Jump to content

Search the Community

Showing results for tags 'ad'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • Official Forum Supporters
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Windows Server 2008
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







  1. Introduction I've come across various problems during Windows Autopilot causing OOBE to fail that could be solved if only we could decide the order of when things were installed, and to resolve this in a nice way we wanted to dynamically populate an Azure AD group that could be targeted with a device configuration profile. That would mean that we could target sensitive policies to devices after enrollment instead of during enrollment allowing for a smoother, less error prone experience. Being able to apply a profile after Autopilot is finished requires knowing when Autopilot is actua
  2. Hi There, Anyone here has hands-on experience on implement Bit-Locker To-Go? In my environment we use SCCM CB-1902 and MBAM server & client. We have single drive in all the client and it has been protected using MBAM agent. Now looking for encryption the removal disc \USB automatically, when it insert. How can I achieve this? Please free to ask me, if required more information. BR, Biju
  3. Hi! I'm using a VBS script during OS deployment to set the AD computer description. But results are unpredictable at best (if you use numbers or gaps) Does someone has a suggestion for a good working solution ? script that I was testing : cscript.exe adcompdesc.vbs “%ComputerDescription%” dim Computerdn, strComputerName dim Args Set WshShell = WScript.CreateObject("WScript.Shell") '----Get Computer DN------ Set objADSysInfo = CreateObject("ADSystemInfo") ComputerDN = objADSysInfo.ComputerName strcomputerdn = "LDAP://" & computerDN Set objADSysInfo = Nothing '-----Read co
  4. Hello to all, I open my record again at the forum with a problem that is driving me crazy I have in my work environment a problem with many accounts that are abnormally block. I started all the troubleshooting steps, and slowly I'm probably coming to realize what it is, but I have this event that I can not read well: EventId: 5 The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server% 1. This Indicates That the ticket used against That server is not yet valid (in relationship to That time server). Contact your system administrator to make sure the client and s
  5. Here's a quick resume of the current setup I am using. I've been using AD groups to deploy applications from SCCM with query-based collection membership for devices. In short, this means that in AD a computer is added to a group and whenever SCCM runs AD Group discovery and sees a change, the collection which queries that group also updates that group and the application is deployed on the target computer. This was done in order to preserve the historical AD structure and method of deploying applications (previously done with GPOs). This works flawlessly and is relatively quick. Since we d
  6. I am new to active directory and I am having issues with folder rights. This is my situation - Folder Structure Folder A Subfolder B Subfolder C Share folder "A" with GrpAdmin Read only Change Security for Folder "B" with user Teacher - who is a member of GrpAdmin - to have full Control User Teacher still cannot create files in folder B. Do i need to share folder B with user Teacher?
  7. Hello guys I need help in design in (AD) and SCCM 2012 my topology is : central site (HQ) and 16 branches each branch have 15 users and connected via IP-VPN to central I cannot make additional domain or even RODC in the branches , I just organized them by create OU for each branch My Question : what's the best practice to organize and manage those branches (in domain controller and in sccm) thank you all
  8. Hi guys, I'm new here, but I've been visiting every now and then and found a solution most of the times. I'm not an expert of GPO but I was tasked to look at a solution either ways (just joined a new team). Our security team wants to make sure that every single person in the company has to change his password every tot days. Now, that's done already, except for global accounts. Let's say _No-Expiration is a group containing all the users that I want their password not to expire. Now, what I want to achieve is to get a GPO set for all OU's which has to overwrite the Password never e
  9. I am having an issue with our client push. When I push the client to our machine it installs fine but it gets a incompatiable version and will not automatically assign the site code. I can manually set the site code as a local admin and it works fine. I am thinking this may be a problem with the way I have the boundaries set up in SCCM. My question is, if I change the boundaries or boundary groups in SCCM will I need to extend AD again? Or does the changes automaitcally get replicated to AD? Thanks!
  10. Afternoon All, I'm new to SCCM 2012 and really trying my best to get things working as I thought they should be... I'm trying to push a simple application out to a user colleciton which only contains and AD group, which intern has the specific users added. The AD Group is called SCCM_Deploy 7zip The user collection is called Deploy 7zip it has the AD Group (SCCM_Deploy 7zip) inside of it. I have the 7zip msi, all defaults turned on, and once I tell it to deploy to the 'Deploy 7zip' user collection nothing shows in software center. I have attached a few screenshots. Thanks in advance f
  11. I have one SQL server that is complaining about missing SPN principals. SCOM monitoring is saying SQL can't authenticate using Kerberos because it's missing the SPNs "MSSQLSvc/[server.domain.tld]:1433" and "MSSQLSvc/[server.domain.tld]". It's the default instance. This doesn't seem specific to SQL. I attempted to list SPNs in use with klist and setspn. klist will give me a list for the currently logged-on user, but setspn -L will fail, claiming this: C:\> setspn -L username@domain.tld FindDomainForAccount: Call to DsGetDcNameWithAccountW failed with return value 0x00000525 Could not
  12. I am working on a task within an OS build process to disable the previous computer object in AD. Within my OSD task I have the option to change the system name. When the name is changed I set a variable to trigger a script to disable the object within the full OS portion of the task sequence. (The task is setup after the ConfigMgr agent is installed.) Because, the local system does not have access to AD I need to use a service account to disable the object. No matter how I run the script I get an error code 1 from the return of the script. I have triple checked the password and the a
