Windows 2012 Domain Controllers and RC4

Similar Messages

• Is it possible for Windows 2008R2 Domain Controllers to audit when a programs are installed/uninstalled on clients and send alerts to Admins?

  We have a program called Audit Wizard that we used with Windows 2003 that monitored all clients and alerted my department when a program was installed/uininstalled. since upgrading to windows server 2008R2, the program no longer works correctly.
  So we are wondering if it is possible for Windows 2008R2 Domain Controllers, running at a 2008R2 forest and domain level) to be able to audit when a programs are installed/uninstalled on clients and send alerts to our Admins?
  If so, How?
  Thanks in advance for your help!
  Pete Macias

  Hi Pete,
  >>So we are wondering if it is possible for Windows 2008R2 Domain Controllers, running at a 2008R2 forest and domain level) to be able to audit when a programs are installed/uninstalled on clients and send alerts to our Admins?
  As far as I know, group policy can't help us do this. If you are interested, we can take a look at System Center Operation Manager and ask for suggestions in the following SCOM forum.
  Operations Guide for System Center 2012 - Operations Manager
  https://technet.microsoft.com/en-us/library/hh212887.aspx
  System Center Operation Manager
  https://social.technet.microsoft.com/Forums/systemcenter/en-US/home?category=systemcenteroperationsmanager
  Best regards,
  Frank Shen 
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Installing a Windows 2012 Domain Controller into a 2000/2003 domain with Exchange 2003

  Hello,
      I have a client that we are planning to migrate to 2012 over time.  They currently have a Windows 200 DC and 2 member servers running Windows 2003, one of which is running Exchange 2003.
      We first are going to introduce a 2012 server into the domain and my plan was to DCPromo the 2003 server that isn't running Exchange and raise domain level to 2003 and then demote the 2000 server.  I was then going to install the
  2012 server into the domain and make it a backup Domain Controller for the time being and leave the newly promoted Windows 2003 server as the primary Domain Controller with all the roles and global catalog.  My question is will Exchange 2003 still function
  normally in this scenario?
     I've been doing research and read some things about Exchange 2003 not working with 2012 Domain Controllers, but I was thinking if the 2003 is still the primary, it might work.  We will eventually migrate to 2003, they just don't want to
  do it all at once, due to costs and other issues.
  Thanks.

  I didn't ask if it was supported, I just wanted to know if Exchange 2003 would continue
  to function if the Windows 2003 DC still held all the FSMO roles and Global Catalog.
  A not supported situation means that it is a situation where Microsoft made no testing or do not guarantee that you can operate with no problems. Following a not supported scenario could be done but is on your own risk.
  If it won't, can the 2012 server be a member server in the 2003 AD?  The 2000
  DC it is replacing, just shares files on the network in addition to being the lone AD server
  Yes, it can be a member server.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Windows 2012 - SYSVOL replication and NETLOGON share

