All Questions
Tagged with windows-server-2019 active-directory
132
questions
0
votes
1
answer
63
views
GPO - Missing "Manage updates offered from Windows Server Update Service"
in our Windows Server 2019 DC we are missing the following Administrative Template:
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update > ...
- 101
0
votes
1
answer
66
views
How do i delegate domain admin to cross forest account
I currently have a setup involving two domains. In Domain 1, there is a Domain Controller (DC) and a Gateway (GW) configured for Windows Admin Center. A two-way forest-wide trust has been established ...
- 1
0
votes
0
answers
81
views
DNS record not resolving - even on the server itself? Causing AD issues
I have a Windows Server 2019 AD/DHCP/DNS/SQL server running on an ESXi host. Recently, I have been having trouble with domain trust dying to client machines, and now I am completely unable to join new ...
- 1
0
votes
1
answer
192
views
Changing name/ip of Domain Controller/DNS/DHCP Server after migrating from 2012 to 2019
We are prepping a migration of our AD server (DNS/DHCP/Print/Azure AD Connect) from 2012 to 2019. I can't find a definitive answer on changing a DC's ip/computer name post-migration.
Prep:
spun up ...
- 3
1
vote
1
answer
106
views
Unable to log into RDP session on remote site servers using domain creds
The Setup
I have a single on-prem Active Directory domain. The domain is configured with 3 AD sites, each with a global catalog domain controller. Site A is the main hub, and Site B and Site C are the ...
- 111
0
votes
0
answers
34
views
Active Directory Additional DC is not involved in authentication process
In my company we have two domain controllers PDC (primary one), ADC (Additional one).
upon user authentication the Additional domain controller is not involved in any user authentication.
we have ...
0
votes
0
answers
140
views
HTTP 503 error trying to access AD FS from the domain
I'm using VMs to test my AD FS multifactor authentication plugin. I'm referring to
this guide as this is the only guide on this subject. I might be doing something wrong or missing some obvious faults ...
0
votes
1
answer
77
views
Do Windows Services continue running when their Active Directory account gets disabled?
There was an incident this week where one of our SQL Server instances was unexpectedly offline. I found the Windows Services that run the instance stopped and was unable to start them again due to the ...
- 101
0
votes
0
answers
308
views
New DC - AD Domain Services did not perform an authenticated remote procedure call (RPC) to another directory server because the desired (SPN) f
I recently added a Windows Serevr 2019 DC to my domain which already has three DCs across two sites.
The three existing DCs are Server 2012 R2 and the Domain and Forest levels are 2008 R2.
The new DC ...
- 1
0
votes
1
answer
70
views
Cannot limit file access auditing on Windows Server 2019
I'm trying to implement file access auditing on a Windows Server 2019 machine with mixed success.
The server in question is a member server, but not a domain controller.
I have enabled success ...
- 183
0
votes
2
answers
260
views
How to Set Intra-site Replication Delay Time (Active Directory)
Cannot configure replication delay. I have 2 domain controllers (DC1 and DC2, Windows Server 2019), both in the same site. I set the replication delay time in the Server Manager snap-in "AD Sites ...
-1
votes
1
answer
180
views
assign AD GPO to a specific set of computers: what mechanism?
(In exploratory mode: not sure what is the right question to ask, and how to ask it. Also, new to AD GPOs: please forgive lack of clarity in the question.)
Question: how do I assign an Active ...
- 304
0
votes
1
answer
135
views
Server 2019 Domain Controller SMBclient cannot map NetApp Drives
I am supporting Windows again after many years. This client I'm assigned to has Domain Controllers running 2008r2 and 2012r2 and they want Azure AD Connect Password Hash Sync. The minimum requirement ...
- 162
0
votes
0
answers
223
views
Windows Server 2019 Best Practices Analyzer - Error is Fixed but a new scan still displays same error. What to do?
Server OS: Windows 2019
Roles: Hyper-V, DC, DNS, etc. (2 vms on Hyper-V RDS vm and DC vm)
The old IT team had this configuration now I want to change it to best practices.
BPA scan on Server Manager &...
- 1
2
votes
1
answer
881
views
gMSA and Read Only Domain Controllers
Windows Server 2019 Environment
I have 2 writable DCs and 1 RODC out in a DMZ that will all need to use a gMSA for some software we are deploying. This is my first time ever making use of gMSAs / ...
- 341
-2
votes
1
answer
215
views
What is the ILS_ANONYMOUS_USER account?
On a Microsoft Windows domain, on a public IP server, I found a login using the account ILS_ANONYMOUS_USER.
This is Microsoft created domain wide account, not specific to one server.
