Windows Server 2008 R2 Active Directory Report Tool

Similar Messages

• Windows Server 2008 R2 - Active Directory Replication over DynDNS

  Hello,
  I have one server that Windows Server 2008 R2 - Active Directory / DNS
  Now some users shifted to new office with the server
  Some users still in the original place that now don't have ADDS/DNS
  i want to install one replication server in the original place to retrieve AD/DNS form new office via DynDNS
  is that possible of not?
  Best regards,

  Badr, I don't think you want AD replication occurring over the internet - even if that was possible the server would need access to all the SRV records, a records, And all the ports required for communication - See here for an exhaustive list
  http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx - I don't think I have to tell you how bad opening all these ports to the internet would be.
  You may want to look at Setting up a vpn or DirectAccess from the original site to the new site. This will give you more security and generally won't cost to much.
  http://technet.microsoft.com/en-us/network/dd420463.aspx
  Another thing that may work for you would be if you setup remote desktop services in the new location and had the original location remote into via a gateway server -
  http://blogs.technet.com/b/windowsserver/archive/2012/05/09/windows-server-2012-remote-desktop-services-rds.aspx as a starting point. With RDS your users would be able to access the new location from anywhere, although there would be upfront costs associated,
  licensing and server being part of them - I don't recommend turning your domain controller into an RDS server.These are just some ideas to help you with your issue

• VDI 3.4 Inegrate with Windows Server 2008 R2 Active Directory

  OK,I follow the official documents step by step,I installed the vdi 3.4 in Oracle Linux 5.7(oraclevdi.jiayutester.com),then installed a window server 2008 r2 64bit(jiayudc.jiayutester.com) that made it to be the Domain Controller(jiayutester.com) and DNS,at the end,I edit the /etc/krb5.conf.I execute the following commands:
  1.getent hosts jiayudc.jiayutester.com
  --------------------My Note:Normal-----------
  2.kinit -V [email protected]
  Authenticated to Kerberos v5
  This is my krb5.conf------------------------------------
  [logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log
  [libdefaults]
  default_realm = JIAYUTESTER.COM
  default_checksum = rsa-md5
  dns_lookup_realm = true
  dns_lookup_kdc = true
  ticket_lifetime = 24h
  forwardable = yes
  [realms]
  JIAYUTESTER.COM = {
  kdc = space-21pel8ghu.jiayutester.com
  admin_server = space-21pel8ghu.jiayu.com:749
  default_domain = jiayutester.com
  [domain_realm]
  .jiayutester.com = JIAYUTESTER.COM
  jiayutester.com = JIAYUTESTER.COM
  [appdefaults]
  pam = {
  debug = false
  ticket_lifetime = 36000
  renew_lifetime = 36000
  forwardable = true
  krb4_convert = false
  Then,I login to the web console to set company, I select Active Directory to use as User Directory,then I fill up all the needed information(I am sure that all the information I fill in the form is correct),when I click the next,error occured....it's the context:
  Unable to Connect to User Directory
  Failed to connect, no servers available
  Now,I searched everywhere for information,but I can't resolve the problem...Please help me,smart guys

  Would probably need to see your VDI instance cacao log file to see why this is failing, but you might need to add the following to [libdefaults] section of your krb5.conf file, for 2008R2 AD server:
  default_tkt_enctypes = rc4-hmac
  default_tgs_enctypes = rc4-hmac
  And then restart VDI services (/opt/SUNWvda/sbin/vda-service restart)
  Note that VDI will actually try to query individual AD servers as defines as part of your AD Global Catalog when it tries to lookup AD domain data. This means you need to verify that your global calalog referenced servers are valid and having matching forward and reverse DNS information:
  For example:
  $ *nslookup -querytype=any gc.tcp.vdi.com.*
  Server:          win2008.vdi.com
  Address:     192.168.1.100#53
  gc.tcp.vdi.com     service = 0 100 3268 win2008.vdi.com*.
  $ nslookup win2008.vdi.com.
  Server:          win2008.vdi.com
  Address:     192.168.1.100#53
  Name:     win2008.vdi.com
  Address: _192.168.1.100_
  r$ nslookup 192.168.1.100
  Server:          win2008.vdi.com
  Address:     192.168.1.100#53
  100.1.168.192.in-addr.arpa     name = win2008.vdi.com.*
  You'd want to verify that every record returned by the *nslookup -querytype=any gc.tcp.yourdoamin.com* command refers to a server that can be reached and has matching forward and reverse DNS. Otherwise, this may trigger VDI to have failures or delays in performing directory queries.
  Beyond that, you need to look in the cacao.log file for errors that you can find and post.
  Edited by: DoesNotCompute on Oct 13, 2012 11:48 AM