  After reading 100 tons of articles and links i decided to open this thread.
  I know today is 1st of april, but unfortunately for me this is not a joke.
  given:
  two 2003 DC's - physical servers
  two 2008 DC's - VM's on ESX 5.1 hosts
  two 2012 DC's - VM's on ESX 5.5 hosts
  domian fucntional level 2003
  situation:
  we plan to decom the 2003's.
  The 2008 DC's are in place since a while and working ok.
  We plan to upgrade to 2012 and here it is where the trouble starts.
  Firstly, I couldn't, by any means, to promote 2012 as DC's until i moved all the FSMO roles from the 2003 DC's to the 2008 DC's.
  After lots of work with the network team we made all the right connections opened the firewalls, made the DCDIAG and DNS tests and the only problem reported are the SYSVOL replication and NETLOGON share.
  I tried all the tools out there to check the replication and the last one is Microsoft's AdRplstatus Tool which made me think that either Microsoft makes fun of me, either i'm the dumbest windows admin on this planet.
  This tool reports that there are NO ERRORS in replicating SYSVOL, but when i run the command 'net share' the 'domain.com\sysvol\scripts' is not there. Further more checking, i try to access '\\domain.com\sysvol' - directory under which i must find the 'policies'
  and 'scripts' folders and, Sysvol is empty - obviously these are present when i do this check from the 2008 DC's or 2003 DC's.
  Is there a known issue for these problems regarding 2012 and ESX 5.5 ? - still, i doubt it.
  DCDIAG /TEST:DNS
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = dc-p01
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: dc-p01
        Starting test: Connectivity
           ......................... dc-p01 passed test Connectivity
  Doing primary tests
     Testing server: dc-p01
        Starting test: DNS
           DNS Tests are running and not hung. Please wait a few minutes...
           ......................... dc-p01 passed test DNS
     Running partition tests on : ForestDnsZones
     Running partition tests on : DomainDnsZones
     Running partition tests on : Schema
     Running partition tests on : Configuration
     Running partition tests on : domain
     Running enterprise tests on : domain.com
        Starting test: DNS
           Test results for domain controllers:
              DC: dc-p01.domain.com
              Domain: domain.com
                 TEST: Dynamic update (Dyn)
                    Warning: Failed to delete the test record dcdiag-test-record i
  n zone domain.com
           Summary of test results for DNS servers used by the above domain
           controllers:
              DNS server: 184.134.0.97 (<name unavailable>)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
  S server 184.134.0.97
                 dc-p01                       PASS
  PASS PASS PASS WARN PASS n/a
           ......................... domain.com passed test DNS
  The PTR record query for 1.0.0.127 is still there but i will change it manually, my DNS is set as primary to point to the server itself by it's IP and not 127.0.0.1.
  still, that DNS server with that error is a linux DNS, but all my DC's have DNS role on and fully replicating and working, including the 2012's.
  DCDIAG:
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = dc-p01
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: dc-p01
        Starting test: Connectivity
           ......................... dc-p01 passed test Connectivity
  Doing primary tests
     Testing server: dc-p01
        Starting test: Advertising
           ......................... dc-p01 passed test Advertising
        Starting test: FrsEvent
           There are warning or error events within the last 24 hours after the
           SYSVOL has been shared.  Failing SYSVOL replication problems may cause
           Group Policy problems.
           ......................... dc-p01 passed test FrsEvent
        Starting test: DFSREvent
           ......................... dc-p01 passed test DFSREvent
        Starting test: SysVolCheck
           ......................... dc-p01 passed test SysVolCheck
        Starting test: KccEvent
           ......................... dc-p01 passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... dc-p01 passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... dc-p01 passed test MachineAccount
        Starting test: NCSecDesc
           ......................... dc-p01 passed test NCSecDesc
        Starting test: NetLogons
           Unable to connect to the NETLOGON share! (\\dc-p01\netlogon)
           [dc-p01] An net use or LsaPolicy operation failed with error 67,
           The network name cannot be found..
           ......................... dc-p01 failed test NetLogons
        Starting test: ObjectsReplicated
           ......................... dc-p01 passed test ObjectsReplicated
        Starting test: Replications
           REPLICATION-RECEIVED LATENCY WARNING
           dc-p01:  Current time is 2014-04-01 10:25:09.
              DC=ForestDnsZones,DC=mydomain,DC=lan
                 Last replication received from DC-P02 at
            2014-03-31 15:22:40
              DC=DomainDnsZones,DC=mydomain,DC=lan
                 Last replication received from DC-P02 at
            2014-03-31 15:22:40
              CN=Schema,CN=Configuration,DC=mydomain,DC=lan
                 Last replication received from DC-P02 at
            2014-03-31 15:22:40
              CN=Configuration,DC=mydomain,DC=lan
                 Last replication received from DC-P02 at
            2014-03-31 15:25:50
              DC=mydomain,DC=lan
                 Last replication received from DC-P02 at
            2014-03-31 15:22:40
           ......................... dc-p01 passed test Replications
        Starting test: RidManager
           ......................... dc-p01 passed test RidManager
        Starting test: Services
           ......................... dc-p01 passed test Services
        Starting test: SystemLog
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 04/01/2014   09:26:35
              EvtFormatMessage failed, error 15027 the message resource is present
   but the message is not found in the string/message table.
              (Event String (event log = System) could not be retrieved, error
              0x3ab3)
           An error event occurred.  EventID: 0x0000272C
              Time Generated: 04/01/2014   09:27:52
              Event String:
              DCOM was unable to communicate with the computer ca-p01.domain.com
  n using any of the configured protocols; requested by PID      fdc (C:\Windows\s
  ystem32\taskhost.exe).
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 04/01/2014   09:31:14
              EvtFormatMessage failed, error 15027 the message resource is present
   but the message is not found in the string/message table.
              (Event String (event log = System) could not be retrieved, error
              0x3ab3)
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 04/01/2014   09:32:13
              EvtFormatMessage failed, error 15027 the message resource is present
   but the message is not found in the string/message table.
              (Event String (event log = System) could not be retrieved, error
              0x3ab3)
           An error event occurred.  EventID: 0x0000272C
              Time Generated: 04/01/2014   09:32:53
              Event String:
              DCOM was unable to communicate with the computer ca-p01.domain.com
  n using any of the configured protocols; requested by PID      c18 (C:\Windows\s
  ystem32\taskhost.exe).
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 04/01/2014   09:35:33
              EvtFormatMessage failed, error 15027 the message resource is present
   but the message is not found in the string/message table.
              (Event String (event log = System) could not be retrieved, error
              0x3ab3)
           An error event occurred.  EventID: 0x0000272C
              Time Generated: 04/01/2014   09:37:54
              Event String:
              DCOM was unable to communicate with the computer ca-p01.domain.com
  n using any of the configured protocols; requested by PID      950 (C:\Windows\s
  ystem32\taskhost.exe).
           An error event occurred.  EventID: 0x0000272C
              Time Generated: 04/01/2014   09:42:54
              Event String:
              DCOM was unable to communicate with the computer ca-p01.domain.com
  n using any of the configured protocols; requested by PID      5c4 (C:\Windows\s
  ystem32\taskhost.exe).
           An error event occurred.  EventID: 0x0000272C
              Time Generated: 04/01/2014   09:47:55
              Event String:
              DCOM was unable to communicate with the computer ca-p01.domain.com
  n using any of the configured protocols; requested by PID      ee0 (C:\Windows\s
  ystem32\taskhost.exe).
           An error event occurred.  EventID: 0x0000272C
              Time Generated: 04/01/2014   09:52:56
              Event String:
              DCOM was unable to communicate with the computer ca-p01.domain.com
  n using any of the configured protocols; requested by PID      e48 (C:\Windows\s
  ystem32\taskhost.exe).
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 04/01/2014   09:53:30
              EvtFormatMessage failed, error 15027 the message resource is present
   but the message is not found in the string/message table.
              (Event String (event log = System) could not be retrieved, error
              0x3ab3)
           An error event occurred.  EventID: 0x0000272C
              Time Generated: 04/01/2014   09:57:57
              Event String:
              DCOM was unable to communicate with the computer ca-p01.domain.com
  n using any of the configured protocols; requested by PID      a20 (C:\Windows\s
  ystem32\taskhost.exe).
           An error event occurred.  EventID: 0x0000272C
              Time Generated: 04/01/2014   10:02:58
              Event String:
              DCOM was unable to communicate with the computer ca-p01.domain.com
  n using any of the configured protocols; requested by PID      1bc (C:\Windows\s
  ystem32\taskhost.exe).
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 04/01/2014   10:06:04
              EvtFormatMessage failed, error 15027 the message resource is present
   but the message is not found in the string/message table.
              (Event String (event log = System) could not be retrieved, error
              0x3ab3)
           An error event occurred.  EventID: 0x0000272C
              Time Generated: 04/01/2014   10:07:58
              Event String:
              DCOM was unable to communicate with the computer ca-p01.domain.com
  n using any of the configured protocols; requested by PID      14c (C:\Windows\s
  ystem32\taskhost.exe).
           An error event occurred.  EventID: 0x0000272C
              Time Generated: 04/01/2014   10:12:59
              Event String:
              DCOM was unable to communicate with the computer ca-p01.domain.com
  n using any of the configured protocols; requested by PID      90c (C:\Windows\s
  ystem32\taskhost.exe).
           An error event occurred.  EventID: 0x0000272C
              Time Generated: 04/01/2014   10:18:00
              Event String:
              DCOM was unable to communicate with the computer ca-p01.domain.com
  n using any of the configured protocols; requested by PID      558 (C:\Windows\s
  ystem32\taskhost.exe).
           An error event occurred.  EventID: 0x0000272C
              Time Generated: 04/01/2014   10:23:01
              Event String:
              DCOM was unable to communicate with the computer ca-p01.domain.com
  n using any of the configured protocols; requested by PID      f00 (C:\Windows\s
  ystem32\taskhost.exe).
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 04/01/2014   10:23:56
              EvtFormatMessage failed, error 15027 the message resource is present
   but the message is not found in the string/message table.
              (Event String (event log = System) could not be retrieved, error
              0x3ab3)
           ......................... dc-p01 failed test SystemLog
        Starting test: VerifyReferences
           ......................... dc-p01 passed test VerifyReferences
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test
           CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test
           CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : mydomain
        Starting test: CheckSDRefDom
           ......................... mydomain passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... mydomain passed test CrossRefValidation
     Running enterprise tests on : domain.comn
        Starting test: LocatorCheck
           ......................... domain.comn passed test LocatorCheck
        Starting test: Intersite
           ......................... domain.comn passed test Intersite
  in Active DIrecotry Sites adn Services when i try to replicate FROM a valid SYSVOL Domain Controller towards my 2012 DC i get this:
  The following error ocurred during the attempt to contact the domain controller dc-p01:
  Directory object not found
  i cannot upload picture yet because Ms ...didn t verified me.

