A question about computer account password changes
Hello, Can someone please help me with the following question,If you have been using AD for any length of time you probably come across the senario where a computer cannot logon to the domain and you...
View ArticleUser cannot Change password using Powershell
Hi,I need help in setting user cannot change password for a set of domain accounts in my organisation.I have sorted the Password never expire for those accounts for which I am using the below PS...
View ArticleDCDIAG Question
Hello.I have been looking into errors I've found on my 2012R2 DC's in DCDIAG (using dcdiag /c /q). I have 6 2016 DC's and and 6 12R2 DC's. This shows up on all the DCDIAGS on both OS's, but only...
View ArticleLAPS Event Log Details
While trying to refine our auditing instructions for LAPS, I am having problems filtering the event viewer for specific computer events to determine who accessed the ms-mcs-admpwd attribute of a...
View ArticleAccess is denied error when create an GPO
Hi,I got the "Access is denied" error when I attempt to create an GPO. Can anyone help me? Thanks
View ArticleOn-Premises MFA for users in Windows 2012 R2 Domain
We have 2012 R2 AD with Azure federation connected thru AAD with password sync and hash. We would like to enable on-premises MFA for users. What are the requirements and best practice to enable MFA for...
View ArticleCertification Authority Web Enrollment Error: An unexpected error has...
Hi everyone:I have two tier-PKI with server-1 as sub-ordinate enterprise/issuing CA. I have installed 'Certificte Authority Web Enrollment' on Server-2. when I open Server-2.domain.com/certsrv and go...
View ArticleClik here to view.
Can't promote DC to GC with event ID 1645 and 2018
Hello, we have a single forest multiple domain topology, we've recently troubleshoot AD replication that is showing lingering objects on a lot of the dc and blocking replications, after removing the...
View ArticleNTDSUTIL domain list sequence different between DC
Hello,is there any significance to the domain numbers that is show on NTDSUTIL metadata clean up utility ?we have some domain controller with a different domain numbering from the other dc eg:DC11 -...
View Articlehow to add addional clock( UK , UAE, Srilanka, Singapore time zone) to...
Hi Team,Happy Christmas!! Please help me to add additional clock using group policy in client machine. i have 100++ windows 7 machine where i want to add 4 more time zone . I have followed the below...
View ArticleMigration AD to new forest and Migrate Client computers and users without effect
Dear Forum, I have 2 domains are abc.com and efg.com. we will have new domain and forest hij.com and migrate all user from abc.com and efg.com to hij.com. we want to do migration without effect the...
View ArticleIs it wise to put domain controllers behind a load balancer
Can someone tell me if it would be wise to put domain controllers, DNS servers and DHCP servers behind a load balancer?I know for clients and servers and other systems that use the DC locator process...
View Articleenable ldaps in dc
I'm going to enable LDAPS on my 3 domain controllers (Windows 2008 R2) so I created my own CA in first domain controller according to thishttps://www.youtube.com/watch?v=JFPa_uY8NhY&t=2sI tested it...
View ArticleDeploy GPO allow Applocker Adobe XD CC 2018.
We got some issues with Applocker and Adobe XD CC, when we block open Windows Store via GPO it works windows store can't open but when we install Adobe XD CC it also cannot open too it alert "This app...
View ArticleWindows server 2008 r2 SSL V3 vulnerability error against port no 3269 and 636
Hi, Recently our network team runs vulnerability test in our network. In the result we got SSL V3 Vulnerability error in windows server 2008 r2 in the ports 3269 and 636. I have read out some...
View ArticleIssue with msDS-Behavior-Version 7 (=WIN2016)
I created a new AD LDS instance on a Windows 2016 server with the following command:c:\windows\ADAM\adaminstall /answer:E:\ADLDS\instance3\adaminstall.cfgwhere the answer file contains:[ADAMInstall]...
View ArticleClik here to view.
Can`t see users property from ForeignSecurityPrincipals OU
Hi,in organization two domain with two way trust qwe.com and zxc.com. I add two new domain controllers to zxc.com and have a problem.When I add user from qwe.com to group of zxc.com, and after that try...
View ArticleEFS Best practices: with or without AD CS - DRA HowTOs
Hello, due to new security requirements in my company I must enable encription for some folders in my network file share. For this purpose I decided to implement EFS (Encrypting File System).After...
View ArticleDFSR fails with partner that no longer exists
I have 2 DC (DC1 and DC2, both 2012 R2). I used to have a 3rd DC (DC_TMP, 2k8 R2). DC_TMP has been decommissioned, and any and all references to the server have been removed (ADUC, ADSI, ADSS, DFS...
View ArticleDFSR Migration Stuck
A few weeks ago the domain controllers in our Lab domain was attempted to be migrated from FRS to DFS. The domain is at Windows 2008 R2 functionality level and the DC's are on Windows 2019. When the...
View Article