unable to create the synchronization service account for azure active directory
installing Azure active directory connect i get the above error .... and the trace log says "Product Microsoft Directory Sync Tool is not installed." pls help ... cannot sync my ad (win server 2016) to azure (entra).... log…
Creating a SHA256 CSR using MMC on a Domain Connected Windows 2016 Member Server
I have been trying to create server certificates that are SHA256 and keep getting SHA1 results. Using the MMC in the CSR wizard (from right clicking in the certificate store, then selecting Tasks -> Advanced Operations -> Create Request). The…
I have a Domain Controller with a Tombstone Lifetime that has exceeded. How do I bring it back online?
I have a Domain Controller with a Tombstone Lifetime that has exceeded. How do I bring it back online?
Can't change files in sysvol folder when access through UNC from DC
Hi, we're facing with weird issue, we can't change\add\create files under SYSVOL folder when we access through UNC from DCs. but if we access to the SYSVOL folder through UNC from other servers in domain there is no issue to change\add\create files. …
Using AD Activation on Windows 2019 Server
I installed the Volume Activation role on a 2019 server and added a Windows 10 Enterprise key, went through the wizard and saw it listed in AD using ADSI edit.. "perfect" I then tried to add a Windows 11 key and it added it but removed the…
Access to Azure Active Directory: Unknown error code: 0x80192ee7
Getting Error code 80192EE7 when trying to sign in. I have access to Azure Active Directory but I'm getting the following:
How to remove the "hint" query parameter during AAD B2C password reset flow?
We have set up the password reset exchange as instructed in the docs and are trying to remove the hint query parameter that gets added to the URL when clicking the forgot password link. We do not want it as it is an info leak. Someone else asked a…
Secure Score wants me to disable delegation on my Domain Controller computer accounts
originally posted on the Office365 'answers' forum but I was told that was not the correct place and I should post it here instead. Microsoft Secure Score flagged a number of 'privileged' accounts on my AD domain that were set to allow delegation. I…
Desktop App Installer
Hi If the below policies are disabled through GPO, I suspect that only command-line utilities like winget will be impacted. Could there be any other effects? Computer Configuration-Policies-Administrative Templates-Windows Components-Desktop App…
Renewing Powershell Self Signed Certificate from CA
Hi Everyone, We're going to change ours Self Signed Powershell certificates, we have an AD Certificate Services in our domain, we've created custom Self Signed Powershell certificates for code signing, then we've distribute the certificates via GPO.…
Unavailability of one Domain Controller causes loss of Internet even though Secondary DNS was configured
We have a network with a domain controller that manages DNS settings for all connected client PCs. The primary DNS server is configured on the domain controller, and a secondary DNS server is also set in the Advanced TCP/IP Settings of each client PC. It…
Multi-Provider Router (MPR) notifications
I need help on two GPOs. If I disable the policy below, will there be any impact besides issues with mapped network drives? Policy: Enable MPR notifications for the system --> Disabled Location: Computer Configuration\Policies\Administrative…
Digitally sign communications
The policy below is currently disabled in our environment. I have a request from our security team to enable this policy.Could there be any issues with SMB, given that I have DFS shares and file servers? Additionally, I have Windows shares mounted on…
RPC GPO information
Hi All I have been asked to enable the following printer-related GPOs, but I am not fully aware of their impact. Could anyone help me understand the pros and cons of these settings? The last one i dont think its printer related but i need information on…
SuccessFactors to AD User Provisioning : UPN (UserPrincipleName)
This is related to SuccessFactors to AD User Provisioning This there an expression for SelectUniqueValue() function which can enable creation on UPN with firstname.lastname@contoso.com , firstname.lastname1@contoso.com, firstname.lastname2@contoso.com…
Query on GPO
Hi All I have a requirement to enable the GPOs listed below on Windows Servers (2022/2019/2016). What could be the possible impact of applying these GPOs? Please guide me as i am not sure. Network security: Force logoff when logon hours…
Why do my Hyper-V created VMs have Computer objects that contain an SCP?
Its simple, I went to delete some computer objects of PCs which no longer existed, and ADUC threw a warning about deleting the subtree. After using ADSI Edit I found that each of the 6 objects had sub-objects that were Service Connection Points named…
Entra Connect and AD DS having a weird LDAP error
Hello, I am working to configure and install Azure Active Directory Connect 2.3.20.0 on a new domain with a relatively stock Azure tenant and am struggling with the first sync. The Azure user is global admin, and the directory user is the administrator…
Active Directory updates delay
If we amend details for a user (eg: user dept or job title) in our internal HR and AD it seems to be fairly fast. However, the changes to filter through to Azure AD and Sharepoint can often take several days or even 2 weeks. This causes a lot of…
Azure Arc fails to connect because NT SERVICES\himds is not allowed to log on as a service
The short version: How do I get Azure Arc to connect to Azure if GPO is limiting which accounts are allowed to log on as a service and the himds service requires "NT SERVICE\himds" to log in as a service? (I am unable to add "NT…