Strange DNS, Group Policy & Active Directory Issues - Can't track down root issue!

Similar Messages

• Create a new group in Active Directory ?

  Hello,
  I'd like to create a new group in Active Directory. Can somebody show me a sample code please ?
  Thanks.

  Someone should show you how to perform a search. There's a sample in this forum.
  http://forums.sun.com/thread.jspa?threadID=623860

• Query on DNS setup for Active Directory for a new data center

  I have third party DNS appliances providing DNS Service for Active Directory (Windows 2008 R2) and there are also secondary DNS servers, which are MS DNS server with a secondary zone configured, for redundancy. I have to setup a new data center
  and move servers/services to this data center. In this scenario, can I install a new Microsoft DNS server with a secondary zone and use this as the primary DNS Server for all the member servers at this new location ? I am aware that this new DNS server will
  not be able to make any updates to the secondary zone and for that purpose, is there anyway to redirect such requests to the DNS appliances in my current data center across the WAN ? I am trying to avoid purchasing a new DNS appliance for the new data center
  and want to know what are the alternatives I have.
   

  im not entirely sure by your setup, as normally you would use AD integrated zones for DNS in an AD environment - although there are other options as you have already setup.
  the fact the zone is a secondary zone in DNS server terms doesn't mean you can't point your clients to it as their primary dns server. They will quite happily resolve names using a secondary server.
  so as long as your dns devices are correctly setup to support the additional secondary zone I see no reason why you couldn't do this.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  My Blog
  LinkedIn:

• Is it possible to map a Sponsor Group in Cisco ISE to a user group in Active Directory, through a RADIUS server?

  Hi!!
  We are working on a mapping between a Sponsor Group in Cisco ISE and a user group in Active Directory....but the client wants the mapping to be through a RADIUS SERVER, for avoiding ISE querying directly the Active Directory.
  I know it is possible to use a RADIUS SERVER as an external identity source for ISE.....but, is it possible to use this RADIUS SERVER for this sponsor group handling?
  Thanks and regards!!

  Yes It is possible to map Sponser group to user group in AD and if you want to know how to do please open the below link and go to Mapping Active Directory Groups to Sponsor Groups heading.
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_guest_pol.html#wp1096365

• Could we have same name's for User and Groups in Active directory

  When iam trying to create a user name " Logistics " under a OU, I am getting a error
  "The pre-windows 2000 logon name you have chosen is already in use in this domain. Choose  aother pre-windows logon name, and then try again"
  We already have a group by the name " Logistics "
  Could we have same name's for User and Groups in Active directory?
  Thanks in Advance

  sAMaccountName attribute is unique. So, the short answer is you cannot.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• I lost my Ipod and Icloud is not activated. How can I track it without Icloud activate

  I lost mi Ipod and Icloud is not activated. How can i track it without Icloud activate

  You can't. You will have to retrace your steps and look the old-fashioned way.

• BW system ran out of "session" = transaction SMGW; how to track down "resource" issues?

  Hi SAP Experts,
  we had on our SAP BW system the following situation:
  We are having a week daily process chains, that is uploading data from our ECC system.
  Once in a month, we are uploading from our APO/SCM system data from our BW system.
  Parallel we are having also SAP PreCalculation Server (with three PreCalc instances) instances running. The PreCalc Server is running daily.
  The landscape in short: (DB server = AIX/Oracle, App-Server = Linux, SAP System=7.01; PreCalc Server = Win2008/64)
  This week when all was running at the same time, we faced problems, that log-on to SAP System via ABAP took a long time, same BEx Reports (some failed with Run Time errors).
  From the landscape infrastructure we couldn’t detect any resource issues (we are having two application servers connected to the BW landscape).
  What we saw from the system transactions (SM66, SM51, SM21, ST02, ST04, ST06N) the issue did not seem to be resource based, by network, database, amount of work processes etc.
  But we noticed in transaction SMGW, that it seemed not possible for external programs, like a BEx reports or the PreCalc Server to connect with new session to the BW ABAP landscape.
  The trace showed in SMGW:
  *  LOCATION    SAP-Gateway on host server / sapgw##
  *  ERROR       Conversation 01792797 not found
  *  TIME        Tue Jul 22 14:13:03 2014
  *  RELEASE     720
  *  COMPONENT   SAP-Gateway
  *  VERSION     2
  *  RC          728
  *  MODULE      gwxxconn.c
  *  LINE        971
  *  COUNTER     75240
  In system log, database alert log, we could not find any dead locks reported or anything reported, that explained why, via the SMGW is was not possible to connect with new sessions.
  We restarted the PreCalc Server and after clarifying with application team of APO/SCM we stop the process chain and than the system was back to “normal” operation.
  Now the question is, if you faced similar issues and what the solution, or how you where able to track down the issue?
  Thanks for your ideas.
  Best regards
  Carlos Behlau

