@ElecEng said in Is the domain .Local a real problem in a private lan that has no public facing services?:

@scottalanmiller What's the best thing to use on green field networks that are private and have no public facing services?

Not AD.

@dustinb3403

Oh, yeah that changes things... advanced ip scanner as others have suggested might be the safest thing.

We've pushed the config to "Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks."

Option 2 at the link below:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

OK, we have success!

Steps to resolve:

On the DC I was having issues with at the main site, I stopped the KDC Service (Kerberos Key Distribution Center Service)

Then I ran this:

NETDOM RESETPWD /Server: <Domain Controller Name> /UserD:<Domain Admin Username> /PasswordD:<Domain Admin Password> Rebooted the server.

After this, all of the strange event viewer errors in the DNS log, AD log, etc were gone. I can now successfully replicate across sites as well as join PCs to the domain. I'm not sure why this happened in the first place, but this fixed it.

Thanks for all the help!

Nice! I was thinking about doing this soon.

@NerdyDad

You can use Loopback Processing also.

https://blogs.technet.microsoft.com/askds/2013/02/08/circle-back-to-loopback/

@JaredBusch said in Domain Time off for some members:

@Donahue said in Domain Time off for some members:

found it. It was the individual time for that ESXi member. It was running on it's own time, neither host time or any NTP. It was off by the 6 minutes. So for some reason, VMWare was syncing this setting with the host's ESXi clock, not the hardware clock, even though the settings disallow that.

How do you know the VMware tools was doing the sync?. As I said in my earlier post if windows goes and tries to get the hardware clock no matter what your tool says for heartbeat or times are pretty station it’s going to get the Clock from the host.

look at the picture I posted above. It was vmtoolsd.exe that was causing it to jump forward and svchost.exe that was correcting it. I found this under event 4616

@eddiejennings said in Domain name opinion:

@brandon220 said in Domain name opinion:

Nobody went and bought all of the domains he listed and then sold them back to him a a higher price? Slackers 🙂

I owned them before making the post. 😛

Curses! Foiled again!

@gjacobse said in Domain Computers: Clock Sync:

DC4 is a virtual machine. changes to it are likely over rode by the Hypervisor or physical hardware that were wrong.

By updating the physical hardware, and then running w32tm /resync the time updated.

The issue will resurface again as the BIOS is losing time and will be pulled again wrongly on the host. Have you tried not syncing the time of the VM through the Hypervisor and turning of Time Synchronization for this DC?

Around that time is when we started to find Nethserver to be the more interesting project.

And Nethserver is active here, whereas Zentyal is not.

@dbeato said in AD User Tool: Bulk AD User:

@Dashrender Then, he needs to force it with Powershell no just a GUI....

Agreed.

That moment when you have spent 3 hours waiting (5 min here and there) and then realize you are in the WRONG DNS Management Page....

smh

@Dashrender said:

@coliver said:

@Dashrender said:

Folders in that list that don't have the double folder within a folder icon are not OUs. As such GPO's don't apply to objects in them.

learned this the hard way a long time ago.

I guess I don't understand what this means. What icon are you talking about?

Missed this.

0_1455852916491_ou.JPG

Ok thanks, that makes more sense.

I'm confused - You're using folder redirection, so the local copy of the data is only there for speed or network connectivity loss. So there should be nearly zero data loss if you delete the profile after the user logs out.

I'm not sure if there is a reg key on Windows Workstation OS, but there definitely is on Server OS for Remote Desktop Services.

This was something I've seen often turned on to keep the local storage needs of the RDS server from ballooning out of control from left over profiles.

User logs into RDS, downloads profile, user logs out - copy is pushed to the server and local directory is deleted.

Pretty standard practice.

I'd be surprised if this wasn't available on say Windows 7, etc.

As with any system, you should always swing back around and re-visit issues.

With the help of the group here, and other resources i hope to go over the GPP and see what I can clean up and improve.

@scottalanmiller said:

@gjacobse said:

@scottalanmiller
Actually - yes. Yes it was.

That alone probably explains most of the issues. They do so many dumb things...

FTFY

My first thought was finding the file on the server and manually editing it, but damn.. that would be dangerous.

@anonymous said:

I can handle this for you for a flat fee. I promise results within 30 days, or your money back.

Lol. We have to do this the legal way. We are a large company and someone is always trying to sue us. Heck we have people try to send us product we never order then sue us when we don't pay their invoices.

@thecreativeone91 said:

@IRJ said:

I wonder how many lines they throw out before they get a bite?

Are we talking about spam or fishing?

I am talking about the email you received in particular. I have received emails from the same company