So I've poked around looking for something like this for a while now, but can't seem to find anything anywhere. In our environment we have a script that disables computers after the last seen AD property on a computer is beyond 15 days. Since we are a mostly laptop environment and people frequently are not connected to the network when they login, the computers once they lock/unlock when eventually do get connected to the domain gets a trust relationship issue because obviously the computer is disabled in AD.
Has anyone seen a script that can run on the local computer that updates the LastLogonDate property in AD of the computer while the user is logged in? I was thinking of just pushing out a scheduled task to all computers that does this every 15 minutes if its even possible. Thanks!
Related
After working with Windows Server since NT 3.51, this was kind of a first for me. Here's the scenario.
After no issues accessing a Windows Server 2012 R2 network share for 2 years, a Win 7 Pro workstation all of a sudden can access the mapped drive to the share, but cannot see all subfolders underneath it. Only one is visible, not the other 20 or so.
When I log out as the user and login as the domain admin account, the issue persists on the workstation. Just this one workstation.
Nothing has changed in terms of the share or NTFS permissions on the server-side of things.
I look in the server event logs as well as the workstation's and don't see anything striking.
I removed the workstation from the domain and add it again. The issue still persists.
The workaround is that I created a second share to the same resource on the server-side of things. Mapping a different drive letter to this new share, the workstation can see everything again.
My only guess would be some sort of old school SAM database corruption or something? I recall years ago I had a Windows 2000 Server that would lose Computer Browser functionality due to some odd SAM database corruption. The only solution back then was to reboot the server. It was the PDC and couldn't even browse its own network shares.
I’m going to try to be as thorough as I can, but if you have questions or would like additional tests. I will provide more detail as I can. I have a small number of computers exhibiting intermittent issues when waking from sleep.
Some details:
Bound to Active Directory (although the bind is likely broken when the issue occurs)
OSX - 10.12.3
Machine is Encrypted
Symptoms:
When a user sleeps their machine which enables a locked screen saver, and then attempts to wake the machine, they are unable to log in using their credentials.
If they click on "Switch User" they are then able to log into their account, however, they are not recognized as an admin and can not run sudo commands or unlock system preferences.
It seems, at least with the computer I was able to get hands on with, that they can not authenticate in terminal or system prefs UNLESS they change their network connection to reflect the connection that allowed them to log in. So if they switch user, then connect to wifi, they can not authenticate in sysprefs, but if they turn off wifi, then they are able to authenticate.
When clicking "Switch User" the wi-fi appears to drop, and thus, lets them log in.
Restarting resolves the issue for some users but not others (unverified, going off user input, the machine I restarted did resolve the issue, at least temporarily.)
Generally when I see this issue, the computer seems to have become unbound from Active Directory. Re-binding it appears to resolve the issue temporarily (until AD drops the keychain item again).
The issue was present prior to upgrading to OSX 10.12.
It seems to me like the computer knows to check with AD if the internet is available, but if AD is unreachable or the credentials are not accepted, then it does not know to default to the local cache, unless the internet is turned off completely. I'm not sure what file or files may be involved in that, but I would like to change that file to default to the local cache when internet is connected but AD is unreachable as well as when no internet is present.
This is an issue with the opendirectoryd daemon which bugs when trying to bind with AD.
The raw solution is basically to kill the daemon which will restart and rebind somehow.
There are many ways to automate the kill, a cronjob would work but will require to have the killall command run every minute, which is very dirty.
I am using sleepwatcher (available with homebrew) and set it to launch the kill command everytime the laptop is going out of sleep, which works like a charm.
It's a workaround, but seems Apple doesn't really work on a fix for that issue which is ongoing for years.
I'm troubleshooting an issue having to do with Think N Do and Windows 7. I set the DCOM settings up as the manufacturer said they need to be. However, computers aren't connecting to each other. I have the computers set to automatically log on to an account at boot. This account is never logged out of.
What I'm finding is when I open a RDP to the computers they suddenly start to communicate with each other. As if it's finally seeing an interactive user. From my understanding of things by having an account automatically log on at boot that account is then the interactive user. Leaving RDP open at all times is not an option. Sometimes the customer forgets and closes out of the RDP session by Xing out of it, they don't log off so the program is still running in the background.
Does anyone have any idea what this could be? It's an issue at a couple customer locations for me.
I'm using windows XP to do the development.
Since I working remotely from home, I found a serous problem, some applications for instance MS excel, even just open up the start menu became to extremely slow .
If I logged into the local pc without domain then the problem fixed, my domain user account has 300 mb local user profile.
Anybody know how to fix this?
Thanks
The problem is caused by My documents, as it is been referred to the domain server which is unavailable.
At work, I running Vista Business on a lavishly new PC, which runs great excepting two issues. In order of annoyance, but not importance:
When I reboot the machine, the Windows Splash is presented asking me to Press Ctrl + ALT + DELETE so I can logon. It takes three to five minutes and seceral key presses for me to be prompted to select my user account. After which, everything works like a charm.
As part of my duties with the firm, I am responsible for emergency work on a rotating basis and deploying patches during off-business hours. I have been given an older laptop with XPSP2 (downloading 3 for kicks right now) which I use for browsing with the intention of RDP to my desktop in the offices. If I am connected at the domain through conventional means, I am able to RDP. However, if I am using an existing broadbad connection with VPN, I am not able to get access. I am able to access other servers, desktops running a variety of OS'es including Vista.
So umm any ideas guys?
as for 2 - this happens with some proprietary VPN software (i.e. Cisco). My solution was to perform my work duties in a Virtual PC (which doesn't need its normal LAN abilities) and do my other network/internet tasks in the physical machine.
I have a Vista at work and uses my home PC to rdc in for support work. I do not experience your problem 1 so I cannot offer any advice. For your second problem have you tried the IP address instead of the machine name? We have situations where sometimes the dns resolution in the office network is not accurate.
Do you have remote access enabled, either on the machine, via group policy?
If not, you might have to go into the Control Panel\System and Maintenance\System and choose Remote Settings (from the menu on the left).
That will show you the options for Remote Deskop, including Don't allow connections, Allow connections from any version of Remote Desktop, and Allow connections from computers running Remote Desktop with Network Level Authentication (which might be the hang up you are experiencing over the VPN).
Good Luck.
I have to chalk this up to "something wierd with my laptop" as I was able to download RoyalTS and connect to the machine just fine. I had Remote connections permitted, firewall disabled, McAffee gone and others could access the machine.
The advice garnered above is excellent and useful for your typical rdp connections