Regarding Enterprise Admin Group
Hi All, I have scenario like upper draft for my customer, customer asking is that have anyway let have one of the AD account in Root domain have Administrator right to all domain in the forest, I do found seem like enterprise Admin group in Root domain…
prevent user from using the computer while UWF servicing updates
I'm checking the UWF feature in VM (hyper-V specifically) and I'm testing the update process. it runs the updates, but instead of blocking user input - it's showing the lock screen, on the UWF-Servicing account. The users can just log into their accounts…
How to open a ticket with the services hub team?
Hi everyone, I wanted to perform assessment in my organization's AD environment using the Microsoft's On-Demand Assessment. Although I have the required Pay-as-you-go subscription for Azure in place, I am not able to reach out to them for getting myself…
Defender for Identity - Directory Services Advanced Auditing is not enabled
Hi Everyone, We have followed the following guide from Microsoft in regards to enabling "advanced auditing" for Defender for Identity: https://learn.microsoft.com/en-us/defender-for-identity/configure-windows-event-collection However, we keep…
sub domain trust on Windows
I am trying to setup a multiple domains environment on Windows, here is my setup: My requirement is that users in parent domain (b1cloud.smes.sap.corp) can list users of its sub domains(child.b1cloud.smes.sap.corp, atlas.b1cloud.smes.sap.corp), but…
Deprovisioning not working in Azure AD
Hello – we’ve been asked to setup a deprovisioning setup in Azure AD (Entra AD), users are in Entra, target system is a custom app with a SCIM 2.0 compliant api. Here's what we have done: Created an enterprise app In that enterprise app, under…
Azure AD B2C Custom Policy ExternalUser is not found using ExternalAzureAD
The custom policy authentication is integrated and works fine for the users, created specifically to the current tenant. However, in case, when user is logging in using AD account from a different tenant, it throws an error, saying that the account is…
Localized (translated) folders names for Desktop, Music, etc. with Folders redirected by gpo in the AD Domain
How to translate (localize) folders like Desktop, Documents, Downloads, etc. on Windows 10/11 computer connected to AD Domain? On the computer outside of domain, this "shown" name or nickname for the Desktop (because the folder path is still…
Can't get AD and SMB to work from Azure to On-prem server
Hi, I'm working on a newly created Azure environment with very little networking set up. Our setups are as follows: Azure: Working S2S VPN Route table pointing to the on-prem subnet A VM for testing with an NSG allowing all traffic both inbound and…
Domain Windows 11 cannot authenticate
Our Windows 11 domain machines return to the login screen whenever a user tries to log in. They must enter their password numerous times before successfully logging in. I must say that I am also affected by this. Situation: A user boots his/her…
Request for Guidance on Enhancing UI Experience in Azure AD B2C
We have implemented a custom sign-in and sign-up flow for our project using Azure AD B2C via custom policies. Our goal is to achieve a seamless user experience similar to Single Page Applications (SPAs). Despite our efforts to customize the HTML, CSS,…
Upgrading Windows Server 2012 R2 to Windows Server 2019
Dear Microsoft Experts I'm seeking your support in upgrading Windows Server 2012 R2 to Windows Server 2019 I have two Windows Server 2012 R2 with keep the configurations and data as current Server 1 Primary Domain Controller role DNS Server role DHCP…
admins are unable to reset user´s passwords, how can I resolve it?
Hello dears, I have 2 admin users that are not able to reset user´s password even though they have been granted the roles of helpdesk administrator/password administrator. After looking at the logs on Microsoft Entra ID>Audit Logs, I have seen the…
Access Code invalid for Azure AD only Node Script
I have been using Access token via my app registered on Entra for downloading files from one drive. TIll 2 hours ago, it was working perfectly fine. However, recently I've started getting 401 unauthorized error on this. No changes have been made in…
Active Directory - check if a computer name is already taken
When I configure a PC, one of the first steps is to assign a name to the device. I can only choose a name who belongs in "Active Directory Users and Computers". Before assigning a name, however, I need to figure out if that name is already…
Intune enrollment issue
We joined the devices to entra hybrid join.when we try to enroll these devices to intune via GPO AD intune policy for auto enrollment.Devices are not joined to intune. when i run dsregcmd/status in cmd it shows device joined to azure ad joined,domain…
domain not showing in locations (computer mgmt->local users and groups) - Trust between domain broken
Hello All I have (Windows Server 2022 Datacenter Azure Edition) Azure virtual machine. In "Users and Groups" section, Administrator location I cannot find domain. Last week I registered the domain and restarted the VM. But now this domain seems…
How can I tell if AppLocker is enforcing Constrained Mode on an unauthorized script?
I am currently working on only allowing signed PowerShell scripts to execute in Full Language Mode. For unauthorized scripts, the tech documents have mentioned the blocked scripts will still run, but under Constrained Language Mode; however, in my…
Regarding the phenomenon to sSSO(seamless SSO) can't be performed
Hi, I'm Japanease. using translate to create questions. Azure AD Connect (Entra Connect) is used to link on-prem AD and Azure AD, and seamless SSO is enabled in that environment. The computer to joined in the local domain can access for office365…
Need help understanding SSO/cloud sync in multiple-subscription tenant
I am working on an ASP.NET core application for our hosted customers and need some information on authentication using Active Directory. A bit of background on our setup: We have a single Azure tenant, that has multiple subscriptions within it. Each…