controllers, there is nothing you need to do here. 
    What you need to be concerned with are things like the following:
    DNS - Are you running AD integrated DNS and is the DC you are decommissioning hosting that roll - if so, is it the ONLY DC in the
    site that is running DNS?  You'll need at least one in the site.
    DHCP server - Is the DC you are demoting a DHCP server?  You'll need to account for that.
    Global Catalog - Is the DC you are demoting a Global Catalog server?  You'll need at least one in the site.
    File Shares - Is the DC hosting any files shares?  You'll need to move those and make sure you redirect your clients.
    Was this DC a set as a Preferred Bridgehead Server?  You'll need to undo that first.
    Those are the big ones that come to mind.  Decommissioning a DC is easy if you have prepared properly.  The others that have replied have offered some great advice which you should follow.  Do your homework and you should be fine.
    Hope that helps
    Gary
    Gary G. Gray
     MCP, MCTS, MCITP, MCT Alumni
    Please remember to mark the replies as answers if they are helpful.
    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

  • How to start / stop nodes without domain-controller / automatically on Win?

    Hi,
    we have a distributed installation of CMSDK 9.0.4.
    We have installed a 9.2.0.4 Database on Solaris and we are using the 10g(9.0.4) Infrastructure on Solaris with it.
    The first installation of CMSDK uses a J2EE-MidTier installation on the Solaris server and contains the CMSDK domain controller and a normal node with nfs protocol server running.
    The other installations are done on Win2003 Blades. Currently we are using two Blades. On each there is a J2EE-MidTier installation and within these we have installed CMSDK with HTTP-Node and normal node. We are using NTFS-Server within the normal nodes.
    The Blades are within one Domain and we have NLB-Cluster activated for both.
    The whole thing sounds complex, but it works fine. We only have some trouble regarding start/stop of the nodes:
    1. If the solaris backend fails, our cluster-configuration tries to stop and start cmsdk. While stopping cmsdk, all nodes - even those on the Win-Servers - are stopped. But starting does not bring em up again automatically.
    2. If a Windows Server is booted, the normal node does not start automatically.
    3. If one Windows Server is not available, the ifsctl check takes a very long time because it's trying to get information from the missing one.
    Is there a way to restart the domain controller and node on solaris without stopping the nodes on Windows?
    How can we start the windows nodes automatically after reboot?
    Is there a way to probably start the nodes without being managed / guarded by the domain controller?
    Thanks for help,
    Alex

    Try adding this script to your /etc/init.d directory:
    #!/bin/sh
    ifsctl start << EOF
    <ifsctl password>
    EOF
    Replace <ifsctl password> with the password that you would give at the prompt.
    It will complain about Inappropriate ioctl for device, but it works.

  • Use old domain controller AD user profile with new domain (profile changed)

    Dear All,
    I have built Win Server 2012 for Domain migration from Windows Server 2003 to Windows Server 2012. I have tested all thing on VMware including user creation and tested Domain join using power shell for Win 7 and .VBs batch file for Win XP computers all thing
    are working fine.
    Let 1st I introduce my current environment. I have existing Win Server 2003 domain controller (abc.com) with 130 client computers and 200 users I am going to plan migrate my current environment to Win server 2012 Domain (xyz.com) Keep in mind that Domain
    name is changed but Domain Controller (Server) names are same i.e MY-PDC . I have tested domain join on multiple computers using existing clone of client computers and create all existing users using .csv file and power shell with required
    credentials and OU.I am facing the user profile issue when I join domain and login with existing user which was previously the user of same computer the required profile does not login and computer creates new user profile in Document and Settings section
    of Win XP.
    I need your expert opinions because copy old profile data and create new outlook profile for each user is a big headache for any one. Hope you people can understand and help me in this issue.
    Please provide best answer and result on priority I will be thankful to all of you.
    Regards,
    Arsalan

    Hi Arsalan,
    Please check if USMT can help you to achieve this target.
    User State Migration Tool 4.0 User's
    Guide
    Meanwhile, please also refer to following articles and check if can help you.
    How
    to Migrate Windows User Profile to New Account
    Keeping user old domain profile
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
    does not guarantee the accuracy of this information.
    If anything I misunderstand or any update, please don’t hesitate to let us know.
    Hope this helps.
    Best regards,
    Justin Gu