• Windows Server 2008 R2-Active Directory

  Hi ,
  I cloned a machine using VMware VSphere 5.1 and did not use sysprep during cloning. The original source machine disappeared from Windows Active Directory. Is there anyway to get the object back ? I also deleted the cloned Virtual machine .
  Thanks in advance.
  Pro1962
  India1947

  You can use my script here: https://gallery.technet.microsoft.com/scriptcenter/Remove-Inactive-user-2caf199a
  All you need to change is
  (objectCategory=person)(objectClass=user)
  by
  (objectCategory=computer)
  and add a comment at the beginning of the command Remove-ADUser.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Directory Security Strange Permissions Issues (Windows Server 2003 running Active Directory)

  I have a user that all of a sudden was not able to open 70% of her files located on a file server, Windows Server 2003 running Active Directory, from her laptop. The same user can access all the same files from a different machine, logging on with the same
  credentials. Just looking for a point in the right direction and a possible theory as what could cause this problem, an why all of a sudden. I did go back through the logs but nothing sticks out. For the most part the logs on the server and the laptop are
  pretty clean. 
  Both machines are Latitude E5420s running Windows 7 Enterprise Service Pack 1. Both machines are 64bit and connect to the network via hard-wire, not wireless.
  Thanks in advanced.
  Grajek

  I would recommend proceeding that way:
  Check that your DCs are in a healthy state and AD replication is fine: It might be that the user is member of security groups and the membership is not getting replicated properly which can cause this random behavior. You can use
  dcdiag and repadmin for checks and you can refer to my recommendations here: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
  Make  sure that the file server is reachable from the user client computer. Start with
  ping and nslookup. Also, you need to make sure that the traffic between the client and the server is not blocked or filtered. You might want to temporary disable security software for testing
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Windows Server 2008 R2 activation via KMS failure

  Hello,
  I'm trying to activate about 20 Windows Server 2008 R2 via KMS. Before that I have successfully activated Windows 7 clients and Microsoft Office 2010 products. But when I try to activate Windows Server 2008 R2 clients via kms I'm getting the following error
  on the KMS host: 
  . Exception System.Runtime.InteropServices.COMException (0xC004F074)
  KMS host installed on the machine with Windows 7 Professional OS. From the VAMT GUI I can see the following Windows server license information :
  Key Type : CSVLK
  Edition : ServerStandard;ServerEnterprise;ServerWeb;ServerHPC
  Description : Server 2008 R2 Std and Ent Volume.
  If I try to activate product from the client I get the following error : 
  Error: 0xC004F074 The Software Licensing Service reported that the computer could not be activated. The Key Management Service(KMS) is unavailable. 
  I have searched a lot about this error. But still cannot solve the issue. 
  Thanks & Regards
  Ulzii

  Yes KMS host is Windows 7. I read all documents about KMS but haven't read this doc. So I have to change KMS host or add Win Server KMS host, that's right?
  Yes that's right. Windows "Client" OS editions, when setup as KMShost, cannot issue activations for Windows "Server" OS editions.
  To do so, you will need a KMShost product key for Windows Server - you will only have such a product key if you have purchased Windows Server licenses through Volume Licensing.
  (The Windows 7 KMShost product key cannot be installed on Windows Server OS)
  http://social.technet.microsoft.com/wiki/contents/articles/22510.volume-activation-kms-mak-adba-avma.aspx
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Windows Server 2008 x64 and Crystal Reports Server Embedded

  We're attempting to certify our software with Windows Server 2008 x64 and want to know the best way to configure both the server and client of Crystal Reports Server Embedded.  Currently, our software is certified against Windows Server 2003 x86, and we install Crystal Reports Server Embedded XI Release 2 (no SP) on the application server, and we deploy the Crystal Reports .NET merge modules for XI Release 2 (no SP) on any client machines.
  I believe I am correct in stating that no version of Crystal Reports Server Embedded officially supports Windows Server 2008 x64 (based on some other forum postings) until SP1 comes out (which I don't think has happened at this point).  If that is true, we can live with installing the RAS on a separate Windows Server 2003 x64, if that's even possible.  With that said, can we even get our Windows Server 2008 x64 running with the latest Crystal Reports 2008 .NET merge modules?  We've tried many different configurations between CR XI R2 SPs and CR 2008 for both client and server and have very little luck (either it won't install correctly because of x64 or missing .cabs, etc.) on both the client and server side of things.
  Can someone suggest the optimal configuration when Windows Server 2008 x64 is in the mix, noting that we can use a secondary Windows Server 2003 (x64 preferred but can fallback to x86)?  Or do we have to wait for Crystal Reports Server Embedded 2008 SP1 to be released, and if so, does anyone know of the date?
  Thanks,
  Ross Beehler

  CRSE 2008 is a 32 bit app, it works on 64 bit OS's but all parts must also be running in 32 bit mode.

