Active Directory
List of Active Directory Error Codes
The error codes for Active Directory can be found at this Microsoft URL. http://msdn.microsoft.com/en-us/library/ms681381%28VS.85%29.aspx
How to turn on Active Directory diagnostic event logging
The following information comes from : http://support.microsoft.com/kb/314980 This step-by-step article describes how to configure Active Directory diagnostic event logging in Microsoft Windows 2000 and Microsoft Windows Server 2003. Active ...
Assigning users to Domain Users group
Question When I assign a link to Domain Users, the users never get the link. If I assign the link directly to the user or another group, then things work. Resolution This is a feature/limitation of Microsoft Active Directory (MS AD). Domain Users ...
SizeLimitExceededException when using LDAP
When using a ldap browser like JXplorer to query AD, sometimes depending on the query the following error is displayed : javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name ...
Error when creating a new user
Getting error: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F This means either you did not have a password that matches the AD password policy rules or you do not have SSL enabled on the directory services tab in the ...
DCDIAG - Error - Replicating Directory Changes in Filtered Set
dcdiag returns : ENTERPRISE DOMAIN CONTROLLERS doesn’t have Replicating Directory Changes In Filtered Set customer runs dcdiag and get error : Starting test: NCSecDesc Error NT AUTHORITYENTERPRISE DOMAIN CONTROLLERS doesn’t have Replicating ...
Relayuser won't authenticate
During startup of webnetwork customers webnetworktrace.log shows : LOGIN FAILED: CN=relayuser,dc=example-cloud,dc=com: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 533, vece ] This means that the ...
Problems with Multi Domain / Parent - Child AD Domain Issues
Issue: The customer has an MS AD Parent / Child setup and webNetwork is having many problems creating objects in webAdmin. When a wizard is used to create a webApp and the end the Host, Link and User cannot be modified. Resolution: This was ...
How to display the MS AD LDAP Settings being used.
The following comes from the URL : http://support.microsoft.com/kb/315071 This step-by-step article describes how to manage Lightweight Directory Access Protocol (LDAP) policies by using the Ntdsutil.exe tool. To make sure that domain controllers can ...
What does the dns record (same as parent record) mean in Microsoft DNS ?
"Same as parent" record is used to identify DC’s under a domain name. The "(same as parent)" record is called the LdapIpAddress record. It is an important dns record. Without it, clients can’t find the DC, especially if it’s the only one, as well as ...
Stop inbound / outbound replication in AD
How can I temporarily stop in / outbound replication to a DC ? The following URL Explains the process : http://technet.microsoft.com/en-us/library/cc755360%28WS.10%29.aspx repadmin /options +DISABLE_INBOUND_REPL repadmin /options ...
Slow access to MS AD LDAP from OSX
Customer is having slow access talking to MS AD via LDAP. WebNetwork is being run on a MAC OSX box and is using MS AD for Directory Services. The dns server is running on MS AD and the OSX box is pointing to that for its DNS information. Directory ...
DNS Query used to find GC and DC
How can I use nslookup to find the GC and DC in DNS for Microsoft AD ? To find the GC (global catalog) that are listed in DNS nslookup > set type=srv > _ldap._tcp.gc._msdcs.comapny.com Server: adsrv1.example-cloud.com Address: 192.168.1.251 ...
How to enable SSL for LDAP on Active Directory?
Problem: webNetwork requires SSL over LDAP connection. Cause: To ensure best security possible, you will want "end-to-end" encryption. This is only possible with encrypting the LDAP connection. Without SSL over LDAP some features, such as ...
Update schema error : ServiceUnavailableException
The customer is starting UW for the first time and when it tries to update the schema an error is displayed: LDAP: error code 51 - 000021A2: SvcErr: DSID-030A0AF2, problem 5001 (BUSY) Running repadmin /showreps shows the following information ...
Create domain and forest dns zones
How to recreate the DomainDnsZones and ForestDnsZones in AD DNS. This URL has the Microsoft commands to do this: http://technet.microsoft.com/en-us/library/cc739505(WS.10).aspx dnscmd ServerName /CreateBuiltinDirectoryPartitions ...
LDAP Signing on windows server 2008 and higher
The customer is trying to connect to a windows server 2008 domain controller and is getting : javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on ...
DC won’t obtain SSL certificate automatically
Customer installed Enterprise CA server in their AD forest and some Domain Controllers won’t pick up an SSL certificate. The customer used LDP.exe to verify all of their DC to see if they had SSL enabled. They found a DC that did not pick up an ...
How to dump the AD DNS Partitions
How can I check what AD DNS Partitions my AD DNS server holds ? dnscmd /EnumDirectoryPartitions which is a command line utility installed on a windows dns server. It will output Example Output Enumerated directory partition list: Directory ...
webNetwork will not start because AD ssl certificate has expired
Customer restarted webnetwork and now it won’t start. It gives errors like : FATAL (12/23) 11:19:23 [com.stoneware.service.DirectoryManager]: Unable to verify/extend schema. javax.naming.CommunicationException: simple bind failed: 192.168.1.41:636 ...