Is this right?
...
- 422
2
votes
3
answers
901
views
Enabling Protected Users on Windows 2019 AD prevents users from logging in
Our Windows Server 2019 AD is setup and working well.
Due to the Outlook exploit (CVE-2023-23397), we implemented one of the recommendations - move users to the Protected Users group.
Since then, ...
- 121
-1
votes
1
answer
839
views
Windows Server 2019, Hide or Disable file history (Shadow Copy) for users in active directory that accessing a network share
tl;dr; We need to disable or hide the file history for active directory users who access a network shared folder, so that only the IT team can restore files to previous versions.
We have a small ...
- 51
0
votes
1
answer
485
views
Kerberos settings in GPO never seem to apply in spite of the GPO otherwise working
Server 2019 Domain Environment. Issue is related to the DCs themselves.
I've a self-created GPO on my DC OU that sets a bunch of things, several of which are Kerberos settings:
Curiously, while ...
- 341
-1
votes
1
answer
81
views
AD lockout email alert script working intermittently
So we've been using this PS script for a while and was working fine until we migrated the domain controllers. The new domain controllers are running core Microsoft Windows Server 2019 Datacenter. We ...
- 1
0
votes
0
answers
372
views
On-premise Windows Server 2016-2019 non AD Join to Azure AD
I have Azure AD for my users, so far, so good, and i want to create a File Server. I have 3 VM's at the moment, Win Server 2016 Standard, Win Server 2019 Standard and Win Server 2019 Datacenter. Those ...
1
vote
1
answer
436
views
Domain Time Skew
A few months ago I attempted to get time straightened out in our environment but I never really got it working correctly. We have 4 domain controllers and the time difference always seems to be ...
- 11
0
votes
0
answers
1k
views
Insufficient system resources exist to complete the requested service - CVE-2022-37966
Problem
After enabling KrbtgtFullPacSignature (value 3) according to KB5020805 the entire domain becomes unreachable, at the login screen the following message is shown: “Insufficient system resources ...
- 85
0
votes
1
answer
93
views
Restoring a domain machine which name is already in use
I have such situation: one of domain PCs was broken and replaced by new one using the same machine name. Now the old machine is back from service and I want to use it in different place, but if I try ...
- 135
0
votes
1
answer
998
views
I cannot get an otherwise functional Powershell script to run on a schedule
Environment: Server 2019 Domain Controller.
I have a simple script that combs through my AD users and disables anyone who hasn't logged in within the past 35 days (org policy). Looks like this:
Get-...
- 341
2
votes
0
answers
158
views
No logs for DFS Replication on Domain Controller
I was testing monitoring DFSR event logs on my DCs and figured there are no logs after event 1210 (The DFS Replication service successfully set up an RPC listener for incoming replication requests.) ...
- 21
0
votes
0
answers
113
views
How do I limit Remote Desktop Connection access using GPO's in Active Directore
I am pretty new to designing Active Directory domains and using GPO to make settings ont he local machine. However, I have been set a task and am struggling.
I have a Server 2019 virtual instance ...
0
votes
0
answers
1k
views
how to hide Active Directory objects for all domain users
All users in the OU "Society\Members" and "Society\Members_ENG" are members of the bullitin group "Domain Users".
How can I set in the Domain Controller's Active ...
- 11
0
votes
0
answers
197
views
Leaving Windows Servers out of a domain
I'm not much used to running Windows Servers and need ground to either defend or withdraw from this idea and have found nothing on Google. The company I work for recently suffered a ransomware attack. ...
- 101
0
votes
0
answers
127
views
retrieve computer name on domain controller
Good morning. I currently have a domain controller (Windows server 2019) where there are approximately 500 users and computers.
when a computer x is damaged, it reinstalls the operating system. The ...
- 1
-1
votes
2
answers
2k
views
The security database on the server does not have a computer / workstation trust relationship - on a domain controller
"The security database on the server does not have a computer account for this workstation trust relationship"
This is the message I am getting when I try to log into the only domain ...
- 1
1
vote
1
answer
5k
views
How can I remove a no longer existent child domain from my forest?
In a virtual environment, I lost the virtualized DCs of a child domain of my forest. I don't need the child domain, but as the DCs are gone now, I cannot remove the domain in the intended way by ...
- 636
0
votes
2
answers
337
views
How can I set the ACL of a CA programmatically?
When launching the CA console (certsrv.msc), I can right-click on my CA, select Properties and then I can modify the ACL of my CA in the Security tab. When I modify it, the changes are applied to the ...
- 636
0
votes
1
answer
142
views
Why is a windows domain user required and is there an alternative?
