Conflicting entries in dfsr schema preventing migration from frs to dfsr
Hello, I am having issues converting from frs to dfsr in a domain with 10 domain controllers a mix of 2012r2 and 2016 domain controllers ForestMode : Windows2012R2Forest DomainMode : Windows2012R2Domain Schema version 88 In the initial phase dfsrmig /setglobalstate 1 the sysvol suscription should be created but it fails with a error 87 syntax incorrect. I have check dfsr through dfs management and if I select add replication group to display the below is the error There are no replication groups in this domain. The Active Directory Domain Services schema must be extended before a replication group can be added to this domain. If i manually attempt to create a replication group I get the message below The active directory domain service schema on domain controller xxxxxx cannot be read. This error might be caused by a schema that has not been extended or was extened improperly, An attribute schema object cannot be found. even in powershell if I run get-dfsreplicationgroup -groupname * The Active Directory DomainServices Schema on domain controller xxxxxx cannot be read. I checked the schema entries using adsi edit and there a multiple cn=ms-dfsr entries that have cnf(guid) after the cn-ms-dfsr entries. I have attempted to move the schema master role but have not had any success. I have searched every forum I can find and it looks like schema entries are permanent once they are put in place. I have even opened a support ticket with microsoft support TrackingID#2503070040000116 and they have worked with me once and completely stopped responding. My current next steps are to remove all domain controllers except for the one holding the fsmo roles in hopes possibly the schema cnf will clear or if they don't I can take snapshots/checkpoints and attempt to add the correct missing schema entries that are currently appended with the cnf(guid). I figure this way I can make a change and roll back the one domain controller to the snapshot checkpoint. Eventhough I have found some forums and articles that indicate that you can remove schema entries from the schema partition using adsi edit it isn't possible on any server os newer than 2000 server. Any guidance and recommedations that can be provided would be greatly appreciated. I have really been let down by official microsoft support as they have ignored any contact and emails after a initial working session when they had me set the domain naming contect system global settings msflags to 0 which did nothing to resolve the issue and they have avoided providing any support since then.Event 4719 Audit policy changed
Hi all, Windows domain with 2 Server 2019 domain controllers. All our computers (including the DC's) are showing multiple events 4719 Audit policy changed, everytime they update group policy, and logon events are no longer being logged. Example below of one of the events. There appears to be one for each Category of this type of event. System audit policy was changed. Audit Policy Change: Category: Account Management Subcategory: Other Account Management Events Changes: Success removed, Failure removed When running RSOP on the Domain Controllers it shows our Default Domain Controllers Policy applying for Windows Settings/Security Settings/Local Policies/Audit Policy with the various Auditing policies enabled. Here is a screenshot of RSOP from one of the DC's. GPRESULT also shows this as the winning GPO. RSOP on my PC shows Audit Policy settings as Not Defined (some are enabled by default if not defined). I had a look through our Group Policy and can't see why this is happening. Does anyone have any ideas? thanks jAD User account deleted by Exchange Machine Account
In my Active directory User account management auditing, 4726 event id raised for a deletion but the person deleted is showing as our Exchange server machine account. Please see the attached image. How could a local exchange server auto delete an AD user id?
How to diagnose lsass.exe leaking memory on Server 2022
Since last week, one DC (it differs, depending on reboot order as to which one, so clearly due to something on the network selecting the DC as a login server) has a huge lsass.exe memory issue. I had to reboot one DC after the process hit 6GB in size. Here's the progression of the process since that reboot: Is anyone else seeing this, perhaps since last week's updates? Any suggestions for how to diagnose?
Windows Server 2025 | Kerberos Local Key Distribution Center (LocalKDC) service fails to start
I have found that this service was disabled before the December update, for some reason it has gone to automatic and cannot be started, maybe this behavior is normal if you are not using this feature. After the January security patch the service still does not start, I think microsoft should report this problem. This happens on a clean installation without any role installed, I know there are many users with this problem. The January patch has not fixed it.
Clarification on NTLM Authentication Events (Event ID 4625 & 4624) in SOC Monitoring
Hello, While monitoring authentication events in the SOC, I frequently encounter multiple failed (Event ID: 4625) and successful (Event ID: 4624) login attempts associated with NTLM authentication. Upon investigating the affected machine, I found no active NTFS shares or resources being accessed. Despite this, NTLM events continue to appear in the logs. I’m trying to understand what might be triggering these events. Could this be related to background processes, service accounts, or another NTLM authentication mechanism? Although this is a low-level incident, I’d like to fully grasp the cause to rule out any potential security concerns. I’d appreciate any insights you can provide! Thank you.
Windows Essentials 2022 Remote Access for nonadmins
Hello everyone, This topic is already asked several times but I did not find any working answer. I am administrating a Windows Essentials 2022 server. One user need to work on the Remote Desktop temporary. I should create a seperate virtual terminal server on the Essentials server but currently I do not have time for that and it costs some money. So I want to take advantage of the grace periode that this user can work by RDP. It is the only existing server in this network and the network has only two staff and me ;-) The wellknow issue is that only administrator users can access this domain controller. I do not want to make the user an domain administrator. I have added the user by GPO to the people which are allowed to connect and I have added the user manually by system settings -> remote. After the second step at leaste RDP is opening but then I am getting a message that the user is still not allowed. Is there any option?