  • Having trouble promoting a server to a Child Domain Controller

    Hello,
    I am having promoting a 2012 server that's already a member of a domain to a child domain controller.  All of the prereq's are met.  When I try to promote it, it shows the steps being processed.  When it begins to replicate the parent domain's
    database, it runs all night and never completes.  Any Idea what's going on?
    Thanks
    John G.
    John Grace

    Hello,
    Just to let you know I can ftp, telnet, and map drives to gptsserver1.gpts.biz from gptsserver2.gpts.biz but can't promote gptsserver2.gpts.biz to a child domain controller.  Any help is appreciated.
    Here is the contents of dcpromo.log from gptsserver2.gpts.biz:
    08/13/2014 21:14:32 [INFO] Promotion request for domain controller of new domain
    08/13/2014 21:14:32 [INFO] DnsDomainName  gpts2.gpts.biz
    08/13/2014 21:14:32 [INFO] FlatDomainName  GPTS2
    08/13/2014 21:14:32 [INFO] SiteName  Default-First-Site-Name
    08/13/2014 21:14:32 [INFO] SystemVolumeRootPath  C:\Windows\SYSVOL
    08/13/2014 21:14:32 [INFO] DsDatabasePath  C:\Windows\NTDS, DsLogPath  C:\Windows\NTDS
    08/13/2014 21:14:32 [INFO] ParentDnsDomainName  gpts.biz
    08/13/2014 21:14:32 [INFO] ParentServer  gptsserver1.gpts.biz
    08/13/2014 21:14:32 [INFO] Account (NULL)
    08/13/2014 21:14:32 [INFO] Options  5243072
    08/13/2014 21:14:32 [INFO] Validate supplied paths
    08/13/2014 21:14:32 [INFO] Validating path C:\Windows\NTDS.
    08/13/2014 21:14:32 [INFO] Path is a directory
    08/13/2014 21:14:32 [INFO] Path is on a fixed disk drive.
    08/13/2014 21:14:32 [INFO] Validating path C:\Windows\NTDS.
    08/13/2014 21:14:32 [INFO] Path is a directory
    08/13/2014 21:14:32 [INFO] Path is on a fixed disk drive.
    08/13/2014 21:14:32 [INFO] Validating path C:\Windows\SYSVOL.
    08/13/2014 21:14:32 [INFO] Path is on a fixed disk drive.
    08/13/2014 21:14:32 [INFO] Path is on an NTFS volume
    08/13/2014 21:14:32 [INFO] Child domain creation -- check the new domain name is child of parent domain name.
    08/13/2014 21:14:32 [INFO] Domain Creation -- check that the flat name is unique.
    08/13/2014 21:14:42 [INFO] Start the worker task
    08/13/2014 21:14:42 [INFO] Request for promotion returning 0
    08/13/2014 21:14:42 [INFO] Using supplied domain controller: gptsserver1.gpts.biz
    08/13/2014 21:14:42 [INFO] Using supplied site: Default-First-Site-Name
    08/13/2014 21:14:42 [INFO] Forcing time sync
    08/13/2014 21:14:42 [INFO] Forcing a time sync with gptsserver1.gpts.biz
    08/13/2014 21:14:42 [INFO] Reading domain policy from the domain controller gptsserver1.gpts.biz
    08/13/2014 21:14:42 [INFO] Stopping service NETLOGON
    08/13/2014 21:14:42 [INFO] Stopping service NETLOGON
    08/13/2014 21:14:42 [INFO] ControlService(STOP) on NETLOGON returned 0(gle=1062)
    08/13/2014 21:14:42 [INFO] Exiting service-stop loop after service NETLOGON entered STOPPED state
    08/13/2014 21:14:42 [INFO] StopService on NETLOGON returned 0
    08/13/2014 21:14:42 [INFO] Configuring service NETLOGON to 1 returned 0
    08/13/2014 21:14:42 [INFO] Stopped NETLOGON
    08/13/2014 21:14:42 [INFO] Creating the System Volume C:\Windows\SYSVOL
    08/13/2014 21:14:42 [INFO] Deleting current sysvol path C:\Windows\SYSVOL 
    08/13/2014 21:14:43 [INFO] Preparing for system volume replication using root C:\Windows\SYSVOL
    08/13/2014 21:14:43 [INFO] Created the system volume
    08/13/2014 21:14:43 [INFO] Copying initial Directory Service database file C:\Windows\system32\ntds.dit to C:\Windows\NTDS\ntds.dit
    08/13/2014 21:14:43 [INFO] Installing the Directory Service
    08/13/2014 21:14:43 [INFO] Calling NtdsInstall for gpts2.gpts.biz
    08/13/2014 21:14:43 [INFO] Starting Active Directory Domain Services installation
    08/13/2014 21:14:43 [INFO] Validating user supplied options
    08/13/2014 21:14:43 [INFO] Determining a site in which to install
    08/13/2014 21:14:43 [INFO] Examining an existing forest...
    08/13/2014 21:14:43 [INFO] Configuring the local computer to host Active Directory Domain Services
    08/13/2014 21:14:44 [INFO] EVENTLOG (Informational): NTDS General / Service Control : 1094
    Software write caching for the following disk drive has been disabled to prevent possible data loss during system failures such as power outages or hardware component failures that can cause a sudden shutdown of the system. The disk drive that stores Active
    Directory Domain Services log files is the only drive affected by this change.
    Disk drive:
    c:
    08/13/2014 21:14:55 [INFO] EVENTLOG (Informational): NTDS General / Internal Configuration : 2120