• Windows Server 2008 R2 SP1 Dynamic Cache tool

  I have a memory leak on my Windows Server 2008 R2 SP1(x64) server. I used RamMap to find where the memory was going and I found that it is going to a Mapped File.
  I read an article, kb976618, about Dynamic Cache but it says that in order to get the tool for Server 2008 R2 SP1, you have to contact Microsoft Support and in order to do that, you have to give them a credit card or have a service contract.
  I tried the link in the article anyway and got a download email from Microsoft that looked like it was for my operating system. I installed it per the instructions but it still says that it cannot start the service because it is for a previous version.
  Can anyone help with this? I did notice that the download included a few different folders that all have the DynCach.exe file. Maybe I'm using the wrong one?

  Hi,
  Please click
  here to contact me for the dyncache file for 2008 r2. I will send you the file directly.
  Regards,
  Arthur Li
  TechNet Community Support

• Free JOSE Active Directory Reporting tool in English available!!!

  Hello,
  this FREE tool is in German language a long time available.
  NOW the English version is ready for use also. Please check if it is an option for your work.
  http://www.faq-o-matic.net/2013/08/12/jos-active-directory-reporting-english-version-is-live-now/
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  Hello,
  I was surfing the threads to see what is going on until I saw this posts and I was stopped to download this tool. It is a great tool Meinolf ! I downloaded it and trying to check all the reports. So far so good my friend. Also I was amazed once I saw the
  nice "Trust Relationship" icon. Every time I run this tool I will definitely check for Trust Relationships first. :)
  In addition I was wondering how it is possible to inform you about a method in order to improve the design in this tool? 
  Regards.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Windows Server 2008 standard Activation Error Code 0xc004c003

  Hi
  I am trying to activate the windows server 2008 standard but i am not able to do so.
  I am getting the error.
  The product key you have entered does not appear to be a valid windows server product key.
  I have also call to microsoft activation team but they won't be able to resolve the issue, they found that the product key is valid. Then why it is not getting activated.
  Can someone help on this ? any reply really appreciated.

  Hi,
  Based on your description, we need to make sure that the product key information has been typed correctly and the product key matches to the edition installed.
  Besides, regarding error code 0xC004C003, the following article can be worth taking a look.
  Error 0xC004E002 during activation for Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2
  http://support.microsoft.com/kb/978305/en-us
  Hope it helps.
  Best regards,
  Frank Shen

• Windows Server 2008 R2 Activation Keys question - Bought a copy at a garage sale

  Hi, i recently (two days ago) bought a big box of old/newish computer stuff from a guy at a garage sale/business surplus sale. included were 40 copies of a tax program and then randomly tossed in the box was a copy of Windows Server 2008 R2 with a intact
  key. the sticker has not been removed from the case, but it is exposed. 
  i am nervous about installing it onto my server as i dont want to break everything i have setup if the keys are used. is there a way to see if these upgrade keys are used or not before i install? or how difficult would it be to rollback the changes if the
  keys are used in fact? i am nervous about doing this upgrade without knowing as it took me a bit of time to get my server set the way i wanted it and i am not too computer savvy. 
  i know that the copy of the server software is a legitimate due to all the nice sticker security. the ribbons are in perfect condition and such. 

  Hi Phyrosis,
  Agree with Dave, for licensing related issue, you’d better contact Microsoft licensing team. In the United States and Canada, you may call the licensing team directly at 1-800-426-9400
  (select option 4), Monday through Friday, 6:00 A.M. to 5:30 P.M. (PST) to speak directly to a Microsoft licensing specialist. In this way, you will know the detailed information about license.
  Worldwide customers can use the Guide to Worldwide Microsoft Licensing Sites http://www.microsoft.com/licensing/worldwide.aspx to find contact information
  in their locations.
  Thank you for your understanding!

• Active directory reporting tool

  Hi ALL,
         Anyone could help me in finding reporting tools for Active directory
  Thanks

  Are you looking for real time monitoring tool or health checkup tool. Event viewer can be used to find the issues in the DC's.
  DCDIAG is best tool to analyze the health of the AD, Repadmin for monitoring replication, DNSlinit for DNS etc.
  What does DCDIAG actually… do?
  http://blogs.technet.com/b/askds/archive/2011/03/22/what-does-dcdiag-actually-do.aspx
  For GPO AGPMC(Advanced group policy management console), GPinventory etc can be used.
  For FRS/DFSR, you can use FRSDIAG tool, SONAR etc.
  http://msmvps.com/blogs/ad/archive/2008/06/03/active-directory-health-checks-for-domain-controllers.aspx
  http://technet.microsoft.com/en-us/library/cc180912.aspx
  For real time monitoring tool, you can use
  SCOM (System center operations manager)2007 R2, you can also have audit collection service with SCOM. 
  http://www.microsoft.com/download/en/details.aspx?id=21357 
  There are other 3rd party tools like Netwrix, Quest, Admanager plus etc.
  Regards
  Awinish Vishwakarma
  MY BLOG:
   http://awinish.wordpress.com
  This posting is provided AS-IS with no warranties/guarantees and confers no rights.

