User Profile

nikitamobile855

Brass Contributor

Joined 5 years ago

23 Posts4 Likes

View All Badges

User Widgets

Recent Discussions

Re: GPO processing fails
LainRobertson here is the outcome: [General] Version=4 displayName=New Group Policy Object AccessControlType : Allow IdentityReference : SM\Domain Admins FileSystemRights : FullControl AccessControlType : Allow IdentityReference : SM\Enterprise Admins FileSystemRights : FullControl AccessControlType : Allow IdentityReference : NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : NT AUTHORITY\Authenticated Users FileSystemRights : ReadAndExecute, Synchronize AccessControlType : Allow IdentityReference : NT AUTHORITY\SYSTEM FileSystemRights : FullControl AccessControlType : Allow IdentityReference : BUILTIN\Administrators FileSystemRights : FullControl objectGUID : ca9334eb-ebf2-409f-9622-8c0c602d8cc5 objectClass : groupPolicyContainer cn : {D6735583-A7D1-4988-83C3-75D788D95E7B} displayName : Biometry gPCFunctionalityVersion : 2 versionNumber : 4 gPCFileSysPath : \\sm.local\SysVol\sm.local\Policies\{D6735583-A7D1-4988-83C3-75D788D95E7B} AccessControlType : Allow IdentityReference : CREATOR OWNER ActiveDirectoryRights : CreateChild, DeleteChild, Self, WriteProperty, DeleteTree, Delete, GenericRead, WriteDacl, WriteOwner AccessControlType : Allow IdentityReference : NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS ActiveDirectoryRights : GenericRead AccessControlType : Allow IdentityReference : NT AUTHORITY\Authenticated Users ActiveDirectoryRights : GenericRead AccessControlType : Allow IdentityReference : NT AUTHORITY\SYSTEM ActiveDirectoryRights : CreateChild, DeleteChild, Self, WriteProperty, DeleteTree, Delete, GenericRead, WriteDacl, WriteOwner AccessControlType : Allow IdentityReference : SM\Domain Admins ActiveDirectoryRights : CreateChild, DeleteChild, Self, WriteProperty, DeleteTree, Delete, GenericRead, WriteDacl, WriteOwner AccessControlType : Allow IdentityReference : SM\Enterprise Admins ActiveDirectoryRights : CreateChild, DeleteChild, Self, WriteProperty, DeleteTree, Delete, GenericRead, WriteDacl, WriteOwner AccessControlType : Allow IdentityReference : NT AUTHORITY\Authenticated Users ActiveDirectoryRights : ExtendedRight
Apr 21, 2022 Place Windows Server for IT Pro
514Views
0likes
1Comment
Re: GPO processing fails
LainRobertson Please find: \\sm.local\SysVol\sm.local\Policies\{D6735583-A7D1-4988-83C3-75D788D95E7B}\gpt.ini
Apr 21, 2022 Place Windows Server for IT Pro
3.6KViews
1like
3Comments
Re: GPO processing fails
LainRobertson Here is the outcome: May be it also worth mentioning that every view minutes there appears 5504 event mentioning different internal dynamic addresses
Apr 21, 2022 Place Windows Server for IT Pro
3.6KViews
0likes
0Comments
Re: GPO processing fails
LainRobertson Here are the 2 events happened today simultaneously
Apr 21, 2022 Place Windows Server for IT Pro
3.6KViews
0likes
5Comments
Re: GPO processing fails
LainRobertson I have found events with 5308 ID. Pls see the screenshot below
Apr 20, 2022 Place Windows Server for IT Pro
3.6KViews
0likes
9Comments
Re: DFS replication issues