  Hi Alwina,
  thank you for your help.
  What I was able to is in SMGW, because the system was very slow, that some connection where "red".
  I forgot to capture screenshots and now I am not able to recall the the status text.
  It is there a way to find out, if we reach the "max" connection numbers, like parameter gw/max_conn 500, via ST03N or via SMGW or via some logs?
  I checked the SMGW trace, but I am not able to identify via the trace in SMGW, if the failures happened now, because max. values of parameters have been reached or what the cause was/is.
  What I meant:
  All external programs, like SAP BW BEx Analyzer (Excel Reporting tool for BW) are connecting via RFC calls. Also SAP Pre-Calculation Server is using RFC calls to generate the reports and send them via E-mail.
  Usually, I can see these connections in SMGW (goto => logon clients).
  There I didn't noticed that we reach 500, when we had the problem.
  Best regards
  Carlos

• My iPod was stolen, is there any way it can get tracked down?

  Hey, how are you guys doing?
  I bought a 4g iPod touch 32g a while ago, and I want to know if it can be tracked down. I didn't have iCloud put on it & I used an app on another iPod to track it down using the apple account and no results were shown as if the iPod had been reset. Please let me know if it can be tracked down.

  Change your iTunes (Apple ID) password along with any other password that was stored in the iPod.  If any passwords are associated with credit cards, contact the CC company and get your card replaced (with a new number).  If any passwords are associated with a bank or any other savings institution, contact them also and discuss approprate action with them.
  The "Find my..." function is pretty much useless if the device is in the hands of a thief.  All that is necessary is for the thief to connect to any computer with iTunes and "Restore as new."
  The only real protection you have is with the personal information on the device rather than the physical device itself.  This requires action before the device is lost/stolen.  If the device has significant personal information, it should have a strong 8-digit (or longer) password AND be configured for automatic wipe in the event of ten consecutive incorrect password entries.

• [svn:fx-trunk] 9174: revert rev# 9148 until some odd behavior can be tracked down.

  Revision: 9174
  Author:   [email protected]
  Date:     2009-08-07 10:37:23 -0700 (Fri, 07 Aug 2009)
  Log Message:
  revert rev# 9148 until some odd behavior can be tracked down.
  checkintests: pass
  rev# 9148:Changing enabled on GroupBase to set the alpha to the new "disabledAlpha" CSS style (0.5 by default) when the container is disabled. 
  Modified Paths:
      flex/sdk/trunk/frameworks/projects/spark/defaults.css
      flex/sdk/trunk/frameworks/projects/spark/src/spark/components/supportClasses/GroupBase.as

• HT1689 can i track down my ipod location using my serial number?

  can i track down my ipod using my serial number

  No. The SN will only help identify the iPod if it is recovered.

• How can i track down a stolen ipod touch with just my serial number

  how can i track down a stolen ipod touch with just my serial number

  You can't. The SN will only help identify the iPod as yours IF it is recovered.
  - If you previously turned on FIndMyiPod on the iPod in Settings>iCloud and wifi is on and connected go to iCloud: Find My iPhone, sign in and go to FIndMyiPhone. If the iPod has been restored it will never show up.
  - You can also wipe/erase the iPod and have the iPod play a sound via iCloud.
  - If not shown, then you will have to use the old fashioned way, like if you lost a wallet or purse.
  - Change the passwords for all accounts used on the iPod and report to police
  - There is no way to prevent someone from restoring the iPod (it erases it) using it.
  - Apple will do nothing without a court order                         
  Reporting a lost or stolen Apple product                              
  - iOS: How to find the serial number, IMEI, MEID, CDN, and ICCID number

