[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Active Directory





Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post


How to check who has account with administrative permission on the ADFS?

Build an E-Commerce Site with Angular 5
LVL 12
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.


I have an ADFS "Web Application Proxy Service" that is not starting even if i try manually.


Could someone suggest the best way to copy NTFS permissions from one folder to another folder on a new file server.

I am looking for ways to do it

1) while I am copying data
2) Data is already copied.  Need to apply permissions to new share.
Can a csv with the division ad attribute be mapped to active directory users?
Hi, i have script for get all groups that a user is member of. Works correctly, but  i cant export it to csv file. output shows PS terminal just. any ideas what i exactly must  add to script?


Import-Module ActiveDirectory
Get-ADUser -SearchBase "OU=Users,DC=domain,DC=local" -Filter * | foreach-object {
write-host "User:" $_.Name -foreground green
    Get-ADPrincipalGroupMembership $_.SamAccountName | foreach-object {
        write-host "Member Of:" $_.name

I have 2 machines that are not getting GPs and getting below error. Please assist.

Message          : The processing of Group Policy failed. Windows attempted to read the file
                   \\abc.corp\SysVol\abc.corp\Policies\{DE985BED-5764-4A16-A991-231E4AD1C8A3}\gpt.ini from a
                   domain controller and was not successful. Group Policy settings may not be applied until this event
                   is resolved. This issue may be transient and could be caused by one or more of the following:
                   a) Name Resolution/Network Connectivity to the current domain controller.
                   b) File Replication Service Latency (a file created on another domain controller has not replicated
                   to the current domain controller).
                   c) The Distributed File System (DFS) client has been disabled.
LogName          : System
TimeCreated      : 11/8/2018 7:13:38 PM
LevelDisplayName : Error
MachineName      : xyz.abc.corp

Thank you in Advance.
A mailbox has been removed from a AD user but the Exchange Global address book still show the user there. Any idea ? I have already updated the offline address book several time but it doesn't help.


In an Exchange 2007 environment, right clicking "remove" on a mailbox deletes the mailbox and the AD object. Does anybody know how long that process takes for the AD object to remove? I ask, because I removed some mailboxes over a week ago and the AD objects are still present. My deleted mailbox retention policy is only 3 days.

Hope somebody can offer some advice.

Good Day

I'm currently busy doing servers upgrade for one of my customers; a 5 site / campus college.  Exchange site is connected to each other VIA VPN.
I unfortunately cannot do server upgrade all at once, and tackling this project in 2 phases (3 sites per phase)

Phase 1 is complete this it the current setup with regards to Exchange and AD.
SITE 1: (Bridgehead Site) 2 x Server 2012 R2 AD servers, 1 Server 2003 AD Server, 1 Exchange Server 2003 and 1 Exchange Server 2007
SITE 2: 2 x Server 2012 R2 AD servers, 1 x Exchange Server 2007.
SITE 3: 2 x Server 2012 R2 AD servers, 1 x Exchange Server 2007.  
SITE 4: (1st Exchange 2007 server Deployed) 2 x Server 2012 R2 AD servers, 1 x Exchange Server 2007.
SITE 5: 1 x Server 2003 AD server and 1 Exchange Server 2003

Site 1 is HQ and also site where external inbound and out email transport occurs to and from the Exchange 2003 server.

When there is any issues at SITE 4, mail for the entire college but internal inter exchange and external stops flowing till issues are resolved at site 4.
To me its seems as if the entire college email system is solely reliant on SITE 4 for Inter-site and external mail transport.  Main site should not be site 4, it must be SITE 1.

I've read that this SITE 4 dependency issue might have something to do about it being the first Exchange 2007 Org site.

I need detailed steps to:
Remove sole dependency for SITE 4 to be operational in order for Entire Exchange org function.
Find Where Your Active Directory Groups Are Used On File Shares
Problems using Powershell and Active Directory?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Thanks in Advance!