        Starting test: NetLogons
           Unable to connect to the NETLOGON share! (\\dc-p01\netlogon)
           [dc-p01] An net use or LsaPolicy operation failed with error 67,
           The network name cannot be found..
           ......................... dc-p01 failed test NetLogons
        Starting test: ObjectsReplicated
           ......................... dc-p01 passed test ObjectsReplicated
        Starting test: Replications
           REPLICATION-RECEIVED LATENCY WARNING
           dc-p01:  Current time is 2014-04-01 10:25:09.
              DC=ForestDnsZones,DC=mydomain,DC=lan
                 Last replication received from DC-P02 at
            2014-03-31 15:22:40
              DC=DomainDnsZones,DC=mydomain,DC=lan
                 Last replication received from DC-P02 at
            2014-03-31 15:22:40           
  To perform non-authoritative restore of sysvol, you set the Burflag value & system will automatically tries to sync contents of sysvol with its replicating partner DC. Its not mandatory to select any particular DC for sysvol replication becasue in a
  same domain, all DC's shares the same sysvol content.
  Sometime, if initialization of FRS doesn't start, you have to follow the below article. Its also applicable to windows 2008 even as long as your using FRS for replication.
  http://support.microsoft.com/kb/290762/en-us
  To force the replication of sysvol using cmdline, refer below link.
  http://blogs.technet.com/b/justinturner/archive/2007/04/27/quick-tip-force-frs-replication.aspx
  Its better to find out what went wrong with the overall AD domain infra that sysvol has not been able to contact its partner for sysvol replication using depth assessment of the domain. It can be the network,firewall,antivirus or in-built firewall port issues
  which might have broken sysvol replication.
  http://msmvps.com/blogs/ad/archive/2008/06/03/active-directory-health-checks-for-domain-controllers.aspx
  Awinish Vishwakarma - MVP
  My Blog: awinish.wordpress.com
  Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