I have a script that executes JAVA program. The script runs fine under my own user.
However, the script fails to run when using a scheduler service, which runs on the same (EC2) machine, under a ...
- 101
2
votes
2
answers
6k
views
GSSAPI Error: KDC has no support for encryption type on RHEL 8 joined to multi-domain AD forest
I have a simple MS ADDS multi-domain forest setup with a parent domain and one sub-domain. I joined a RHEL 8 server successfully to the sub-domain by using this official documentation. All OSs have ...
- 636
1
vote
2
answers
2k
views
Adding a machine to a domain fails with internal error
I've enabled winrm, disabled firewall, enable remoting, GPOs for winrm, enabled SMBv1 and completed updates first as troubleshooting but I still get the error. I can ping the DC as well.
The error I ...
- 189
-1
votes
2
answers
2k
views
Can't logon to domain controllers
We have 2 domain controllers with 2019 server, system administrator made something with GPO which deny access for group "Domain Admins" to workstations, now it is distributed throughout the ...
- 7
0
votes
1
answer
1k
views
The access to shared directory using DFS is very slow
I have an Active Directory with 1 DC and 1 DFS deployed on hyper-v VM on a certain machine X. The DFS consists of several shared folders from machine X and folders from machine Z. When I try to ...
0
votes
1
answer
1k
views
Outlook with local exchange account asking for Microsoft online login
I seem to have more and more issues with Microsoft pushing to try and force everything into their online service lately.
As of today I suddenly have two workstations that refuse to stay connected to ...
- 5,401
0
votes
0
answers
196
views
Why is member server not able to find domain controler on its site, showing events 2084 and 2085 in event viewer?
This is raised at a point where I need to uninstall Exchange 2010 from a member server after migrating to a newer server. Uninstall fails with error "Could not find any available Global Catalog ...
- 163
0
votes
2
answers
1k
views
Creating DNS A Record for 3 domain controllers
I have setup a new domain on our network consisting of 2 domain controllers, dc1, dc2.
I can see the A records for the 2 controllers. But I need to do load balancing so that I can refer to the 2 dcs ...
- 5
0
votes
0
answers
63
views
Client devices randomly unenroll from Windows Hello for Business
I have followed the Deployment Guide found here: Windows Hello for Business Deployment Guide - On Premises Certificate Trust Deployment
We're able to set up fingerprint and facial recognition for the ...
4
votes
2
answers
3k
views
Upgrading Windows Server + Domain Controller to Windows Server 2019 - Fails On "ADPrep.exe"
I'm am using the instructions here to upgrade my Windows Server 2012 AD Controller to Windows Server 2019. This server is a isolated AD controller that has no other server/clients connected to it in ...
- 215
0
votes
0
answers
933
views
Domain Controller Communication Timeout Limit
THE DOMAIN
I have a domain setup with a parent/child schema. All servers are Microsoft Windows 2019 Standard. There are 2 top level DCs and the 2 child domains each have their own 2 DCs. The issue I ...
- 835
1
vote
1
answer
2k
views
How to install second primary DNS on a domain?
So I'm testing some features in the windows server 2019 lab. I have one active directory. No need to say that the DNS server is running on the active directory correctly.
I want to add another primary ...
- 159
0
votes
1
answer
657
views
Use cmd when "Run only specified Windows applications" policy is in effect
I am trying to restrict the applications usage on the VM Windows Server 2019.
In Local Group Policy editor (gpedit.msc), i modified the policy, on the left pane, click/tap on to expand User ...
0
votes
1
answer
974
views
Sync error between windows server AD and Azure AD
I have windows server 2019 OS with AD synced to Azure AD via Azure AD connect sync.
I recently changed my domain @mydomain for some of my old users. Unfortunately, I also erroneously changed the ...
- 101
0
votes
2
answers
1k
views
Nested AD Groups RDP permission not applying to new Windows Server 2019 VM
Similar Issue with no responses: Nested AD groups working in local computer groups, but certain servers fail to allow RDP?
I am only new to this environment and the person I took this over from also ...
- 1
0
votes
1
answer
994
views
Microsoft Active Directory and DNS on Multiple Sites
I have a 3 different site location of my company, and i have a domain controller on each site,, and I have issue with domain DNS resolving , example ::
Domain Name = ABC.Local
Site1 : DC GC+DNS IP = ...
- 21
0
votes
0
answers
209
views
How to recreated users' home folders?
Users already have their home folders set through Active Directory to mount as U: drive to \\SRV\Usrs$\%UserName%
I had to create the folder again and share the $Usrs again but when a user logs into ...
- 101