    This Active Directory Domain Services server does not support the Recycle Bin. Deleted objects may be undeleted, however, when an object is undeleted, some attributes of that object may be lost.  Additionally, attributes of other objects that refer to
    the object being undeleted may also be lost.
    08/13/2014 21:14:56 [INFO] Replicating the schema directory partition
    08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
    Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
    Process ID: 
    488
    Reported error information:
    Error value: 
    Access is denied. (5)
    directory service: 
    gptsserver1.gpts.biz
    Extensive error information:
    Error value: 
    Access is denied. 5
    directory service: 
    gptsserver2
    Additional Data
    Internal ID: 
    5000dfc
    08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
    Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
    Extended information:
    Error value: 
    Access is denied. (5)
    directory service: 
    gptsserver2
    Supplemental information:
    Detection location: 
    1461
    Generating component: 
    RPC Runtime
    Time at directory service: 
    2014-08-14 04:14:56
    Additional Data
    Error value: 
    Access is denied. (5)
    08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
    Internal event: This log entry is a continuation from the preceding extended error information entry.
    Extended information:
    Extended Error Parameters: 
    0
    Parameter 1: 
    (NULL)
    Parameter 2: 
    (NULL)
    Parameter 3: 
    (NULL)
    Parameter 4: 
    (NULL)
    Parameter 5: 
    (null)
    Parameter 6: 
    (null)
    Parameter 7: 
    (null)
    08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
    Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
    directory service: 
    gptsserver1.gpts.biz
    Additional Data
    Error value: 
    Access is denied. (5)
    08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
    The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
    Domain controller:
    gptsserver1.gpts.biz
    Additional Data
    Error value:
    5 Access is denied.
    08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
    Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
    Process ID: 
    488
    Reported error information:
    Error value: 
    Access is denied. (5)
    directory service: 
    gptsserver1.gpts.biz
    Extensive error information:
    Error value: 
    Access is denied. 5
    directory service: 
    gptsserver2
    Additional Data
    Internal ID: 
    5000dfc
    08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
    Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
    Extended information:
    Error value: 
    Access is denied. (5)
    directory service: 
    gptsserver2
    Supplemental information:
    Detection location: 
    1461
    Generating component: 
    RPC Runtime
    Time at directory service: 
    2014-08-14 04:15:04
    Additional Data
    Error value: 
    Access is denied. (5)
    08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
    Internal event: This log entry is a continuation from the preceding extended error information entry.
    Extended information:
    Extended Error Parameters: 
    0
    Parameter 1: 
    (NULL)
    Parameter 2: 
    (NULL)
    Parameter 3: 
    (NULL)
    Parameter 4: 
    (NULL)
    Parameter 5: 
    (null)
    Parameter 6: 
    (null)
    Parameter 7: 
    (null)
    08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
    Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
    directory service: 
    gptsserver1.gpts.biz
    Additional Data
    Error value: 
    Access is denied. (5)
    08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
    The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
    Domain controller:
    gptsserver1.gpts.biz
    Additional Data
    Error value:
    5 Access is denied.
    08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
    Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
    Process ID: 
    488
    Reported error information:
    Error value: 
    Access is denied. (5)
    directory service: 
    gptsserver1.gpts.biz
    Extensive error information:
    Error value: 
    Access is denied. 5
    directory service: 
    gptsserver2
    Additional Data
    Internal ID: 
    5000dfc
    08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
    Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
    Extended information:
    Error value: 
    Access is denied. (5)
    directory service: 
    gptsserver2
    Supplemental information:
    Detection location: 
    1461
    Generating component: 
    RPC Runtime
    Time at directory service: 
    2014-08-14 04:15:20
    Additional Data
    Error value: 
    Access is denied. (5)
    08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
    Internal event: This log entry is a continuation from the preceding extended error information entry.
    Extended information:
    Extended Error Parameters: 
    0
    Parameter 1: 
    (NULL)
    Parameter 2: 
    (NULL)
    Parameter 3: 
    (NULL)
    Parameter 4: 
    (NULL)
    Parameter 5: 
    (null)
    Parameter 6: 
    (null)
    Parameter 7: 
    (null)
    08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
    Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
    directory service: 
    gptsserver1.gpts.biz
    Additional Data
    Error value: 
    Access is denied. (5)
    08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
    The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
    Domain controller:
    gptsserver1.gpts.biz
    Additional Data
    Error value:
    5 Access is denied.
    08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
    Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
    Process ID: 
    488
    Reported error information:
    Error value: 
    Access is denied. (5)
    directory service: 
    gptsserver1.gpts.biz
    Extensive error information:
    Error value: 
    Access is denied. 5
    directory service: 
    gptsserver2
    Additional Data
    Internal ID: 
    5000dfc
    08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
    Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
    Extended information:
    Error value: 
    Access is denied. (5)
    directory service: 
    gptsserver2
    Supplemental information:
    Detection location: 
    1461
    Generating component: 
    RPC Runtime
    Time at directory service: 
    2014-08-14 04:15:52
    Additional Data
    Error value: 
    Access is denied. (5)
    08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
    Internal event: This log entry is a continuation from the preceding extended error information entry.
    Extended information:
    Extended Error Parameters: 
    0
    Parameter 1: 
    (NULL)
    Parameter 2: 
    (NULL)
    Parameter 3: 
    (NULL)
    Parameter 4: 
    (NULL)
    Parameter 5: 
    (null)
    Parameter 6: 
    (null)
    Parameter 7: 
    (null)
    08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
    Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
    directory service: 
    gptsserver1.gpts.biz
    Additional Data
    Error value: 
    Access is denied. (5)
    08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
    The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
    Domain controller:
    gptsserver1.gpts.biz
    Additional Data
    Error value:
    5 Access is denied.
    08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
    Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
    Process ID: 
    488
    Reported error information:
    Error value: 
    Access is denied. (5)
    directory service: 
    gptsserver1.gpts.biz
    Extensive error information:
    Error value: 
    Access is denied. 5
    directory service: 
    gptsserver2
    Additional Data
    Internal ID: 
    5000dfc
    08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
    Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
    Extended information:
    Error value: 
    Access is denied. (5)
    directory service: 
    gptsserver2
    Supplemental information:
    Detection location: 
    1461
    Generating component: 
    RPC Runtime
    Time at directory service: 
    2014-08-14 04:16:56
    Additional Data
    Error value: 
    Access is denied. (5)
    08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
    Internal event: This log entry is a continuation from the preceding extended error information entry.
    Extended information:
    Extended Error Parameters: 
    0
    Parameter 1: 
    (NULL)
    Parameter 2: 
    (NULL)
    Parameter 3: 
    (NULL)
    Parameter 4: 
    (NULL)
    Parameter 5: 
    (null)
    Parameter 6: 
    (null)
    Parameter 7: 
    (null)
    08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
    Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
    directory service: 
    gptsserver1.gpts.biz
    Additional Data
    Error value: 
    Access is denied. (5)
    08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
    The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
    Domain controller:
    gptsserver1.gpts.biz
    Additional Data
    Error value:
    5 Access is denied.
    John Grace