• DNS, Certificates, and Active Directory - School Setup Issues

  Our school has been piloting a small iPad depolyment.  I have been struggling with getting Profile Manager to work correctly since August of last year. Here's the setup:
  1. Active Directory DNS/DHCP server (set as "school.local"--yes, I know .local is bad form, but it was set before I got here). I have changed the "Digest" to "Basic" setting
  2. Mac Mini server that has its own external IP and hostname ("mac.school.org") and is also bound to the AD server for user authentication for services (Profile Manager, WebDAV, wiki, etc.). I have a self-signed SSL certificate installed under the name "mac.school.org"
  3. About 90 iPads, and a handfull of Mac desktops
  In a perfect world, users would be able to login (with their AD credentials) to the Profile Manager self-service portal using the external hostname of the mac server ("mac.school.org/mydevices"), install the Trust Profile, and enroll the device (iPad, Mac, etc).
  However, this is not the case.  The setup seems to work for awhile; quite perfectly in fact. But then for reasons unknown to me, everything just "breaks" and Profile Manager ceases to work like it should. Here are some of issues I am seeing:
  a.) DNS service on the Mac server turns itself ON randomly.  DNS should NOT be running this server, correct? All DNS lookups internally are done by the AD server. I've used changeip and everything matches (both say "mac.school.org")
  b.) Whenever we use VPN, and at other seemingly random times, the server's hostname changes from "mac.school.org" to "mac.school.local" I would make the server external only, but it needs to have an internal IP to talk to the AD server.
  c.) AD binding breaks randomly and I have to rebind the server to AD
  d.) When enrolling devices, Profile Manager starts rejecting certificates (not a trusted source, etc.) and I have to destroy OD and PM and start all over again.
  I know this is a lot and I'm not necessarily expecting anyone to answer all of these questions. I guess I'm wondering if anyone could point me in the right direction? I've looked for help with these issues all over the place, but none of the environments I read about are quite like the one I'm in.

  Yes, I am not giving the real domain name here.
  No prob. just checking, sometimes people have weird domain names never know if they are real or they expect them to be real or they put domain names owned by someone else on their internal network eek.
  Not really needed to use mac.school.org internally, that is in local LAN. The thing to understand about DNS is the scope for which a DNS zone is relevant WRT a client machine — inside LAN or on Internet, and which DNS server is authoritative for a domain. Authoritative in the sense of 'the final word'.
  Go to Network Utility on your mac, type in your real domain name (whatever you are changing to school.org to hide it) what comes back. On my server I see the below (I have replaced my real, Internet legal domain, to 'example.com')
  In my setup I have, on the LAN, setup the Mac server to be authoritative for domain 'example.com'. On the Internet however it is another external DNS server.
  So you have set DNS forwarders on the Mac machine?
  I really don't believe that the machine's hostname is changing, it is statically configured. What I believe is happening is that DNS name resolution is telling you different things at different times because you are using different DNS servers.
  On mac machine terminal type $less /etc/resolv.conf and copy paste what it says. In server app Services | DNS right side does it say you have forwarders?
  Still it is not good to have two DNS domains in your internal LAN, there is no need to have school.org on the mac DNS unless it is going to be fully setup to be authoritative in the internal LAN for the domain school.org. You can have school.org on the Internet (Internet scope of users point 1) and school.local on internal machine (LAN scope of users).
  Lookup has started…
  Trying "example.com"
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53292
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
  ;; QUESTION SECTION:
  ;example.com.                   IN        ANY
  ;; ANSWER SECTION:
  example.com.     10800          IN        SOA          example.com. admin.example.com. 2013010907 3600 900 1209600 86400
  example.com.     10800          IN         NS          server.example.com.
  example.com.     10800          IN         MX          10 server.example.com.
  ;; ADDITIONAL SECTION:
  server.example.com. 10800       IN          A          192.168.1.20
  Received 145 bytes from 127.0.0.1#53 in 2 ms

