Error trying to configure trusted forest in IPAM

-

scenario

this lab experiment.  have created 2 single domain forests, abc , xyz.  both forests @ win2008r2 functionality both user server 2012r2 dcs.  have established 2 way transitive forest trust between abc , xyz.

in domain abc, have installed server 2016 machine , installed ipam.  have provisioned ipam server, opting gpo provisioning, , can manager dns servers , dhcp servers in abc domain.

problem

the reason deploying ipam on server 2016 want able manage multiple forests 1 ipam server.

i trying run following command:    invoke-ipamgpoprovisioning -domain xyz.local -gpoprefixname ipam1_ -force

if try , run command in powershell window running administrator@xyz.local, fails with:

invoke-ipamgpoprovisioning : failed add computer abcipam01.abc.local group ipamug. exception calling  "invoke" "2" argument(s): "the server unwilling process request. (exception hresult: 0x80072035)"  @ line:1 char:1  + invoke-ipamgpoprovisioning -domain xyz.local -gpoprefixname ipam1_ ...  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      + categoryinfo          : invalidoperation: (:) [invoke-ipamgpoprovisioning], exception      + fullyqualifiederrorid : invalidoperation,invoke-ipamgpoprovisioning

just thorough, added administrator@xyz.local administrators, ipam administrators , remote desktop users groups on ipam server, logged on server administrator@xyz.local, opened elevated powershell window , tried again , got same result.

according page https://technet.microsoft.com/en-gb/windows-server-docs/networking/technologies/ipam/manage-resources-in-multiple-active-directory-forests i'm doing things in correct manner isn't working.

any appreciated.

sorted myself.

after thinking it, occurred me trying admin-level stuff in 2 domains using account had admin rights in 1 domain or other.  adding administrator@abc.local administrators group in xyz.local allowed me create ipam gpos.

obviously, solution fine use in a lab/dev environment but not best practice production environment.

mike



Windows Server  >  IPAM, DHCP, DNS



Comments

Post a Comment

Popular posts from this blog

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more

Failed to setup initiator portal. Error status is given in the dump data.

-
hi team, server configured boot san  after booting  facing issue windows server 2008 r2 system logs continuously generating iscsi port error event id 5 failed setup initiator portal. error status given in dump data. eventdata \device\raidport1 000004000100000000000000050000c0000000000000000000000000000000000000000000000000070200c0 binary data: in words 0000: 00040000 00000001 00000000 c0000005 0008: 00000000 00000000 00000000 00000000 0010: 00000000 00000000 c0000207 in bytes 0000: 00 00 04 00 01 00 00 00 ........ 0008: 00 00 00 00 05 00 00 c0 .......À 0010: 00 00 00 00 00 00 00 00 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: 07 02 00 c0 ...À hi, please read through article below troubleshoot issue: error event id 5 logged in system log on computer uses iscsi software initiator connect iscsi target device http://suppo...
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema ...
Read more