  • Replace WS2003 domain controller for WS2012 domain controller

    Hi, I think that is a common problem but I haven't found anythink exactly like this, only something similar, but I have a lot of doubts yet.
    The thing is that I have a network with two domain controllers:
    WS2003     - 192.168.0.1, who is the first domain controller I created and is also a file sharing server
    WS2008R2 - 192.168.0.8, who is a  new domain controller I added one year ago.
    Now, I want to replace the first one, keeping the second. One.
    I thinking of removing the first one and replace it with a new machine (WS2012) with the same IP and name host. I need the same host because clients are pointing to it to get the shared files.
    My main fear is that clients get some error related with trust relationship and I will have to rejoin them one by one to the domain.
    As I have another domain controller, Will the global catalog of the new machine be synchronized automaticly with the WS2008R2 domain controller?
    Do I need to demote the old domain controller before add the new one?
    Thanks a lot

    Hi Tomas,
    As pointed by Burakm you should have an additional file server and should avoid using a Domain controller which has priviledged access, to share files. This puts you at a security risk.
    Regarding the requirement of old host name:
    Here is something that would let you keep a different servername and IP, yet allow your users to connect to the old hostname and access the share. Use CNAME records of old server to point it to the new hostname.
    How to Configure Windows Machine to Allow File Sharing with DNS Alias
    You might also look for Distributed File System Shares.
    http://blogs.technet.com/b/josebda/archive/2009/06/26/how-many-dfs-n-namespaces-servers-do-you-need.aspx
    NOTE- You can't run in-place upgrade of a 2003 to 2012 DC.
    Regards,
    Satyajit
    Please “Vote As Helpful”
    if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

  • How to use DNS server for name resolution for items which don't exist in active directory domain controller DNS

    Dear Experts,
    In our office we have a domain controller call it 'Office.com', all computers and corporate servers e.g. exchange, antivirus etc. are member of this 'office.com', it is also having a DNS. All users in office have there preferred DNS set to the corporate
    DNS
    We are working for ministry and offering services to them from our data center so have many servers which are for ministry but they are in our data center. For all these servers we created another DNS server which contains all entries for these servers in
    forward and reverse lookup zones. In this DNS we also created a forward lookup zone for our corporate servers and zone name is 'office.com'
    What we are trying to have is name resolution of all servers which are listed in other DNS build in our office on Win 2008 R2 for ministry servers
    If the user change his preferred DNS to ministry DNS he can resolve the ministry server but then we can not control any thing through group policy since they are using other DNS and not the corporate DNS. 
    How this can be done ? like any group policy applied to corporate domain controller must take effect on users and in addition to this user must also be able to resolve server names in ministry project DNS
    Please assist ASAP.
    regards,

    Hello,
    ok so the GPO setting doesn't apply in any case.
    Clients machines use the first DNS server in the list of configured ones on the NIC. If that one is available search for additional DNS servers will stop.
    What i can not really understand is your description about the second DNS server. This should normally either another DC with AD integrated DNS, so everything is replicatedwithin AD replication or you use a secondary DNS on domain member server that pulls
    the informations from the Master.
    It sounds for me that you have configured a machine with DNS server role and created manually the zone with the same name as the domainand manually create there the required A records?
    Best regards
    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/
    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  • What is the most appropriate way to generate a static IPv6 for a domain controller?

    DNS Role Best practives is giving errors. Looks like I need to assign ONE static IPv6 to each domain controller and use IT in DNS and DHCP. There are two routers on the network, each assigning a 2002: IP, plus a link local FE80: IP is also assigned.
    Is there a way to generate a static IPv6 for domain controllers that will not change even if the network cards or routers are changed?
    What is the best practice so that domain integrated DNS and DHCP with Exchange 2010 in the domain, will continue to function?
    There is ambiguous information as to whether DC's should have static or dynamic IPv6 IPs. I have tried variations such as IPv4 compatible. IPv4 mapped, ISATAP, etc. but over time have gotten different errors from different sources.
    It is one thing for Microsoft to give error messages about IPv6 but I cannot find any definitive recommednations on this.
    Thanks if anyone finds a universal answer.
    Bob.

