replication interval for site link vs connection object
Hello All , I wanted to understand the difference between replication interval in site link and in a connection object ,in a given site link properties there is a "replicate every " entry default to 180 minutes and there is a "change…
The Group Policy Client service failed the sign-in
While logging into a domain joined machine, randomly users encountered an error message as shown in the screenshot. Sometimes, rebooting the machine resolves this issue. However, it re-appeasers again What is the cause of this issue ? also, tried the…
Azure AD B2C returns 401 Unauthorized when accessing controller
I am building a Blazor WASM app, in .NET 8, which I intend to protect using Azure Active Directory B2C. I created an AAD B2C app registration, and exposed an API from it. Then I created another app registration to serve as a client, and gave it the…
Entra ID - Enterprise Application SCIM - Manager Value is missing on some users
I have a problem that I'm not sure how to solve. We have an Enterprise application, but for some users, the manager value in the at SAAS app is empty, so if a manager is using the application, the manager will not see all of the employees. The…
OU permissions
Hi All I have an Organizational Unit (OU) with 250 Active Directory (AD) groups. I have a few users and I want to grant them access to these 250 AD groups, specifically allowing them to add/remove members from the AD groups. Besides this access, I don't…
Windows trust between parent and child domain broken
Hello, I was wondering if anyone has an idea how a domain trust could be fixed. The domain trust is broken but I can't fix it because DNS doesn't work properly anymore. DNS can't be fixed, because the domain trust is broken. The DC in the parent…
Update Path of FFL/DFL from 2003 to later versions.
Hi All, I have a domain with FFL 2003 and DFL 2008. There are other forests in the environment with FFL 2008 and 2008R2 and DFL 2008 and 2008R2 respectively. I want to update the FFL from 2003 to higher. What should be the upgrade path of FFL/DFL from…
SmartCard login not supported for user account
Hello, We had a problem with few users signing in via SmartCard. Infrastructure: local DC's (few of them, one DC per site) PKI used to generate certificates Root and sub CA Problem was that a week ago at morning few users had problem signing in.…
Do i really need CAL license do active direcory?
Hi There, Here i have question regarding CAL license. My organization have 50+ users and computers. I have a licensed window server 2019 and i wanted to manage my organization user accounts and computers using active directory. My question is do i…
Can we downgrade DFL/FFL?
Hello everyone, I am wanting to upgrade DFL and FFL in my organization's AD environment. As part of the rollback plan, is the downgrade of DFL/FFL possible? What would be the steps to perform the same? Also, I looked over and couldn't find any Microsoft…
Upgrade "Access to Azure Active Directory" subscriptions request via email
Hoping for some help (as a MS Partner) received the following email "Your subscription offer, Access to Azure Active Directory, will be disabled on May xx, 2024..." "If you currently have active resources in your Access to Azure Active…
PKI - Certification Authority (CA): IssuingCA, certificate with "unknown error"
Hi everyone, I have a couple of CAs that I manage, they are Enterprice CA with Root Server in workgroup (not in domain). I have an error in the IssuingCA regarding the certificate and I think it happens when the Root CRL expires, if I copy the Root…
Active Directory OS Upgrade from Windows Server 2016 to Windows Server 2022.
Dear Team, We are planning to Upgrade our Active Directory Operating System from Windows Server 2016 to Windows Server 2022 without raising the AD Forest/Domain Level. we will keep the current AD Functional Level Windows Server 2012 R2. in this…
Unable to Read/Write B2C Custom Domain Settings in Entra Admin Center
I'm following along the Azure Add your custom domain name steps and trying to navigate to the Settings>Domain name. I have global admin for the tenant which is also linked to an active subscription But there is no Setting under Identity.
Risk and consequence when executing Kerberos password reset in a Hybrid Azure AD - OnPremise AD DS?
What are the risks and consequences of resetting the Kerberos krbtgt account during business hours using the steps defined…
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR?
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR? https://learn.microsoft.com/en-us/windows-server/storage/dfs-replication/migrate-sysvol-to-dfsr FFL & DFL: Windows Server…
Is there a way sign into OneDrive app on desktop
We manage our own classical active directory (not Azure AD), and use the user IDs from it for logging onto computers. On the other hand, we use Microsoft Office 365 as SaaS. We want all users to save all their data to OneDrive which is part of our Office…
How to validate access token received after micorsoft login?
We are using Active Directory SAML SSO. We are getting the token as a response with the following json response {"token_type": "Bearer", "scope": "openid profile User.Read email", "expires_in": 3774,…
How to get list of all attribute in AD
Hello, How To get list of all attribute in AD(default and custom attribute ) in csv file. Thanks Rich
audit public folders
Hello Please i need your help on this issue. When trying to run audits, results are not showing. I would like to know how to audit public folders. Also i am not getting the desire results when i try to search for audit logs for compliance…