• Downgrade of Windows 2012 r2 to Windows 2012 Domain Service Active Directory

  I have an uncertainty. we used adprep /forest and adprep /domain tools on windows 2012 R2 to update the domain active directory. But after promoting a domain controller to windows 2012 R2, we realized that a tool we use to authenticate computer account not
  supported for domain controllers in Windows 2012 R2. Here comes the question, I can to install direct and promote a domain controller windows 2012 without running the adprep /forest and adprep /domain tools of Windows 2012?.
  I hope be clearly.
  tks.
  migrations

  Hello,
  as others mentioned there is no problem to promote a Windows Server 2012 into the domain as the functional level is fine for this.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

• Can A Windows 2000 Client Join A Windows 2012 Domain ?

  I have set up a Server 2012 VM that I have configured as a DC.  The desktop environment consists of Windows 7, Windows XP and a few Windows 2000 machines.  All desktops can JOIN the 2012 domain, but when I try to add domain users to any of the
  Windows 2000 (SP4) workstations, it fails with the error "The trust relationship between this workstation and the primary domain failed".
  Unjoining the workstation from the domain (or going into ADUC and deleting the Win 2000 computer from the domain) and trying again yields the same result.  I do not have this problem when the Windows 2000 machines are joined to a Server 2008 R2 domain.
  At this point, I'm leaning towards setting it up as a 2008 R2 DC, and moving to a 2012 DC once we have weaned ourselves off of the Windows 2000 desktops.  Is there any hope of getting things to work with a 2012 DC from the start ?

