Search the Community

I am in the process of making images for a large amount of computers with many different users so I am trying to keep all of my shortcuts in group policy. I can get all the URLs I need to go up just fine but I am lost on how to do it with applications such as ms paint, notepad. As well as shortcuts for logging off, restarting, and shutting down the computer. Any ideas are appreciated.

I updated my AD user account with new groups, and my Ubuntu 22.04 and 20.04 systems aren't getting the new groups. I have to clear the cache and restart SSSD to fix it. Is there a more permanent solution? Apr 01 13:01:34 krb5_child[1914548]: No credentials cache found (filename: /tmp/krb5cc_10715_XG6gbr) Apr 01 13:01:25 krb5_child[1912964]: Preauthentication failed Apr 01 13:01:25 krb5_child[1912964]: Preauthentication failed Apr 01 13:01:25 krb5_child[1912964]: Preauthentication failed Apr 01 10:15:53 sssd[780417]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database. Apr 01 10:15:53 sssd[780412]: ; TSIG error with server: tsig verify failure Apr 01 10:15:53 sssd[780412]: ; TSIG error with server: tsig verify failure Apr 01 10:15:53 sssd[780407]: ; TSIG error with server: tsig verify failure Apr 01 10:15:53 sssd[780407]: ; TSIG error with server: tsig verify failure That's the error I was seeing on the journal.

So I have a windows server 2019 on a NUC and a windows 10 pro VM on hyper-v on the server. I domain joined the client computer to the domain and I have made 3x accounts on the AD and made 2x groups called economy and market. I made a folder named testfolder and in that folder I made economyfiles and marketfles. I then made permissions for market and economy to see the testfolder and only for economy to read the marketfile and market can read/write and vice versa. But when i try to share the testfolder and sign in with a client account I can only see the testfolder and not the files inside the testfolder. Any ideas? Both are on the same local network. I cant add a server aswell. When i go to All servers and go to manage and click on add server and type in the server name "test" and select that its says target comuter not accessible. I dont know why. I mean do you really need to have a windows server version to add as a server? If you are working in a company how is that going to work if you cant add client computers? And i can share the files inside the testfolder but they wont be inside the testfolder when i check the client account and the permissions i had set doesnt work. I can still write in a economy if the account is a member of market. PS: when i share files it says to select the server or computer and i only have the windows server but if the client VM is on the windows server should it matter? And if it matters how can I add the client VM so I can select it wen I share files in server manager?

Hello there, I am hoping some members in the community here may have some experience with what the title suggests, I'll lay out the situation below: I am an IT admin for various schools in the South West of the UK, the Main school I work at however is what I am having issues with. The network there is a plain and simple Vanilla Windows network with each user getting their own user account and an email with Microsoft Office 365 A1 Plus. With Corona Virus still lurking and likely to be lurking for a while, I have moved my whole workplace/school environment over to Microsoft Office Online, SharePoint and OneDrive so that my user base does not rely so much on the storage, servers and internet connection of my work place/school. Albeit what I have got is still very quick but that's not the point, it just gives me plenty of wiggle room in what I do as well as overhead and plan B options. The Microsoft Office Online Suite was working absolutely fine whilst everyone was working from home and whatnot. However, with students and staff being back in schools at the moment, everyone is trying to access the whole of the Microsoft Office Online and more from within the school through their browsers which is not ideal and has brought up some major headaches for me. Before I made this move, Students used to get their own mapped drives including to the shared drives that now exist within SharePoint, my problem is that with having moved the drives up to SharePoint, the students can no longer gain access to said mapped drives through file explorer since the drives are not internal to the network. Students cannot save files directly to the computer as this is what the mapped drives were for, but since they are gone then the students can no longer save locally, at which point anything outside of the Microsoft Office Online Suite is currently out of the question. So here's my question: Is there a way I can map the areas I want from SharePoint to the students within Active directory? I ask because I am currently running into issues with the drive maps not recognizing the pupils logged in, at which point the drive has a simple red cross on it and it won't bring up anything to authenticate them. I understand that the simpler option is to let the students use OneDrive for Business but then this stores a cache of each users area on each computer, storage on each machine would go through the roof which is not what I want. I look forward to hearing some of your answers, experiences and/or solutions. Cheers, Brennan.

