MSOL account is the subject user for an AD password change
Hi all, I have a Entra connect AD setup. In this setup, Azure is only a backup server, where it synchronizes the objects from on-prem AD to Azure AD at a regular frequency. Whenever I change my password, subject username was "ANONYMOUS LOGON".…
How to Sync Build in Admin Account from AD to Azure?
I am attempting to sync our built-in admin account to Azure AD so I sync it over to our 2FA service. I found an article that stated to change the Syncronizating rule for isCriticalSystemObject. But when I select Edit, it makes me disable the current…
Pre-requisites for installing the provisioning agent on a window server
Hi all, In Workday to on-premise AD integration, I am at the section for installing and configuring the on-premises provisioning agent. I'm unsure if I need to create a gMSA (Group Managed Service Account) for this setup. When I click the link provided…
Data is missing from management API using service principle. ex:resources
I have a requirement to load datasets from management.Azure.com (Management API), for example: Resources, Assessments, Tasks, and Secure Score. I have created a service principal in app registration and have been able to obtain the access token. However,…
EnableSidHistory
Hello ! I'm facing a strange beahavior when I try to enable SID History for one of two new forests trusts: the commands always return the same thing (the actual state), no matter I change the switch. netdom trust old.dom /D:new.dom…
How to clear all On-premises attributes from previously synchronized Azure AD users
Hi, Three years ago, we made a cut over to an on-premises domain with our Azure AD in order to have a cloud-only setup. Now we need to synchronize with the new Active Directory infrastructure and the new on-premises domain. Users in Azure AD that were…
Regarding Enterprise Admin Group
Hi All, I have scenario like upper draft for my customer, customer asking is that have anyway let have one of the AD account in Root domain have Administrator right to all domain in the forest, I do found seem like enterprise Admin group in Root domain…
How to open a ticket with the services hub team?
Hi everyone, I wanted to perform assessment in my organization's AD environment using the Microsoft's On-Demand Assessment. Although I have the required Pay-as-you-go subscription for Azure in place, I am not able to reach out to them for getting myself…
sub domain trust on Windows
I am trying to setup a multiple domains environment on Windows, here is my setup: My requirement is that users in parent domain (b1cloud.smes.sap.corp) can list users of its sub domains(child.b1cloud.smes.sap.corp, atlas.b1cloud.smes.sap.corp), but…
Azure AD B2C Custom Policy ExternalUser is not found using ExternalAzureAD
The custom policy authentication is integrated and works fine for the users, created specifically to the current tenant. However, in case, when user is logging in using AD account from a different tenant, it throws an error, saying that the account is…
Localized (translated) folders names for Desktop, Music, etc. with Folders redirected by gpo in the AD Domain
How to translate (localize) folders like Desktop, Documents, Downloads, etc. on Windows 10/11 computer connected to AD Domain? On the computer outside of domain, this "shown" name or nickname for the Desktop (because the folder path is still…
Can't get AD and SMB to work from Azure to On-prem server
Hi, I'm working on a newly created Azure environment with very little networking set up. Our setups are as follows: Azure: Working S2S VPN Route table pointing to the on-prem subnet A VM for testing with an NSG allowing all traffic both inbound and…
![](https://techprofile.blob.core.windows.net/images/lvNaBJBqh0eurOu4q2bQSQ.png?8DA4E8)
Domain Windows 11 cannot authenticate
Our Windows 11 domain machines return to the login screen whenever a user tries to log in. They must enter their password numerous times before successfully logging in. I must say that I am also affected by this. Situation: A user boots his/her…
Upgrading Windows Server 2012 R2 to Windows Server 2019
Dear Microsoft Experts I'm seeking your support in upgrading Windows Server 2012 R2 to Windows Server 2019 I have two Windows Server 2012 R2 with keep the configurations and data as current Server 1 Primary Domain Controller role DNS Server role DHCP…
Access Code invalid for Azure AD only Node Script
I have been using Access token via my app registered on Entra for downloading files from one drive. TIll 2 hours ago, it was working perfectly fine. However, recently I've started getting 401 unauthorized error on this. No changes have been made in…
Active Directory - check if a computer name is already taken
When I configure a PC, one of the first steps is to assign a name to the device. I can only choose a name who belongs in "Active Directory Users and Computers". Before assigning a name, however, I need to figure out if that name is already…
Intune enrollment issue
We joined the devices to entra hybrid join.when we try to enroll these devices to intune via GPO AD intune policy for auto enrollment.Devices are not joined to intune. when i run dsregcmd/status in cmd it shows device joined to azure ad joined,domain…
domain not showing in locations (computer mgmt->local users and groups) - Trust between domain broken
Hello All I have (Windows Server 2022 Datacenter Azure Edition) Azure virtual machine. In "Users and Groups" section, Administrator location I cannot find domain. Last week I registered the domain and restarted the VM. But now this domain seems…
How can I tell if AppLocker is enforcing Constrained Mode on an unauthorized script?
I am currently working on only allowing signed PowerShell scripts to execute in Full Language Mode. For unauthorized scripts, the tech documents have mentioned the blocked scripts will still run, but under Constrained Language Mode; however, in my…
Regarding the phenomenon to sSSO(seamless SSO) can't be performed
Hi, I'm Japanease. using translate to create questions. Azure AD Connect (Entra Connect) is used to link on-prem AD and Azure AD, and seamless SSO is enabled in that environment. The computer to joined in the local domain can access for office365…