Working with XServe in Active Directory Domain

Similar Messages

• Help with setting up active directory domain controller/DNS - need this for Clustering

  Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
  I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
  When I look at my server manager AD DS complain about DNS:
  NASE-2012-234    4015    Error    Microsoft-Windows-DNS-Server-Service    DNS Server    1/14/2014 12:54:06 AM
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  When I click on DNS this is the error:
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  Output of DCDiag -v is below.
  PS C:\Users\Administrator> dcdiag -v
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     * Verifying that the local machine NASE-2012-234, is a Directory Server.
     Home Server = NASE-2012-234
     * Connecting to directory service on server NASE-2012-234.
     * Identified AD Forest.
     Collecting AD specific global data
     * Collecting site info.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
  ntDSSiteSettings),.......
     The previous call succeeded
     Iterating through the sites
     Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
  e,DC=com
     Getting ISTG and options for the site
     * Identifying all servers.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
  SDsa),.......
     The previous call succeeded....
     The previous call succeeded
     Iterating through the list of servers
     Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
  N=Configuration,DC=lab,DC=nase,DC=com
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     * Identifying all NC cross-refs.
     * Found 1 DC(s). Testing 1 of them.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\NASE-2012-234
        Starting test: Connectivity
           * Active Directory LDAP Services Check
           The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
           Check the DNS server, DHCP, server name, etc.
           Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
           ......................... NASE-2012-234 failed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\NASE-2012-234
        Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
        Test omitted by user request: Advertising
        Test omitted by user request: CheckSecurityError
        Test omitted by user request: CutoffServers
        Test omitted by user request: FrsEvent
        Test omitted by user request: DFSREvent
        Test omitted by user request: SysVolCheck
        Test omitted by user request: KccEvent
        Test omitted by user request: KnowsOfRoleHolders
        Test omitted by user request: MachineAccount
        Test omitted by user request: NCSecDesc
        Test omitted by user request: NetLogons
        Test omitted by user request: ObjectsReplicated
        Test omitted by user request: OutboundSecureChannels
        Test omitted by user request: Replications
        Test omitted by user request: RidManager
        Test omitted by user request: Services
        Test omitted by user request: SystemLog
        Test omitted by user request: Topology
        Test omitted by user request: VerifyEnterpriseReferences
        Test omitted by user request: VerifyReferences
        Test omitted by user request: VerifyReplicas
        Test omitted by user request: DNS
        Test omitted by user request: DNS
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : lab
        Starting test: CheckSDRefDom
           ......................... lab passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... lab passed test CrossRefValidation
     Running enterprise tests on : lab.nasecom
        Test omitted by user request: DNS
        Test omitted by user request: DNS
        Starting test: LocatorCheck
           GC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           PDC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           Time Server Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           KDC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           ......................... lab.nase.com passed test LocatorCheck
        Starting test: Intersite
           Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
           provided.
           ......................... lab.nasecom passed test Intersite
  PS C:\Users\Administrator>

  http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions.  You might want to post your question there.
  .:|:.:|:. tim

• How to work with oracle and active directory...

  Hi,
  Can somebody let me know how do i configure active directory with oracle 10g?
  I am trying to do this using configuration wizard but fields are grayed out for me to proceed. It also shows me to prepare active directory to work with oracle first.
  How do i do that?
  Can someone let me know the steps to do so?
  Regards
  Vikas

  Depends on what you want to achieve?
  Usually when you want Enterprise Users (users that are managed by a directory instead of a schema) you will perform other steps than in a scenario where you need some attributes from the AD.
  cu
  Andreas

• AFP only works for Active Directory "Domain Admins"

  I have purchased a new XServe to add to our Active Directory domain as a member server. It all seems to work right except that only users in AD who are members of the "Domain Admins" group seem to function properly under AFP.
  The Mac Clients can connect to our Windows boxes just fine and AD login's seem to work for loggin in any clients. I've created a shared volume on the XServe and when I try to access it via AFP with any user account that doesn't have Administrator rights I get "Invalid Login or Password" on the Mac Client.
  Anyone got any ideas, this is driving me crazy.