In my organization, we have one computer that is on our Active Directory, but whenever a user logs in, it fails to login and says that it failed to login, and it created a temporary account. Is there a way to stop it from doing this, preferably without having to reimage it?

Hellooo, Having an issue with AD in VB.Net and hoping someone on here will be able to help. I am very new to AD in VB so its probably a really simple solution but I can't seem to find it on google. I need to connect to AD to pull a users details and searching by their username. so the code I have is... Dim rootEntry As New System.DirectoryServices.DirectoryEntry("--Domain--") Dim searcher As New DirectorySearcher(rootEntry) Dim ctx As New PrincipalContext(ContextType.Domain) Dim user As UserPrincipal = UserPrincipal.FindByIdentity(ctx, txtUsername.Text) If user IsNot Nothing Then Else MessageBox.Show("Student is not found in Active Directory, please check the username and try again") Exit Sub End If searcher.PropertiesToLoad.Add("cn") searcher.PropertiesToLoad.Add("extensionAttribute1") searcher.PropertiesToLoad.Add("displayName") searcher.PropertiesToLoad.Add("mail") searcher.Filter = "(&(anr=" & txtUsername.Text & ")(objectCategory=person))" Dim results As SearchResultCollection results = searcher.FindAll() Dim result As SearchResult For Each result In results StudentName = result.Properties("displayName")(0) StudentNumber = result.Properties("extensionattribute1")(0) sEmail = result.Properties("mail")(0) Next Status.Text = "Loading data from SQL Database, This may take several minutes..." and this works almost perfectly.... with this I can pull up a users email, full name, user ID all from just their username. There is no need to sign in with a username and password as AD is read only to everyone on the network. The problem is its not searching for the exact username typed into "txtusername.text" it seems to be using a "like" syntax. If I search for a user e.g "BG12AAM" then as ong as that is the only user with a username like that then it will pull the information I need. If there are two users "BG12AAM" & "BG12AAM1" then it will give me the details for the most recently added user. Even if I type "BG12AAM" in the textbox it gives me the details for "BG12AAM1" which I don't want. Is there a way to search for the exact user typed? Thanks,

Hi everyone, My cousin says you can't run VPN and Active Directory on the same dedicated server because it's a Microsoft security feature. Is that true? You need a separate dedicated server for VPN, and another separate server for AD? Thanks

Hi everyone, I'm working with a small CPA firm and notice their computers are part of a workgroup instead of a domain. The person who set it up initially joined the 5 computers as a workgroup. Only 5 computers to worry about here. Can Active Directory appropriately manage a workgroup? What are some things we're missing out on? I'm just trying to understand some of the ins and outs of this. For instance, why have a server in the first place if the network is a workgroup? The server is Windows Server Small Business 2011. They do mostly file sharing but they also access tax software from the server. Why not just have a peer-to-peer network or cloud based solution?

Hi everyone, I'm basically in a lab environment right now practicing using Active Directory. I have a server running Windows Small Business Server 2011 and have 3 workstations. How do I associate the users and computer accounts I've made on the server Active Directory with the workstations? I created all 3 computer accounts, and all 3 user accounts. We have computers 1, 2, and 3 and users A, B, and C. Pretty new to this, so thank you for any help you can give.

Hi everyone, I'm probing for best practices setting up a VPN connection from 5 remotes workstations to a home office server. Each remote workstation is located in a verterinarian van that travels to clients. There will also be 5 clients at the home office that will connect locally to the server, or perhaps with VPN in some circumstances. So far, I'm going to use Active Directory to implement user and computer accounts for the van workstations and local workstations. I will implement VPN. I always figure many minds are better than one, so I am probing for anything perhaps I haven't thought of, and am seeking advice on the situation. Nothing exists yet. All we have is empty office space and 1 van. He wants scalability for 5 vans in total and his home office. What are your thoughts? Thank you.

