Groups with No Owners and Inactive Owners, Groups with No Members
I was auditing the AD for one of my customers. As a result of the audit i found out the below things1) There were many groups with No Owners2) There were groups where Owners have left the Org long...
View ArticleDoes mail contacts require Exchange?
We will be decommissioning our Exchange server this year but there is a need to record email addresses for certain users and have them be members of groups without giving them an actual AD domain...
View Articlesyntax error
Hi All i am executing the below script in Powershell ISE i am getting the error experts guide me on this.$Input = "((Office -like '*Singapore*') and ((departmentNumber -eq 1234) or (departmentNumber...
View ArticleLooking for Account Lockout script
Hi Guys,my infra having 100+ DC and logs are purged very frequently (within 10-20min). to find the account lock out source is quite difficult task.do we have any power shell script to find the account...
View ArticleThe sign in method youre trying to use isnt allowed.For more info contact...
Good Morning, After removing a group which was mistakenly added to Administrators users on that group cannot log-in to the Domain and are getting the above error . The workaround is to have them...
View ArticleCross Forest CA - Access Denied when attempting to Enrol Certs
ScenarioWe have a forest root, lets call ForestA.local.We then have a sub domain in this forest. Lets call it Domain.ForestA.local. All user / computer accounts etc are in this domain. This is the main...
View Articleverification of outbound replication failed. unable to locate replication...
currently our environment has 3 DCs .primary DC ,1st PDC is windows server 2012 standard ( not R2 ), 2nd DCs windows server 2012 standard ( not R2 ) and 3rd Dc is windows server 2008 R2 standard.we are...
View ArticleActive Directory Authentication Ports
I have been upgrading our Domain Controller to Windows 2016. I have been informed from our security department that the RPC authentication ports are configured on our various firewalls. They would...
View ArticleDSRM Password change
Hi, I have 2 DC let say dc1 and dc2. I have set the different directory service restore mode password for my 2 DC. Due to security reason i don’t want to set same DSRM password for my dc's I created 2...
View ArticleDC - refuses administrator log on
History: I migrated a 2003 domain to 2012 R2 (2 DCs), now native. All was ok until my 1st reboot of the 2nd DC. It lost its ability to communicate w/the domain. I've demoted/removed it and am now...
View ArticleDomain controller login error "There is a time difference betweein client and...
Hi,We have a child domain B.A.local where A.local is root domain. When I try to logon to domain controller of B.A.local domain with A.local user id and password (which is a enterprise admin), I get...
View ArticleDomain Accounts on Secure Host Baseline (SHB)
All,I am using the Secure Host Baseline Server 2016 and have a question regarding the default user accounts within AD. The "Local" admin on the DC is "DoD_Admin". I have implemented LAPS on all...
View ArticleStrange LDAP behavior
Preparing for the LDAP/s transition, I noticed some strange behavior that I can't explain. I used the ldp.exe tool to test these connections. I have successfully configured LDAP/s on port 636 as well...
View ArticleRunning application from Network share fails
Several users are experiencing problems running applications on network shares in the past few weeks. One of the users is getting an error pop up: "The application was unable to start correctly...
View Articleremoving forestdnszone/domaindnszone
hello - ive encountered an environment where they've moved to infoblox appliances for DNS....what is the best practice for removing the forestdnszone/domaindnszone partitions from AD and the...
View ArticleReducing AD tombstoneLifetime
Hi, if i reduce the AD tombstoneLifetime value do the tombstone object immediately get cleaned up, or do they still wait the default 180 days to be removed. Also what is the process that cleans up the...
View ArticleHomeDrive field is not consistent between "Users and Computers" and...
Users that were created in the past have Home Directories, but in some cases they do not map the drives at Login. In Users and Computers console, the Drive letter is selected, but in Administrative...
View ArticleWhat is the best practice about User Lifecycle Management in AD
I am auditing one of my customer's AD and i find out that when a user leaves the Organisation, their user ID is being put into disabled state and put into a particular OU.The disabled users or users...
View ArticleHow to import and export active directory user and Computers?
Hi All,How to import and export active directory user and Computers?Kindly provide best solution
View Article