  Post to the appropriate server forum or AD forum where people dealing with these products hang out.

• Active Directory domain migration with Exchange 2010, System Center 2012 R2 and File Servers

  Greeting dear colleagues!
  I got a task to migrate existing Active Directory domain to a new froest and a brand new domain.
  I have a single domain with Forest/Domain level 2003 and two DC (2008 R2 and 2012 R2). My domain contains Exchange 2010 Organization, some System Center components (SCCM, SCOM, SCSM) and File Servers with mapped "My Documents" user folders. Domain
  has about 1500 users/computers.
  How do u think, is it realy possible to migrate such a domain to a new one with minimum downtime and user interruption? Maybe someone has already done something like that before? Please, write that here, i promise that i won't ask for instruction from you,
  maybe only some small questions :)
  Now I'm studying ADMT manual for sure.
  Thanks in advance, 
  Dmitriy Titov
  С уважением, Дмитрий Титов

  Hi Dmitriy,
  I got a task to migrate existing Active Directory domain to a new froest and a brand new domain.
  How do u think, is it realy possible to migrate such a domain to a new one with minimum downtime and user interruption?
  As far as I know, during inter-forest migration, user and group objects are cloned rather than migrated, which means they can still access resources in the source forest, they can even access resources after the migration is completed. You can ask users
  to switch domain as soon as the new domain is ready.
  Therefore, there shouldn’t be a huge downtime/interruption.
  More information for you:
  ADMT Guide: Migrating and Restructuring Active Directory Domains
  https://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Laptop (Running Windows 8.1) no longer able to print and now see message Active Directory Domain Services is not available

  Have a very recent Lenovo Ideapad Laptop running Windows 8.1. Connected via USB port to HP LaserJet Pro CM1415 frw Color MFP Printer. Was able to print fine nearly 2 weeks ago, but something recently happened - either a new windows or office 2013 update
  or perhaps I blew away a certain file by mistake. I can see the printer installed but cannot print to it from anything (Word, Notepad, IE, Firefox etc.). The one thing to note is that usually when I plug or unplug a USB related device, Windows 8.1 recognizes
  this and makes a certain chime noise, but with the printer USB cable it never makes that noise - making me think that it never fully recognizes the printer. Also when I select the printer (from within the control panel) and right click for properties (via
  admin rights) It never lets me fully connect to it.
  I have tried all the usual remedies - remove, install all drivers, reinstall printer, Windows update, start/stop print spooler and all other printer related services,  etc. Its really annoying because this printer was working fine nearly 2
  weeks ago. Looking for any advice now. Thanks.
  -Chris

  Hi Chris,
  à
  I have tried all the usual remedies - remove, install all drivers, reinstall printer, Windows update, start/stop print spooler and all other printer related services, etc.
  I noticed that you had reinstalled the printer. Just a confirmation, when un-install this printer, please check
  if this printer still exist in registry. For more details, please refer to following KB.
  Registry entries for printing
  If printer entry still exist in registry, please delete that printer entry and re-install this printer again,
  then check if this issue still exists. (Please backup registry entries before operating registry. It will help us to avoid unexpected issue.)
  àand now see
  message Active Directory Domain Services is not available
  By the way, would you please let me know where/when get this
  Active Directory Domain Services is not available error message? Or provide a screenshot of it?
  (Please hide all protected or private information) Please check if all services are running correctly on the computer. Meanwhile, please refer to following article and check if can help you.
  Printer
  Problem: Active Directory Domain Services is currently unavailable – Why does windows say no printers are installed?
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
  does not guarantee the accuracy of this information.
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• Provision Search in SharePoint Foundation 2013 without Domain Controller / Active Directory - Domain accounts

