#StackBounty: #windows #windows-server-2008 #active-directory #windows-server-2008-r2 Multiple domain controller and SQL Login Failed w…

Bounty: 100

I have a domain test.local with 4 domain controller.

I have a SQL Server, sometime when rebooting one of my domain controller I got these error :

Description: SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has
occurred. Error code: 0x80004005.
An OLE DB record is available. Source: “Microsoft SQL Server Native Client 11.0” Hresult: 0x80004005 Description: “Login failed.
The login is from an untrusted domain and cannot be used with Windows
authentication.”.

Why authentication is not done on the other 3 DC? Normally there is load balancing when there are multiple domain controllers.

Thanks for your help


Get this bounty!!!

#StackBounty: #active-directory #openldap #ldap-translucent Slapd translucent proxy and AD override

Bounty: 50

We try to set up an OpenLdap server (slapd) on Ubuntu 18.04 to reach this goal: Create custom group in the slapd server with members from the ActiveDirectory (AD).

Now we set up a translucent proxy (because seems it’s doing what we want) as following:

/etc/ldap# cat slapd.conf

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#

# Include schemas
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
#include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/ad.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

# Load dynamic backend modules
# - modulepath is architecture dependent value (32/64-bit system)
# - back_sql.la overlay requires openldap-server-sql package
# - dyngroup.la and dynlist.la cannot be used at the same time

modulepath /usr/lib/ldap
moduleload back_meta
moduleload back_mdb
moduleload back_ldap
moduleload back_hdb
moduleload rwm
moduleload translucent
#moduleload memberof
moduleload pcache

# Enable TLS
#TLSCACertificateFile /etc/ldap/ca.pem
#TLSCertificateFile /etc/ldap/cert.pem
#TLSCertificateKeyFile /etc/ldap/key.pem

# Log level
loglevel 4095

#######################################################################
# database definitions
#######################################################################
database mdb
suffix "dc=xxx,dc=yyy,dc=net"
rootdn "cn=admin,dc=xxx,dc=yyy,dc=net"
rootpw "SupeSecretSecret"
directory /etc/ldap/mdb

#index objectClass eq
overlay translucent
translucent_local carLicense

tls ldaps       tls_reqcert=allow
uri ldaps://AD1.xxx.yyy.net:636
lastmod off
acl-bind binddn="cn=BindUSer,ou=zzz,ou=Users,ou=bbb,dc=xxx,dc=yyy,dc=net" credentials="AnotherSuperSecretSecret"

Now, we are able to perform ldapsearch through the LDAP to the AD, but we have to use a bind user in the ldapsearch, like the bind user defined in the configuration are ignored.

What I’m not understanding is how I can create a Group on local LDAP DB and insert users from the remote AD.

What I missing?


Get this bounty!!!

#StackBounty: #windows #active-directory #permissions #windows-server-2019 #roaming-profile Active Directory roaming profile permission…

Bounty: 50

I have a problem with one specific folder while user profiles are synced at logon. Let me explain the situation:

I have:

  • A user account (MYDOMAINaccountname)
  • Security group ‘Access to WADUP_RW’
  • A SMB share (\my-smbWADUP)
  • A pc with Windows 10 pro installed (Up-to-date) and joined into MYDOMAIN

Permissions on the WADUP folder on \my-smb:

  • ‘Access to WADUP_RW’ has read and write access
  • Domain Admins and Enterprise Admins groups have read and write access

Configuration for the user account:

  • Profile path: \my-smbWADUPaccountname

The problem I’m having:

  1. Log in accountname on the pc.
  2. \my-smbWADUPaccountname folder is created. (Owner is accountname)
  3. Log out accountname on the pc.
  4. All data in user profile is being saved to the \my-smbWADUPaccountname
  5. So far so good
  6. Now I log in accountname on the pc again
  7. I get the error ‘There was a problem with your roaming profile. You have been logged on with your previously saved local profile. Please see the event log for details or contact your administrator.’
  8. I check the event log, which says that \?UNCmy-smbWADUPaccountnameAppDataRoamingMicrosoftInstaller can’t be copied to \?C:UsersaccountnameAppDataRoamingMicrosoftInstaller with DETAIL – Access is denied
  9. I check the folder C:UsersaccountnameAppDataRoamingMicrosoftInstaller permissions, which are:
    • Everyone: Read
    • System: Full control
    • Administrators (PCAdministrators) Full control