  Hi,
  Based on my research, Windows 2000 client is not supported for Windows 2012 DC.
  Windows client and Windows Server operating systems that are supported to join Windows Server 2012 domains
  The following Windows client and Windows Server operating systems are supported for domain member computers with domain controllers that run Windows Server 2012:
  Client operating systems: Windows 8, Windows 7, Windows Vista, Windows XP
  Computers that run Windows 8 are also able to join domains that have domain controllers that run earlier version of Windows Server, including Windows Server 2003 or later. In this case however, some Windows 8 features may require additional configuration or
  may not be available. For more information about those features and other recommendations for managing Windows 8 clients in downlevel domains, see
  Running Windows 8 member computers in Windows Server 2003 domains.
  Server operating systems: Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003
  Cataleya Li
  TechNet Community Support

• Autodiscover, domain controllers, and certificate errors

  I have just deployed and Exchange 2013 server in one of my sites. I'm having tons of issues with it, but one issue I'm having trouble thinking through goes like this:
  All users have email addresses that are [email protected] Domain.com is our internal domain name and also a public domain. Now, in a Windows environment, if you were to nslookup domain.com within our network it
  will resolve to any one of the domain controllers. On our infrastructure master DC there is an IIS website, with SSL, that handles certificate services for our internal CA.
  Here's my problem: When a user opens Outlook and autodiscover attempts to find their Exchange connection info it first tries to reach the site
  https://domain.com/autodiscover/autodiscover.xml. If that PC happens to resolve domain.com to the DC that has our certificate services website on it then the Outlook client sends a certificate error.
  If the client is prior to Outlook 2013, the mailbox configuration just halts and throws an error.
  What do I do to prevent this?

  Hi,
  Yes, we can have the following “switchers”
  PreferLocalXML
  ExcludeHttpRedirect
  ExcludeHttpsAutoDiscoverDomain
  ExcludeHttpsRootDomain
  ExcludeScpLookup
  ExcludeSrvRecord
  ExcludeLastKnownGoodUR
  Thanks,
  Simon Wu
  TechNet Community Support

• Change license to Windows 2012 R2 Essentials and Windows 2012 R2 Standard

  Hi,
  I'm working for a small company (10 users). We have 2 servers; 1 is a normal file server, domain controller etc.; the second is dedicated for running a financial application. We bought and installed new hardware but with so called 'Technet licenses'.
  Obviously we need to buy proper licenses. I have 2 questions :
  1. Am I correct in buying 1 Windows 2012 R2 Essentials license, 1 Windows 2012 R2 Standard license and 10 CALs ?
  2. Can I just install these licenses 'over' the existing 'Technet licenses' ?
  Any help will be greatly appreciated.
  Ronald Ruijtenberg

  I would purchase one Server Standard license, install it as a hypervisor on the server, then add to VMs.  First one is Server with the Essentials role, the second to run your financial application.  You can do this on one physical box and you
  only have to purchase one copy of Server Standard.
  Larry Struckmeyer[MVP] If your question is answered please mark the response as the answer so that others can benefit.

• Windows 2012 Domain Controller NETLOGON error

  We have Sonicwall
  firewall user authentication System active since last two months. We have Windows 2012 Active directory server setup
  with around 1400 user account created. These accounts were created by using following PowerShell scripts
  Import-Module ActiveDirectory
  #Import CSV
  $csv = @()
  $csv = Import-Csv -Path C:\Users\Administrator\Desktop\"College User Ac Password Details"\FE\civil.csv
  FOREACH ($Person in $csv) {
  $name = $Person.UserName
  $displayname = $Person.Name
  $path = "OU=FE,DC=comp,DC=com"
  $password = $Person.Password
  $enabled = $True
  $changePW = $False
  $description="CIVIL"
  new-ADUser -SamAccountName $name -Name $name -Description $description -DisplayName $displayname -Path $path -AccountPassword (ConvertTo-SecureString $password -AsPlainText -force) -Enabled $enabled -ChangePasswordAtLogon $changePW -PassThru}
  Above script reads an CSV file with username and passwords and create user accounts on Active Directory.
  But since today we are facing issue during authentication process. We are unable to logon to Directory server. When Sonicwall firewall tries to authenticate an user, it logged-out same user. When I checked Event logger on Windows Active Directory server it
  shows following message.
  The dynamic registration of the DNS record 'ForestDnsZones.comp.com. 600
  IN A 192.168.0.12' failed on the following DNS server:
  DNS server IP address: 216.37.64.6
  Returned Response Code (RCODE): 5
  Returned Status Code: 9017
  For computers and users to locate this domain controller, this record must be registered in DNS.
  USER ACTION
  Determine what might have caused this failure, resolve the problem, and initiate
  registration of the DNS records by the domain controller. To determine what might have
  caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and
  Support Center. To initiate registration of the DNS records by this domain
  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain
  controller or restart Net Logon service. Or, you can manually add this record to DNS,
  but it is not recommended.
  ADDITIONAL DATA
  Error Value: DNS bad key.
  Above log entry talks about DNS issue. But I did non configured any DNS server on this machine.Authentication was working fine for last
  two months , but suddenly from today we are facing above issue. Kindly help me out in resolving this issue.