  Hi,
  I have successfully setup SharePoint Foundation 2013 as single server farm with SQL Server Standard database in a DMZ environment using local accounts since DMZ doesn't have an Active Directory and hence Domain accounts using powershell as described
  in https://theblobfarm.wordpress.com/2012/12/03/installing-sharepoint-2013-without-a-domain-controller 
  When I run Farm configuration wizard to provision search service application, I get an error:
  ERROR: "The service application(s) for the service "Search Service Application" could not be provisioned because of the following error: I/O error occurred."
  The log file logged the details of this error as:
  ERROR: "Failed to create file share Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 at D:\SharePoint Search\Office Server\Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 (System.ArgumentException: The SDDL string contains an invalid sid or a sid
  that cannot be translated."
  After investigation, I found that potentially the error could be because the timer service is trying to setup a network share for analytics component (as part of provisioning search). It is trying to setup that share with a domain account that happens to
  be a local user instead in this case and fails with error “System.ArgumentException: The SDDL string contains an invalid sid or a sid that cannot be translated”.
  I got some pointer from the below thread
  https://social.technet.microsoft.com/Forums/en-US/c8e93984-f4e5-46da-8e8a-c5c79ea1ff62/error-creating-search-service-application-on-sharepoint-foundation-with-local-account?forum=sharepointadmin
  However, the above thread doesn't state that the solution worked.
  I have tried creating share manually for Analytics_<Guid> folder but it doesn't work since every time farm configuration wizards is run it creates a new Analytics_<Guid> folder.
  Since, I have setup SharePoint Foundation 2013 on a production environment I cannot test and trial various solutions.
  Can some please guide me on how to successfully provision search for SharePoint Foundation 2013 setup as a single server farm with SQL Server Standard database in a DMZ environment using local accounts (without Active Directory - domain accounts).
  Thanks in advance.
  Himanshu

  Microsoft documentation doesn't always specifically call out all products (Project Server isn't there, either). But it does apply. You'll need to stand up at least one Domain Controller, or allow port access back to a DC.
  Preferably, set up SharePoint on the internal network and use a reverse proxy (which will terminate client connections at the reverse proxy) present in the DMZ.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Is it possible to modify the timeout of the userID on my active directory domain when off network?

  My work Macbook Pro is using a domain account from my office.  When I travel and the domain controller is not reachable it takes 30 to 60 secs longer to log into my system because it has to wait for the active directory domain controller search to timeout before it will use cached credentials (i.e. a mobile account).  Does anyone know how to modify my system settings to reduce the timeout or even eliminate the delay all together?  I am running the latest version of Yosemite. 
  Thanks,
  Mike

  Here is the modified VI, saved in LabVIEW 2012. Follow these steps to patch your system:
  1. Close LabVIEW 2012.
  2. Backup the following file: LabVIEW 2012\resource\Framework\Providers\VILibrary\libFra​me_OpenPageRef.vi
  3. Replace it with the version attached to this post.
  4. Restart LabVIEW 2012.
  Now you should no longer experience the 30 second timeout when the class property page loads. I set the timeout to "-1", so it should wait as long as necessary to open the page.
  Note that if you ever repair or reinstall LabVIEW 2012, you'll need to patch this file again. Also, I wouldn't try patching any version other than 2012, since there may be other changes made to this VI across LabVIEW upgrades.
  Darren Nattinger, CLA
  LabVIEW Artisan and Nugget Penman
  Attachments:
  libFrame_OpenPageRef.vi ‏24 KB

• Windows 2012 R2 Active Directory Domain Services and Remote Desktop services Role on the same server.