How to add an attribute to the search index in Active Directory
For Active Directory and webNetwork there are 4 attributes that will help speed up webStorage. "member" "swareAssignedNodes" "swareAssignedMenus" "swareAlias" The following information comes from : ...
Issues with Active Directory Replication
Symptoms: updates are not being seen around the domain/forest. DC's will still authenticate users, but any changes (like password changes) will not replicated through the forest. Run various commands for assisting in identifying the problem: Dcdiag ...
Display password complexity in AD
How can I display the password complexity for a windows domain that is not using Fine-Grained password features ? Click on Start, Run, GPEDIT.MSC Go to computer config-----windows settings---security setting--account policy----passwd policy This will ...
Microsoft command line tools for Active Directory
How to Manage Users Creating a New User Account 1. Click Start, and then click Run. 2. In the Open box, type cmd. 3. At the command prompt, type the following command: dsadd user userdn -samid sam_name The following values are used in this command: • ...
Display domain policies on a machine
How can I find what policies are set on a machine based on logging into my companies domain ? Start, Run, rsop.msc This will load the snap in and allow you to see what policies are applied to the workstation. Other handy tools : gpedit.msc - Edit ...
Change NTLM Authentication type
How can I change the NTLM authentication type on my windows box ? Update 10-31-2014 : webNetwork 6.2.1.182 and higher works much better with NTLM V2 and the change below should not be needed anymore. It is still provided here just in case a customer ...
Verify Active Directory SSL
How can I check if my Microsoft Active Directory Domain controller / LDAP Server has SSL ? The following URL has a nice write up about the Microsoft Tool called LDP.exe http://www.computerperformance.co.uk/w2k3/utilities/ldp.htm You can download ...
DNSLint : Resolving DNS Names
The following information comes from the Microsoft URL : http://support.microsoft.com/kb/321046 There is also a powerpoint on the subject at : ...
Unable to update schema - problem 5001 ( BUSY )
The customer is trying to install webnetwork into Microsoft ad and is getting Unable to update the schema. And the following error is displayed: INFO (12/19) 11:01:05 [com.stoneware.service.DirectoryManager]: We are creating an AD connection. FATAL ...
AuthenticationException LDAP: error code 49 - 80090308
Customer is getting the following error when webnetwork starts : javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece ] The customer had changed admin ...
How to check Microsoft AD Synchronization between DC
repadmin /syncall /AePdq /A= perform syncall for all NC (naming contexts) held by DC /e = Enterprise , cross sites /P = Push changes outward from home server /d = Id servers by DN in messages instead of GUID /q = suppress callback messages repadmin / ...
Schema Modifications to the Directory
Unified Workspace provides users with access to resources based on who they are in the directory and what groups they belong to. To help create a personalized workspace for each user, Unified Workspace stores additional information on each user’s ...
Enable webNetwork to talk to AD Child domain
To allow webNetwork to talk to a child domain in Microsoft Active Directory you will want to first make sure your child domain is up and running and that you have run DNSLINT to verify your Active directory DNS names and server communication. Next ...
Error changing AD Password
The user is trying to change their password via the portal and is getting an error that the Directory Services was unable to change the password. The following error shows on the loader console : DEBUG ...
How to add indexing for an Active Directory attribute
How to Index an Attribute in Active Directory: On your schema master go to Start --> Run and type in “regsvr32 schmmgmt.dll” (without the quotes), then press enter Open MMC and add the Active Directory Schema snapin In the console tree, click ...
How to setup an Active Directory search index for an attribute
Problem: Active Directory slowness issues in various parts of the webNetwork product - login, webStorage, webAdmin, etc... Cause: Different Active Directory environments may require indexing of attributes to improve performance. For example, ...
What to consider before adding an Active Directory search index for an attribute?
Problem: webNetwork installation has slowness issues and you are looking to index certain directory attributes in an effort to improve performance, but do not know the effects of adding an index to Active Directory. Solution(s): Here are the ...
Which Active Directory attributes should be added as search index?
Problem: Active Directory slowness issues in various parts of the webNetwork product - login, webStorage, webAdmin, etc... Cause: Different Active Directory environments may require indexing of attributes to improve performance. For example, ...
How to create a limited Active Directory service account
Problem: For webNetwork installation, you will need a Schema Admin and Domain Admin account. For daily operation, you will need a service account to connect to Active Directory, but you may not want to run it with this same high-level account. ...
How to enable schema updates on older windows 2000 DCs
Problem: Schema Admin group is not present or insufficient for write-access to Active Directory schema. Cause: The extension or the modification of the Active Directory schema requires write access to the schema. This is enabled by means of the ...
Next page