What I’ve tried:

  • Changed SMB server, made no difference.
  • Manually changed the folder permissions to everyone: Read and write. Though the permissions reset whenever I logged out.
  • All Pc’s do it but they are the same windows version.


Get this bounty!!!

#StackBounty: #active-directory #kerberos Is there a way to force active directory group assignation without logoff/login?

Bounty: 50

as stated here and there, it looks like there is no way to avoid a user logoff/login in order to activate a new group assignation for this user (my use case was : activate an access to a shared folder by adding a user in a group).

Is there still no way to force the user group mapping assignation (without ending the session) with latest versions of Windows/Active directory ?

Thanks !


Get this bounty!!!

#StackBounty: #sql-server #migration #active-directory SQL Server 20002005 compatibility with Active Directory 2016

Bounty: 50

We are currently using Active Directory 2008R2 and will be upgrading to AD 2016. I’m trying to determine if there is any known compatibility issues when running older versions of SQL Server (2000 and 2005) when upgrading to AD 2016. Has anyone been through this process? Most of our db servers are using SQL 2008 > 2016, but a few still runs with 2000/2005. Thanks


Get this bounty!!!

#StackBounty: #sql-server #migration #active-directory SQL Server 20002005 compatibility with Active Directory 2016

Bounty: 50

We are currently using Active Directory 2008R2 and will be upgrading to AD 2016. I’m trying to determine if there is any known compatibility issues when running older versions of SQL Server (2000 and 2005) when upgrading to AD 2016. Has anyone been through this process? Most of our db servers are using SQL 2008 > 2016, but a few still runs with 2000/2005. Thanks


Get this bounty!!!

#StackBounty: #sql-server #migration #active-directory SQL Server 20002005 compatibility with Active Directory 2016

Bounty: 50

We are currently using Active Directory 2008R2 and will be upgrading to AD 2016. I’m trying to determine if there is any known compatibility issues when running older versions of SQL Server (2000 and 2005) when upgrading to AD 2016. Has anyone been through this process? Most of our db servers are using SQL 2008 > 2016, but a few still runs with 2000/2005. Thanks


Get this bounty!!!

#StackBounty: #sql-server #migration #active-directory SQL Server 20002005 compatibility with Active Directory 2016

Bounty: 50

We are currently using Active Directory 2008R2 and will be upgrading to AD 2016. I’m trying to determine if there is any known compatibility issues when running older versions of SQL Server (2000 and 2005) when upgrading to AD 2016. Has anyone been through this process? Most of our db servers are using SQL 2008 > 2016, but a few still runs with 2000/2005. Thanks


Get this bounty!!!

#StackBounty: #sql-server #migration #active-directory SQL Server 20002005 compatibility with Active Directory 2016

Bounty: 50

We are currently using Active Directory 2008R2 and will be upgrading to AD 2016. I’m trying to determine if there is any known compatibility issues when running older versions of SQL Server (2000 and 2005) when upgrading to AD 2016. Has anyone been through this process? Most of our db servers are using SQL 2008 > 2016, but a few still runs with 2000/2005. Thanks


Get this bounty!!!

#StackBounty: #sql-server #migration #active-directory SQL Server 20002005 compatibility with Active Directory 2016

Bounty: 50

We are currently using Active Directory 2008R2 and will be upgrading to AD 2016. I’m trying to determine if there is any known compatibility issues when running older versions of SQL Server (2000 and 2005) when upgrading to AD 2016. Has anyone been through this process? Most of our db servers are using SQL 2008 > 2016, but a few still runs with 2000/2005. Thanks


Get this bounty!!!