Site Design and Certificate Authority
Hi all, We have three sites in different Geo-locations. We have plan to create three active directory sites and there is a confusion. Can we deploy subordinate Enterprise CA for each site? BR
GPO StartUp Script for KMS Run as Admin and Stop User Prompts
We have 2 Data Centers which are connected to the same AD's Structure through a VPN tunnel. We have two KMS Servers due to using a VDI solution, if they is a fail-over we need to be able to License the newly created machines. KMS DNS setup only works…
Windows Server 2019 Domain Controller & SBS 2011
Hello, We have a Windows Server SBS 2011 Domain Controller which we are in the process of decommissioning. We have upgraded the Forest and Domain Functional Levels to Windows Server 2008 R2. We have also migrated the File Replication Service to DFS-R,…
How to secure Blazor WebAssembly application and WebApi using Windows Authentication
I am working on implementing security to Blazor WebAssembly .Net core hosted application. I need to secure client as well as WebAPI (to be hosted on IIS). As a policy decision, the team has decided to use Windows authentication instead of Azure AD for…
Migrating Active Directory Domain Controller from Windows 2016 to Windows 2019
Hello there, We had Windows Server 2012 R2 domain controller with DNS and Active Directory Certificate Services in the past, and we migrated to Windows Server 2016. And, now we have planned to migrate the Windows Server 2016 domain controller to…
User account security inheritance being disabled automatically
Hi everyone. Hope I am asking in the right place. I have Exchange 2019 on a 2012R2 domain. I was experiencing issues connecting remotely to Exchange. According to multiple articles, the solution was to enable permissions inheritance on the AD user…
Logon script on AD working with domain admin but not working for standard users
Hi All, I am working on a cmd script which needs to the change local machine policies when a user who is connected to the domain logs on. I have been able to make it work with domain admins accounts. But it is not working when trying same with standard…
LDAP filter simplification
Hello, I have the following filter to select users from multiple groups. As these groups all have the same parent OU path, is there any way I can simplify this filter to remove the need to remote the common parent path for each sub-group ? Thank you.…
AD domain migration With AAD connect passthrough authentication
What is the best way to migrate AAD connect to the new Active Directory domain when performing an AD migration? With password hash syncing it would be easy to perform the cutover but I am not sure how to do that when AADC is set to passthrough.
Burning a CD-Rs attributes to a CD-RW - disc to disc burning
Now that I may have known this from the previous answer, what happens when users burn the CD-Rs attributes to a CD-RW. Would the CD-RW enable hard write-protect? Regards, JohnCTX
Unable to remove DNS roothint
Hi Everyone, We are facing a weird situation in our DNS roothints configuration. We have configured the custom roothints in DNS properties under roothints tab, however when we run Get-DnsServerRootHint cmdlets we find the default roothints names as…
Collect hardware hash to Autopilot
Hi, Today we have a local domain with ad sync. Some machines are "Registered" and some are "Joined". What we would like for the "Registered" devices is to create a script we can use on a GPO to collect the hardware hash…
Unable to connect to Ad server from RSAT server ?
Our AD server is connected to our server via RSAT server. When we are trying to run the AD commands by doing PSRemoting on RSAT server we are not able to get the desired results. But when we run same commands on RSAT server directly we can see the…
Azure AD Connect - Best Practice for Domain Controller Connection Settings
Hi, Is there a recommended best practice for the DC connection settings under Configure Directory Partitions in Azure AD Connect ? i.e Should it be set to a selection of Preferred Domain Controllers, or should we leave that unchecked ? Thanks, …
Golden image not connecting to domain after adding a rule to pick up computer name automatically
Hi all! Was wondering if someone can help ! I have made a golden image as a media for memory stick use on MDT 2013. I have configured it to connect to the domain via script which worked absolutely perfectly But the issue has come when I’m trying…
How to achieve high availability for Active Directory LDAPS (Secure LDAP)
We have around 50 applications currently configured with LDAP and we have around 20 Domain Controllers. As per the security best practice we have to migrate all these applications from LDAP to LDPAS. Currently, all applications are connected using…
Remove OLD CA certificate in AD
If i use Enterprise PKI > Manage AD containers and remove a certificate let say in AIA container will that also delete that certificate in Site and Services PKI Services container? Can i do that using just a domain admin rights or do i need an…
Issue with AD Connect (user called CHECK@company.onmicrosoft.com)
Hey there, We have a very strange problem with an on premise AD Domain Controller with AD Connect installed for sync to Azure/365. Some users appear in 365/Exchange Online as CHECK@Anonymous .onmicrosoft.com. If i take a look in the on premise…
Bulk Modify Attributes
Hell Everyone i created an excel sheet to bulk update some attributes for example Display Name , UPN, Addres , Office Number , Mobile Number, country , city, title, company. But i cannot seem to get a powershell command to work. Would anyone have any…
Trying to setup my first S2008 R2 Server
I have added my roles: ADDS, DHCP, DNS and I can't resolve any of them. Can someone guide me in the right direction?