Hi all, this is my first post so hopefully someone can help me. I'm having some problems with my users complaining of Windows taking a very long time to load. I experience the same issues on my Windows 7 laptop, we have various users using Win 7 and XP, i've noticed the same issue on some of the XP machines. I enable the gpo debut on my windows 7 and there is a one minute + delay at one

Bruce, I have followed your steps but unfortunately it did not work for me. I am trying to accomplish the same problem. I want to create users in Active Directory and when they sign on their local computers, I want them to be automatically Powers Users rather than Users. I created a group named Test added the user in there, went to Restricted Group added the group Test then wrote Power Users

Hi, I'm wondering if there is a way to use GP to apply a setting depending on whether a user is logged on at the office or out of office. The setting I had in mind is enable/disable using a proxy found in Internet Options. Enable it if the user is in the office and disable it when out of the office. Is there a way to do this? Any ideas would be great. Many thanks. Mehds

I have searched around and I cannot find anything that helps me. I am trying to update the schema on ADAM but i continue to receive this error, which I have discovered is pretty common: Add error on line 1049: No Such Attribute The server side error is: 0x57 The parameter is incorrect. The extended server error is: 00000057: LdapErr: DSID-0C090B3D, comment: Error in attribute conversion

Windows 2003 Server, Active Directory. How to find out who and when logon/logout from AD? How to force disconnect a user from AD?

Hi guys, I'm trying to open some 5000 computer objects in a loop. Anyway, at some point (say on 1500-ish iteration of the loop) ADsOpenObject() returns 0x8007203A (The server is not operational). But when I put a delay before each call (say, Sleep(20)), nothing similar happens. Any ideas why frequent calls to ADsOpenObject() may result in 0x8007203A? Martin

Hello. I want to configure a NLB (Network Load Balancing) on Windows 2003 but I want to do so as per Microsoft Best Practices which indicate that the best solution should be multiple NICs (2). http://technet.microsoft.com/en-us/library/cc740265%28WS.10%29.aspx The problem is that I couldn't find no even one example of this configuration in the web, the closest are these two articles :

Can someone please state what FSMO role is involved in AD trusts? The reason I ask this question, is that I moved the 3 domain FSMO roles off the forest root DC to another DC and then took down the forest root DC for hardware maintenance. During this period, users were unable to log onto apps across the trust, but when the forest root DC came back online, the users could then log

We are planning to upgrade our AD schema to the 2008 R2 version (we are currently on the 2008 version), all our DC's are 2003 and we are at 2003 domain and forest functional level. Will this have any problems with exchange 2003 or our last remaining NT server (once the NT server has gone we plan to upgrade all our DC's from 2003 to 2008).

Hi everyone, here is the scenario that I am having problems with: There are two seperate forests with domains, coffee (internal) and cola (external). I can set cola up with a one way outgoing trust so that the coffee people can access all the cola files that I grant them rights to (which is perfect) and cola doesn't seem to be able to get out into coffee (so that seems to be

i've win2k3 domain and i need to create a web page for self password reset..Are there any options available to do so.Or if there are any low cost solutions available. Can anyone help

On Mar 19,

Can someone please direct me to a definitive URL (preferably MS) that states what rights are required to delegate AD control to a Windows group to be able to move computer objects between OU's. I’ve found a few myself, but they all mention different rights. Cheers, Cosmo

member server 2003 sp2, was in old 2000 domain. removed from that domain into a workgroup. changed dns to reflect new domain. now trying to add to 2008 domain and I get a message of "The service cannot accept control messages at this time". Of course it doesnt join the domain either. I had another member server that i pulled out of the same domain and added it with no issue. So

Hi, I have IIS7 setup with a directory secured using BASIC Authentication only. The directory is on a network share but only two Active Directory usernames have NTFS permissions to this folder. One username is for the IIS entry to have permission to the share. The second username is to be used externally/publically when visiting the website. It works great. The username can login

Does anyone know what to do or a link to help me troubleshoot this problem? C:\Documents and Settings\drservice>repadmin /replicate DC2.DNS DC1.DNS DC=DRS44,DC=drs Sync from DRS-44-9A.drs44.drs to DRS-44-9B.drs44.drs completed successfully. C:\Documents and Settings\drservice>repadmin /replicate DC1.DNS DC2.DNS DC=DRS44,DC=drs DsReplicaSync() failed with status 1127 (0x467):

Hi all, We have windows 2003 SP2 32bit Domain controller with windows 2003 functional level. I need to run exchange 2010 prep on the 32 bit schema master, can I run it since the exchange 2010 i only have 64bit? Is there a way to get around? thank you.

Hi For past 2-3 months we are facing issues with editing GPOs applied at domain level including Default Domain Policy (at the same time Default Domain Controller Policy is fine). Finally we found there are many permanent sessions to Gpttmpl.ini from Windows Vista machines. Most of the machines having SP1 and some are SP2. If we stopr these sessions then we can able to edit sall

Hello. You may find this useful. I had a very similar issue and this is how I fixed it. http://www.andymcdonald.co.uk/2010/04/19/dcdiag-fsmocheck-error-1355/ Zalew wrote: NetDiag Default Gateway Error -->DcDiag Advertising Error 22-Nov-08 Hi Guys, I'm having problems with time sync in my AD. Server which should be time server for my domain doesn't advertise himself. After

Hi We have a lab environment that we use to test 2008 server.We had an 2003 native mode forest.There is a single domain.We have 3 sites each containing DCs on them.On the site that represents a branch office we installed an RODC. We run adprep /rodcprep and complete the installation using DCPROMO.The nearest site to the site hosting RODC only has an 2003 DC and there is also a 2008

Hi all, We are going to introduce the new windows 2008 R2 DC to our windows 2003 32bit DCs with windows 2003 functional level. I need to run forestprep and domainprep in the windows 2003 schema master. Can I run the R2 64bit forestprep and domainprep on the windows 2003 32bit domain controllers? Thank you!

We have a single 2003 forest/domain env't. We'll have 2 sites (currently only 1). The HQ site has a few DCs (also a GC) and an Exchange mail server. The remote site will have a dedicated DC for the users there to authenticate against (configured in ADSS for their subnet). Does this DC at this remote site need to be a GC as well to handle user authentication in case they lose a

Hello. I have a server running Windows Server 2008 and need to have a security policy to ask for the password change users every 3 months, how I can do? and How does affect the Administrator user? Thank you.

Let me preface this by saying - I am a SQL Server DBA, so AD and dquery is way out of my league. I am performing a clean up of some old service accounts use to start SQL. I have a few service accounts that were never marked for non-interactive logon. Can I query AD to see when was the last time (if any) someone logged on interactively? And if so, what ip address did that

Guys, I have a list of users in a .csv file. The users are listed via firstName, lastName Is there anyway I can use dsquery or any other tools to grab the user's login id after it's compared to the name? Normally for a single name I would do something like dsquery user -name "Nik Test" | dsget user -samid Win2003 sp2 Thanks