Windows 10: Cannot access some file after i removed the user from Domain on windows server 2011...

hello i made the mistake of removing the pc from domain! now i cannot access some file in one partition! i get ACCESS DENIED error! i tried to change the permission under security but nothing changed!......i really need those files ...what should i do?

:)

 

Raising the windows domain and forest issues?


hi,

I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
That went off without any problems.. Our trust relationships had no issues also.

My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
These are the features for raising the levels to 2008:

• Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
• Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
• Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
• Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

Forest Level Windows Server 2008

• Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.

My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

Domain Level Windows Server 2008 R2

• All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

Forest Level Windows Server 2008 R2

• All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:

• Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
• All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

Here is my big concerns for the next raising of domain and forest to 2012.

Forest Level Windows Server 2012:

• All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
• All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

Domain Level Windows Server 2012 R2: <=====Need to investigate more and why this post

• DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:

• Authenticate with NTLM authentication <==============(what issues may arise)
• Use DES or RC4 cipher suites in Kerberos pre-authentication
• Be delegated with unconstrained or constrained delegation
• Renew user tickets (TGTs) beyond the initial 4-hour lifetime

Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

Has anyone gone through this? what problems did you have, if any , if a lot???

Any thoughts and suggestions will be much appreciated??

thanks


- - - Updated - - -

One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
PLEASE LET ME KNOW

 

folder creation and sharing, i want to create an admin user that have only permission to modify folders and file but not have domain admin access.

Hi Mindspaceoutsourcing,

Welcome to Microsoft Community.

I'm Hahn and I'm here to help you with your concern.

To create an admin user with the permission to modify folders and files but not have domain admin access, you can follow these steps:

Step 1: Create a new user account

1. Log in to the computer or server as an administrator.
   
2. Open the "Control Panel" and navigate to "User Accounts".
   
3. Click on "Manage another account" and then "Add a new user account".
   
4. Enter a username and password for the new user account and click "Create Account".
   

Step 2: Add the user account to the local Administrators group

1. Open the "Control Panel" and navigate to "Administrative Tools".
   
2. Click on "Computer Management".
   
3. In the left pane, click on "Local Users and Groups".
   
4. Click on "Groups" and then double-click on "Administrators".
   
5. Click on "Add" and enter the username of the new user account.
   
6. Click "OK" to add the user account to the Administrators group.
   

Step 3: Create a shared folder and grant the new user account full access

1. Create a folder on the computer or server that you want to share.
   
2. Right-click on the folder and select "Properties".
   
3. Click on the "Sharing" tab and then click "Advanced Sharing".
   
4. Check the box next to "Share this folder".
   
5. Click on the "Permissions" button.
   
6. Click "Add" and enter the username of the new user account.
   
7. Select the new user account from the list and click "OK".
   
8. Grant the new user account full control permissions by checking the box next to "Full Control".
   
9. Click "OK" to save the changes.
   

Step 4: Set file and folder permissions

1. Right-click on the folder you want to modify and select "Properties".
   
2. Click on the "Security" tab and then click "Edit".
   
3. Click "Add" and enter the username of the new user account.
   
4. Select the new user account from the list and click "OK".
   
5. Grant the new user account the necessary permissions by checking the appropriate boxes (e.g., "Modify", "Write", "Read & Execute").
   
6. Click "OK" to save the changes.
   

Step 5: Remove the new user account from any other groups with domain admin access

1. Open the "Control Panel" and navigate to "Administrative Tools".
   
2. Click on "Computer Management".
   
3. In the left pane, click on "Local Users and Groups".
   
4. Click on "Users" and then double-click on the new user account.
   
5. Click on the "Member Of" tab.
   
6. Remove the new user account from any groups that give it domain admin access.
   
7. Click "OK" to save the changes.
   

By following these steps, you should now have an admin user with the necessary permissions to modify folders and files but without domain admin access.

I hope this helps. If there is anything not clear, please do not hesitate to let me know.



Your Sincerely

| Microsoft Community Support Specialist

 

Question about Windows Home Server 2011

Quick question. My boss has a a little side project going on for another business. Short story is they have about 20 users and they need a new server built. Boss wants to use Windows Home Server 2011 with domain controller support(i know it's not supported) because cost is a factor. My question is does "upgrading" it with domain controller support increase its user base from 10 to say 25+? Or is he SoL and have to get Windows Small Business Server?

Thanks!