Additional domain controller configration

Similar Questions

• Additional domain controller

  I need to add Exchange DC and 2 unity servers to an existing AD unit. Is it save to do this during opening hours, while the current environment is operational? Can it cause problems?

  Chris

  As long as you're only add new DC and Exchange Server and not remove/modify an existing one that uses the current system of production of the unit, this should not cause any problems.

• do you need additional licenses for a remote domain on a SBS 2008 domain controller

  I have a SBS 2008 domain. We have a remote desktop through a vpn, we would like to set up a domain controller for performance reasons. It was my understanding that SBS authorized licenses for the servers to be added free of charge? Is this true for an additional domain controller?

  Hello

  You can find the Server forums on TechNet support, please create a new post at the following link:

  http://social.technet.Microsoft.com/forums/en/category/WindowsServer/

• Domain controller goes down

  1. In my office there a server domain controller and an additional domain controller server and my DC is descended from some hardware problem, I have system state backup, so please tell me how to recover my DC.
  2. Please tell me how to monitor the Windows 2008 servers, DNS, DHCP, and ADC domain controller

  Post in the Windows Server Forums:
  http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer/

• How to turn on the firewall on the primary domain controller (AD)

  Once I deployed AD and ADC (additional domain controller) for a single client. It worked well for 4 months. But now I sudddenly has received a call from the customer that the firewall of its DC broke down and could turn on the firewall. He said something like "error 1068: the dependency service or group could start" when I try to turn on the windows firewall. It's mission critical servers and quick responses are welcome.

  Hi Darpandeep,

  The question you have posted is related to the management of the Windows network and would be better suited to the TechNet community.

  Please visit the link below to find a community that will provide the support you want.

  http://social.technet.Microsoft.com/forums/en/w7itpronetworking/threads

  I hope this helps.

• Questions, communicate with a Windows domain controller

  I thought at first my user had a problem with Keychain and had finally called Apple Tech Support.  While on the line with Apple, we proved that it was not a question of Keychain, but rather a problem of communication with a windows domain controller. The key elements are:

  * Multiple users and Macs are members of an Active Directory multi-domain forest

  * iMac is a 27-inch, mid-2011w / 8 GB RAM

  * OS X 10.11.2 (updated 10.11.3)

  * Question appears isolated to this iMac (currently). All other iMac, Macbook Pro and Mac Pro is currently very well, several VIRTUAL LANs, and a MacBook connected to the connection of network iMacs can communicate properly with the domain.

  * iMac seems not to contact no matter what domain controller when connecting, but connects to the resources of the network and domain controllers, after login. Permissions and access to the resources appear normal after login.

  * User (s) cannot change passwords for mobile accounts or login with new mobile accounts, but accounts/passwords cached work very well.

  * iMac uses Symantec EndPoint Protection for Mac (anti-virus) – REQUIRED BY THE POLICY.  I can't change.  I have come off for the test, but must replace as soon as the test is completed. This policy is set at a level about five grades of remuneration above me.

  * It isn't really everything off the coast of the wall software installs on the computer.  The full Adobe Creative Cloud subscription is responsible, but so it is on just about every other mac I support.

  The steps that have taken place:

  (1) about a month ago, the user went to change his password, but wouldn't go to change password at the login window.  We were able to change their password on the network and could use the new password to connect to the network Active Directory controlled resources. We can connect to resources network successfully with the new password, after we connect locally with the old password.

  (2) we get the red ball (the network resources are not available) to the login window. We are basically connecting with identification and passwords cached information.

  (3) if we try to change their password through the system preferences / users and groups / / password Chang, we get the message that no domain controller is available.

  (4) initially thought that it was a matter of trousseau, and we ended up calling Apple support, since Keychain first aid is no longer available in 10.11. Apple-Advisor while that remote, showed where it was not a question of Keychain because we could not change the password on the domain, because the iMac didn't communicate with a domain controller.

  (5) while on the phone with Apple, we reset SMC and NVRAM without success.

  (6) If you are going to untie the iMac in the domain, a message that the system cannot communicate with a domain controller.

  (7) today, thinking that maybe there was a hardware problem with the ethernet connection, tried to use the private WiFi network. Still would not communicate with a controller domain, but, as if using the wired, could connect to network resources. This happens independently attempted account.

  (8) used a MacBook on its network without any problem, it is not the connection port or switch

  (9) moved his iMac to another connection on one VLAN different. Same question.

  I'm open to suggestions. I have two days to work on this subject, around the planning of production of the user, while I'm off site for a week.

  10) thinking that maybe it was something that happened with 10.11.2, he improved to 10.11.3 today. No change.

  I don't want to try to clean and recharge its iMac, in the hope that this clears up the issue.

  ANY SUGGESTIONS?

  A few additional tests.

  (1) Symantec deleted using Symantec CleanWipe, without modification. Has been reinstalled after additional tests and a reinstallation of the operating system.

  (2) being ran reports, visualization and research now, but nothing is really coming out as noticeable. Only problem seems to be a helper of Adobe

  (3) use a bootable USB key and had no problem with the thumb drive version, this isn't somehow a hardware problem.