• Active Directory Services Can't Connect to Domain

  I removed Active Directory services form a server running 2012. I then went to reinstall and reconfigure it, but I keep running into issues. When I launch active directory admin center it gives me an error that it can't connect to any domain, and I can't
  make any changes. The local server has already been promoted to the domain controller. Here is the output from dcdiag:
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = ACSSVR
     * Identified AD Forest. 
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\ACSSVR
        Starting test: Connectivity
           ......................... ACSSVR passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\ACSSVR
        Starting test: Advertising
           Fatal Error:DsGetDcName (ACSSVR) call failed, error 1355
           The Locator could not find the server.
           ......................... ACSSVR failed test Advertising
        Starting test: FrsEvent
           ......................... ACSSVR passed test FrsEvent
        Starting test: DFSREvent
           There are warning or error events within the last 24 hours after the
           SYSVOL has been shared.  Failing SYSVOL replication problems may cause
           Group Policy problems. 
           ......................... ACSSVR failed test DFSREvent
        Starting test: SysVolCheck
           ......................... ACSSVR passed test SysVolCheck
        Starting test: KccEvent
           A warning event occurred.  EventID: 0x80000B46
              Time Generated: 03/02/2015   12:00:00
              Event String:
              The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification)
  and LDAP simple binds that  are performed on a cleartext (non-SSL/TLS-encrypted) connection.  Even if no clients are using such binds, configuring the server to reject them will improve the security of this server. 
           A warning event occurred.  EventID: 0x80000734
              Time Generated: 03/02/2015   12:00:37
              Event String:
              The local domain controller could not connect with the following domain controller hosting the following directory partition to resolve distinguished names. 
           ......................... ACSSVR passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... ACSSVR passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... ACSSVR passed test MachineAccount
        Starting test: NCSecDesc
           ......................... ACSSVR passed test NCSecDesc
        Starting test: NetLogons
           Unable to connect to the NETLOGON share! (\\ACSSVR\netlogon)
           [ACSSVR] An net use or LsaPolicy operation failed with error 67,
           The network name cannot be found..
           ......................... ACSSVR failed test NetLogons
        Starting test: ObjectsReplicated
           ......................... ACSSVR passed test ObjectsReplicated
        Starting test: Replications
           ......................... ACSSVR passed test Replications
        Starting test: RidManager
           ......................... ACSSVR passed test RidManager
        Starting test: Services
           ......................... ACSSVR passed test Services
        Starting test: SystemLog
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/02/2015   11:21:34
              Event String:
              Name resolution for the name teredo.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 03/02/2015   11:21:58
              Event String:
              The WinRM service is not listening for WS-Management requests. 
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 03/02/2015   11:26:01
              Event String:
              The Vstor2 Virtual Storage Driver service failed to start due to the following error: 
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 03/02/2015   11:26:01
              Event String:
              The Vstor2 MntApi 2.0 Driver (shared) service failed to start due to the following error: 
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/02/2015   11:26:16
              Event String:
              Name resolution for the name teredo.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
           An error event occurred.  EventID: 0x0000002E
              Time Generated: 03/02/2015   11:34:32
              Event String:
              The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
           An error event occurred.  EventID: 0xC0001B6F
              Time Generated: 03/02/2015   11:34:32
              Event String:
              The Windows Time service terminated with the following error: 
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 03/02/2015   11:35:01
              Event String:
              The WinRM service is not listening for WS-Management requests. 
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/02/2015   11:39:08
              Event String:
              Name resolution for the name _ldap._tcp.dc._msdcs.ACS.local. timed out after none of the configured DNS servers responded.
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 03/02/2015   11:39:27
              Event String:
              The Vstor2 Virtual Storage Driver service failed to start due to the following error: 
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 03/02/2015   11:39:27
              Event String:
              The Vstor2 MntApi 2.0 Driver (shared) service failed to start due to the following error: 
           A warning event occurred.  EventID: 0x000727AA
              Time Generated: 03/02/2015   11:39:40
              Event String:
              The WinRM service failed to create the following SPNs: WSMAN/ACSSVR.ACS.local; WSMAN/ACSSVR. 
           A warning event occurred.  EventID: 0x0000000C