  Findings: 
  Currently, Windows 2012 R2   AD DS role and RDS With Broker services can only seem to coexist properly in a new domain not an existing domain. Any attempt to add to an existing domain causes internal database user access denied issues and any attempt to
  adjust rights and circumvent is dubious at best.
  The escalation technician said it best. Out of 50 clients that want to do this, they end up not being able to help 5 right off the bat for whatever reason. As for the other 40 they might be able to help by running reports, adjusting rights and trying to add
  the roles until it works.  This can end up being a 20 day process. Basically they are playing whack-a-mole with user rights and permissions until something sticks.
  We tried creating an OU where any other domain policies would not be inherited to see if that was the issue, a fresh install with different sequence of adding the Roles, no effect.
  Given the errors I witnessed when running procmon and then trying to add the roles, the NT System and the Windows Internal database user had access denied issues on 100+ registry keys when trying to add the roles. After that the system is not behaving normally.
  The errors displayed almost mirror the errors that would occur on Windows 2012 when those two roles would be added which of course is officially NOT supported on that system.
  This blog needs serious revision:
  http://blogs.msdn.com/b/rds/archive/2013/07/09/what-s-new-in-remote-desktop-services-for-windows-server-2012-r2.aspx
  This is the excerpt from that blog: Single server RDS deployment including Active Directory. We now support running our RD Connection Broker role service on the same physical instance as an Active Directory Domain Controller.  In addition, we published
  guidelines for how RD Session Host could be used without the RD Connection Broker.
  Microsoft Support was curteous and helpful and they were the ones who advised cutting our losses, which mirrored my hunch after seeing what was transpiring in the system.  They refunded my money for the support call. 
  For me, it was an opportunity to find out if there was any way to configure Windows 2012 R2 in the Same manner that it was setup as Windows 2008 R2 and lay that to rest. The coexistence is poorly implemented. It is as if there was a reaction from all the deprecation
  of bread and butter features such as shadowing in TS and the coexistence of AD DS and RDS to where those features were re-added haphazardly. (I have no complaints on shadowing on Windows 2012 R2 it works, just do not like having to go to server manager to
  use it).
  I opted for virtualizing the Domain controller to eliminate the incompatibility issues and that is what I will be doing from now on. I found free solutions for backing up and reporting for virtual machines as well as the suggested procedures for configruing
  a Domain controller as a virtual machine on a Hyper-V environment and I will be sticking to those. Thus far the setup has been operational.
  I am not allergic to virtualization, but for really small setups it adds additional time and considerations but if that is how it has to be done, so be it. Windows 2008 R2 days are numbered and since we can usually squeeze 5-7 years on quality server equipment,
  buying a Windows 2008 R2 setup now is a borderline disservice in my opinion.
  Hopefully someone finds this useful and saves some time.

  Hi,
  Thank you for posting in Windows Server Forum.
  Do you need any other assistance?
  Based on your description, you are describing your story of successfully implementing RDS server with AD role and more regarding all RDS related scenario. For shadowing feature, you can use with command also. Below is the syntax to shadow a session.
  mstsc /v:<ServerName> /shadow:<SessionID>
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Cannot Print. "The Active Directory Domain Services is currently unavailable"

  Hi there
  I cannot print and I have not been able to find the fix via existing forum threads.
  System: 
  Win 7 Ultimate 64 bit German - Profile language is Danish (installed a week ago and completely windows updated)
  Office 365 Small Business Premium
  HP DV8 Laptop. i7, 512GB SSD, 8GB RAM
  HP LaserJet P1006 USB printer.
  Problem
  No matter if I try to print from IE, Notebook, Word 2013 or anything else, I cannot chose my printer (P1006).
  If I try to Add Printer in Word 2013, I get the "The Active Directory Domain Services is currently unavailable" error. 
  In Devices and Printers, the P1006 is visible, but there is no driver installed.
  Trying to install the correct driver: 
  http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3435683&prodTypeId=18972&prodSeriesId=3435682&swLang=8&taskId=135&swEnvOID=4063
  only creates a general error during installation: "Printer  Software Installer has stopped working - A problem has caused the program to stop working correctly. Windows closes the program and will notify you if a solution has been found"
  I have tried all the solution software from Windows, from HP (for the laptop and for the printer) - but nothing comes up with any details or suggestions. 
  What should I try?
  Absolutely everything else works perfectly on the system. 
  Reffered here via http://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/cannot-print-the-active-directory-domain-services/1cf47626-a2cd-4b7a-94b6-10cbc8ab02b0

