Helpdesk | Active Directory

Active Directory
Disable Endpoint Identification
Issue After upgrading LUW installation to 6.5.4.1, it was not connecting to Active Directory. After further testing, it appeared that having the IP address instead of the DNS name in the Directory Services (8090 console) was causing the issue. After ...
Password Reset Requirements and Process
Password Reset Requirements Loaders must be communicating with the Directory using SSL (LDAPS). This is an LDAP requirement of Microsoft to manage user passwords. Password Complexity must be enabled in the UW Password Reset Policy, and configured to ...
Microsoft requiring LDAP channel binding and LDAP signing with 2020 update
Issue Microsoft Advisory ADV190023: Microsoft is planning to push out an update in March 2020 that will require LDAP channel binding and LDAP signing for LDAP connections. (Please note, Microsoft initially planned to push the change in January.) ...
Configure Directory Services for Redundancy
Question Is it possible to configure multiple directory servers for redundancy, in the event the configured directory sever goes down? Solution It is possible to configure UW to talk to multiple directory servers to provide redundancy. This is done ...
Directory Services Unable to Connect to Directory after update to 6.5.4.10
Issue Customer upgraded Unified Workspace to 6.5.4.10. Now when starting UW, Directory Services is unable to make a connection to the directory. More Information After further testing, it appeared that having the IP address instead of the DNS name ...
AD LDS Directory Attribute Variables
Issue Customer has an AD LDS installation of Unified Workspace, and their AD Attributes are not parsing. Solution As AD LDS is basically running in its own directory, the attributes in the customer's main AD are not available in AD LDS. Only ...
Lingering Objects and Tombstones in Active Directory
Issue Due to the way Active Directory works when removing objects, administrators can run into directory issues with Unified Workspace when AD doesn't completely do away with the object (leaving a tombstone behind). Finding and Removing Lingering ...
General MS AD LDAP information.
General MS AD LDAP information
MS AD LDAP bind errors.
LDAP error code 49 is the generic code for authentication error. https://helpdesk.lenovosoftware.com/portal/kb/articles/ldap-error-codes-22-8-2017 has the list of java ldap top level error codes. To fully understand the error you need the rest of ...
What is the Global Catalog?
Microsoft Definition of the Global Catalog The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The ...
How do I see the Schema Changes ?
You can obtain this from webAdmin by right clicking on Tree Root and choosing Schema Report.
List of MSC Tools
Most admin tools in Windows Server 2003 are MMC consoles you can access from the Start menu. But you can also open these console from the command line if you know their .msc filenames. This can be especially useful if you log on to your admin ...
What do each of the default groups in Active Directory do ?
See the following information from Microsoft : http://technet.microsoft.com/en-us/library/cc756898(WS.10).aspx or https://customer.lenovosoftware.com/support/techdocs/kb/d2041/msdefaultgroups.pdf Enterprise Admins group is a universal group that ...
How do I backup Microsoft Active Directory ?
While backing up AD is not a function of Stoneware, here are some urls that have some good information. Simple script to start a backup: ntbackup backup systemstate /J "AD Backup" /F "C:\\ADbackup.bkf" Best Practices for Active Directory Schema ...
Errors with GUID in the LDAP object name
If you see errors like : Could not read attribute : CN=some-object-name\0aDEL:7dafdas3-23d-23c-8023-123212,ou=stoneware,dc=company,dc=com Basically, the object is in a state of deletion and may be stuck due to bad replication or a server being down. ...
Where can I find documentation on AD DS Fine-Grained Password and Account Lockout Policy ?
Here is where you can find the Microsoft Step By Step docs : AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx Step-by-Step: Enabling and Using Fine-Grained ...
How can I see the domain password policy in MS AD ?
When on a machine that is part of the domain you can type net accounts to display the information. There are other ways explained in the following URLS : Change min/max password age: ...
How can I see more info about a user in AD?
If you open up Active Directory Users and Computer, go to VIEW and check Advanced Features. Now go view the properties for a user and there will be an additional tab called Attribute Editor. This will let you see a bunch of information about a user ...
Is there an active directory attribute that shows a users domainusername ?
If you are looking to get domain\saMAccountName in a variable, you may be able to use the Directory attribute msDS-PrincipalName. This attribute is available if you have a Parent / Child domain structure. The variable usage in webNetwork would be ...
Referral error on console
The customer is seeing this error repeatedly on our UW server console. INFO (02/05) 10:11:05 [stderr]: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ’dc=EDU,dc=myschool,dc=ca’ This typically means that ...
Changed password but old one still works.