    Excellent and valid points, Bob. Your outlook explains in an easy way how the challenges setting up Windows Server are in a sense, self-generated, and in every sense fully avoidable.
    No changes have been made to the warnings or errors in 2013 R2 despite improvements in other areas. This release mainly brought improvements to the setup in areas that were truly broken like automatic account generation for ADFS. Since that's a decade old
    feature it's probably best not to wait for Microsoft to clarify, and I appreciate your recommendations.
    I'm bumping this thread since it's the first result for 192.168.1.1 on ipv6 on Google right now, and since there's no way to see how often it's being referenced I wanted to add some additional information.
    Multiple NIC's can be specified by using the scope ID parameter supported since Vista, that appears as a percent-sign at the end of IPv6 addresses. It uniquely identifies the network adapter even when that adapter shares the same host portion of the IPv6
    address space (i.e. essentially, has the same IP, which in IPv4 is invalid.) I'll give some examples at the end of the post.
    Following the recommendation to deprecate the fec0 prefix while maintaining a link-local addressing scheme is possible through the prefix length at the beginning of the IPv6 address. As
    this reference at IBM explains, fe80:: maps to a link-local prefix length of 64 equivalent to the IPv4 version of 24, and anything else before the double-colon refers to the network portion of the IPv6 address.
    The host portion of the IP address then _could_ be ::20, ::21, etc., as you said, but to follow
    this MSDN recommendation, it would be more appropriate to use the same host portion and add a suffix for the scope ID documented on that page. The suffix may be specific to Windows
    and may not work in an equivalent way in heterogeneous platform deployments. But since the effect is limited to the local machine it should help anything past XP differentiate NICs when assigned the same host portion.
    The approach taken in the random IPv6 generator linked elsewhere on this page leaves open the possibility, however unlikely, that the generated IP can route to some other host on an open network that happens to have generated the same network portion of
    the address (the other host would be sharing the same network.) If any part should be random, it's the host portion after the double-colon, not the network portion at the beginning, so that the possibility does not exist.
    Additionally, the host portion doesn't have to be random, it's just done that way because it's usually automatically generated; a random number is safer for a computer than relying on a sequence that may not fully cover all the numbers used so far. If you're
    doing a manual deployment you can combine the above information with the inline 0-supression in IPv6 to assign numbers in the following way:
    fe80::1:1%1 (first computer is 1:1, first interface is %1)
    fe80::1:1%2 (second interface)
    fe80::1:2%1 (second computer, first interface)
    Effectively here we're swapping "192.168.1" for "fe80::1" which is roughly the same length (taking into account variations like 10.0.0). The only gotcha is that _either_ the string after the double-colon can't be 1 by itself since that's
    reserved for local machine loopback, _or_ that the second-to-last number after the double-colons can't be 0, since that's equivalent due to inline supression.
    Other combinations are fine, like fe80::2%1 and fe80::2%2 for the first computer, then ::3 for the second, etc. I thought having a 2-index for the first machine is too uncommon to look familiar so I chose the alternative, but even something like fe80::fe%80
    is perfectly fine.
    If you don't need to identify individual NICs then omitting the part after the percent sign makes fe80::10, fe80::11 a valid sequence for 2 computers. For over 255 computers just add another number before the last, so that it looks like fe80::1:10, fe80::1:11,
    etc. That should be easier to remember than the randomly generated numbers.
    There is also another way if the preference is to use IPv4-lookalike addresses. The mapped address spec is defined in RFC 4291 and it goes along the lines of "::ffff:192.168.1.1" for a valid IPv6 address to the gateway, for example. That is a newer
    recommendation than the RFC which the random-number generated linked elsewhere on this page relies on.

  • What is the effect of stopping the EFS service on a 2012 Domain Controller?