OK so I'm not sure if I'm just confused on this concept or what's going on but I have 2 servers with the following roles installed: Main Server - Windows Server 2008 R2 (08SRV) Active Directory Domain Services DHCP DNS IIS File and Storage Services Backup Server - Windows Server 2012 R2 (WS2012) Active Directory Domain Services DNS IIS File and Storage Services So my original plan was to use WS2012 as a backup server in case 08SRV went down (like if I needed to restart it) so that we could still login to the domain as well as use the internet. Everything seems to be setup correctly as I'm not showing any issues in Server Manager but I went to restart 08SRV last night after installing Windows Updates and immediately lost internet to all the computers. Do I need to have the DHCP role installed on the Backup server or am I missing something?

We are looking into possible solutions for replacing our old server and possibly moving some roles it handles to a cloud solution. I came across JumpCloud.com which says they offer an Active Directory replacement that is hosted in the cloud. The idea looks great and with only having 6-7 employees in our office that seems like it may be a good fit. The concerning part for me is that they have a free account which allows up to 10 users. We are an accounting firm and as a result security of client data is a priority. When I see free for a business service I get concerned as nothing is really free.

Linus team can you feature a build about active directory and integrating it into an actual server environment thanks.

Hello, I'm after some help / advice / knowledge. So I've recently decide to incorporate virtualised gaming into my home / business network. I use Microsoft's active directory for the network. Initially I had planned to utilise Microsoft's Hyper V and Remote Fx, however there appears to be a serious problem with Server 2012R2 and how much VRAM can be allocated to client machines (330MB max) which unfortunately rules this option out for gaming. (unless someone can show me how this can work)? I have seen UnRaid as a possible solution thanks to watching LTT, however before I go creating a new dedicated UnRaid server solely for gaming I have doing research about how to fully incorporate an UnRaid server into ADDS. The virtual machines would of course be domain clients and will be locked down with group policy. The entire network is behind a firewall. After getting all of that out of the way I can now ask the questions I hope someone can answer: Can the UnRaid server use domain credentials to prevent unauthorised local access in the event of theft (yes theft is a major concern where I am) If so how? Can the virtual machines and HDD's be encrypted to prevent unauthorised access in any way. Bit locker? Has anyone tried replicating, even on a small scale using UnRaid to build virtual gaming / media machines and access using thin clients? Any tips would be appreciated or alternatives? Cheers in advance

Hi , I have a domain controller installed . Also I have another server configured as mail server . Is that possible to add a user in the AD users and groups options in the domain controller , so that user can login into the mail server. Thanks

I want to prepare a word document that tells about the simple, well-known to most IT people, best practices for Hyper-V cluster, DNS, DHCP, WSUS and Active Directory. I already did some research but most of the information is or outdated or not simple to understand. I would appreciate the help. In the meantime, I will keep on researching

Hi guys, My company build one server for PDM(Compatible with this software,solidwork), and then got a problem that it would waste much time to update the files' latest version. And clients are in AD, so the server too. My question is that do the server need to join AD,and is there a way to solve the problem. Tks.

I am setting up an AD server for a client of mine using Windows Server 2019 Standard, and I was wondering, if I don't set a home folder or profile path, will they just be stored on the local machine from which the user logged in? Should I create either or both of them? I believe the profile path is only necessary if I am creating the user profile as roaming, but please correct me if I am wrong. Also, how do I automate the creation of a home folder when I add a user to the Active Directory? Thanks in advance!