  13. Install Active Directory Domain Services Now that we have the VMs created, and the OS installed on both, we need to first install/setup Active Directory (AD). When you log into a new installation of Server 2012, Server Manager will auto launch. From Server Manager, click on Manage, and choose ‘Add Roles and Features’. On the Add Roles and Features Wizard, read the information on the Before You Begin dialog, and then click Next. On the Installation Type screen, select ‘Role-based on feature-based installation’ and then click Next. On the ‘Server Se
  14. Hi I have a problem that I have been trying to resolve, and am not having much luck so far - hopefully someone has an idea. In my infrastructure I have a bunch of printer queues that are published in AD, but they are orphaned as the printer server that they were associated with died unexpectedly, and we did not have chance to remove these published queues in print manager. If a user tries to add a new network printer, via the directory, an error is thrown that the printer cannot be connected to (obviously) Now I know that the printer pruner service that runs in AD should clean
  15. Hi! I'm trying to figure out alternatives for domain-users to change/reset their password themselves. I know there are tools that run as a webservice, I know OWA can be used - but are there anything else, or are those the options? Due to cost, it's hard to justify spending that much money on a solution - but if anyone can reccomend anything, or got other solutions it would be great! Does any of the System Center 2012 parts allow for such a thing?
  16. I have a problem at work where my new sccm 2012 server discovered way to many users. I had enabled the Active Directory Forest discovery and I thought it was only supposed to discover the forest and possibly add those as boundaries, but now I have 44.000 users from other locations I do not want in the DB. Is there a quick way to clean the DB for these users? The server is not in prod, but don't want to start over for I've already created some tasks and packages. I have since then setup the user discovery from the right ou, but is it safe to just select all -> delete? tried with a few, but i
  17. Hi there, Just getting into SCCM 2012 and I have a question about what might be the best way to setup my boundaries. I would like to use our AD sites as it seems to be the least administrative heavy option, however because of our configuration I'm not sure it is possible. The way our AD sites are configured is this - we have all of our major offices with domain controllers created as a site in AD with all of their subnets defined, however we have branch offices that do not have domain controllers in them as they have too few clients located there. Those subnets are defined in the main
  18. Hello Thanks for reading my post To start with some basic info about my VM test lab Part one – My Lab I have two Windows 2012 Servers: Main DC called – NEW-DC01-W12 – Running DHCP – IP address SCCM Server called – NEW-SCCM-W12 On my DC I made a container called System Management and give the SCCM server (NEW-SCCM-W12$) and my SCCM admin (SCCMADMIN) account full Control permissions to the System Management container and all its child objects. Not sure where the $ came from but it adds it when I enter my SCCM server name. I used http://technet.microsoft.com/en-gb/li
  19. Dear all; First thing I would like to thank all of you for your support and knowledge sharing. I have an issue with SCCM 2012 and Active Directory, I will describe it here. I have three Active directory one of them OS 2003 r2 and tow are 2008 r2. 2003 was handeling all FSMO roles and I moved the FSMO roles to 2008 r2 and tried to demote the 2003 to get the full 2008 r2 features, but when I was turned off 2003 for a while to make sure all our systems are up and running SCCM 2012 can not connect to database which the database on seperate server. For the information when I trune
  20. I've been getting my info from this site for some time now. Great stuff and a big thank you for that! But I've come across a problem which I can't seem to find a solution for. I want to deploy software through AD security groups in which I put our computer objects. SCCM doesn't seem to cope with that though. You can create a user collection and link it to a security group, but then only users which are linked to the group get the software. That works just fine. I tried putting computer objects in there, but they won't get it. Only users will. Since I want the installation to be computer ba
  21. Our AD went down the other day and we had to restore it from a backup. Ever since then, something has happened to the clients and they won't associate with the Site. I can't push the client install to any computer, but I am able to manually install the client on the the computer. Prior to having to restore the AD everything was working great. I have gone through and checked that all of my SCCM user accounts are still there, checked that the Schema was still intact (following this post). I ran the extADSch.exe and the log comes back and states that everything already exists. On the co
  22. Hi, I'm wondering if it is possible to pull in only computer objects that are part of a specific Active directory Security group to a collection, and how such a query will look. Has anyone had to do this in the past, and is it possible? Ultimately we would like to separate computers by departments, and our AD access is such that we cannot create new ou's. Thanks. Coenie
  23. In a deploy task sequance you can set the AD location of the machine to build to, can you how ever have the machine detect the location (OU) that is is currently in and build to the same place or do you have to have a different ask sequence for every AD location? Thanks
  24. I am running MS SCE2010 on a windows server 2008R2. It installed ok, it complained about a few GP's, but I fixed those. Now I have a few problems, in the middle of the night, it insatlls and updates my servers, which I do not want, with my GP, I configured that to never do that, but with SCE2010, I don't know how exactly to configure it to only notify of updates, but to NOT download them or install them on my servers. Also, I'm trying to install the agent on PC's and it continues to fail on one laptop. The agent on all other PCs installed ok except with one laptop. I'm not sure wher
  25. Hi! I have a collection grabing all the computers that are a member of group2, and that works great. I also have this group1 that are a member of group2 with a lot of computers in it but that does not work. Is it possible to also grab the computers in Group1 aswell? SQL Query: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "DOMAIN\\Group2" Thx for the help! EDIT: Added a picture to show you what i
  • Create New...