  4) entered the recovery partition and the re-installed El Capitan, in the hope that perhaps, is a pilot or something in the protocol stacks have been corrupt, a reinstall would correct. Reinstall has not corrected the problem.

  I'm really strongly leaning towards here is something in a plist or somewhere configuration file that is corrupted, but I don't know where this would be right now.  Will continue research and testing. Last resort will be a wipe up to bare metal and a clean install. I will not migrate the profile of the user, but only its working files.

• Problem with to demote a domain controller

  Hi all

  I tried today demote a domain controller, but my domain environment is still need of this domain controller to work.
  I have windows Server 2003 Small Business DC as DC1 & lately I added windows Server 2008 R2 DC as DC2 in the new box as an additional area. Now, I need to downgrade the windows server 2003 SB (DC1) in an old box.
  I transferred FSMO (all 5 roles) and remove DC1 from the announcement. In addition, remove it AD users & computers and Services of & Sites AD and DNS... I used the steps in this link: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
  When Dc1 is not connected to the network, you receive this error (see this picture of this link http://i41.tinypic.com/30upoxj.png) every time I opened all the consoles AD (AD users & computers, etc...).
  Also, when I tried to change the domain controller, it seems that he could not located the domain or domain controllers. Please, see this photo from this link: http://i43.tinypic.com/2n6afx1.png
  I can solve it reconnect DC1 to the network, but I don't want to keep it longer, and I don't know what Miss me? Also, I tried to use dcpromo to remove the domain controller DC1, but I got an error message that tells me that this is not the last domain controller in the forest and cannot proceed with the removal of the DC.
  Can you help me as soon as POSSIBLE, I'm right here.
  Waiting for your answer... Thank you!

  Hi Haitham2011,

  The question you have posted is related to Windows Server 2008 and would be better suited to the TechNet community. Please visit the link below to find a community that will provide the support you want.

  http://TechNet.Microsoft.com/en-us/WindowsServer/default

  I hope this helps.

• Conversion from a physical to a virtual domain controller domain controller

  Hello everyone!

  I was wondering if you guys can help me. We are running a physical server Proliant DL 360 Gen 8 as our physical domain controller. The host runs HP VMware 5.5 Update 1, and the domain controller running Windows Server 2012

  I am looking to convert it to a virtual DC as a backup. I would like to add it to a host computer currently running three VM. I have a few questions.

  (1) is there a way where if the physical domain controller goes down, that the virtual server is brought online automatically?

  (2) are there caveats to a physical domain controller in a virtual domain controller?

  (3) is there a step by step guide on the process of conversion from a physical to a virtual domain controller domain controller?

  (4) what should I stop all services on the physical server during the conversion?

  (5) that I would be able to take the virtual domain controller and make like a secondary domain controller?

  Thank you

  No, you misunderstood. For additional availability, you must implement a 2nd DC as a virtual machine now and leave this race. Don't bother to put something automagic, just the 2nd DC easy running.

  Backups should always be done on a regular basis, because they might be useful if two domain controllers fail for some reason any.

• Installing vCenter 5.5 on a domain controller for Win2k12

  Hello everyone,

  I hope someone can help me with what I'm trying to do in my lab at home at little cost (laptop running nested esxi). As suggested by the topics, I try to install SSO, Web Client, the inventory Service and vCenter Server on a Win2k12 that will be a domain controller. What I've done so far (in addition to pull my hair):

  1. install and activate Win2k12

  2. install vCenter using Simple installation

  3. change ports for LDAP / SSL to 3899 and 6369 accordingly (instead of 389 year 636)

  4 adding roles DC, DHCP and DNS

  5 try to promote the domain controller in a new forest = FAILURE because the required ports are already in use, in particular send me questions is 88 port used by the kdc vmware service. As soon as I kill / uninstall VMware SSO, I can promote the server to a domain controller, but then I can not connect to vCenter more.

  Any idea / help will be very appreciated!

  He works (somehow) finally got: health & Geekness: how to install vCenter Server on a Windows Server 2012 domain controller

  I would be grateful if someone can tell me what is the effect of not having vmkdcd.exe automatic launch at startup. Thanks in advance

• vCenter tip only on a domain controller?

  I have 3 domain controllers (Windows 2003R2) no virtualized and then 3 x 4.1 ESXi hosts that also have a VM virtualized vCenter.  Access to vCenter is controlled via Active Directory.

  I would like to take his retirement one of my old domain controllers, so I moved all the roles of it etc. as usual, then close to see if everything has failed.   I'm still 2 other DCs/GCs.  All computers in Desktop/server/user services are still working fine, but vSphere stopped accepting logons and gave me this in the event log.

  The directory server doesn't have to update the ADAM serviceConnectionPoint object in Active Directory. This operation will be retried.
  