After changing the password in Active Directory, users are still able to authenticate using their old password. Why is this ? Active Directory allows both the old password and the new password to be used for one hour, to allow for replication. ...
DNS Errors
Customer is having issues talking to active directory and ran a dns test with the results INFO: exploring forest using domain controller: server1.company.com >>>>>: (DNS) - testing domain: COMPANY INFO: according to DNS, the following services are ...
Unable to update schema
The customer is a doing new install and can not perform wizard #2 when using Active directory. Customer turned on com.stoneware.service.directoryManager.schema debug and got the following error: FATAL (04/29) 10:58:32 ...
Referral limit exceeded
After doing a new install and starting things up, customer gets the following error : javax.naming.LimitExceededException: Referral limit exceeded [Root exception is com.sun.jndi.ldap.LdapReferralException: [LDAP: error code 10 - 0000202B: RefErr: ...
How can I check if my Microsoft Active Directory Domain controller / LDAP Server has SSL ?
The following URL has a nice write up about the Microsoft Tool called LDP.exe http://www.computerperformance.co.uk/w2k3/utilities/ldp.htm You can download ldp.zip directly from here : http://www.computerperformance.co.uk/ScriptsGuy/ldp.zip or copy ...
How do I set up SSL Certificates for MS AD Child Domains ?
Certification Authority setup Parent/Child – Parent or root domain should contain the Enterprise root CA and the child domains would be Enterprise subordinate CA. You must be logged on as an enterprise administrator. Click Start, point to Programs, ...
Unable to Verify / Extend Schema
On the console the customer sees : FATAL (05/09) 12:10:51 [com.stoneware.service.DirectoryManager]: Unable to verify/extend schema. javax.naming.CommunicationException: simple bind failed: 10.1.1.17:636 [Root exception is ...
Change AD server address
Issue Where do I go in Unified Workspace (formerly webNetwork) to change the Microsoft AD server that UW talks to? Solution Browse to the UW loader's 8090 Management Console The loader, is the UW server that connects to your directory. You may have ...
When should I add an attribute to the Active Directory index ?
How do I know if I should add an index to Active Directory and if so, how ? This Blog entry explains it very well. http://blogs.technet.com/ad/archive/2008/04/01/how-to-create-a-mosiac-of-user-thumbnails-in-aduc-dsa-msc.aspx
How do I find my AD Schema Master server ?
There are many ways to do this, one such way is to use the following command. dsquery server -hasfsmo schema
Enable Multi-Domain Support
If you use Active Directory and have multiple domains using a Parent Child configuration model AND your Check DNS Configuration is clean and has no errors then you can safely check this option. If it is not enabled and you have parent child domain ...
Error authenticating during webNetwork startup.
The customer gets an error when starting UW: INFO [com.stoneware.service.DirectoryManager]: We are creating an AD connection. FATAL [com.stoneware.service.DirectoryManager]: Unable to verify/extend schema. javax.naming.AuthenticationException: [LDAP: ...
User password expiration / lockouts in Microsoft Active Directory
How can I show accounts that are locked out in AD ? http://technet.microsoft.com/en-us/library/cc738772(WS.10).aspx Can I dump password expiration for users in AD ? AdFind.exe to dump the password expiration. Stoneware download / Utilities has this ...
Clean up of dead / removed servers.
The customer had problems installing webNetwork into an AD tree where some dead servers were not cleaned up properly. How can those servers be cleaned up ? The following URL explains removing the metadata from the old server in case it is going to ...
LDAP tracking on windows server
How can I track ldap communication on Windows server? The following URLs give the information on how to track LDAP communication on a windows server. ...
Common Microsoft AD LDAP bind errors.
LDAP error code 49 is the generic code for authentication error. https://helpdesk.lenovosoftware.com/portal/kb/articles/ldap-error-codes-22-8-2017 has the list of java ldap top level error codes. To fully understand the error you need the rest of the ...
DNS Test : NameNotFoundException error
The customer is using MS AD and is in the stoneware management console and did a DNS Test. The following Errors were given. INFO: Attempting to locate a domain controller in DNS for domain: company.org ERROR: javax.naming.NameNotFoundException: DNS ...
User unable to change password with MS Active Directory
Microsoft requires that you configure the portal to talk to the MS LDAP server using SSL. If you are not configured for SSL for LDAP then webnetwork will work, but anything that deals with password changing will not function.
How to view the group policy settings
From a dos cmd prompt you can type : gpresult If you want to do it from a gui, then do the following : From the Start / RUN type : rsop.msc This will open "Resultant Set of Policy" which will show you the Group Policy settings that have been applied ...
Error during login caused by time of day restrictions.
Customer changed a users password in Active Directory but the user can not login to webNetwork. The following error is displayed : DEBUG [com.stoneware.service.public.Core.authenticate]: Authenticating user: OR_OPERATION: {cn=jdoe, sware.email=jdoe, ...
Next page

