I would like to provide full administrative access to servers within the domain to another admin, with a single exception: the administrator should be unable to create new administrator accounts.
I have looked at the options available through control delegation, but am not quite sure how to do what I need, as control delegation appears to be OU-specific.
Our public-facing domain name changed last year, but active directory still uses the old domain name. This didn't pose a problem until we updated the SSL certificate in Exchange 2010. Now, even after changing AutoDiscoverServiceInternalUri on the Client Access Server, and remapping all Virtual Directories, Outlook clients are still displaying a single stubborn certificate warning.
When running the Test Email AutoConfiguration Tool from the Outlook client, I noted that the EXCH provider is referencing hostname.old-domain.com, while the EXPR provider is correctly mapped to mail.new-domain.com, as EXCH should be.
<Protocol>
<Type>EXCH</Type>
<Server>EXCH-1.old-domain.com</Server>
...
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.new-domain.com</Server>
...
</Protocol>
Is it possible to update this section of Autodiscover without changing the AD domain suffix?
Update: It seems that the error is only appearing for internally connected clients on LAN.
I am looking to create a root domain on Windows Server that will resolve internal IPs for only selected services hosted within our firewall, and forward all unresolved hostname requests to an external name server.
For example, if someone tries to access an ERP system at https://erp.contoso.com the internal DNS will be provide LAN users with a local IP, while external users will be provided with a public IP address from an external DNS provider.
However, regardless of whether the users is on the LAN or not, all requests to https://firewall.contoso.com for example, will be resolved by the external DNS.
How does one accomplish this? My apologies if this explanation is difficult to follow, I hope this makes sense.
I noted that it's possible to configure Users and Groups on servers that do not operate as a DC, but this area is disabled on DCs. I figure that the DOMAIN\Administrator group is automatically given permissions to log into all DCs.
However, it appears that you can customize the Users and Groups on servers that do not operate as DCs. Why is this the case? And, why am I unable to add the DOMAIN\Administrators group to the local Administrators group on a server that isn't a DC?
I have a folder hierarchy that has a mess of different permissions. As the the domain Administrator group is not included in this list, I kept receiving an error when attempting to change the permissions.
A bit of scouring the web uncovered that I would first have to take ownership of the files using the TAKEOWN command with the /r flag.
Well, I can say that TAKEOWN worked wonderfully, but I am still encountering the same issue whereby I receive an Error Applying Changes alert.
Why is this happening?
Users do not have administrative privileges, which restricts them from installing software, so they must reach out for support.
However, for an administrator to install software, the user must first log out of their active session, only after which the admin can log into the local administrator account on the machine and install the program.
Is there any way to install the software while without first closing the active user session when remote screen sharing?
I have a user that is listed in All Users, but no matter what I do, they do not seem to be showing up in the Global Address List. I have forced updates, and refreshed the GAL multiple times, but this single user will not show up.
Why is the user not showing up in the GAL, and how can I remedy the situation?
In reviewing the documentation for the Office 365 Click-To-Run deployment toolkit, it appears that the tool allows you to download a customized installation to a network share, and then distribute it to users.
I have many satellite offices, with all of the larger ones having internet connections that allow for unlimited bandwidth. Is it possible to leverage Microsoft's own CDN, rather than host these files locally? I would rather computers affected by the group policy download a customized version directly from Microsoft's CDN. Is this possible?
It appears that it is relatively easy to have multiple (even all) AD servers equipped with a copy of the Global Catalog. However, is it possible to do the same for FSMO roles?
If not, is it possible to create a failover protocol that will automatically transfer the FSMO roles to another AD server?
Is it possible for a Domain Administrator to reset the Local Administrator on a machine Windows Server 2008 R2?
Currently using Server 2008 R2, and I attempted to create and attach a 1.5 TB VHD on a USB 2.0 drive.
I see the VHD file in the drive, but cannot attach it in Disk Management. I keep receiving an error message: The file or directory is corrupted and unreadable.
As this is a new VHD, I tried to delete the file, but receive yet another error: The action can't be completed because the file is open in System.
How do I attach or delete this drive?
When I ping DC1 on a local network using only the hostname, I receive an expected response. However, if I ping a remote DC (DC5 for example) over site-to-site IPsec VPN, I receive the following error:
Ping request could not find host DC5. Please check the name and try again.
If I try to ping the FQDN dc5.mydomain.com, I receive a response.
Why is it that hostnames are working locally, but not over the VPN tunnel?
When I type the following:
http://www.archlinux.org/packages/extra/x86_64/enca/download/
wget is downloading index.html instead of the correct file which is: enca-1.13-2-x86_64.pkg.tar.xz
When I use a windows machine and navigate to the same location, it correctly prompts me to download the tarball package.
I have found that using Rsync to transfer files from CIFS mounted shares resident on a Widnows client is extremly slow.
I have read a few threads here on SF, and several other forum posts on the web, that point to the issue being related to rsync verifying the data to be transferred. Is anyone able to explain this to me?
Also, if this isn't going to work at the speeds I would like, what are my options if I want support for checksumming to ensure data integrity?
Currently when rsyncing files from a CIFS mounted share to a physically connected drive I net ~25 MB/s over a Gigabit LAN. Conversely, when using Robocopy on the Windows client I realize transfer speeds of ~85 MB/s which is approaching the practical cap of the 5,900 RPM drive. Why such a signifcant difference?
I'm looking for a bit of advice on transferring a several files from Windows-based workstations to a Linux Server running Ubuntu Server LTS 10.04. At the moment I've been mounting the shares on the Linux box and rsyncing them, but I'm not sure if this is validating the data that's being sent. Someone suggested that I used Bacula for backups, which I plan to do to take advantage of VSS for 100% data integrity, but for the initial transfer it doesn't seemm that Bacula is an option.
Does anyone have any suggestions?
I appreciate the help!
I was wondering what strategies others in the community use when backing up their Windows-based workstations to Linux servers. At the moment I'm doing a bit of a test with Ubuntu Server LTS 10.04 and I'm trying to do regular backups from workstations to the server.
My main concerns are that I want to reduce overhead by using incremental backups, and I want to ensure data integrity using some kind of checksum (md5sum if possible).
So far, the best method I've come across is scripting the server to mount workstation shares and take advantage of rsync which I've been told uses MD5 sums. This way I can kill two birds with one stone, as I'm not sure if the same fucntionality is built into Robocopy - another method that has been suggested.
Anyway, I was wondering if anyone out there has a better method that would ensure 100% integrity with the least overhead.