ASK

As we know group policy has two main configurations, user and computer. Accordingly, the computer policy is applied to the computer despite of the logged user and the user configuration is applied to the user despite of the computer he is logged on. For example we have a Domain, this Domain has two different organizational units (OU)  Green  and  Red ,  Green OU  contains a Computer account and  Red OU  contains User account. The Green policy, which has settings  “Computer Configuration 2”  and “User Configuration 2”  is applied to the OU with the computer account. The Red policy, which has settings  “Computer Configuration 1”  and  “User Configuration 1” , is applied to the OU with the User account. If you have a look at the picture below it will become clearer. If Loopback processing of Group Policy is not enabled and our User logs on to our Computer, the following is true: As we can see from the picture, the User gets...

what is Change Notification? Change Notification is the interval between an originating update on a domain controller and notification of this change to its partners.  When this interval elapses, the domain controller initiates a notification to each intra-site replication partner that it has changes that need to be propagated. Another configurable parameter determines the number of seconds to pause between notifications to other partners if any. This parameter prevents simultaneous replies by the replication partners. There are two values for the interval – one for the first partner, and other for the subsequent partners. When a change is made on a Domain Controller’s Active Directory database, before the change is replicated, the DC waits for a specific period of time before sending the Change Notification to its first partner, and then waits for another period of time before sending the Change Notification to another partner, this process continues until all partners ar...

This one drove me crazy. Many help articles start with  " start adsiedit and browse to CN=Configuration CN=Services ....." . I could not see CN=Configuration to save my life. After hours of hair pulling I found this article Thanks David http://www.kineticcomputer.com/tips/1103-cannot-see-configuration-container-in-adsiedit.htm Solution The default naming context of ADSIEdit may not show the Configuration container. You can, however, specify it manualy. Select Action -> Connect to... In the "Connection Point" frame, choose "Select a well known Naming Context". Choose "Configuration" from the drop-down box. Hit OK, and the Configuration container, and its sub-containers such as CN=Services and CN=Sites, will be visible. Alternatively, you can choose "Select or type a Distinguished Name or Naming Context" and type the address of the Configuration container in the following format: CN=Configuration,DC=yourdomain,DC=com (e.g...

I got a clean installation of Windows Server 2008 Enterprise R2 from my hosting provider. When I try to add a Actice Directory Domain Services role to the server I get a message that the installation is not successfull and the server needs to restart in order to revert all changes. Here's what I have in the server log: I was adding an additional domain controller (Win 2008 R2) to the domain in our CRM Hosted environment this weekend, and I ran into this error when installing the AD Domain Services role: Active Directory Domain Services Installer : Failed to install Active Directory Domain Services binaries. Completely useless error message and the log file in \Windows\Debug didn't have anything further. I started scrolling through the System Event Log hoping for clues. Since it was a brand new server the log was pretty clean with one exception: Source: Service Control Manager Event ID: 7001 Level: Error Description: The DFS Namespace service depend...

DC to DC and DC to client communications Require Numerous ports There’s no secret to this. That’s the simplest I can put it. And, the list of ports required is long, to the dismay of network infrastructure engineering teams that must bequest ports to allow AD to communicate, replicate, etc., these ports must be opened. There really isn’t much that can be done otherwise. Here’s the list with an explanation of each port: Protocol and Port AD and AD DS Usage Type of traffic   TCP 25 Replication SMTP TCP 42 If using WINS in a domain trust scenario offering NetBIOS resolution WINS TCP 135 Replication RPC, EPM TCP 137 NetBIOS Name resolution NetBIOS Name resolution TCP 139 User and Computer Authentication, Replication DFSN, NetBIOS Session Service, NetLogon TCP and UDP 389 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP TCP 636 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP SSL TCP 3268 Directory...