LainRobertson I have launched the commands to remove broken references and here is the the JSON outcome afterwards. WARNING: Enumerating domain controller SYSVOL DFS-R memberships: WARNING: Enumerating DFS-R replication group topologies: WARNING: Enumerating DFS-N namespaces: [ { "Status": "Okay", "ObjectGUID": "43d626f7-7496-496a-8cf1-fefa0467c173", "ObjectClass": "msDFSR-Subscriber", "Name": "Domain System Volume", "DistinguishedName": "CN=Domain System Volume,CN=DFSR-LocalSettings,CN=UZTASSRV01,OU=Domain Controllers,DC=sm,D C=local", "MemberReference": "CN=UZTASSRV01,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=sm,DC =local" }, { "Status": "Okay", "ObjectGUID": "43d626f7-7496-496a-8cf1-fefa0467c173", "ObjectClass": "msDFSR-Subscription", "Name": "Domain System Volume", "DistinguishedName": "CN=Domain System Volume,CN=DFSR-LocalSettings,CN=UZTASSRV01,OU=Domain Controllers,DC=sm,D C=local" }, { "Status": "Okay", "ObjectGUID": "3a3d05c2-7738-4b40-b14c-03af84841594", "ObjectClass": "msDFSR-ReplicationGroup", "Name": "Domain System Volume", "DistinguishedName": "CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=sm,DC=local" }, { "Status": "Okay", "ObjectGUID": "88883960-839e-40b5-962c-f3020f49250d", "ObjectClass": "msDFSR-Member", "Name": "UZTASSRV01", "DistinguishedName": "CN=UZTASSRV01,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=sm, DC=local", "ComputerReference": "CN=UZTASSRV01,OU=Domain Controllers,DC=sm,DC=local", "MembershipBL": "CN=Domain System Volume,CN=DFSR-LocalSettings,CN=UZTASSRV01,OU=Domain Controllers,DC=sm,DC=loc al" } ]
Apr 20, 2022 Place Windows Server for IT Pro
13KViews
1like
26Comments
Re: DFS replication issues
LainRobertson Thanks a lot for your effort and this very detailed answer. I'm going to try according to your proposal. Just wanted to clarify whether removal of those DSF references shouldn't anyhow impact existing DC, AD, GPO functionality currently running on uztassrv01?
Apr 20, 2022 Place Windows Server for IT Pro
13KViews
0likes
29Comments
Re: DFS replication issues
LainRobertson Good morning! Please see the script outcome below WARNING: Enumerating domain controller SYSVOL DFS-R memberships: WARNING: Enumerating DFS-R replication group topologies: WARNING: Enumerating DFS-N namespaces: [ { "Status": "Unhealthy", "ObjectGUID": "4510c737-8c38-495d-aa7b-e1f3ce92fa3b", "ObjectClass": "msDFSR-Subscriber", "Name": "45d9316b-1098-408e-a65d-8ce8449f0aaa", "DistinguishedName": "CN=45d9316b-1098-408e-a65d-8ce8449f0aaa,CN=DFSR-LocalSettings,CN=UZTASSRV01,OU=Domain Con trollers,DC=sm,DC=local", "MemberReference": "" }, { "Status": "Unhealthy", "ObjectGUID": "ea36c86a-ab6b-4648-ad76-16c5f2a21b32", "ObjectClass": "msDFSR-Subscriber", "Name": "a7297769-fdcd-4490-ae1c-c80808f44d36", "DistinguishedName": "CN=a7297769-fdcd-4490-ae1c-c80808f44d36,CN=DFSR-LocalSettings,CN=UZTASSRV01,OU=Domain Con trollers,DC=sm,DC=local", "MemberReference": "" }, { "Status": "Okay", "ObjectGUID": "43d626f7-7496-496a-8cf1-fefa0467c173", "ObjectClass": "msDFSR-Subscriber", "Name": "Domain System Volume", "DistinguishedName": "CN=Domain System Volume,CN=DFSR-LocalSettings,CN=UZTASSRV01,OU=Domain Controllers,DC=sm,D C=local", "MemberReference": "CN=UZTASSRV01,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=sm,DC =local" }, { "Status": "Okay", "ObjectGUID": "43d626f7-7496-496a-8cf1-fefa0467c173", "ObjectClass": "msDFSR-Subscription", "Name": "Domain System Volume", "DistinguishedName": "CN=Domain System Volume,CN=DFSR-LocalSettings,CN=UZTASSRV01,OU=Domain Controllers,DC=sm,D