• Upgrade from Windows Server 2012 Active Directory to Windows Server 2012 R2 Active Directory

  We are currently running Windows Server 2012 Active Directory and would like to upgrade to Windows Server 2012 R2 AD. Is it OK to just do an in-place upgrade, or is it advisable to build new domain controllers on R2? Are there any guides or articles anyone
  can recommend?

  Hi Ginandtonic,
  To upgrade DC(Domain Controller) from windows server 2012 to windows server 2012 r2, please refer to these articles:
  Upgrade from windows Server 2012 to 2012 R2                                 
  Upgrade Active Directory from 2012 to 2012 R2
  I hope this helps.
  Best Regards,
  Anna

• Windows server firewall blocking active directory authentication?

  I'm having problems with authenticating macs on our windows 2003 server domain. When windows firewall is activated, mac clients(10.4) can no longer login. I've tried opening a number of ports e.g.TCP/UDP 53. UDP 464. but no luck. Any ideas which ports are necessary for the AD plugin to work properly?
  Thanks.
  macpro   Mac OS X (10.4.8)   1gb ram

  Why are you enabling Windows firewall on a domain controller?
  My recommendation is to turn it off and protect your entire site with a hardware firewall. The ports you need to open up are the very ones you should be blocking from the world to prevent attacks.
  Short of that:
  http://www.microsoft.com/downloads/details.aspx?FamilyID=c2ef3846-43f0-4caf-9767 -a9166368434e&displaylang=en
  User Login and Authentication
  A user network logon across a firewall uses the following:
  • Microsoft-DS traffic (445/tcp, 445/udp)
  • Kerberos authentication protocol (88/tcp, 88/udp)
  • Lightweight Directory Access Protocol (LDAP) ping (389/udp)
  • Domain Name System (DNS) (53/tcp, 53/udp)
  Computer Login and Authentication
  A computer logon to a domain controller uses the following:
  • Microsoft-DS traffic (445/tcp, 445/udp)
  • Kerberos authentication protocol (88/tcp, 88/udp)
  • LDAP ping (389/udp)
  • DNS (53/tcp, 53/udp)
  Access File Resource
  File access uses SMB over IP (445/tcp, 445/udp).
  Perform a DNS Lookup
  To perform a DNS lookup across a firewall ports 53/tcp and 53/udp must be open. DNS is used for name resolution and supports other services such as the domain controller locator
  ...

• Some Hostname is not seen in DNS Manager ( Windows Server 2008 )

  Hi All,
  DC Server OS - Windows Server 2008 R2 ( Active Directory Integrated DNS Zone ) Client OS - Windows 7
  I am unable to understand, why some hostname are not dynamically registered in DNS Manager. For example -My windows7 which is added to corp.abc.com domain. Don't show in DNS manager.
  I don't want to create this hostname statically on DNS manager.
  I have tried couple of resolution i.e ipconfig /registerdns, restarted DNS Client / DHCP Client server, restarted computer still unable to see hostname name entry in DNS manager. 2 days has passed, still it has not come-up in DNS manager. I have also check
  Advanced TCP/IP settings. Please see print-screen of nslookup & Advanced TCP/IP Settings.
  Kindly suggest, what should i do, to resolve this problem.
  Thanks & Regards,
  Param
  Thanks & Regards,
  Param
  www.paramgupta.blogspot.com

  I would first recommend checking that Dynamic DNS updates are configured (I would recommend having it set to Secure only).
  I started yesterday a Wiki article describing that: http://social.technet.microsoft.com/wiki/contents/articles/21984.how-to-secure-dns-updates-on-microsoft-dns-servers.aspx
  Please also check that your primary DNS suffix using ipconfig /all. It should be matching the computer domain name. If anything is wrong, you can change it by using the following: http://social.technet.microsoft.com/Forums/windowsserver/en-US/3720415a-6a9a-4bca-aa2a-6df58a1a47d7/change-primary-dns-suffix?forum=winservercore
  If this do not help, you can try to temporary disable your security software installed on your computer, check the network filtering and use Wireshark to see what happens when you run
  ipconfig /registerdns.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password