  Hi,
  I suggest you try the following:
  1. Try the steps in the following article:
  Troubleshoot printer problems
  http://windows.microsoft.com/en-US/windows-vista/Troubleshoot-printer-problems
  Fix printing problems by resetting the print spooler
  http://support.microsoft.com/kb/2000007
  2. Let us try updating the printer driver which might help you in resolving the issue.
  Click on the link below for more information on updating the printer drivers.
  Find and install printer drivers
  http://windows.microsoft.com/en-US/windows-vista/Find-and-install-printer-drivers
  3. Remove the printer and add it again:
    Go to Control Panel
    Select Printers
    Right-click on Add Printer
    Select Run as Administrator
  Now try to add your network printer
  Also a thread for your reference:
  Error message when attempting to print: Active Directory Domain Service is Currently Unavailable 
  http://social.technet.microsoft.com/Forums/en-US/winserverprint/thread/d6212275-24d6-4168-830a-9441f861cb76
  Hope this helps.
  Vincent Wang
  TechNet Community Support

• How to create two domains name in one active directory domain service .server 2012 ??

  Hi there 
  I want to try sharepoint foundation and office web apps server .
  I installed server 2012 sharepoint found 2013 sql server 2012 and create a new forest on active directory domain sevice 
  now I want to install office web apps server 2013 but when I run the setup said me can't install office web apps server on the domain name that installed sharepoint .
  how can I create second domain name on this active directory domain service to install office web apps server ?
  help me please I'm new and just want to try sharepoint and office web apps server .
  mostly I need to create MS access custom web app and I need the web place to run my access custom web app on this server and because I live in iran can't create and sign up for office 365 and sharepoint online so i'm forced to run them on my system .help
  me to complete ths server ?
  Greate Regards :
  Raha
  whit the best regard : Raha

  Hi,
  For how to Use Office Web Apps with SharePoint 2013, the below links should be what you want to refer to:
  Configure Office Web Apps for SharePoint 2013
  http://technet.microsoft.com/en-us/library/ff431687.aspx
  Video: Configure Office Web Apps for SharePoint 2013
  http://technet.microsoft.com/en-us/library/dn455088.aspx
  How Office Web Apps work on-premises with SharePoint 2013
  http://technet.microsoft.com/en-us/library/ff431685.aspx
  In addition, for further assistance for Sharepoint, I suggest you post in the SharePoint forum.
  Regards,
  Yan Li
  Regards, Yan Li

• Unable to find Active Directory Domain Groups via /_vti_bin/UserGroup.asmx GetRoleCollectionFromGroup

  Hi, I am writing a Powershell script locally on my machine to aggregate data from SharePoint 2010 and Active Directory.  All groups in our SP environment are Active Directory Domain Groups (AD DG).  Accessing group members via SharePoint is not
  possible (as many of you already know).  My plan was to pull Domain Group lists and aggregate AD DG data with SharePoint data (permission levels, etc...).  I unfortunately ran into a problem when I realized that AD DGs are not considered "SP
  Groups" but instead are considered user??? 
  How do I leverage SharePoint web services to perform an action similar to /_vti_bin/UserGroup.asmx > GetRoleCollectionFromGroup?  I do not want to perform this action on the server, but locally on my machine.  When I run the below script
  it throws a 401 error and complains it "can't find the group".  Keep in mind I am trying to get info on a
  AD Domain Group, not a
  SharePoint Group.  I think that is the underlying reason this request keeps failing as I tested the below script on SP groups and it worked perfectly.
  clear
  $CRED = Get-Credential
  [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
  $uri = "http://{site}/_vti_bin/UserGroup.asmx"
  $soap = '<?xml version="1.0" encoding="utf-8"?>'
  $soap+= '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">'
  $soap+= '<soap:Body>'
  $soap+= '<GetRoleCollectionFromGroup xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">'
  $soap+= '<groupName>TestGroup</groupName>'
  $soap+= '</GetRoleCollectionFromGroup>'
  $soap+= '</soap:Body>'
  $soap+= '</soap:Envelope>'
  [xml]$WF = Invoke-RestMethod $uri -Credential $CRED -Method POST -ContentType "text/xml" -Body $soap
  echo $WF
  $WF.Envelope.Body.GetRoleCollectionFromGroupResponse.GetRoleCollectionFromGroupResult.GetRoleCollectionFromGroup.Roles.Role
  Thank you. 