C=local" }, { "Status": "Okay", "ObjectGUID": "3d74223e-5f1f-40c2-bf42-3255fd57227e", "ObjectClass": "msDFSR-ReplicationGroup", "Name": "DFS", "DistinguishedName": "CN=DFS,CN=DFSR-GlobalSettings,CN=System,DC=sm,DC=local" }, { "Status": "Okay", "ObjectGUID": "331bda39-781e-4bb9-ab31-b8432cc2f5ce", "ObjectClass": "msDFSR-Member", "Name": "45d9316b-1098-408e-a65d-8ce8449f0aaa", "DistinguishedName": "CN=45d9316b-1098-408e-a65d-8ce8449f0aaa,CN=Topology,CN=DFS,CN=DFSR-GlobalSettings,CN=Syst em,DC=sm,DC=local", "ComputerReference": "CN=UZTASSRV01,OU=Domain Controllers,DC=sm,DC=local", "MembershipBL": "CN=45d9316b-1098-408e-a65d-8ce8449f0aaa,CN=DFSR-LocalSettings,CN=UZTASSRV01,OU=Domain Controll ers,DC=sm,DC=local" }, { "Status": "Unhealthy", "ObjectGUID": "66a0d320-8b34-4f9e-8dd1-3a93c5c4b7a1", "ObjectClass": "msDFSR-Member", "Name": "c3b24e94-239f-4621-b82b-b356d6cc9bed", "DistinguishedName": "CN=c3b24e94-239f-4621-b82b-b356d6cc9bed,CN=Topology,CN=DFS,CN=DFSR-GlobalSettings,CN=Syst em,DC=sm,DC=local", "ComputerReference": "", "MembershipBL": "" }, { "Status": "Okay", "ObjectGUID": "cbc3347c-ee38-4d15-9737-34a0b9cafa84", "ObjectClass": "msDFSR-ReplicationGroup", "Name": "DFS_IT", "DistinguishedName": "CN=DFS_IT,CN=DFSR-GlobalSettings,CN=System,DC=sm,DC=local" }, { "Status": "Unhealthy", "ObjectGUID": "837b0736-bf19-41ff-a3bd-29c43c0c8c49", "ObjectClass": "msDFSR-Member", "Name": "6819feb2-58e2-4400-a2b0-db0a3c442183", "DistinguishedName": "CN=6819feb2-58e2-4400-a2b0-db0a3c442183,CN=Topology,CN=DFS_IT,CN=DFSR-GlobalSettings,CN=S ystem,DC=sm,DC=local", "ComputerReference": "", "MembershipBL": "" }, { "Status": "Okay", "ObjectGUID": "fbeded44-7272-44d8-bea3-f2e700d68d3f", "ObjectClass": "msDFSR-Member", "Name": "a7297769-fdcd-4490-ae1c-c80808f44d36", "DistinguishedName": "CN=a7297769-fdcd-4490-ae1c-c80808f44d36,CN=Topology,CN=DFS_IT,CN=DFSR-GlobalSettings,CN=S ystem,DC=sm,DC=local", "ComputerReference": "CN=UZTASSRV01,OU=Domain Controllers,DC=sm,DC=local", "MembershipBL": "CN=a7297769-fdcd-4490-ae1c-c80808f44d36,CN=DFSR-LocalSettings,CN=UZTASSRV01,OU=Domain Controll ers,DC=sm,DC=local" }, { "Status": "Okay", "ObjectGUID": "3a3d05c2-7738-4b40-b14c-03af84841594", "ObjectClass": "msDFSR-ReplicationGroup", "Name": "Domain System Volume", "DistinguishedName": "CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=sm,DC=local" }, { "Status": "Okay", "ObjectGUID": "88883960-839e-40b5-962c-f3020f49250d", "ObjectClass": "msDFSR-Member", "Name": "UZTASSRV01", "DistinguishedName": "CN=UZTASSRV01,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=sm, DC=local", "ComputerReference": "CN=UZTASSRV01,OU=Domain Controllers,DC=sm,DC=local", "MembershipBL": "CN=Domain System Volume,CN=DFSR-LocalSettings,CN=UZTASSRV01,OU=Domain Controllers,DC=sm,DC=loc al" }, { "Status": "Unhealthy", "ObjectGUID": "5eb07891-a762-4aab-a04d-9ddefd9c318f", "ObjectClass": "msDFSR-Member", "Name": "UZTASSVR02", "DistinguishedName": "CN=UZTASSVR02,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=sm, DC=local", "ComputerReference": "", "MembershipBL": "" } ]
Apr 20, 2022 Place Windows Server for IT Pro
13KViews
0likes
31Comments
Re: DFS replication issues
LainRobertson I still don't understand how I can delete the object if it doesn't appear either in AD or ADSI editor. CN=c3b24e94-239f-4621-b82b-b356d6cc9bed,CN=Topology,CN=DFS,CN=DFSR-GlobalSettings,CN=System,DC=sm,DC=local
