UMC configuration on DSfW Domain Controllers (FRD, ADC, or CDC) fail in Name-Mapped and Non Name-mapped DSfW setup. UMC is unable to detect the existing UMC server in the same tree.
The Samba shares cannot be created in iManager because the NCP Server object fails to load during the process. However Samba shares can be created in the smb.conf file.
Following warning message appears for ADC installation when there is an empty space in the FRD password.
Few of the Domain Controllers are not reachable. Before proceeding with the installation, it is recommended to make the following Domain Controllers available: <FRD hostname>
NOTE:The ADC installation can proceed, and there will not be any install failures even after receiving the warning message.
If a username contains more than 20 characters, a garbage value is displayed when you run "wbinfo -u" command.
Using Windows MMC, it is not possible to create a proxy user in DSfW domain with sufficient rights to read the user and group information.
Joining a Windows workstation to DSfW domain using the NetBIOS name fails with the following error:
The specified domain either does not exist or could not be contacted.
Unable to bind to DSfW servers using NTLM when kerberos is down. This issue is fixed in the OES 2018 SP1 Update 1 patch release.
In a cross forest environment between AD and DSfW, a share created on Windows server cannot be accessed by DSfW users on 32-bit Windows 7 client.
After the PDC role is transfered from Forest Root Domain to Additional Domain Controller, which is not a DNS server, adding a Domain Controller with the Configure this Server as a DNS Server option selected during installation fails during provisioning.
In a mixed mode environment (OES 2015 and OES 2018 or later) if any of the domain controllers are updated prior to updating the FRD with 2012 schema, the password setting container might not be visible on domain controllers during object creation with 2012 schema level. Therefore it is recommended to always update the FRD with the latest schema level first and then update the domain controllers.
The name of the attributes for Fine-grained password policies cannot be longer than 32 characters.
The support for the following three attributes is not available with the current implementation of Fine-Grained Password Policy due to the limitation imposed by eDirectory. Currently, eDirectory supports these attributes only at the container level.
msDS-LockoutThreshold
msDS-LockoutObservationWindow
msDS-LockoutDuration
The values for the following attributes must be provided in multiples of number of seconds per day (86400 seconds per day).
msDS-MinimumPasswordAge
msDS-MaximumPasswordAge
The current implementation of Fine-Grained Password Policy is limited to individual users and is not applicable for groups. This is because of the limitations imposed by eDirectory.
When you copy a user object from MMC, it fails with an unspecified error. Micro Focus has no current plans to change this.
After a user is created, the administrator cannot force password changes through MMC because the check box is disabled. Users must change their own passwords. Micro Focus has no current plans to change this.