Windows 10: Server not operational when adding User to a trusting domain in Windows Server

​

If the Server is not operational message keeps troubling you when adding a trusted domain user to a trusted domain in Windows Server, then this post may help you resolve the issue. When you click Advanced in the Select Users, Computers, or Groups dialog box in Active Directory Users and Computers and then you try […]

This article Server not operational when adding User to a trusting domain in Windows Server first appeared on TheWindowsClub.com.

read more...

 

help adding trust to two Windows Server with a permanent vpn between them

i got some trouble with 2 Windows Servers one running Windows Server 2007 SP2 (think bcs it says copyrights 2007) and the other is running Windows Server 2008 R2 SP1.

they are both connected to a permanent vpn so they can each other on their ip's they got, i even added their domain names in their host files to make sure even on their domain name they can be found.

after this i went to "Active Directory Domains and Trusts" and under each domain in properties-->Trusts i clicked on "New Trust..." and under Trust Name i tried both name and ip and in Trust type i took "Realm trust" and in Transitivity of Trust i choose "Nontransitive" (The trust is bounded by the domain and the realm in the relationship), then at Direction of Trust i took Two-way (Users in this domain can be authenticated in the specified domain, realm, or forest, and users in the specified domain, realm, or forest can be authenticated in this domain.).

i setup the same Trust password on both servers. and the Trust Selections Completed:
Code: This domain: Server1 Specified domain: Server2 Direction: Two-way: Users in the local domain can authenticate in the specified domain and users in the specified domain can authenticate in the local domain. Trust type: realm Transitive: No Sides of trust: Create the trust for this domain only.[/quote] i get this on both servers but i am still not allowed to add a user to access from Server2 to Server1, bcs they need to run "Microsoft Dynamics NAV 2013" from their computerens that's on their own domain on Server2.

i have setup "Microsoft Dynamics NAV 2013" for use on another computers for the same company just different department where they don't use a domain but just start OpenVPN and then Nav 2013 and it just works, i may have missed out something somewhere i dunno but some help with be nice.

 

Raising the windows domain and forest issues?


hi,

I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
That went off without any problems.. Our trust relationships had no issues also.

My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
These are the features for raising the levels to 2008:

• Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
• Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
• Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
• Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

Forest Level Windows Server 2008

• Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.

My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

Domain Level Windows Server 2008 R2

• All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

Forest Level Windows Server 2008 R2

• All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:

• Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
• All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

Here is my big concerns for the next raising of domain and forest to 2012.

Forest Level Windows Server 2012:

• All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
• All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

Domain Level Windows Server 2012 R2: <=====Need to investigate more and why this post

• DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:

• Authenticate with NTLM authentication <==============(what issues may arise)
• Use DES or RC4 cipher suites in Kerberos pre-authentication
• Be delegated with unconstrained or constrained delegation
• Renew user tickets (TGTs) beyond the initial 4-hour lifetime

Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

Has anyone gone through this? what problems did you have, if any , if a lot???

Any thoughts and suggestions will be much appreciated??

thanks


- - - Updated - - -

One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
PLEASE LET ME KNOW

 

Problems with child domain Server

Hello,

I have 1 parent domain server (scm.com) and child domain server (hr.scm.com). I created trust link between parent and child. In this time everything is going well. Unfortunately, I carelessly removed ADDS role from child server. Actually I would like to
remove web server IIS role.

And I tried to join child domain again. But it shows hr.scm.com is already located in scm.com. And I can't remove trust link between this 2 servers.

I decided to remove ADDS role from parent server and I create parents-child domain in this 2 server. But trust link is locating there.

And I can't create reverse lookup zone in child server.

My PC connected to child domain server and can't login user from child domain server. It shows username or password incorrect. Actually it is correct name and password. My PC can login user from parent server.

Please answer what is going wrong? Thank you for your time.