Hello,
I am using RMS on Windows Server 2016, after creation of RMS Server when i am going to use it from client its giving error
"Sorry, something went wrong opening information Rights management protected content. The network location cannot be reached. For information about network troubleshooting, see windows help" . It is as per attached. Could anyone help
Hi, not sure if my understanding is correct.
If I change user2 email address to that of user1, user2 can open documents (ADRMS protected) granted to user1 with user1's rights?
Hi,
I need to install an a server which will be used for active directory.
I need a recommended windows server OS for this.
Thanks
Hi,
Can anyone help me to resolve one warining that is being prompted while opening AD RMS Management Console. This is just a warining and it doesn't block me from performing any of the AD RMS related activiteis. Every features just works perfectly fine.
Warning:The name of the security certificate is not valid or does not match the name of the site
I tried every possible ways that i thought of doing such as i created a self signed certificate with the FQDN of the RMS cluster, but the warning still exists.
Thanks & Regards
Pradeesh
Hello,
I have 400 people in Active Directory and very many laptops outside the company ..
My questions:
1) Can I expose Active Directory and Certification authority to the Internet.?
2) How to solve security.? (Active Directory and Certification authority)
3) How to authorize computers and users to connect to Active Directory and Certification authority from internet .?
Thx Michal.
can azure information protection client be used with on premise AD RMS ?
how to configure it then?
Hi.
Our team is trying to leverage the Mobile Device Extension for AD RMS (on premise).
We want to connect AD FS server (Windows Server 2016) and AD RMS server (Windows Server 2012R2).
While we download the Mobile Device Extension from below,
https://www.microsoft.com/en-us/download/details.aspx?id=43738
following is written in the system requirements.
Supported Operating System Windows Server 2012 R2, Windows Server 2012, Windows Server 2016, Windows Server 2019 AD RMS running on Windows Server 2012, Windows Server 2012 R2, Windows server 2016 , or Windows Server 2019 AD FS 3.0
Does "AD FS 3.0" mean here is that the AD FS version should be 3.0? Or equal or higher than 3.0?
It seems AD FS version on Windows Server 2016 is to be AD FS 2016, not AD FS3.0.
Would you give me some advice?
Thanks in advance,
Ayako
In Active Directory environment, we can create a User Account in any Domain Controller and it gets replicated to other DCs. I am aware of Scripts (PowerShell & VBScript) which can check for User Accounts and its attributes. But, my question is :
a) Is there any way to detect in which particular DC the user-account was created ? The parent/mother DC where the account was created for the first time; before it got replicated to other DC ?
On-Premise AD or Azure AD, whatever; any reference material or hint for PowerShell or VBScript is much appreciated.
Thanks
Hello,
I am getting error when I try to protect word document with o365.
In organization users connect to RDP server, where o365 installed. They connect with on-prem credentials, but for o365 licencing they use o365 accounts.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\ServiceLocation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\ServiceLocation\EnterpriseCertification]
@="https://adrms.contoso.com/_wmcs/Certification"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\ServiceLocation\EnterprisePublishing]
@="https://adrms.contoso.com/_wmcs/Licensing"
Everything is fine with Office 2016 with same account on other server
Tried this solution with no luck:
Add a new DWORD value to the registry called NoDomainUser, and then set it to a value of 1.
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity\Identities\youralias@domain.com_AD
After sign-out out everything works fine! Who can I stay sign-in and use on-prem AD RMS?
Thank you :)
I have an AD-RMS server and use the Windows Root-CA.
The root CA is to move to a new server. Once the root CA has been successfully moved, RMS documents can no longer be opened.
How can I change the root CA in the AD-RMS server?
Hello Team,
We are using NAS server and we configured multiple folder in the NAS box.also we have active directory server.we have to need to required map only NAS server ip i.s \\182.168.1.110 not included any subfolder.
is it possible to map only drive ?
Thank you
Dear Team,
I want to migrate my ADRMS which is running on server 2008 r2 with WID data base, So i want to migrate the same.
Please help me out how i can migrate ADRMS 2008 R2 to 2016. If would be better if you can share the document.
Hi.
I have AD RMS on Windows Server 2008.
I want to know how to migrate to 2016 or azure this old service.
Should I use Windows Server 2012?
Please advice to me.
Thanks.
Hi,
Every one hr. im receiving this event logs in domain controller security event viewer
This is valid event logs. pls suggest me.
The ACL was set on accounts which are members of administrators groups.Hi,
I have made a policy with password requirements. Password must meet complexity and minimal of 6 characters. Linked the GPO to a new OU which has inheritance disabled so that the old domain password policy is not applied.
