Creating password policy for individual group
Hi I seem to be having issues with creating a seperate Password policy for certain users aside from the default domain password policy in AD. This new password Policy is set so that the only group that...
View ArticleDC decommission, Keytab and kerberos
Hi team,We have two domain controllers in the HO site running Windows server 2012 R2. We're in the process of upgrading the environment to WS 2016. We have completed one server and one is remaining.The...
View ArticleGetting the name of the network user/AD admin who just logged in?
In our corporate network we have a situation of conflicting interests between not very polite admin and privileged users.The admin often renews annoying policies, like forced reboot, and...
View ArticleFailed DCPROMO - First Domain Controller of a new Child Domain
HiI'm trying to create a new child domain (F) in a mixed 2012R2 / 2016 DC environment best pictured as follows Root / \ A B / | | \ C D E FSummary of domainsRoot - 2012...
View ArticleRemove group policy
I purchased a workstation from my employer when I retired. It was a member of a domain but never removed from that domain. One of the group policies is to disable wifi. How can I get rid off all the...
View ArticleAdding a computer object to active directory
HI,What is the benefit If I add client pc name to AD prior to joining to the domain Thanks
View ArticleTrust between 2008 and 2012R2 domain controllers
Hi,I have a forest with 1 domain which has 3x domain controllers running on 2008 forest\domain functional levels.I need to have a two way trust with another forest with 1 domain which has 1x domain...
View ArticleisGlobalCatalogReady: FALSE; The Gloabal Catalog Ready Parameter is NOT...
We have three sites in active directory domain site and services. One of sites domain controllers were not marked as Global Catalog. We have marked them as GC in NTDS settings. However, if I connect...
View ArticleAny limitations Or disadvantages with using msds-memberoftransitive?
Hi,Using msds-memberoftransitive attribute to get direct and transitive(nested) group membership of users. Would like to know if anyone there using it and any limitations with using...
View ArticleHow to Delegate Limited Control to non Admin
I want to be able to grant rights to 2 people in the HR department to be able to modify the following fields in AD (I am using Delegate Control wizard):General tab:First name/Display...
View ArticleA question about _msdsc.MyDomain.local domain
Hello, can someone please help me with the following question, thanks in advanceI have a LAB setup with a forest root domain Forest-Root.priI then have a new Tree (rather than a direct child domain)...
View ArticleUnable to modify the wellKnownObjects attribute when changing default...
Hello, I'm preparing for the 70-640 exam. In attempting to redirect the default domain computer OU, I entered the command redircmp "CN=CLIENTS,DC=contoso,CD=com". I get the error -unable to modify...
View ArticleMapping Network Drive via GP for Security Groups - Win Server 2016,
Hello,I would like some help with mapping network drives for multiple users via group policy that are all in pre-organised security groups. I have seen a few posts/videos, documents on how to map via...
View ArticleDomain name and email server name both are same
Hiwe deployed server and domain name is same as email server name (email is hosted to cloud)not users are not able to access email via web access. outlook working only with POP3 and SMTP ip address if...
View ArticleAzure AD Connect Microsoft PolicyKeyService Certificate Authority
Dear All,Since a few weeks (after some adjustments in SCOM) we receive several alerts on Azure AD Connect Servers (different tenants) regarding a certificate warning.Apparently Azure AD Connect...
View ArticleReplication Problem ADMX
HiI have 3 DCs (A-B and C) Windows 2012 R2 in same site. I download ADMX (office 2016,2019 and Office 365)- Extract files- Copy on server A, all ADMX in folder...
View Article(apparently) random AD accounts keep being locked due wrong logins
Hello there,we have an issue since beginning of August where Active Directory accounts are being locked - not always the same accounts. It really seems to appear randomly. So far these accounts having...
View ArticleRSAT not showing under Windows features
HelloI have a colleague who is experiencing problems with getting the Remote Server Administration Tools in his windows features. We have followed the installation proccess for RSAT windows 10, and...
View ArticleOne single Active Directory Domain in a DTAP environment: any best practices?
Hi all,I'm currently designing a DTAP environment for one of my customers.For those who do not know, I'll quickly describe what that is: DTAP stands for Development, Testing, Acceptance and Production....
View ArticleADPREP Error when promoting Windows Server 2016 in 2008 R2 forest/domain
When promoting a Windows Server 2016 to DC, adprep fails with an error that an attribute or value already exists.The DN is CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=<domain>.Forest and...
View Article