  hi,
  Im not sure of you setup and don't understand where your sonic wall comes in.
  The error with the DNS is that the server is trying to register its DNS entries in the server with the public IP address
  216.37.64.6  which I am assuming is your ISP's DNS server?
  How is the DNS configured on your domain controller? The domain controller should point to it'self as it's preffered DNS server.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  Blog: http://www.windows-support.co.uk 
  Twitter:   LinkedIn:

• Prepare 2003 Forest/Domain for 2008 R2 or 2012 Domain Controllers

  Hi,
  I would be grateful if you could help me with this:
  We have a single Forest/Single Domain structure which is managed by 4 Windows Server 2003 Std Edition. We are now trying to add a Server 2008 R2 as a domain controller. I have followed lots of articles on MS and other website with regards to preparing the
  Forest and domain before promoting the new server and here is what I got so far:
  Schema master - Windows 2003 SE
  FFL/DFL both set to 2003
  Run Adprep32.exe (found it on 2008 R2 disc) /forestprep and the outcome was:
  lDAPDisplayName "uidNumber" defined for object "CN=VintelauidNumber,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
  [Status/Consequence]
  Adprep will not extend your existing schema.
  [User Action]
  Contact the vendor of the application that extended the schema with the lDAPDisplayName value uidNumber and resolve this inconsistency.  Then run adprep again.
  ==============================================================================
  OID "1.3.6.1.1.1.1.0" defined for object CN=Vintela-uidNumber,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
  [Status/Consequence]
  Adprep will not extend your existing schema.
  [User Action]
  Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.0" and resolve this inconsistency.  Then run adprep again.
  ==============================================================================
  lDAPDisplayName "gidNumber" defined for object "CN=Vintela-gidNumber,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
  [Status/Consequence]
  Adprep will not extend your existing schema.
  [User Action]
  Contact the vendor of the application that extended the schema with the lDAPDisplayName value gidNumber and resolve this inconsistency.  Then run adprep again.
  ==============================================================================
  OID "1.3.6.1.1.1.1.1" defined for object CN=Vintela-gidNumber,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
  [Status/Consequence]
  Adprep will not extend your existing schema.
  [User Action]
  Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.1" and resolve this inconsistency.  Then run adprep again.
  ==============================================================================
  lDAPDisplayName "gecos" defined for object "CN=Vintela-gecos,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
  [Status/Consequence]
  Adprep will not extend your existing schema.
  [User Action]
  Contact the vendor of the application that extended the schema with the lDAPDisplayName value gecos and resolve this inconsistency.  Then run adprep again.
  ==============================================================================
  OID "1.3.6.1.1.1.1.2" defined for object CN=Vintela-gecos,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
  [Status/Consequence]
  Adprep will not extend your existing schema.
  [User Action]
  Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.2" and resolve this inconsistency.  Then run adprep again.
  ==============================================================================
  lDAPDisplayName "unixHomeDirectory" defined for object "CN=Vintela-homeDirectory,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
  [Status/Consequence]
  Adprep will not extend your existing schema.
  [User Action]
  Contact the vendor of the application that extended the schema with the lDAPDisplayName value unixHomeDirectory and resolve this inconsistency.  Then run adprep again.
  ==============================================================================
  OID "1.3.6.1.1.1.1.3" defined for object CN=Vintela-homeDirectory,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
  [Status/Consequence]
  Adprep will not extend your existing schema.
  [User Action]
  Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.3" and resolve this inconsistency.  Then run adprep again.
  ==============================================================================
  lDAPDisplayName "loginShell" defined for object "CN=VintelaloginShell,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
  [Status/Consequence]
  Adprep will not extend your existing schema.
  [User Action]
  Contact the vendor of the application that extended the schema with the lDAPDisplayName value loginShell and resolve this inconsistency.  Then run adprep again.
  ==============================================================================
  OID "1.3.6.1.1.1.1.4" defined for object CN=Vintela-loginShell,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
  [Status/Consequence]
  Adprep will not extend your existing schema.
  [User Action]
  Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.4" and resolve this inconsistency.  Then run adprep again.
  On the Schema master, run AD Schema, MMC and deactivated the object for Vintela. run the adprep32 /forestprep again and still the same result.
  Would you please advise what else can/must be done? anyone knows anything on Vintela (Quest VAS) and how to get rid of it?
  thanks for your help in advance.