Apr 19, 2022 Place Windows Server for IT Pro
13KViews
0likes
33Comments
Re: GPO processing fails
LainRobertson I have checked but I'm not getting any 5308 errors..
Apr 18, 2022 Place Windows Server for IT Pro
3.7KViews
0likes
11Comments
Re: GPO processing fails
LainRobertson Yes definitely something wrong with DFS cause I'm getting errors from DFS as well
Apr 18, 2022 Place Windows Server for IT Pro
3.7KViews
0likes
13Comments
Re: GPO processing fails
LainRobertson Thanks for your reply! Here is the outcome of the command execution.
Apr 18, 2022 Place Windows Server for IT Pro
3.7KViews
0likes
16Comments
Re: GPO processing fails
Thanks for your prompt reply. The server where the issue happens is actually the one which remained as a DC. and not the one which was demoted. So don't think that metadata remnants need to be cleaned out here
Apr 18, 2022 Place Windows Server for IT Pro
3.7KViews
0likes
0Comments
GPO processing fails
Hello everyone, I have recently figured out that gpupdate /force command on any machine leads to an error Event Viewer shows up 1058 error messages related to gpt.ini access Previously we had 2 DCs but later one was demoted and completely excluded from the network Most likely these errors are the consequences of those improper actions.
Apr 15, 2022 Place Windows Server for IT Pro
Active Directory
windows server
4.8KViews
0likes
21Comments
Re: DFS replication issues
LainRobertson Thanks a lot for your detailed response! I have tried to run the PowerShell script and it doesn't return any values. And I didn't clearly understood how I can delete it now?
Apr 15, 2022 Place Windows Server for IT Pro
14KViews
0likes
35Comments
Re: MDM Authority change
I have completed this using Powershell script. https://www.imab.dk/connect-to-microsoft-graph-for-intune-with-powershell-ise-add-ons-with-a-single-click/)
Apr 15, 2022 Place Microsoft Intune
15KViews
1like
0Comments
Re: DFS replication issues
Previously we had 2 but later second one was demoted and completely excluded from the network. All FSMO roles were moved to current DC. I wonder how it can be an error with DFS replication if DFS role is even not installed on current server?
Apr 14, 2022 Place Windows Server for IT Pro
14KViews
0likes
1Comment
DFS replication issues
Hello everyone, We are running Windows Server 2016 as a Primary Domain Controller. We don't have DFS management tool installed however I'm getting 6002 errors in event viewer. Please advise on how to investigate further. Object CN could not be found from ADSI edit
Solved
Apr 14, 2022 Place Windows Server for IT Pro
Active Directory
windows server
23KViews
0likes
41Comments
Re: Android Admin Enrollment Restriction
Moe_Kinani Hi, I have found a solution. 1) MDM authority must be changed to Intune 2) The default Device Enrollment Restriction Policy must be amended. Block option should be set for Android Device Administrator Step 2 is not possible without executing Step 1
Mar 25, 2022 Place Microsoft Intune
1.5KViews
1like
0Comments
MDM Authority change
Hello everyone, I'm not able to change MDM authority from O365 to Intune. All of the guides refer to some banner to pop up which is not happening in my case
Mar 24, 2022 Place Microsoft Intune
Intune
Mobile Application Management (MAM)
mobile device management (mdm)
17KViews
0likes
10Comments

Recent Blog Articles

No content to show