              Time Generated: 03/02/2015   11:39:39
              Event String:
              Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in
  the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the
  authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
           A warning event occurred.  EventID: 0xC000042B
              Time Generated: 03/02/2015   11:42:01
              Event String:
              The RD Session Host server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
           An error event occurred.  EventID: 0x00000469
              Time Generated: 03/02/2015   11:44:31
              Event String:
              The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain
  controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
           An error event occurred.  EventID: 0x00000469
              Time Generated: 03/02/2015   11:45:05
              Event String:
              The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain
  controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
           An error event occurred.  EventID: 0x0000168F
              Time Generated: 03/02/2015   11:55:22
              Event String:
              The dynamic deletion of the DNS record 'ACS.acsolutionsinc.net. 600 IN A 192.168.56.1' failed on the following DNS server:  
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/02/2015   11:55:22
              Event String:
              Name resolution for the name acsolutionsinc.net timed out after none of the configured DNS servers responded.
           An error event occurred.  EventID: 0x0000168F
              Time Generated: 03/02/2015   11:55:47
              Event String:
              The dynamic deletion of the DNS record '_ldap._tcp.ACS.acsolutionsinc.net. 600 IN SRV 0 100 389 ACSSVR.ACS.acsolutionsinc.net.' failed on the following DNS server:  
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 03/02/2015   11:55:53
              Event String:
              The WinRM service is not listening for WS-Management requests. 
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/02/2015   11:55:53
              Event String:
              Name resolution for the name _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ACS.local. timed out after none of the configured DNS servers responded.
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/02/2015   11:59:53
              Event String:
              Name resolution for the name _ldap._tcp.dc._msdcs.ACS.local. timed out after none of the configured DNS servers responded.
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 03/02/2015   12:00:13
              Event String:
              The Vstor2 Virtual Storage Driver service failed to start due to the following error: 
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 03/02/2015   12:00:13
              Event String:
              The Vstor2 MntApi 2.0 Driver (shared) service failed to start due to the following error: 
           A warning event occurred.  EventID: 0x000727AA
              Time Generated: 03/02/2015   12:00:25
              Event String:
              The WinRM service failed to create the following SPNs: WSMAN/ACSSVR.ACS.local; WSMAN/ACSSVR. 
           A warning event occurred.  EventID: 0x0000000C
              Time Generated: 03/02/2015   12:00:25
              Event String:
              Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in
  the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the
  authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
           A warning event occurred.  EventID: 0xC000042B
              Time Generated: 03/02/2015   12:02:47
              Event String:
              The RD Session Host server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
           An error event occurred.  EventID: 0x00000469
              Time Generated: 03/02/2015   12:05:17
              Event String:
              The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain
  controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
           An error event occurred.  EventID: 0x00000469
              Time Generated: 03/02/2015   12:05:17
              Event String:
              The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain
  controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
           ......................... ACSSVR failed test SystemLog
        Starting test: VerifyReferences
           ......................... ACSSVR passed test VerifyReferences
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : ACS
        Starting test: CheckSDRefDom
           ......................... ACS passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ACS passed test CrossRefValidation
     Running enterprise tests on : ACS.local
        Starting test: LocatorCheck
           Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
           A Global Catalog Server could not be located - All GC's are down.
           Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
           A Time Server could not be located.
           The server holding the PDC role is down.
           Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
           1355
           A Good Time Server could not be located.
           Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
           A KDC could not be located - All the KDCs are down.
           ......................... ACS.local failed test LocatorCheck
        Starting test: Intersite
           ......................... ACS.local passed test Intersite
  I've been trying to debug errors one at a time, but I'm having a hard time finding any information that pertains to this issue as a whole. Anything you can tell me about this would be great, thank you for reading. 