    Hello,
    The Encrypting File System service was started and is running on a production 2012 Domain Controller, which is not a standard in our shop.  What is the potential impact if I stop the service? 
    Thanks for your help! SdeDot

    Hi,
    Have you already encrypted files or folders using EFS service in your domain?
    If not, and you are not planning to use it to encrypt files or folders in the future, then it is OK to disable it.
    If you have encrypted files with EFS service, make sure that they are all decrypted before disabling the service, otherwise no users will be able to access them.
    More information for you:
    How to Disable or Enabled EFS Encryption in Vista, Windows 7, and Windows 8
    http://www.vistax64.com/tutorials/102501-encryption-disable-enable.html
    How to: Disable Encrypted File System (EFS) on Windows 2008 R2
    http://markswinkels.nl/2012/06/how-to-disable-encrypted-file-system-efs-on-windows-2008-r2/
    Please Note: Since these web sites are not hosted by Microsoft, these links may change without notice. Microsoft does not guarantee the accuracy of this information.
    Best Regards,
    Amy Wang

  • 802.1x using authentication from NT Domain Controller instead of Radius

    I would like to know if it's possible to configure 802.1x using authentication from NT Domain Controller, instead of using Radius or Tacacs.

    It is possible to use MS AD, generic LDAP, Novell NDS for authentication, it's fairly common.
    The issue is "How do get the device to talk to the authentication source ... (AD, DC, NDS, LDAP)?"
    The answer is RADIUS.
    You can configure RADIUS to pull authentication from a variety of source (depending on the RADIUS - many/most can use any of the LDAP-based systems).
    So, yes, certainly you can use the Microsoft AD, but you need RADIUS to connect the two systems (the 802.1x device and the AD server).
    If cost is the issue, try freeRADIUS (www.freeradius.org) - it's fully featured (can use LDAP, AD, NDS, Certificates, etc), it's free, and configuration is much easier than it looks ....
    Good Luck
    Scott

  • Setting up FTP on Domain Controller using User Isolation

    Hi all,
    Our FTP site is set on a domain controller (not best practice i know, but i wasn't involved in the implementation of it) However, it currently works with the "FTP Root Directory" option selected, however this is not very secure as everyone has access
    to everything. I need to set it up so it uses "Username Directory" as this is a domain controller, and i want them to authenticate via AD User/Group. However when i select that option, i can't connect to the FTP site - Connection attempt failed with
    "EAI_NONAME - Neither nodename nor servname provided, or not known". When i change it back to "FTP Root Directory" it connects fine.
    Basic Authentication is Enabled and Anonymous Authentication is disabled.
    Virtual Directory option is selected under directory listing options.
    Our FTP folder structure is E:\FTPRoot it got moved to this drive as it's a bigger drive.
    I've set up a Virtual Directory for the FTP site and for the individual folders. 
    I'm stuck on what else to try, any advice and guidance would be appreciated.

    Hi,
    FTP setup is related to IIS so you could post the question to IIS forum instead.
    http://forums.iis.net/
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • How to run the oracle application cleint using static ip or domain please e

    How to run the oracle application cleint using static ip or domain please explain me.
    i am not able to run oracle forms in client machine how to run it please explain me
    Please give me detail regarding that
    any body please help me.
    my mail id::::: [email protected]

    You did not mention exactly which Forms version you are using so it will be difficult to offer specific help. However, you did mention Forms 9i. ALL "9i" releases were desupported long ago, so find software or documentation are becoming more difficult.
    Here is the Deployment Guide for Forms 10.1.2
    http://download.oracle.com/docs/cd/B19375_07/doc/frs/forms/B14032_03/toc.htm
    Here are some technical reference for Forms 9.0.x
    http://www.oracle.com/technology/products/forms/techlisting9i.html