  Hi, I am writing a Powershell script locally on my machine to aggregate data from SharePoint 2010 and Active Directory.  All groups in our SP environment are Active Directory Domain Groups (AD DG).  Accessing group members via SharePoint is not
  possible (as many of you already know).  My plan was to pull Domain Group lists and aggregate AD DG data with SharePoint data (permission levels, etc...).  I unfortunately ran into a problem when I realized that AD DGs are not considered "SP
  Groups" but instead are considered user??? 
  How do I leverage SharePoint web services to perform an action similar to /_vti_bin/UserGroup.asmx > GetRoleCollectionFromGroup?  I do not want to perform this action on the server, but locally on my machine.  When I run the below script
  it throws a 401 error and complains it "can't find the group".  Keep in mind I am trying to get info on a
  AD Domain Group, not a
  SharePoint Group.  I think that is the underlying reason this request keeps failing as I tested the below script on SP groups and it worked perfectly.
  clear
  $CRED = Get-Credential
  [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
  $uri = "http://{site}/_vti_bin/UserGroup.asmx"
  $soap = '<?xml version="1.0" encoding="utf-8"?>'
  $soap+= '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">'
  $soap+= '<soap:Body>'
  $soap+= '<GetRoleCollectionFromGroup xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">'
  $soap+= '<groupName>TestGroup</groupName>'
  $soap+= '</GetRoleCollectionFromGroup>'
  $soap+= '</soap:Body>'
  $soap+= '</soap:Envelope>'
  [xml]$WF = Invoke-RestMethod $uri -Credential $CRED -Method POST -ContentType "text/xml" -Body $soap
  echo $WF
  $WF.Envelope.Body.GetRoleCollectionFromGroupResponse.GetRoleCollectionFromGroupResult.GetRoleCollectionFromGroup.Roles.Role
  Thank you. 

• Active Directory domain failed

  Hello Team,
  When i joined to our active directory, everytime bui gives same error messages:
  The attempt to join the Active Directory domain failed either because the clocks of the appliance and the domain controller are skewed or the administrative user
  does not have the appropriate permissions to create a computer account in Active Directory.
  It is recommended that NTP be used to keep clocks synchronized when using Active Directory.
  Storage Appliance: 7310 One Controller, No firewall for ntp server also which connect directly NTP Domain server. Actually my believe is that no time sync issue.
  Firmware version is latest patch.
  What is your idea about this issue?
  i did many times this action plan: but result is same
  ActiveDirectoryTasks
  B)Joining a Domain
  1.Configure an ActiveDirectory site in the CIFS context. (optional)
  2.Configure a preferred domain controller in the CIFS context. (optional)
  3.Enable NTP, or ensure that the clocks of the appliance and domain controller are synchronized
  to within five minutes.
  4.Ensure that your DNS infrastructure correctly delegates to the ActiveDirectory domain, or add
  your domain contoller's IP address as an additional name server in the DNS context.
  5.Configure the ActiveDirectory domain, administrative user, and administrative password.
  6.Apply/commit the configuration.
  A)Joining aWorkgroup
  Configure theworkgroup name.
  Apply/commit the configuration.
  1. First of all LAN Compatibility Mode 4 works fine with Win 2003 (AD Server)
  2. While trying to join the AD, using a non ADMIN username and passsword will not help
  Try using a username/pass which has Administrative Privileges (specifically having the rights for Account Creation in
  the AD Server) on the AD server.
  (I was trying by a different username/pass but it was not joing the storage to AD. It joined when i tried a user having
  the privileges to create Machine Accounts in AD)
  3. For Clock Sync, the tolerance limit is upto 5 Minutes..So you can take care that the difference does not go beyond
  5 minutes.
  Thanks
  Can
  Gantek Tech.

