Content
Enterprise State Roaming with Azure Hybrid Joined and Azure AD Sync
Can someone explain in clearer terms exactly what this is saying? I have an environment with Active Directory and Azure AD Sync - and my domain machines are also Hybrid Joined. Can I still take advantage of Enterprise State Roaming? This Note makes me…


Active Directory users not created when Windows 10 workstation joined to domain
I have a new windows 10 workstation. Configured local user account with Admin privileges. Set DNS to point to AD Server. Joined Domain and rebooted. No builtin or domain specific users created on the workstation and unable to remote desktop connect to…


EmployeeType AD Attribute is an Invalid Filter syntax when creating New-DynamicDistributionGroup
Hi guys, on our Exchange Management Server, I have imported-module ActiveDirectory.. I am creating new DDL's. I have successfully been able to create a new DDL with City as a filer, for example: New-DynamicDistributionGroup -DisplayName allstaff.London…


Azure AD Connect Sync
Azure has 2 versions of Azure AD Connect Azure AD Connect Sync Azure AD Connect Cloud Sync What is the purpose of introducing Azure AD Connect Cloud Sync ? Does Microsoft want to deprecate Azure AD Connect Sync ?


LAPS show or copy password grayed out
After set LAPS policy and checked that all is passed fine on the client, from controller side no password is visible and the buttons are grayed out... I have DC win 2022 , 2012R2 DFL
How to give a user access to another user files globally?
we have windows servers connected to Active Directory and they have users from two domains A and B. every domain have the same users names in it. we want to give access to users from A to files of users from B. for example, the user A/john will have full…


AD created new user O_o
There is a sample.com domain, it has users. For 2 weeks, the user worked under a domain account on his computer, but today he came, entered standard creds, and an empty account with the same name was created, in the user folder it looks like: There was a…


How can the LastLogonTimeStamp be a whole week older, yes older, than any LastLogon?
I understand that LastLogon can be older than LastLogonTimeStamp because the person may have authenticated with a different DC more recently. However, how can the LastLogonTimeStamp be a whole week older, yes older, than any LastLogon? LastLogon =…


Active Directory 2019 backup on AWS EC2
Hi team We are considering deploying domain controllers on AWS as ec2. The doubt comes from the backup strategy. AWS has a service called AWS BACKUP, the doubt is that we are not sure if recovering a snapshop is viable on the platform and not have…


Synchronize the "employeeType" attribute from Active Directory to Azure AD and make it visible in the Azure Portal
Hello, I want to make the AD "employeeType" attribute visible in the Azure Portal UI. I have already selected the "employeeType" attribute for synchronization within Azure AD Connect under "Customize synchronization…


With remote credential guard active, there are authentication problems with Win11
To participate, you should be familiar with "remote credential guard". Situation: DCs: Server 2016 1607 (same in the test domain with Server 2022) Clients: Win10 22H2, however we are starting to add Win11 22H2 to this mix. RDPing from Win10 to…
DNS Server on Windows Server 2012 does not pass basic, delegations, dynamic updates, and records registration tests upon running DCDiag /c /v, how do I fix this problem? I am new to managing DNS in a small server forest.
C:\Users\Administrator>DCDiag /c /v Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine server1, is a Directory Server. Home Server = server1 * Connecting to…


Domain Controller setting pwdLastSet, Values : 0 at 1AM
Good morning, It seems at 1AM daily our Domain Controller sets NT AUTHORITY\SYSTEM' Modified Properties : pwdLastSet, Values : 0 Is there a way to disable this or is this just flagged off last set date and it makes users reset on next login…


Migrating Active Directory Windows Server 2012 R2 to Windows Server 2019 (Retain Hostname, IP and Domain Name)
Hi, we were planning to migrate or upgrade our current Active Directory (WS 2012 R2 Std) to Active Directory (WS2019). I saw several links/guides to do this, but I'm a bit confused on what is the correct way of doing it. So im creating my own…


Unable to join the clients to domain
AD server on VMware crashed, and a cloned image was successfully restored to a new VM with all the data transferred. I am able to ping the server using both its IP address and hostname. However, I am encountering an error when attempting to join the…


ACTIVE DIRECTORY After create PSO the password expired and i cant renew the password
Hello, As part of password security for certain services, I opted to set up a PSO. After having created a PSO this one is well functional at the level of a group. But as soon as the password expires, it is impossible for me to register a new one each…
LAPS Fields blank
We are using LAPS and have been for years. Works great. I can use the LAPS Gui and everything is there. We did notice recently that there is a LAPS tab on the AD object that all the fields are blank. How come it works on the LAPS gui but not on the…
License Requirements for Azure AD Connect Cloud Sync
What are the License Requirements for installing and using Azure AD Connect Cloud Sync ?


Need to understand Impact of Domain rejoin on MSA account for MSSQL Server
For servers running MSSQL Server 2017, we want to do an in-place OS upgrade. Additionally, we used an MSA account to log in to services.Server will be removed from the domain during the OS upgrading process and rejoined after the upgrade. So it's…


Azure AD Connect - cannot retrieve single sign-on status
Hi, I am getting this error all the sudden. I am using the latest version of Azure AD Connect . MFA is disabled for my global admin account since that what I seen people do online which did not resolve the issue. Any other ideas? sync works with no…