  • Domain controller VMs using dynamic VHDx corrupt after power failure

    Over the past couple of months I have experienced 4 dead 2008 R2 SP1 domain controllers after power failure on Hyper-V 2012 hosts. The domain controller VMs will start after power failure and have varying degrees of file system corruption. In each instance
    the corruption has rendered the domain controller unusable. The problem has not occurred with every power failure, but in testing the failure rate has been over 10%.
    The Hyper-v 2012 hosts are as follows:
    Dell PowerEdge r720 with flash backed write cache on Raid controller
    Dell PowerEdge T710 with battery backed write cache on Raid controller
    Dell PowerEdge T310 with a single SATA hard drive and write cache disabled
    Generic system with a single SATA hard drive and write cache disabled
    The VM configuration experiencing corruption is as follows:
    Each VM was created from a base 2008 R2 SP1 syspreped VHDx image template file (40 Gigs)
    The image template was originally created as a VHD and was then converted to a VHDx
    The VHDx file has 512k sectors instead of the native 512e of VHDx files (a result of VHD - VHDx conversion)
    Each VM was assigned 1024 Meg RAM and 1 virtual processor
    The domain controllers were created by promoting the base 2008 r2 install to a DC after base image deployment
    Only one corrupt VM was not running the 2012 integration components. The rest were running current 2012 integration components
    I have done extensive testing on this issue and the problem for me seems to revolve around the VHDx file format. I have managed numerous Hyper-v installations since the original 2008 server version was released and I have never seen corruption like this
    until 2012 and VHDx.
    For the past few days I have been testing fixed sized VHD VMs on a 2012 host and I have not been able to reproduce the data corruption issue. I seem to only be able to reproduce the problem when using dynamic VHDx files. I have not done any testing on 2012
    hosts with fixed size VHDx files or dynamic VHD files.
    It would be great to hear from anybody else experiencing similar issues so that we can compare notes and hopefully get to the bottom of this problem.

    To be honest I was excited to see this fix released, but there are two problems.
    1. The hotfix causes BSOD if you have VLANs with a teamed NIC configuration. I found this out the hard way on a production system. How in the world did this thing get through testing and into automatic updates?
    2. The hotfix does not seem to resolve the issue in my test environment.
    I opened up a case with support and they informed me that they would not provide support for this issue and that I had to open a case with premier support. Premier support informed me that I cannot open a case with them unless I sign a $50,000 per year service
    contract. Is there anywhere to get support on this issue?

  • Process MAD.EXE (PID=1932). All Domain Controller Servers in use are not responding:

    Process MAD.EXE (PID=1932). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC).
    Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about
    the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
    Process MAD.EXE (PID=1932). All Domain Controller Servers in use are not responding: 
    DC02.targetiletisim.local 
    DC01.targetiletisim.local 
    Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1148). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge
    Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
    pls help me :(

    Hi,
    Please use dcdiag and nltest to test the connectivity.
    BTW, have you disabled ipv6 on Exchange Server.
    Thanks,
    Simon Wu
    TechNet Community Support

  • Create a Domain Controller and a Child Domain using Powershell

    Is it possible to create a Domain Controller and a Child Domain using Powershell?

    Yes, you can do that:
    WS2008R2 -
    http://technet.microsoft.com/en-us/library/cc731394%28v=ws.10%29.aspx
    http://technet.microsoft.com/en-us/library/cc731873%28v=ws.10%29.aspx - This isn't technically PowerShell.
    WS2012 -
    http://technet.microsoft.com/en-us/library/jj574105.aspx
    EDIT: You've asked this same question a few times now, is there something specific that's giving you trouble?
    Don't retire TechNet! -
    (Don't give up yet - 12,830+ strong and growing)

Maybe you are looking for

  • Aperture 3.1 edits don't show up in iMovie '11

    I am new to Aperture. I am creating a movie with still shots in iMovie. In the photo browser I can select a photo and then click "Open in Aperture". I've done this and edited my photo. But the edits do not show up in iMovie -- even after closing and

  • SAP AND SYSTEM I JOURNALS

    Dear Experts, I am having some issue on SAP journals on system i . While clearing the Journals some of the Receiver are  not getting clear.  We have to shut down the SAP and restart it after which we can clear the same. I also want to know that is th

  • Convert binary to document

    hi, how to convert blob object stored in binary variable to document variable? Thanks, kripa

  • Advanced Adapter Engine with Proxies Communication

    Hello there, I have built a scenario with an application system and a web service using PI (SAP Basis 7.11) and the advanced adapter engine. I would like to have a communication without participating the integration engine, but with proxies and using

  • Archiving  inbound delivery documents

    hi gurus, can you help in in archiving inbound delivery documents. This inbound delivery document is created after purchase order is created with confirmation control. Pls tell  me the programme through which i can do it. What should i do before doin