  Additional data
  Object SCP DN:
  CN = {40130314-98b1-4511-977f-3c890bf33946}, CN = VCENTRE, UO member servers, DC = fal =, DC = local
  Error value:
  58 the specified server cannot perform the requested operation.
  Server error:
  (n/a)
  Internal ID:
  3390067
  ADAM service account:
  AUTHORITY NT\SERVICE NETWORK
  
  User action
  If ADAM is running under a local account, it cannot update the data in Active Directory. Remember to change the ADAM to NetworkService service account or a domain account.
  
  If ADAM is running under a domain user account, make sure that this account has sufficient rights to update the serviceConnectionPoint object.
  
  Object publishing ServiceConnectionPoint can be disabled for this instance of the attribute msDS-DisableForInstances parameter on the publication of SCP configuration object.

  It seems to me that it is only by looking at the DC I had off ready to retire (called DC1 while my other are DC2 and DC3).  How can I make sure vSphere is not bound to a specific domain controller, as I guess that's what's happened here?

  Thank you
  Andy

  Hello.

  Is DNS on the server vCenter Server and in the field? It might be a problem here.

  Good luck!

• Creating additional domain controllers 2003 for testing in a sandbox environment

  Hello

  We run many production servers in a windows 2003 environment.

  To test future applications and internal development, we plan to create a test environment of sandbox for our production environment.

  I read that conversion existing DC directly is problematic, what happens if we

  -created additional servers in the virtual machine,

  -dcpromo + synchronization the new servers with the production of DC

  -Finally the sandboxing them?

  There will be issues when the new domain controller is not accessible by the PDC? These DCs in sandbox will be fully functional?

  Appreciate any feedback.

  See you soon

  RAMM

  Hi Ramm,

  Welcome to the forums.

  It is a best practice to not virtualize a domain controller. It is better to create a new server and promote a domain controller.

  You can divide your domain name and create a replica of lab but you always have to take care of is not to reconnect this isolated domain in production to avoid conflicts.

  These are the steps to split a domain:

  -create a virtual Windows machine with the same version and SP as production

  -promote a domain controller

  -Once the replication completed, isolate it from the network

  -in the field of production, remove data from active directory to the remote server

  -on the remote server, enter the FSMO roles, DNS and DHCP functionality

  Some references:

  Need to "clone" a domain controller

  Creating a test lab environment active directory of your AD forest production

  Virtualizing_Windows_Active_Directory.PDF

  Good luck

  Concerning

  Franck

• 2012 R2 in Windows domain controller goes to three options when you restart in hyper-v, but cannot boot from any option

  After that creating a differencing disk (Windows 2012 R2 MSDN) that points to a virtual hard drive in windows that was Sysprep, I went through all the measures to promote a domain controller, but then I get 3 options, one to stop and connect to DC, two to repair, and three to stop this PC, the virtual machine does not restart to something else than these three options. I have also set up the IP address to be in the same subnet as the host gave the DNS the same thing as the vm and can ping a Web site ok, but cannot get the malicious windows package to get from windows update then nothing else before I did this PC a 2013 R2 domain controller.

  Any help would be gladly appreciated, as I did the same for 2008 a few years ago, no problem - learn everything MS 2013 if all goes well soon on this...

  Marc

  This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
  http://social.technet.Microsoft.com/forums/en-us/home s/fr-U.S./Accueil
  http://social.msdn.Microsoft.com/Forum
  
  
  If you give us a link to the new thread we can point to some resources it

• Prerequisites for domain controller promotion is not for windows server 2012

  For windows server 2012 check of preconditions for the promotion of domain controller has failed. TCP ports required by Active Directory Domain Services are already in use on this computer. You must remove or reconfigure the services that currently use these ports (88, 389, 636, 3268, 3269).

  Support is located in the Windows Server Forums:
  http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer/

• The server has not completed the compliance audit of the licenses. If the server is joined to a domain, make sure that the server can connect to a domain controller.

  Hi all

  Can I confirm with expert from Microsoft, it's windows foundation server 2012 may not be the first domain controller (which means that the first AD in the forest)? It must be attached to the root of the forest as a domain controller. If I'm promoting it to be first DC in new forest, he invites you to "the server has not completed the compliance audit of the licenses. If the server is joined to a domain, make sure that the server can connect to a domain controller. If the license compliant check cannot be completed, the server will automatically close in 9 days...

  Thank you & best regards
  Andy

  Hi Andy,.

  Your question of Windows is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the TechNet Windows Server Forums:
  http://social.technet.Microsoft.com/forums/en/category/WindowsServer

  Hope the helps of information.

• Windows Server Std 2012 R2 domain controller

  Hello world. We have problems in the domain controller with Windows Server R2 2012 in the VM that it helps domain users to connect to the DC remotely with admin rights. We have already allowed group policy by default on the management of the user rights that allow remote only for domain administrators. We did not refuse access, because the new user must be added to each new user creation. We do not want to use distribution of the Group deny. is it possible to access remotely to DC?

  Thanks in advance.

  This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)
  *
  http://social.technet.Microsoft.com/forums/en-us/home s/fr-U.S./Accueil
  http://social.msdn.Microsoft.com/Forum