656 questions
656 questions with Windows for business | Windows Server | Directory services | Active Directory tags
1 answer
whoami still returning old username after surname change, SSMS not able to recognize the windows authentication user
Hello, After a surname change in users profile we are experiencing some issues when running SSMS and trying to log to any database. Old username: firstname.lastname @ company.com - monika.wozniak New username: firstname.newlastname @ company.com -…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-06-25T12:31:34.1933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 13%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tomasz Sobotka
35
Reputation points
commented 2025-07-01T01:54:56.61+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 47%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Mallaiah Sangi
1,145
Reputation points Microsoft External Staff
Moderator
1 answer
Windows 10 Clients can't join AD domain (AD DNS/DC woes)
So two DC/DNS servers via site-site VPN with a client in a third location that can ping/see them both.. The client can FQDN and hostname values for the servers.. - Dcdiag shows the DNS servers are clean. - The whole…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-06-27T19:11:55.3133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 5%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Doc Miller
0
Reputation points
answered 2025-06-27T19:18:37.7433333+00:00
Doc Miller
0
Reputation points
1 answer
Unable to change CNO Security
In a failover cluster, in Windows Server 2025, if I change security of the CNO, after about 1 hour, the security settings rollback and inheritance disabled. This cause access denied when CNO try to change password every hour. If I add the correct…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-05-07T15:22:07.21+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 26%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Domenico Pozza
0
Reputation points
commented 2025-06-06T11:52:00.8733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 66%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Domenico Pozza
0
Reputation points
1 answer
Workstation Password Change on Next Logon Issue with Domain Users
Hey Community, In a domain environment with approximately 1200 users, an issue arises when resetting a user's password. Despite checking the "Password change on next logon" checkbox, the option to change the password does not appear during…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-05-28T10:03:44.8266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 15%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Moshiur (Moshiur Khan)
80
Reputation points
answered 2025-06-03T08:46:34.68+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 19%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBW%3C/text%3E%3C/svg%3E)
Benjamin Wang
75
Reputation points Microsoft External Staff
Moderator
1 answer
One of the answers was accepted by the question author.
Window server 2025: limit the number of concurrent logins from members of a security group
We have a few hundred security groups with different numbers of members. We need to limit the use of our infrastructure to each group according to their needs and budget, so that each group has a limit of simultaneous logins available for their users.…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-06-02T16:32:46.59+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 5%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERF%3C/text%3E%3C/svg%3E)
Rafael Funes
20
Reputation points
commented 2025-06-02T17:43:14.0766667+00:00
Rafael Funes
20
Reputation points
0 answers
Can I pass login_hint to a saml Clams Provider Trust in ADFS?
Hi, I have configured Keycloak as a Claims Provider Trust on ADFS. However, I'd like to pass a login_hint so that the username is prefilled. Is that possible at all?
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-05-30T16:14:54.4433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 97%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFA%3C/text%3E%3C/svg%3E)
Francis Augusto Medeiros-Logeay
20
Reputation points
asked 2025-05-30T16:14:54.4433333+00:00
Francis Augusto Medeiros-Logeay
20
Reputation points
0 answers
ADFS Claim Rule: Multi-valued Claim Unexpected Behavior UPN (Web API + Application Group) — Possible Bug
Hello, I’m seeing a very odd behavior in ADFS Claim Issuance, and after a lot of testing I suspect this could be a bug in the way ADFS merges claims across Web API Applications and Application Groups. ✅ Environment ADFS Version: (example: ADFS 2019 /…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-05-30T13:31:08.88+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 78%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
gabilan0022
0
Reputation points
asked 2025-05-30T13:31:08.88+00:00
gabilan0022
0
Reputation points
1 answer
adfs autocertificaterollover generated certificate
Adfs server had autocertificaterollover enabled and it generated new token-signing and token-decrypting certificate 15 days before the expiry date, This caused authentication issue and we had to roll back to the previous certificate setting it to…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-05-14T14:39:41.6466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 14.000000000000002%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
Basharat Ali Mir
0
Reputation points
answered 2025-05-30T08:10:29.89+00:00
Benjamin Wang
75
Reputation points Microsoft External Staff
Moderator
1 answer
One of the answers was accepted by the question author.
Is it possible to change the time window when a GMSA account password is rotated every 30 days
Hi I am aware that for Group Managed Service Accounts (gMSA), the Active Directory rotates password every 30 days by default. I am trying to find some info on How is the time window for that password rotation determined (either precise timing or rough…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-05-28T06:13:29.1266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 47%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Murali Kumar
65
Reputation points
accepted 2025-05-29T15:45:31.1233333+00:00
Murali Kumar
65
Reputation points
2 answers
Last Log on date for any ad object is different in different AD Servers in a Forest.
