Azure Active Directory (AAD) authentication or aad B2C authentication within a PHP application
My PHP application, which is built on WordPress, currently utilizes WordPress AAD authentication with client ID and client secrets. However, I am looking to discontinue the use of client secrets. Presently, I am using the functionality available on…
Windows 11 23H2 "View Wi-Fi Security Key"
Windows 11 23H2 recently introduced a new function "View Wi-Fi Security Key" within the "Manage Known Networks" Settings location. With some deployments auto-configuring Wi-Fi via GPO and Intune, is there a way to disable this new…
Domain Users replication rights
Hi, We just found out our Domain Users security group has the following rights: Replicate Directory Changes, Replicate Directory Changes All and Replicate Directory Changes In Filtered Set I read about DCSync attacks. Is it safe to remove these…
MBAM decommissioning: solutions
Hi everyone, one of my clients has MBAM for managing the encryption of laptops and removable disks, MBAM server + SQL database and Web Portal for key management. MBAM will be decommissioned and the customer would like to replace it, they already have…
Unable to create the synchronization service account for Azure Active Directory.
Unable to create the synchronization service account for Azure Active Directory.
Domain Users replication rights
We just found out our Domain Users security group has the following permissions: Replicate Directory Changes, Replicate Directory Changes All and Replicate Directory Changes In Filtered Set Is it safe to remove these permissions from the Domain Users and…
Force RDP Gateway to request verification twice, for GW and separately for the target server
Hello, please help me with RDP GW. Here's a question: can I force it to request double authentication on the server? So that the RDP GW would request authentication and then the target server would request a separate authentication. Why this is needed:…
Problems to connect Terminal Server - RemoteApp after join a 3rd DC
I have troubles connecting to Terminal Server with RemoteApp. There are 2 DC (Win2008R2 STD) and 1 TS-RemoteApp Server (Win2019 STD). Clients Win11 Pro. Domain Functional Level Windows 2008 (not 2008R2) – All has being working great for years so far…. I…
Acquiring id tokens via IWA: Error Code 3400073293, 'Account type is unknown.'
Hi guys. I'm using WAM in MSAL.NET, and I'm hoping to perform a silent id token acquisition via IWA specifically - based off windows credentials, before a user has manually entered their credentials into a wam broker prompt. The machine is domain-joined,…
Permissions required to change Computer Name in AD
We have delegated "Write All" properties for the service desk on OU where all PCs located. While renaming the computer we get message "Access is Denied". Looking for support to fix this issue Thanks in advance
Graph API - How to handle empty manager of CEO?
Hello, I have the use case where I query the manager of a given user. But when the given user is our CEO then I get an error, since he doesn't have a manager. Because I want to avoid hardcoding his user to skip this query, what are the options to handle…
Needed guidance to rename a computer joined to a Domain
Hi All, There is a requirement to rename a computer already joined to a Domain to a new name. This computer (Laptop) is connected to Domain through VPN when the user is working from remote location, so it has linked VPN certificate with the existing…
Unable to add user from child domain
I am trying to add a user from a child domain to a group in the root domain, but I am receiving this error: The specified user was not found. If the user exists on another active directory Domain controller in the enterprise, it may take 15 minutes or…
Restore VIP user data after deleting synced account
My team accidentally deleted an important user's synced account. We attempted to restore it on active directory, but the user is still unable to access their history, such as Teams and Exchange Online mailbox. How can we restore their data?
Entra joined device does not receive Kerberos ticket for "custom" SPN
Hi everyone, I am currently trying to make our mail system's (not Outlook) SSO work with an Azure/Entra joined device. So the device is not domain joined, it is only Entra joined. But has line of sight to the on prem domain controllers so it actually…
active directory -grant permission to undelete user only move and create
I try to give user permission in an active directory to create users and move between them, but do not delete them. When I delegate control to some group, I do not have the option to undelete users.
How to trigger webhooks in Azure Microsoft Entra ID?
Hey, I need to add webhooks to Microsoft Entra ID in Azure, such that events occuring in Entra will trigger the sending of arequest to a URL of my specification. Something of the following sort: A user is being added to some group or, A new user is…
How to enable push notifications for azure AD B2C MFA
Hi Team, I would like to know if push notification feature has implemented for ADB2C MFA? Thanks, Sukeerthi
AD DNS manager records duplication with SQL always on failover cluster
Hi, We are managing our SQL Always On listeners records in 2 active directory servers (they are syncing each other) and we came across an issue which we couldn't pinpoint the cause for. We are testing MSSQL failovers on our windows DB servers and after…
Why Event ID 4776 / 0xc00006a events login name is workstation but not account id ?
In the event log of the DC server, there is a significant occurrence of Event 4776 (100 events per second) when a workstation powers on. The login account displayed is the workstation name (e.g., “john$”) rather than the actual account name. However, the…