I have a customer that has a very small environment with 1 windows server with AD on it.  (about 10-15 users and most of them remote).
They don't have the funds for a second DC, currently, i have backups of file level and am using windows server backup for image backups.  
was thinking about this scenario  but wanted to run it by the experts to get their thoughts on it:     would like to create an Active directory server in the cloud that can, 1. sync with the onprem AD (so we have a copy of ACTIVE Directory in the cloud).   or 2. sync once a day while firing up the cloud server to allow syncing and then turn it off---to save on cost--incase cost is an issue.   3. have a scenario where the remote users can authenticate and not use cached profiles (besides using vpn).

question on the above scenario:   I'm sure Im not the first one thinking about this scenario---wanted to get your thoughts on how you guys are handling it for small businesses.
Using a group policy to do drive mapping.  

4 separate drive mappings, all set to update all on same server.  

If a user reboots, they lose two of the drive mappings, two remain.  Only difference, the two drives that disappear (new this weekend) are shared from subfolder on server.
Running GPUPDATE /FORCE, restores the missing drives.

These two drives that disappear on reboot.
H: \\Server\sys2\homedir
S: \\Server\sys2\scansoft

These two drives do not disappear on reboot.
N: \\server\sys
Y: \\server\pictures
I would like to know of it's possible to get notified by Active Directory when a user has been added/removed from a group?

Is there a way in python to "subscribe" to have our program notified when this kind of event occur?

The only way i could detect those changes is to pool data periodically to see group changes.

(running python 3.7 on windows server 2012 r2)

yet, i've found pyad and python-ldap modules, but none of them seems to have functions for that.

Note: If it's not possible to be advised, then is there a way to just check with a single call "Is there any changes?"... and if there's some changes, i could browse a complete group to see these changes.

Global catalog server cannot see the objects from child domains, so they cannot access their mailboxes if the child domains controller is down,                                  note that the organization has one exchange 2016 server in parent domain only
Hi All

I'm hoping someone can help me with the following Word 2016 settings.

I want to be able to change the Smart cut and paste settings within Word 2016 via a group policy.  I cant see the settings I'm looking for within GP editor and also cant spot where the registry setting sit.

I've attached a screen shot of the setting I want to untick. Any ideas how I could change this.

Many thanks
im testing crosforest migration, firts step i'm making is to migrate mailboxes to new exchange, linked mailbox for now.
i sucesufully moved the mailbox to new forest B but having trouble moving it back to forest A.

when i try to move back the mailbox the job eventually fails and in detailed report there is this message repeating :
11/9/2018 3:16:26 PM [forestAmailserver] Cleared sync state for request 40caffb9-6544-4abb-b272-46b058861802 due to 'CleanupOrphanedMailbox'.
11/9/2018 3:16:26 PM [forestAmailserver] Mailbox signature will not be preserved for mailbox '40caffb9-6544-4abb-b272-46b058861802 (Primary)'. Outlook clients will need to restart to access the moved mailbox.
11/9/2018 3:16:26 PM [forestAmailserver] Transient error MapiExceptionCorruptData has occurred. The system will retry (59/60).
11/9/2018 3:17:00 PM [forestAmailserver] The Microsoft Exchange Mailbox Replication service 'mail.forestA.local' (15.0.1367.0 caps:1FFF) is examining the request.
11/9/2018 3:17:00 PM [forestAmailserver] Connected to target mailbox '40caffb9-6544-4abb-b272-46b058861802 (Primary)', database 'Mailbox Database 1', Mailbox server 'mail.forestA.local' Version 15.0 (Build 1367.0).
11/9/2018 3:17:01 PM [forestAmailserver] Connected to source mailbox '40caffb9-6544-4abb-b272-46b058861802 (Primary)', database 'MDB01-mailserverForestB', Mailbox server 'mail.forestB.local' Version 15.1 (Build 1531.0), proxy server 'mail.forestB.local' 15.1.1531.7 caps:0FFD6FFFBF5FFFFFCB07FFFF.

Is there a way in AD or any other way to get all ADFS servers in the company?