  Hi,
  Thanks for your post.
  In this case, the most cause may be the OIDS are in conflict with the 2008 /forestprep. Could you please let me know if the forest functional level is 2003? If not, please raise it to 2003.
  For the information about how to raise functional level, please refer to the articles as below:
  What Are Active Directory Functional Levels?
  http://technet.microsoft.com/en-us/library/cc787290(WS.10).aspx
  Raise the Domain Functional Level
  http://technet.microsoft.com/en-us/library/cc753104.aspx
  Raise the Forest Functional Level
  http://technet.microsoft.com/en-us/library/cc730985.aspx
  What is the Impact of Upgrading the Domain or Forest Functional Level?
  http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
  Besides, for the best practice, we can back up all domain controllers’ system state for the unexpected issues. Here is one article related to backup Active Directory.
  Backing up Active Directory
  http://technet.microsoft.com/en-us/library/cc961924.aspx
  I hope this information is helpful for you. If there is anything that requires further clarification, please don’t hesitate to let me know.
  Best regards,
  Ann
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Difference between Windows NT domain registry and Active Directory registry

  What are the difference(s) ?

  Frank, thanks for your response :)
  I want WebSphere Application Server to take advantage of a directory service. There are multiple options available for a directory service. 
  In my configuration the requirement is to make WebSphere Application server to use Microsoft's Active Directory. 
  While I was going through (WebSphere) documentation, I see following note.
  " With Windows NT domain registry support for Windows 2000 and 2003 domain
  controllers, WebSphere Application Server only supports Global groups that are the Security type. It is recommended that you use the Active Directory registry support rather than a Windows NT domain registry if you use Windows 2000 and 2003 domain controllers
  because the Active Directory supports all group scopes and types. The Active Directory also supports a nested group that is not support by Windows NT domain registry. The Active Directory is a centralized control registry."
  You can find the above note in this link (somewhere after 7th line)
  http://www-01.ibm.com/support/knowledgecenter/SSAW57_7.0.0/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/csec_localos.html?cp=SSAW57_7.0.0%2F3-11-5-1-0-0
  Does it mean that they are recommending to use Active Directory over Windows NT (which is an older approach) with windows server 2000 or windows server 2003 because Active directory is
  advanced ?
  I was under the impression that, Active Directory was started with Microsoft Windows Server 2003 and Windows NT registry was used till Windows 2000 server.
  After going through above links, 
  Windows NT registry in an old method. However, it is compatible with Windows Server 2000 and Windows server 2003 but it is recommended to use Active directory with Windows Serve 2003 as it is more advanced. And the same is recommended in WebSphere documentation
  (I am aware that support for Windows Server 2000 is over and only extended support is available for Windows Server 2003 however this is to clear doubt). Is my understanding correct ? And does windows server 2000 also support both i.e we can use either Windows
  NT registry or Active directory and similarly, Either of them (Windows NT or Active Directory) could be used with Windows Server 2003 ?
  And if I got it correct, Is Windows NT and Active Directory, both directory service offering from Microsoft? While NT being an old method and Active Directory being a new/advanced approach ?

• Bit locker on Windows 2012 r2 AD And Win 8.1 Client

  Can anyone give guidelines/articles for configuring Bit locker on Windows 2012 r2 AD With Win 8.1 Client
  I am looking for detailed directions on backing up Bit Lo. & TPM recovery key to AD

  Hello,
  please start with
  https://technet.microsoft.com/en-us/library/dn383581.aspx and
  https://technet.microsoft.com/en-us/library/jj592683.aspx?f=255&MSPPError=-2147217396
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Windows 2012 answer file and DVD drive letter