  It was the only server in the network, the only dc in the old forest. When I re-installed ad ds I gave the new forest different name, but I guess the old settings are still in the system somewhere conflicting with the new setup? Is there a way to
  purge the old setup entirely and start over with ad ds, or am I going to have to re-install the whole OS? Thanks again for the help.
  Honestly, the best way to handle this is to rebuild the server. There are many things that are "left behind" when you remove the Domain / Forest from a Domain Controller. In fact many articles will say after using ADMT (active directory migration
  tool) you should decommission the original Domain Controller (aka reinstall the OS).
  While you could spend more time trying to get that domain controller working, it absolutely is going to be 1) More reliable 2) faster to reinstall the OS on the old domain controller. If you are still leveraging storage, or services on that domain controller,
  you will want to back them up, or have a transition plan before reinstalling everything on the server. I have a feeling if you choose to keep troubleshooting this, you will run into more issues down the road.
  Entrepreneur, Strategic Technical Advisor, and Sr. Consulting Engineer - Strategic Services and Solutions Check out my book - Powershell 3.0 - WMI: http://amzn.to/1BnjOmo | Mastering PowerShell Coming in April 2015!

• "Domain Users" group in Active Directory does not belong to any Group Membership in LC

  Active Directory user belonging to "Domain Users" group does not belong to any Group Membership in LC, why does it not belong to "Domain Users" group?
  Any way to correct this issue, without changing group membership on AD side?
  If Active Directory user is member of "Domain Admins" or "Users" then these show same group membership in LC.
  Thanks.

  If you want to use the Domain Users group for the purpose of representing all the users then you can use the "All principals in domain xxx" group which is created by UM.
  Coming back to Domain Users group. For determining group membership in AD UM uses "member" attribute of the group object. "Domain Users" group is treated differently by AD. It is the default primary group for all the users and normally members of the primary group are not specified using the member attribute.So when we sync the data from AD "Domain Users" membership does not get completed.

• Active Directory? Can't get it to work.

  I am not sure if my network and/or server is really misbehaving or that I am just too stupid to understand how this should work.
  I am preparing my macmini server to run a small (audiovisual) company network. I especially want to use the server as a multiplatform fileserver. I am planning to hook an Areca ARC8050 thunderbolt RAID up to my macmini as an all client shared drive.
  Can OS X Server (I am running the latest version) be an OD and AD server at the same time?
  Do I have to setup an AD or is it already present/active on the server side?
  How do I create or find the AD domain? Both my domain and subdomain.domain don't work.
  How do I find my network administrator credentials? I have never registered a network administrator account so how would I know these credentials?
  I have been bumping into errors all the time. No matter what settings or credentials I use.
  My FQDN is server.domain.com
  When I use domain.com (trying to bind client to server)
  I get this error.
  When I use server.domain.com I get this error.
  DNS on the server side seems to be setup alright (nothing to change).
  Client uses server as DNS lookup (server has the static IP adres 10.0.0.2).
  All AD related ports are open.
  Binding to OD works fine.
  I am really lost here. What am I missing? Hope somebody can help me!
  Thanks.

  You are mixing your technologies and envisioning a world in which platforms coexist and share technologies.  This world does not exist.  Windows can not use configuration profiles.  That is an Apple technology.  Windows uses group policy objects which require a Windows server to generate and distribute.
  You can not bind a Windows machine to OS X using Apple's built in solutions.  You could use Samba (http://www.samba.org) to achieve this but that may be far more technical than you want to get involved.  In the world of mixed platform, the general breakdown is: 
  • Windows server will support Windows and Macs very effectively as long as you are not looking to manage the Macs.
  • Windows server with an Mac Server as a subordinate will completely support Windows and Macs
  • Mac Server alone will fully support the Macs but Windows integration is difficult to impossible depending on skill and risk aversion.
  When you state "I want to achieve 2 logins that both automount the shared drive. One a restricted access user account and an administrator level account. " I believe you are talking about file services logins.  This is done on your server when you define your share points.
  OS X Server can run AFP and SMB file services protocols.  This allows both Macs and Windows machines to connect to your shared folders.
  I will take the opportunity to point out that there is a global group of Apple professionals who can assist with your project.  http://consultants.apple.com/index.php  Even if you use this as a learning opportunity, it sounds like you could use a little professional help to get you moving in the right direction and get a better understanding of the technology pieces and how they interact.
  R-
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store