We need to Export all Security  Distribution Groups with all users names  into a csv file
i have used  and got some info in the CMD and some in powershell.
Does someone have the exact script for this?
I am installing a new active directory / exchange 2016 server for one of my clients.  They have at the moment Kerio for their email on the old server that this one will be replacing. Just as a history for it they did have before the kerio an sbs 2008 server which had exchange 2007 on it. The problem I am having at the moment is I have setup the exchange server just like I have done for other customers but for some reason when I try to connect outlook on the computers that are on the domain it will find the email with the autodiscovery and when it searches for it then it puts up a box for credentials. Which these being on the domain and logged in as that person should not do but either way I have even tried to put their credentials in with local domain\username and  username@local domain in the username field and it keeps popping up.  when I do this I make sure the computer is pointing to the correct email server.  If it helps they have outlook 2016 and they get it with office 365.  I did get one user to work correctly I had disabled and deleted the mailbox from exchange then remade the mailbox.  Her computer continued asking till I rebooted it then it worked just fine.  I then disabled and recreated the other users mailboxes but they still have the problem even after a restart.  Also to note that on the computer with the person that it is working correctly with I logged into somebody that it was not working right on and even on that computer it still asks that person for …
Rowby Goren Makes an Impact on Screen and Online
LVL 12
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

hi citrix experts

We have in our environment Citrix users profile problem. we have XenApp 7.12

We are using Citrix user profiles and we do this via delivery controller policy

We do folder redirection for (( desktop – my documents – download – APP data – contact – links – pictures – start menus – etc ))

But recently our user profiles getting bigger so much and I found the biggest directory



I found online this links  which shoes which paths I have to include


here the configuration but with AD GPO but we use Citrix policy from delivering controller


I have two questions

1-      In the delivery controller policy, I can add the exclusion directory  and exclusion files but I don’t know the syntax

Should be like this      AppData\Local\Microsoft\Windows\INetCache

Or like this the all path from the shared file system     \\filerone\CTX-Profiles\%username%\UPM_Profile\AppData\Local\Microsoft\Windows\INetCache

2-      After I configure this policy and let say it worked what will happen to the data inside the old users profile some of the users has more than 6 GB \INetCache directory. it will be removed automatically or I have to do it manually

And any side effect to user work

In ADFS do we still need to type the domain like: mydomain\user or user@mydomain for authentication or a user name is enough?

I am exploring using Azure Active Directory for a 100 person organization. There is no AD today, everything is local workgroups. We have deployed many elements of the O365 Stack and every user has an account. I have added 2 new laptops to the Azure Active Directory via Win 10 first boot. The devices are now managed by MDM/Intune.  We purchased AzureAD Premium 1 licenses.  

My issue is, can I apply GPO to these machines like they were in AD? The machines show they are in Workgroup. Printers are the only real AD type items to worry about. There is no file server, local share, etc. We are trying to be 100% Cloud.  

We are trying to avoid dedicated AD server, VPN, AD Connector, etc.  It seems like AzureAD is very close, but the devices showing they are Workgroup, not in a domain is my concern. I would much rather them show in a domain.
We just added our first 2016 DC (FFL/DFL 2008R2) to run along with our existing 2008R2 DC.
Is there anything that will break or oddities with AD, LDAP that others might have noticed if all FSMO roles are on 2016 DC versus the 2008R2 in the scenario above.
I ask because we have noticed some strange application behaviour and it is too sporadic right now to put my finger on it.
Replication is good and no errors.
I am currently doing off-site testing of our backups and having a minor issue I was hoping someone could shed some light on or point me in the right direction for resolving.  We are a school district and our backup needs are not the same as a for profit business, so we are doing a mixture of backups both using backup exec, as well as nightly full backups using Windows Backup on a few 2008 R2 machines. Such as 1 domain controller that holds our FSMO roles, and our Mail Server which is hosting exchange 2010.

My problem is, when I restore the DC in our test environment, FRS is not up and running for several hours because it cannot find the other 2 domain controllers we normally have in our production environment. So AD is not fully up and running.  After a few hours of sitting, it magically starts working and event logs showing FRS is no longer preventing the machine from being a DC.

Is there something I can do to quickly resolve the issue in case of a real DR situation?  Once its fully up, I just do a metadata cleanup and remove the other DC's replicas in my test environment, but can't do that until FRS is up and running.  Any help would be greatly appreciated!  =)
Hi all

we have imacs on windows domain. I have one imac which is getting correct VLAN Ip address, can access internet but does not allow windows users to log on. I can log on locally and access internet but with domain accounts it just does not want to work. i get orange icon near by for connectivity issue.

I am not mac specialist so no idea what else i can do to have look. Any ideas?


Active Directory





Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Vendor Experts

Kevin StanushSystemTools Software Learn more about SystemTools Software