After the PDC role is transfered from Forest Root Domain to Additional Domain Controller, which is not a DNS server, adding a Domain Controller with the Configure this Server as a DNS Server option selected during installation fails during provisioning.
With the OES 2015 SP1 May 2017 Hot Patch update, there is no provisioning tool available to enable the new features. The enablement is only through scripts.
The name of the attributes for Fine-grained password policies cannot be longer than 32 characters.
The support for the following three attributes is not available with the current implementation of Fine-Grained Password Policy due to the limitation imposed by eDirectory. Currently, eDirectory supports these attributes only at the container level.
msDS-LockoutThreshold
msDS-LockoutObservationWindow
msDS-LockoutDuration
The values for the following attributes must be provided in multiples of number of seconds per day (86400 seconds per day).
msDS-MinimumPasswordAge
msDS-MaximumPasswordAge
The current implementation of Fine-Grained Password Policy is limited to individual users and is not applicable for groups. This is because of the limitations imposed by eDirectory.
AES-256 encryption type is not supported. AES-128 encryption type is used currently.
The policies cannot be updated successfully because the command gpupdate fails on Windows 10 with the following error:
Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
User Policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows attempted to read the file \\dsfwserver.com\sysvol\dsfwserver.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
When you copy a user object from MMC, it fails with an unspecified error. Novell has no current plans to change this.
After a user is created, the administrator cannot force password changes through MMC because the check box is disabled. Users must change their own passwords. Novell has no current plans to change this.