How to bulk-change a local user's password on domain-joined computers?
I have a local admin account of each and every client Windows computer. And there are hundreds of them. They are all joint one domain. The DC is running Windows Server 2019. The password has leaked, and has to be changed on all those computers. On…
Pre-requisites for installing the provisioning agent on a window server
Hi all, In Workday to on-premise AD integration, I am at the section for installing and configuring the on-premises provisioning agent. I'm unsure if I need to create a gMSA (Group Managed Service Account) for this setup. When I click the link provided…
C# .NET Bind to CN=Deleted Objects container in domain to list dACL
Hello dear community members, I need some help with C# .NET code to bind to CN=Deleted Objects container in a domain. I tried below methods: In PowerShell - [System.DirectoryServices.DirectoryEntry] In .NET System.DirectoryServices namespace with…
Data is missing from management API using service principle. ex:resources
I have a requirement to load datasets from management.Azure.com (Management API), for example: Resources, Assessments, Tasks, and Secure Score. I have created a service principal in app registration and have been able to obtain the access token. However,…
EnableSidHistory
Hello ! I'm facing a strange beahavior when I try to enable SID History for one of two new forests trusts: the commands always return the same thing (the actual state), no matter I change the switch. netdom trust old.dom /D:new.dom…
How to clear all On-premises attributes from previously synchronized Azure AD users
Hi, Three years ago, we made a cut over to an on-premises domain with our Azure AD in order to have a cloud-only setup. Now we need to synchronize with the new Active Directory infrastructure and the new on-premises domain. Users in Azure AD that were…
The default app settings for "http" and "https" are not being saved; after rebooting or logging off, the settings disappear.
The default app settings for "http" and "https" are not being saved; after rebooting or logging off, the settings disappear, and the user has to set the default browser again. We have GPOs and SCCM clients in our environment. I have…
Shared account for Approval process.
The shared accounts works for Approval Process after a Transport Rule is applied? There is an hypothetical case where an external/internal user send a message, the transport rule send it to approval to a shared account, but there is an error: *(The…
![](https://techprofile.blob.core.windows.net/images/3LOURXc6zUK0L33WIEsckQ.png?8D918D)
Regarding Enterprise Admin Group
Hi All, I have scenario like upper draft for my customer, customer asking is that have anyway let have one of the AD account in Root domain have Administrator right to all domain in the forest, I do found seem like enterprise Admin group in Root domain…
prevent user from using the computer while UWF servicing updates
I'm checking the UWF feature in VM (hyper-V specifically) and I'm testing the update process. it runs the updates, but instead of blocking user input - it's showing the lock screen, on the UWF-Servicing account. The users can just log into their accounts…
How to open a ticket with the services hub team?
Hi everyone, I wanted to perform assessment in my organization's AD environment using the Microsoft's On-Demand Assessment. Although I have the required Pay-as-you-go subscription for Azure in place, I am not able to reach out to them for getting myself…
Defender for Identity - Directory Services Advanced Auditing is not enabled
Hi Everyone, We have followed the following guide from Microsoft in regards to enabling "advanced auditing" for Defender for Identity: https://learn.microsoft.com/en-us/defender-for-identity/configure-windows-event-collection However, we keep…
sub domain trust on Windows
I am trying to setup a multiple domains environment on Windows, here is my setup: My requirement is that users in parent domain (b1cloud.smes.sap.corp) can list users of its sub domains(child.b1cloud.smes.sap.corp, atlas.b1cloud.smes.sap.corp), but…
Deprovisioning not working in Azure AD
Hello – we’ve been asked to setup a deprovisioning setup in Azure AD (Entra AD), users are in Entra, target system is a custom app with a SCIM 2.0 compliant api. Here's what we have done: Created an enterprise app In that enterprise app, under…
Azure AD B2C Custom Policy ExternalUser is not found using ExternalAzureAD
The custom policy authentication is integrated and works fine for the users, created specifically to the current tenant. However, in case, when user is logging in using AD account from a different tenant, it throws an error, saying that the account is…
WMI Filtering missing from GPMC
I'm not sure what happened but WMI Filtering is missing from GPMC. See below: Unless is in some wierd gui name, I've checked deleted object via LDP and ADAC and it's not there to be restored. There is an old article referenced when searching the net,…
ad b2c entra
I'm trying to create b2c users with country KP (North Korea), IR (iran) , CU (cuba) , SY (syria) but the respective countries are missing differently from what is indicated in the documentation.
Localized (translated) folders names for Desktop, Music, etc. with Folders redirected by gpo in the AD Domain
How to translate (localize) folders like Desktop, Documents, Downloads, etc. on Windows 10/11 computer connected to AD Domain? On the computer outside of domain, this "shown" name or nickname for the Desktop (because the folder path is still…
Can't get AD and SMB to work from Azure to On-prem server
Hi, I'm working on a newly created Azure environment with very little networking set up. Our setups are as follows: Azure: Working S2S VPN Route table pointing to the on-prem subnet A VM for testing with an NSG allowing all traffic both inbound and…
![](https://techprofile.blob.core.windows.net/images/lvNaBJBqh0eurOu4q2bQSQ.png?8DA4E8)
Domain Windows 11 cannot authenticate
Our Windows 11 domain machines return to the login screen whenever a user tries to log in. They must enter their password numerous times before successfully logging in. I must say that I am also affected by this. Situation: A user boots his/her…