AD assessment tools
Are there any recommended reporting tools that you can use to scan your Active Directory setup and configuration and get a report of problems/risks/non recommended settings to address?
Event log failure 4625 (brute force attack)
I am receiving constant 4625 event log failures in my machine every 10 minutes. The machine lies under the firewall with RDP enabled in it. When I try to check the account name and domain, it is showing as I mentioned in the example i.e If the audit…
AD default domain password policy advice
I am trying clarify some of specific settings within a domain password policy (settings report was produced based on Get-ADDefaultDomainPasswordPolicy). For info - there are no additional fine grained password policies in operation which may supersede…
Can I revoke an SSL certificate using API calls towards the AD-CS?
Hello, I have very little experience with Windows Servers and even less with AD-CS. In our company we use AD-CS to issue certificates for all services, including Linux machines. At the moment the process is manual, but we need to automate it using…
How do I install SSL/TLS cipher suite for Biztalk server2009
Hi, Recently my connections from Biztalk to an external financial system started failing with the message A message sent to adapter "WCF-Custom" on send port "SP_IMOS_AP_HEAD_TO_OCI_AP_HEAD" with URI…
Renew AD Root certificate - How to?
Hi Everyone, I need to renew my root certificate and I don't have a clue how to do this correctly. My DC's are 2012 R2 and 2019 and my AD DFL and FFL are: Windows Server 2012 R2, clients are all W10 and servers mostly 2008 and above and a tiny…
Notification or Alerts for MFA setting
Hi Everyone Could we setup an alert when a MFA method is added, changed or deleted in Microsoft account setting security option?
CredUI selects wrong Smartcard certificate
Hi Community, I experience an issue, that not the certificate I would expect according to the "Filter duplicate logon certificates" Group Policy is shown by CredUI when the certificate was issued using the certreq.exe command. If I issue…
Azure AI Video Indexter:Will it use my video uploaded as samples for Training?
Hi I plan to use "Azure AI Video Indexter" to add tags, and identifies scenes in video. I concern that my video uploaded may use to train the AI, as training sample. I concern my personal info may be used as answer from AI. Is there any page…
request/approval of new AD user accounts
What are your procedures when it comes to the requesting and approving new user accounts (e.g., new employees, new consultants etc) in your active directory? I have seen a variety of processes; some have standardised e-forms that integrate with the…
if you split security into tiers as per RBAC and the same human person needs multiple accounts does each account consume an azure licence
Microsoft recommends splitting on prem and hybrid assets into tiered access T0 T1 and T2 to facilitate RBAC (role based access control). The principle being that t0 logons are never mixed with t1 logons to minimise any breach. If, therefore, an admin…
Bought a new used laptop, old user still signed in cant sign on
hello bought a new used laptop it's a KUU Yepbook 2The old user didn't sign off. I can see her picture, her name.Its asks for a PIN, password or finger
![](https://techprofile.blob.core.windows.net/images/DWHuLjs_b06CLOAuY2Jumg.png?8D976B)
Is Microsoft downplaying support for ECC certificates?
Hi folks, does anyone have any insight into this statement Microsoft's trusted root program requirements page that was updated in Feb? Signatures using elliptical curve cryptography (ECC), such as ECDSA, are not supported in Windows and newer Windows…
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR?
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR? https://learn.microsoft.com/en-us/windows-server/storage/dfs-replication/migrate-sysvol-to-dfsr FFL & DFL: Windows Server…
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
Generic unknown status in pkiview after migration Active Directory Certificate Services from Windows Server 2008R2 to Windows 2019.
Follwing below given Link from MS we migrated 2 tier PKI hierarchy from windows 2008 R2 to Windows 2019. https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-migrating-the-active-directory-certificate-service/ba-p/697674 Migration…
How to disable MFA for a single user
How can I disable MFA for a single user in Azure
How do I set the CSP and HSTS for an Azure app?
I have created an Azure app and use a custom domain to access it. However, when putting the URL through our cyber security process, it came back that the CSP and HSTS needs to be updated. I cannot find where in Azure to update the security headers. Where…
Final check before Fully Block NTLM for all Domain
Dear PPL, I would like to set our Default Domain Policy "Restrict NTLM: Incoming NTLM Traffic" to Deny All Accounts. Before I do it, I have enabled Auditing Logs, can see some devices or services are still using NTLM, for example, Win10…
Active Directory Certificate Services - Migrate from W2K8R2 to W2K19 Server - In-place upgrade
Hi My setup: ADCS and PKI services on domain joined (I know! I know, it shouldn't be domain joined) VM running on W2K8R2 I need to get out of W2K8R2 and the plan is to do an in-place upgrade to W2K12R2 and then to W2K19 When doing the in-place…
![](https://techprofile.blob.core.windows.net/images/ab0baa0aeeef4393b7e2656e34aea031.png)
How to change days before password expires notice
I'm looking for a way to change the number of days before notifying users of password expiration from the default of 5 to some other number. I've found a web posting that references: Default Domain Policy (or Default Domain Controller Policy?) >…