Restarted the machine 3 times to make sure it gets the policy. When i start secpol.msc the options meet complexity requirements and minimal of 6 characters are there but the problem is it does not work. I can still choose a password for an account which does not contain any signs or capitals. Just use aloha and it changes the password to aloha....
What am i doiing wrong here?
freddie
Hello everyone,
just a quick one (I hope), one of our clients is asking if we can give a user access to all shares on the on-prem file server including all subfolders as well.
The only issue is that a lot of subfolders (there are loads) don't inherit permissions from parent folders.
My question is there a way to give this user access to all parent folders and their subfolders without messing with the unique permissions on the subfolders via PS script or something?
Many thanks in advance.
Mohamad
Hello all,
First of I'm sorry if I'm in wrong place for my question but I will give it a try :)
I have "simple" problem and DAC is simple solution for me. I have security group with users that can access certain folder on our FS (servers 2019). But they should be able to access mentioned folder ONLY from ONE or TWO workstations (win10 or server 2019)
Picture above represents NTFS permissions I want...and adding DEVICE claim should do the work. But DEVICE CLAIMS are NOT working. USER CLAIMS work.
1.GPO "kerberos armoring" for domain controllers (all 2016) is in place.
2.GPO "Kerberos client support for claims" is in place for needed workstations (win10)
SG-scanarhiva contains users, SG-PCclaim contains workstations from witch SG-scanarhiva should access folder testCN.
Like i mentioned user claims work. I created new "Claim type" in ADAC and tested it with department atribute. All users having for example "IT" string in department field can access folder. Users without cannot.
When i type "whoami /claims" i cmd i can clearly see claims for particular user.
Problem is whatever combination I try with DEVICE CLAIM, with any attribute (CN, department...etc) folder does not give NTFS access.
But if I test it in "effective access" looks like I should have permissions.
I really don't know how to troubleshoot Device claims... What is the difference between device and user claims?? Can you help me and point me to right direction ??
Best regards,
Pero
After reading Azure RMS, it seems like the documentation of AD RMS (on-premise RMS) hasn't been updated in two years roughly.. and it has this note up above its page:
"We're no longer updating this content regularly. Check the Microsoft Product Lifecycle for information about how this product, service, technology, or API is supported."
however, when I went to Microsoft Product Lifecycle page and searched for AD RMS.. nothing shows up.So my question is.. is AD RMS reached either "end of support" or "end of sales" ? or is there an announced date for either "end of support" or "end of sales"?
Also is this solution (i.e. AD RMS which is on-prem) is still recommended for new customers or they recommends new customers to go for Azure RMS?
All,
I recently replaced my domain controllers across 5 domains with 2016 servers. Since I have done that with no changes to GPO, etc. WHen I go to to a file share server, select properties, then security tab, I go to add a group from locations and I cannot select my domains to search for groups. They are blank. I made no GPO changes can someone assist? I am not sure how to even google this problem.
I have an odd issue. I have a domain environment that needs to be powered down every night.
The environment has 1 domain controller (which is used for both AD and DNS services) and roughly 10-15 Windows 10 PCs.
When I boot the system up in the morning I boot the domain controller first, then after I log into the DC I power on all the Win10 PCs.
The problem I have been facing since the June 2020 Windows Updates is that the Win10 PCs don't want to connect to the DC upon the first boot. Users attempt to log on to the Windows 10 PCs and receive an error message stating "we can't sign you in with this credential because your domain isn't available." This will happen to anywhere from 1-10 PCs on any given day, and the PCs that this occurs on changes every day. These users have all logged into the domain before. The group policy is set to cache 5 sets of credentials. So even if the PC cannot connect to the DC initially, the users should still be able to log into the PC but cannot. Also, I'm not sure why the PCs cannot domain authenticate in the first place. The only way the users can log into one of the affected PCs is to reboot the PC and then log in. Another thing I have noticed is that if a user IS able to log into a PC using a cached credential (prior to rebooting the PC) the network icon in the bottom right corner doesn't show the domain name. Instead it shows "network #" with the # being any number from 2-10.
NSlookup works on all PCs.
All PCs including the DC have static IPs.
All PCs including the DC point to the static IP of the DC in the DNS settings for IPv4.
I have tried removing a Win10 PC from the domain and rejoining the domain and the issue still occurs.
One troubleshooting step I have tried is to let all Win10 PCs sit for 20 minutes or so before logging in, and they all logged in no problem at that point. (this is not a viable option, as the network and PCs need to be ready to use with no issues within a few minutes -not 20- of the environment being booted up).
Again, this issue started after the June updates, but I don't see any known issues regarding DNS or AD, or any changes regarding either of those services. Am I missing something?
Any help would be appreciated. Can provide event viewer logs if needed.