Recent Articles
Change Reset Password Button Text
Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...
Remove Reset Password Button From Login Page
Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...
Lenovo Unified Workspace End-of-Life Questions and Answers
As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...
How do I determine my Unified Workspace license expiration date?
The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
Lenovo Unified Workspace 7.0.2.13 Released
Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

Helpdesk | Active Directory | Knowledge Base

Active Directory

Disable Endpoint Identification

Password Reset Requirements and Process

Microsoft requiring LDAP channel binding and LDAP signing with 2020 update

Configure Directory Services for Redundancy

Directory Services Unable to Connect to Directory after update to 6.5.4.10

AD LDS Directory Attribute Variables

Lingering Objects and Tombstones in Active Directory

General MS AD LDAP information.

MS AD LDAP bind errors.

What is the Global Catalog?

How do I see the Schema Changes ?

List of MSC Tools

What do each of the default groups in Active Directory do ?

How do I backup Microsoft Active Directory ?

Errors with GUID in the LDAP object name

Where can I find documentation on AD DS Fine-Grained Password and Account Lockout Policy ?

How can I see the domain password policy in MS AD ?

How can I see more info about a user in AD?

Is there an active directory attribute that shows a users domainusername ?

Referral error on console

Changed password but old one still works.

DNS Errors

Unable to update schema

Referral limit exceeded

How can I check if my Microsoft Active Directory Domain controller / LDAP Server has SSL ?

How do I set up SSL Certificates for MS AD Child Domains ?

Unable to Verify / Extend Schema

Change AD server address

When should I add an attribute to the Active Directory index ?

How do I find my AD Schema Master server ?

Enable Multi-Domain Support

Error authenticating during webNetwork startup.

User password expiration / lockouts in Microsoft Active Directory

Clean up of dead / removed servers.

LDAP tracking on windows server

Common Microsoft AD LDAP bind errors.

DNS Test : NameNotFoundException error

User unable to change password with MS Active Directory

How to view the group policy settings

Error during login caused by time of day restrictions.

Next page

Recent Articles

Change Reset Password Button Text

Remove Reset Password Button From Login Page

Lenovo Unified Workspace End-of-Life Questions and Answers

How do I determine my Unified Workspace license expiration date?

Lenovo Unified Workspace 7.0.2.13 Released