R
Russmcintire
We are currently running both Server 2012 R2 and 2016 Domain controllers. When several third party applications query LDAP, they are starting to receive different result from the 2012 R2 and 2016 servers.
We have a root domain called domain.local (Which is empty) and a sub domain called domain2.domain.local (which holds all resources)
We have a log server set up with a subscription that pulls the following event ID's from the security logs:
4768,4769,4770,4624
In this example (though it holds true for all event ID's), we are looking at event ID 4624 for both the machine and user logon.
On both the 2012 and 2016 servers, the event ID's above, In the "New Logon" section, show the security ID as “domain2\user”
On the 2012 R2 server, the event ID's above, In the "New Logon" section, show the "Account Domain" as just “Domain2”
On the 2016 server, the event ID's above, In the "New Logon" section, show the Account Domain" as “domain2.domain.local”
IS THERE A REASON WHY THE "ACCOUNT DOMAIN" FIELD IN THE EVENT LOGS, IN SERVER 2016, IS NOW BEING LOGGED AS domain2.domain.local instead of just domain2?
Our 3rd party application(s) use the information from the eventID's in the event logs to construct their LDAP queries.
From what we can determine, changing the account domain field from just "domain2" to “domain2.domain.local” is breaking some of our applications that make LDAP queries.
Is there a way to force the 2016 servers to log the account domain just as "domain" and not "domain2.domain.local"?
Russ
Continue reading...
We have a root domain called domain.local (Which is empty) and a sub domain called domain2.domain.local (which holds all resources)
We have a log server set up with a subscription that pulls the following event ID's from the security logs:
4768,4769,4770,4624
In this example (though it holds true for all event ID's), we are looking at event ID 4624 for both the machine and user logon.
On both the 2012 and 2016 servers, the event ID's above, In the "New Logon" section, show the security ID as “domain2\user”
On the 2012 R2 server, the event ID's above, In the "New Logon" section, show the "Account Domain" as just “Domain2”
On the 2016 server, the event ID's above, In the "New Logon" section, show the Account Domain" as “domain2.domain.local”
IS THERE A REASON WHY THE "ACCOUNT DOMAIN" FIELD IN THE EVENT LOGS, IN SERVER 2016, IS NOW BEING LOGGED AS domain2.domain.local instead of just domain2?
Our 3rd party application(s) use the information from the eventID's in the event logs to construct their LDAP queries.
From what we can determine, changing the account domain field from just "domain2" to “domain2.domain.local” is breaking some of our applications that make LDAP queries.
Is there a way to force the 2016 servers to log the account domain just as "domain" and not "domain2.domain.local"?
Russ
Continue reading...