  Hi
  my question is about applying unattend XML file into a Wim file. I have read other thread here but still I  can't get it to work. so here is the situation:
  I have installed windows 2012  then I have SYSPREPed it and then I created a WIM file with DISM tool and then I have a very simple answer file. I use DISM to mount the image and then use DISM /apply-unattend to push my answerfile into my WIM file. now
  the issue is, when I load this image into a VM using DISM tool, everything goes fine and when the server comes up for the first time I see the language setting page asking for "Country or region" and "App Language" and "keyboard layout"
  when I hit next , it asks for license agreement and after confirming that one, I can login to windows. How I can hide those 2 windows. my small answer files is :
  <?xml version="1.0" encoding="utf-8"?>
  <unattend xmlns="urn:schemas-microsoft-com:unattend">
      <settings pass="windowsPE">
          <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
  xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <SetupUILanguage>
  <UILanguage>en-US</UILanguage>
                  <WillShowUI>Never</WillShowUI>
              </SetupUILanguage>
              <InputLocale>en-US</InputLocale>
              <SystemLocale>en-US</SystemLocale>
              <UILanguage>en-US</UILanguage>
              <UserLocale>en-US</UserLocale>
          </component>
          <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <UserData>
                  <AcceptEula>true</AcceptEula>
              </UserData>
          </component>
      </settings>
      <settings pass="specialize">
          <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <TimeZone>Mountain Standard Time</TimeZone>
          </component>
      </settings>
      <settings pass="oobeSystem">
          <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
              <TimeZone>Mountain Standard TIme</TimeZone>
          </component>
      </settings>
      <cpi:offlineImage cpi:source="wim:c:/win2012/install.wim#Windows Server 2012 R2 SERVERSTANDARD" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
  </unattend>
  can somebody please let me know what am I doing wrong? I was assuming after applying unattanded xml file, when I do DISM /apply-image it gonna use my answer file....
  I have one more question as well:
  in 2012, I change DVD drive letter from D to Z and then I sysprep it. in target VM when I load my image, DVD drive is D again.
  I guess when sysprep generalize everything, DVD drive get detected again and windows assign first available letter to it. my second question is : is there any way to make drive letter setting stays the same in target computer?
  Your help is much appreciated!

  Hi,
  Where did you put the answer file? Windows has several places to check the files, you can refer to the following article, notice Implicit Answer File Search Order.
  Windows Setup Automation Overview
  http://technet.microsoft.com/en-in/library/hh824950.aspx
  For DVD drive letter, I think you can assign it via a script with diskpart command:
  Assign, change, or remove a drive letter
  http://technet.microsoft.com/en-in/library/cc757491(v=ws.10).aspx#BKMK_CMD
  Include a Custom Script in a Windows PE Image
  http://technet.microsoft.com/en-us/library/cc766521(v=ws.10).aspx
  Hope this helps.

• Difference between domain controllers and group policy objects in GPMC

  Hello,
  Am in confusion, someone can tel me the difference between
  1.Domain controllers>default domain controller policy  and
  2.Group policy object>default domain controller policy
  In Group policy management console and also i would like know where to define these categories. I normally use second option.
  I have attached screenshot for your information.
   regards,
  Dharanesh,

  This first/upper item is a link to the GPO, the second/lower item is the actual GPO.
  (notice the link, has a shortcut arrow showing)
  by default, when you double-click on a link, a message will display which says "you have clicked on a link....." and the messagbox offers a checkbox for "do not display this message again..."
  Effectively they are equivalent to a shortcut-to-a-file vs. the actual file.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Windows 2012 storage server and tier with external SSD disks

  Hi
  My query is in case I have one SAN storage with SSD and FC disks connected to Windows 2012 storage server, will Windows be able to manage Tier between two types of disks if the volumes are properly assigned and formated?
  Regards

  Hi
  My query is in case I have one SAN storage with SSD and FC disks connected to Windows 2012 storage server, will Windows be able to manage Tier between two types of disks if the volumes are properly assigned and formated?
  Regards
  Short answer: No, not automatically. Long answer: Yes, it can be done but with some tricks. First you'll have to make your SAN export LUs built from flash and from spindles. At least one of each (see URL below). Then you'll have to build storage spaces (even
  clustered but that's not officially supported for non-SAS disks) from them.
  See:
  Configure Tiering with Windows Server 2012 R2
  http://blogs.technet.com/b/askpfeplat/archive/2013/10/21/storage-spaces-how-to-configure-storage-tiers-with-windows-server-2012-r2.aspx
  Both LUs would have non-SSD type reported so you'll have manually assign types with PowerShell what's flash and what's spindle.
  "Notice that the SSD devices were detected as SSD media.  However, in this case the physical drives show as unknown.  
  If yours are not detected like in this example, they should be set correctly which can be done using PowerShell. "
  Hope this helped :)
  StarWind VSAN [Virtual SAN] clusters Hyper-V without SAS, Fibre Channel, SMB 3.0 or iSCSI, uses Ethernet to mirror internally mounted SATA disks between hosts.