Last logon users
Hello allI have around 100 computers, and i need to find out last logon time stamp and last logon user.I have script to find out last logon time stamp and can any one tell how to find out last logon...
View ArticleCan a Domain Controller be assigned to multiple AD Sites
In order to resolve a DFS issue at one of our branch offices I had to create a new AD Site and assign their specific subnet to it. There is no Domain Controller at this location. It seems like every AD...
View ArticleHow to enable read-only access to AD integrated DNS for a group of users when...
Hi, hope you can help.What is the easiest way to allow a group of users to view AD integrated DNS with the DNS Administrative Tool?When trying to connect to a DC with the DNS Administrative Tool, the...
View ArticleSecure vs Unsecured DNS Updates
We have domain joined computers that VPN into our network but they don't register in DNS. If I allow non-secure updates, they register fine. (the register fine when in the office). How does Windows...
View ArticleGP screen lock timeout time changes
We have all users on a domain with a GP policy to lock screen after 15 min of inactivity. So far 3 users who's first screen lock of the day will be at 15 min. After that it goes to 2-3 min. Until PC is...
View Articleserver failed test DRSREVent
Server failed test DRSREVent. Give error while I run DCDiag command.. I don't have any other DC in network???
View ArticleChange Computer Name on Domain Without Removing From Domain
I know that when changing a computer name that is on a domain you first should remove it from the domain and add it to a workgroup. Why is that and what are the consequences of not first removing it...
View ArticleClik here to view.
Particular AD user account getting locked out
Hi,One Particular AD user account is getting locked out and we have checked security log found locked outevent ID 4740 for that user but Caller Computer Name is blank/empty.(below screenshot for your...
View ArticleIs it possible to renew a cert on CA server?
Hi,We used the same method in https://blogs.technet.microsoft.com/rmilne/2014/06/17/how-to-request-certificate-without-using-iis-or-exchange/ to request server authentication cert for our domain...
View ArticleDemoting domain controller with active application installed
Hi,unfortunatetly I've to deal with three domain controllers (Server 2003 R2, FL and DL on 2003) which were used for everything. After about 25 migrations tasks DC#1 and #2 are "free". The third one is...
View ArticleExternal Login using ADFS 2.0
I have an MVC application and I want external users to use a sub site to Login to a page. In ADFS server I want to enter the sub site Url then in the default web site create a sub site folder and copy...
View ArticleUser logon name (pre-Windows 2000) (sAMAccountName)
Hey,We have a requirement to change this attribute for all users. I've tried it with my account and it does work OK, but anything that uses Integrated Authentication is passing the old value (which...
View ArticleAD upgrade from Windows 2008 R2 to 2012 R2
I am going to upgrade my AD from 2008 R2 to 2012 R2, can anyone provide step by step instructions and your recommendations to perform an upgrade without any issues? Also, need to get best practices,...
View ArticleDoes MS / AD have a solution for enforcing strong passwords?
Our organization wants to be able to enforce strong passwords beyond what is currently available using domain-level password policy. For example, we would like to filter out dictionary words, and...
View Articleuser accounts ending with $ on Active Directory
Hi,As part of an AD cleanup sweep, I noticed a few AD users accounts ending with $. I have turned on Advanced View but I still can't view them on the GUI but I can get the details using the...
View ArticleExport from one AD and Import to another AD server
Hello, we had a major issue and mistake where someone accidentally deleted an OU that contained about 50 security groups and members. Unfortunately this controls the security of one of our major...
View ArticleClik here to view.
ADFS 3 authentication looping prompt
We have installed and configured ADFS 3 with CRM 2013 as following:ADFS server where ADFS 3 is installled on Windows Server 2012 R2.CRM 2013 server configured for IFD installed on Windows Server 2012...
View ArticleDelegate enable computer account
Is it possible to delegate enable a computer object in AD? I looked in the delegation wizard and advanced security permissions but didn't see anything that matches.
View ArticleDoes Microsoft plan to support the SCIM protocol for integrating with cloud...
Does Microsoft support or plan to support the Standard for Cross-Domain Identity Management (SCIM) [1] in any of its directory/federation products? I found this blog post [2] where Kim Cameron spoke...
View ArticleCannot remove missing NIS server
I had a 2008r2 DC go down. Among other things, the server was an NIS master server. I've managed to successfully transfer all of the dead server's duties to another DC (also 2008r2). The new DC is now...
View Article