having multi domains to be used as upn suffix for my end users, how to make...
i went to AD domains and trusts and added domain abc@123 for example so now i can change the upn suffix for any users to be abc@123when i create a new user the old domain is the one that comes first...
View Articlesmart card is required for interactive logon users attribute
Hello,I have a question when we tick this attribute on user's configuration.I know that it's ramdomize user's password, blocked interractive logon session...If we reset the user's password on an...
View ArticleADCS Question After Server Migration
Hopefully someone can help me with this ADCS question.Some years ago we needed a certificate server to implement a Wireless Network using WPA2 Enterprise Security.This was implemented with an...
View Articleauthentication policy and authentication policy silo
Need to grant the access via auth policy silo using specify access control conditions for the authentication policy for 5 servers & 5 users. Who are only able to access those server.What specify...
View ArticleTrust Relationship between two different forests - step by step guide
I have developed a lab in VMware Workstation with 2 different forests (2 different VM's - domain controllers). Their IP addresses are in different subnets and they have been connected through a virtual...
View ArticleLDAP: error code 12 - 00000057: LdapErr: DSID-0C090831, comment: Error...
Can anyone help me or tell me the reason for the errorLDAP: error code 12 - 00000057: LdapErr: DSID-0C090831, comment: Error processing control, data 0, v2580”
View ArticleAdmins sporadically getting "You do not have sufficient privileges to delete...
We've been getting a handful of calls lately from our Network Admins complaining that they can't delete computer accounts.The get an Active Directory dialog box that states that they are a loser..."You...
View ArticleAD Account Lockout and LastBadPwd
Hello All,Alright, I’ve done everything I can think of and am hoping someone has a thought for me.We have a user whose AD account gets locked daily after recent password change (which is sometimes...
View ArticleCan't Join PCs To Domain - Incorrectly Attempting to Discover Single Label AD...
This is a weird issue. We had a Windows 10 PC unable to connect to the domain profile correctly, so we took it off the domain and attempted to re-add it. However, when attempting to rejoin the domain,...
View Articleseize a roles
Hello, I try to seize roles from my primary DC server "contsystem1". I need seize the role because server has crasch(HW failure) so I want transfer roles to my secundary server "contsystem2" But Im...
View ArticleComputers do not find AD in the same subnet
I am setting a lab environvement on three VPS in the same subnet. One of the computer serves as a Domain Controller. However, other computers even when DC is set as a primary DNS can't find the DC (I...
View ArticleLDAP queries against domain hang
Some of our services that integrate with AD DS I've noticed tend to hang the first time they send out a query (such as to send a request for user password authentication) .. This seems to occur with...
View ArticleNo event ID 4768 on my domain controllers... WHY?
I have 6000+ users... 8000 + endpoints... 12 domain controllers... Doing some work where I need to find event ID 4768 to look at some user / machine log in information... Cannot find this event on...
View ArticleAzure AD Connect Health Sync Monitor High CPU Usage
Hello. I have Azure AD Connect installed on my server to sync our on-premise domain with Office 365 and I'm noticing the Azure AD Connect Health Sync Monitoring Service is always running high CPU...
View ArticleShared Folder For Domain Users
Dear All,How can i allow domain users to share their own folder "created by them"on their PCs. I did disable UAC but didn't work. Is there any group policy i can configure to let domain users to share...
View ArticleGet List of All Groups From Active Directory
Below Powershell command would help you to get all list of Groups (both Security & Destribution) groups from Active Directory.Get-ADGroup -filter * -properties * |select SAMAccountName,...
View ArticleGet List of All Service Accounts from Active Directory.
Below command would give you the list of all service accounts in Active Directory.get-aduser -filter * -properties Name, PasswordNeverExpires | where {$_.passwordNeverExpires -eq "true" } |...
View ArticleGet List of Unlinked GPO's from Domain.
Below Powershell commands will give the list of all Unlinked GPO's from a domain.$unlinkedGPOs = Get-GPO -All | Where-Object { $_ | Get-GPOReport -ReportType XML | Select-String -NotMatch...
View ArticleLogon Script in AD Not Running Anymore
We have a domain setup, with multiple machines and everyone logging in via Remote Desktop to servers. All users use the same logon script, pointed to in Active Directory under the profile tab. The...
View ArticleGet List of Empty AD Groups in a Domain
Below powershell command will give you the list of AD groups which does not have any members.Get-ADGroup -Filter * -Properties Members | where {-not $_.members} | select Name | Export-Csv...
View Article