Last Log on date for any ad object is different in different AD Servers in a Forest. Example: In our forest we have AD_Server#1 to AD_Server#10 and let us take Object-user#1 for testing. When we check in AD_Server#1 for the last logon date for…
Windows for business | Windows Server | Directory services | Active Directory
asked 2024-02-26T03:57:12+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
edited the question 2025-05-25T07:31:54.7966667+00:00
TP
124.9K
Reputation points
Volunteer Moderator
2 answers
Can a non-domain Windows client use Kerberos to access a domain SMB share with domain credentials?
Hello, I'm working in a Windows environment with the following components: An Active Directory Domain Controller (Windows Server), A file server (SMB) that is joined to the domain, A Windows client that is not joined to the domain (workgroup…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-05-19T21:04:11.1266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 94%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
adil arfaoui
0
Reputation points
commented 2025-05-20T11:31:26.36+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Marcin Policht
49,715
Reputation points MVP
Volunteer Moderator
1 answer
Recreating Parent Domain and Establishing Trust
Hello, I recently took over the IT management of a company, and I'm facing an issue with the Active Directory infrastructure. Our setup includes a domain hq.contoso.com with two domain controllers, DC1 and DC2. The parent domain contoso.com was…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-05-14T14:27:18.93+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 21%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
Mattia Chiostrini
0
Reputation points
answered 2025-05-15T12:18:04.2833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 81%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
Chen Tran
955
Reputation points
Independent Advisor
0 answers
Computer GPO file copy running as Domain Admin
Hello, I'm trying to fix an issue of copying files (fonts and themes) from a network share to clients using the computer GPO policy Preference > Windows Settings > Files. Forcing an update has no errors and claims all policies applied. The event…
Windows for business | Windows Server | Directory services | Active Directory
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 27%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECL%3C/text%3E%3C/svg%3E)
0 answers
Enabling and configuring the OnPremise server Remote Desktop authentication using Entra ID
How can I enable this feature properly to securely authenticate against my on-premises server using the Hybrid Synchronised AD Account? My on-premises AD DS is synced to the Entra ID with Entra ID Connect, but not the servers. The goal here is to utilize…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-05-13T02:14:51.0833333+00:00
EnterpriseArchitect
6,041
Reputation points
asked 2025-05-13T02:14:51.0833333+00:00
EnterpriseArchitect
6,041
Reputation points
0 answers
Windows Domain User is constantly locked out (MacOS environment)
A windows domain user is constantly being locked out. we are a relatively small company and have only one domain controller. all users work with mac devices and iphones. but after a password change one user is locked out all the time. we have many…
Windows for business | Windows Server | Directory services | Active Directory
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 68%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
1 answer
Users have the ability to add themselves to the Domain Admins group, granting them Domain Admin privileges.
All users created in Active Directory are able to add themselves to the Domain Admin group, granting themselves Domain Admin privileges. Users can log into the Domain Controller, access Active Directory, and add themselves to the Domain Admin group. I…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-04-09T12:31:35.4666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 94%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHW%3C/text%3E%3C/svg%3E)
Hassan Waheed
10
Reputation points
answered 2025-05-06T08:32:51.5533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 2%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
Chen Tran
0
Reputation points
0 answers
Only domain account is locked out
The only domain account is locked out. The network setup is hybrid on-prem and cloud infra is connected via S2S VPN. Thanks.
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-04-30T14:34:33.8833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 84%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
Mackoy Camisera
1
Reputation point
edited the question 2025-05-05T09:38:59.7166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT
20,906
Reputation points Microsoft Employee
Moderator
1 answer
Active Directory Replication with Mesh Topology
Hello, I have a total of three Active Directory Sites: NG1, NG2, and NG3. There is 1 domain controller placed in the NG1 site, 4 domain controllers placed in the NG2 site, and 4 domain controllers placed in the NG3 site. I have a total of 9 domain…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-05-04T09:39:30.8633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 56.00000000000001%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Md. Rubiat Haque
0
Reputation points
answered 2025-05-04T11:08:47.9366667+00:00
Marcin Policht
49,715
Reputation points MVP
Volunteer Moderator
1 answer
best way or any tool to cleanup gpo
Hello , We need to cleanup GPOs(count: 2K) from AD ,Please suggest the tool or method to handle the cleanup quickly and effectively. Thanks Richa
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-04-15T12:54:14.8466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 54%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Richa Kumari
301
Reputation points
answered 2025-05-02T07:05:32.1733333+00:00
Chen Tran
0
Reputation points
0 answers
Azure Alerts aadds.changefinancial.com.au managed domain has detected usage of a deprecated TLS version, which is scheduled for retirement.
I get emails for, Azure Alerts aadds.changefinancial.com.au managed domain has detected usage of a deprecated TLS version, which is scheduled for retirement. Refer to the following article to resolve this issue Active Directory Domain Services…
Windows for business | Windows Server | Directory services | Active Directory
asked 2025-05-01T22:01:57.82+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 14.000000000000002%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDY%3C/text%3E%3C/svg%3E)
David Yuill
0
Reputation points
edited the question 2025-05-02T01:06:54.1966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Akhilesh Vallamkonda
15,320
Reputation points Microsoft External Staff
Moderator