I use Windows Server 2012 R2 and all my desktops are domain joined.
Whenever I create any Group Policy ,it does not work unless I remove the PC from Domain and rejoin them.
After rejoining to domain, group policies work without any issue.
FYI, I have disabled DHCP on server and enabled on Firewall.
Please help me in this regard.
There are a few reasons why this may not be working as you expect.
The first thing I would suggest to try is opening the command prompt on these PCs and typing gpupdate -force
Command prompt will usually ask you to restart to apply to changes to computer policy, type y and enter to restart. After this your new group policies should be applied.
Another thing to consider is that when you re-add computers to the domain they are automatically added to the Computers OU. It could be that this is where your group policies are being applied to and that before that they were in a different OU in which the group policies are not applied.
Hope this helps, let me know how you get on.
Related
For a POC for using AD on the google cloud with kuberenetes, I created a managed active directory, as is described in this link.
To add a gMSA account for the AD, I looked at this documentation.
It looks like I should use the New-ADServiceAccount command from the AD VM.
However, when looking at the domain I've created on pantheon , I couldn't find the VM it is on.
The interface does not give me any clues as to how I could add users, or do anything with the domain.
Any help will be appreciated.
Thank you,
It not written in the docs, but it is not complicated.
One should first join the domain from another windows machine (note that this is not supported on all windows OSes). This is done exactly like a regular machine joining a regular AD, as long as the domain and the machine are in the same vpc.
Then, install the AD roles on the joined machine, and run the New-ADServiceAccount commnad from there.
Comment 1:
Some machines on the GCE cannot join a domain (even with windows server datacenter). I have not figured out why, and instead opened a different machine.
Comment 2:
Windows integration in kubernetes is new, and possibly this answer will not be relevant in 6 mounts.
I am having some of my GCP instances behave in a way similar to what is described in the below link:
Google Cloud VM Files Deleted after Restart
The session gets disconnected after a small duration of inactivity at times. On reconnecting, the machine is as if it is freshly installed. (Not on restarts as in the above link). All the files are gone.
As you can see in the attachment, it is creating the profile directory fresh when the session is reconnected. Also, none of the installations I have made are there. Everything is lost including the root installations. Fortunately, I have been logging all my commands and file set ups manually on my client. So, nothing is lost, but I would like to know what is happening and resolve this for good.
This has now happened a few times.
A point to note is that if I get a clean exit, like if I properly logout or exit from the ssh, I get the machine back as I have left, when I reconnect. The issue is there only when the session disconnects itself. There have been instances where the session disconnected and I was able to connect back as well.
The issue is not there on all my VMs.
From the suggestions from the link I have posted above:
I am not connected to the cloud shell. i am taking ssh of the machine using the chrome extension
Have not manually mounted any disks (afaik)
I have checked the logs from gcloud compute instances get-serial-port-output --zone us-east4-c INSTANCE_NAME. I could not really make much of it. Is there anything I should look for specifically?
Any help is appreciated.
Please find the links to the logs as suggested by #W_B
Below is from 8th when the machine was restarted and files deleted
https://pastebin.com/NN5dvQMK
It happened again today. I didn't run the command immediately then. The below file is from afterwards though
https://pastebin.com/m5cgdLF6
The below one is after logout today.
[4]: https://pastebin.com/143NPatF
Please note that I have replaced the user id, system name and a lot of numeric values in general using regexp. So, there is a slight chance that the time and other values have changed. Not sure if that would be a problem.
I have added the screenshot of the current config from the UI
Using locally attached SDD seems to be the cause ... here it is explained:
https://cloud.google.com/compute/docs/disks/local-ssd#data_persistence
You need to use a "persistent disk" - else it will behave just as you describe it.
my development team has been sparingly trying out Google Cloud Platform for about 10 months. Every member was using the same account to access GCP, say team#example.com. We created three projects under this account.
Starting in about July, we cannot see these projects in the GCP console anymore. Instead, there is one project named My First Project, which we have never created.
However, our original GCP projects still seem to exist, as we can still access for example some of the Google Cloud Functions via HTTP.
Therefore, I have the impression that the connection between our account and the projects has been lost.
OR
A second account with the same name has been accidentally created?
Additional curiosities:
Yesterday I tried to create a Google Cloud Identity account, using team#example.com. It did not work; when entering that address the input field showed an error like "Please use another email address. This is a private Google account." (It was actually in German, so I'm guessing the translation.)
When I go to accounts.google.com, the account selection screen offers team#example.com twice. No matter which entry I choose, I always end up in the GCP console with My First Project.
How can I recover my team's GCP projects?
Which Google support site may I consult to check on the account(s)?
Usually, there is a 1:1 mapping between a certain email address and a Google Account. However, this can be broken under certain situations - for example when creating / deleting / migrating G Suite or Cloud Identity accounts under the domain the email address uses.
If you hit such an edge case, there's not much you can do yourself. Reach out to GCP Support who should be able to resolve the issue for you.
Keep in mind that orphaned resources have a timer on them before they are deleted - so act quickly and do not rely on apps still responding being a sign that they will continue indefinitely.
I'm using Amazon Directory Services with a Simple AD instance. I can join computers to the domain, but I can't figure out how to add users to the domain (and do not see in the documentation whether this is even possible).
How do I create a user in Amazon Simple AD?
You can manage users (and groups) via a bound instance's Active Directory Users and Computers tool. Details are here.
Note that due to a bug, this must be done from a Windows Server 2008 R2 instance at the time of writing. Windows Server 2012 is not supported at the time of writing per this post (registration required).
My Windows service application runs on workstations belonging to the Active Directory domain. Once in a while I get user questions about some features of my program not working. Upon further investigation it usually turns out that certain Group Policy Object (GPO) settings are to blame.
So I was thinking, is there a way to list all GPOs applied to a local/member workstation? (I can then store them in the log file and quickly refer to it later if the problem comes up.)
The main problem is, that "group policy" is just a good name... it consists of many individual registry entries... the only way to see this is to dump all these indivudual registry entries...
A starting point might be:
Group Policy Registry Table
Group Policy Registry Key Entries for Windows 7/Vista/XP and Server
Alternatively you can use the GPO API (which might be a better starting point):
GetAppliedGPOList
You can check it by simple windows command "gpresult".
Just open console and type gpresult /r /scope computer and you can get your result.