Hello, I would like to know how domains (or similar things) are done on the Linux/Unix side of things as compared to Windows systems. I am talking about domains as in what Active Directory is to Windows. I have been working with Active Directory for quite a while and I understand how it works, but I have always wondered how a similar thing is handled when using Linux. When I search about this, people say that Samba can act as a domain controller but that looks like something you would use if you need to mix Windows and Linux systems together and does not sound native at all. How are domains done in Linux, are domains even a thing on Linux that many people use, or is there a completely different way or concept of doing things on Linux (scripts and management software?) For example: With my Windows systems I have 2 DCs, a WSUS server, Exchange server, IIS server, SCVMM server, SCCM server, SCOM server, etc... and they are all part of a domain and everything is configured through group policies. Now lets say I replace all of that with Debian or CentOS or something and have a Postfix server, Apache/NGINX server, etc... then how do companies usually manage all of that? Through a control panel or is there a domain equivalent that everyone uses? Sorry if this sounds dumb, I haven't been exposed that much to Linux systems, mostly Windows Server, so I was a little confused when I found a bunch of search results about Samba emulating a Windows domain controller, and thinking what the "native" Linux way is, and wondering if domains are even a thing in Linux or if there is some other completely different way of doing it.

Hi there, I'm trying to connect around 10 PCs to an Active Directory setup for it's Group Policy functions, I've installed Windows Server 2016 and installed the AD server role, and created a domain. I've connected the PCs to the same network and I'm able to ping the server from the PCs and vice versa, however when I try to join them to the domain, I get an error telling me that the domain cannot be found. I've tried this on Wired and Wireless, on Windows 7 & Windows 10. Is there anything that could prevent them from finding the domain? I've tried entering the domain name with and without the .com prefix and nothing seems to work, although it takes a while to load the message when I enter it without the TLD. Thanks.

the tl;dr - how do you, or your company protect active directory? Curious about solutions out there. Would you put AD in a management vlan only to open every port that every service listens on anyway, or throw it into the user space? You can't attack a service that isn't running, and workstations/servers/users need damn near every service that does run... RPC, LDAP, Kerberoes, SMB, DNS, and some other junk I'm probably forgetting. You quickly learn to use groups/aliases for all these damn ports - but to what avail? If you expose it what's the point of segmenting it? One thing I've recently seen a company do is their management network runs in a separate forest, and their user space runs on a different forest - with no trust relationships. On one hand this certainly minimizes the impact of a breach, but it sounds like a freaking nightmare.

How do I go about fixing this error?

hello, im using the following code to create a user account and this creates accounts with "user must change password at next logon" option checked. i dont want it to do this, I want my passwords to be permanent. how can i achieve this programmatically in ASP.NET. Thanks try { string oGUID = string.Empty; string connectionPrefix = "LDAP://" + ldapPath; DirectoryEntry dirEntry = new DirectoryEntry(connectionPrefix); DirectoryEntry newUser = dirEntry.Children.Add ("CN=" + userName, "user"); newUser.Properties["samAccountName"].Value = userName; newUser.CommitChanges(); oGUID = newUser.Guid.ToString(); newUser.Invoke("SetPassword", new object[] { userPassword }); newUser.CommitChanges(); dirEntry.Close(); newUser.Close(); } catch (System.DirectoryServices.DirectoryServicesCOMException E) { //DoSomethingwith --> E.Message.ToString(); }

hello,is there some sort of script to untick "change password at next logon" and tick "password never expire" option for all accounts in a specific OU in Server 2012 R2? I know its possible to do this using GUI, but i want to do this programmatically for reasons. I have found this code and tried running it in powershell. i get the message it was successfully executed but no change has been actually done. would like to know if there is a proper code to achieve this. Thanks dsquery user “OU={your target OU},DC={your domain},DC={your domain extension}” | dsmod user -pwdneverexpires yes

I've been seeing more and more of a need for us to use Active Directory at work. The biggest concern for us to move to it is security however. Everyone here would be new to it and we're all a little uncomfortable with having all of our computers essentially completely controlled from a central location -- what is out there to protect ourselves? And if it does get attacked in /some/ way can we do anything to limit what an attacker could do? Has there been incidents with active directory in past events in history? we have a couple hundred computers and are about to move 95% of them to windows 10, and with windows 10 automatic update showing no mercy I'm not really seeing anything else we can do at this point to have true control of our user's PC's. Not to mention our bandwidth... we can't have PC's constantly downloading updates it will be a nightmare. any general concerns/questions/suggestions/solutions are also very much appreciated. I'm tired of pulling my hair out over this.