  Your first post to these OTN forums.
  You posted your inquiry to a HARDWARE forum.
  Your issue seems to be a Microsoft OS issue and you just happen to have your OS volumes on a model 7310 appliance.
  I suggest you go find a forum somewhere that is hosted for Microsoft AD issues.
  If you happen to need the documentation for that piece of storage hardware, there are currently three PDF's available:
  http://docs.oracle.com/cd/E19935-01/index.html
  They are the Installation Guide, the hardware Administration Guide, and the Service Manual.
  There are no current Oracle-published documents for that box as related to Active Directory.

• The box indicating that this domain controller is the last controller for the domain is unchecked. However, no other Active Directory domain controllers for that domain can be contacted

  I have 2 domain controllers running 2003 server, server1 and server2. I ran dcpromo on server1 and removed AD and removed him from the domain and disconnected from network. I then added a 2012 server
  with the same name and IP address server1 with no problem. Replication from sites and services work fine on both controllers.
  The new 2012 server1 is GC. I transferred all FSMO roles to server1. Again no problem and replicating using sites and services. AD on server1 is populated correctly.
  Now what I had intended on doing was a dcpromo to remove server2 from the domain so I can then add another 2012 server. That is when I get the: "The box indicating that this domain controller is the last controller for the domain
   is unchecked. However, no other Active Directory domain controllers for that domain can be contacted.
  I have DNS installed on both servers and both look good with replicating there. Strange thing is when on the 2012 server within DNS if I right click and connect to another DNS server I can add server2 just fine but from server2 adding server1 it tells me it
  is not available.
  Help please!

  Hi,
  As there is server 2012 DC (SERVER1) DC is operational in a domain then "This domain controller is the last controller for the domain" should be remain unchecked when you demote SERVER2 DC. 
  If you are getting error "Active Directory domain controllers for that domain can be contacted" while demoting SERVER2 DC then check the DNS pointing on both as per below article, disable windows firewall on all DC, less possiblities but worth to check if both
  are different site then check the ports are open on firewall. 
  http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
  http://technet.microsoft.com/en-us/library/cc766337(v=ws.10).aspx
  http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
  run “ipconfig /flushdns & ipconfig /registerdns“, restart DNS server and NETLOGON service on each DC and try to demote server2 DC.
  If issue reoccurs, post dcdiag /q result.
  NOTE: If initial replication was completed between both DC (new 2012 and old DC) then you may remove the server2 DC from Active Directory forcefully (DCPROMO /FORCEREMOVAL) and perform metadata cleanup.
  Active Directory Metadata Cleanup
  http://abhijitw.wordpress.com/2012/03/03/active-directory-metadata-cleanup/
  Best regards,
  Abhijit Waikar.
  MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
  Blog: http://abhijitw.wordpress.com
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

• Active Directory Domain Service Unavailable

  I've just bought this printer and gone through the installation.. all seemed well.
  Network set up also went well and wireless network test results show 'No Problems Found'.
  When I click on print icon in Word, Excel etc etc I get the usual print dialogue box.  If I just click on PRINT all seems fine, BUT clicking on Properties gets - 'The Active Directory Domain Service is Currently Unavailable'.  Click on PROPERTIES and the program 'locks'.  If I try to close it I'm told there is a dialogue box open (which there isn't).  I have to force a shut down via task manager.
  I've tried closing Firewall - no effect.
  I've tried USB connection - same problem.
  I've run Windows troubleshooter - nothing detected.
  Any help please?
  N

  Hello Nath1310,
  Welcome to the HP Forums.
  I see that you having some issues with the computer freezing up after attempting to access the printing menu.
  Try running the HP Print and Scan Doctor to see if any software or driver issues are causing the freezing.  Let me know if you see any error codes or messages.
  Write me back when you have time.
  Cheers,  
  Click the “Kudos Thumbs Up" at the bottom of this post to say “Thanks” for helping!
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  W a t e r b o y 71
  I work on behalf of HP