Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Active Directory





Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

hi experts,

I've setup a domain controller on Windows Server 2016.
Computer name: CMC-SERVER
Domain: cmc.local

I'm on the workstation trying to join domain and it keeps giving the error:

 Active Directory domain controller cannot be contacted...


please advise. ....
Does Powershell have you tied up in knots?
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


I have searched, attempted, etc. for countless hours prior to posting my question here. I am looking to add a Guest SSID/wireless network to my existing topology. For whatever reason, I cannot seam to get anywhere using the Cisco configuration guides. One in particular, https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html#configs

It is rather dated as well.

Here is my current setup:

ISP--> Cisco ASA --> Cisco Router --> Cisco Switch
Cisco WLC and Cisco APs connected to Cisco Switch

The ASA and Router are on network, and the port from router to the switch are on network.
I have a Win 2012 Server on the network that acts as my DHCP and DNS server.
I have 3 Cisco APs that are on the network. (my management interface on WLC is on the network as well)

What is the best method to incorporate a guest wireless network? Also, to correct my above setup (granted the management interface on WLC should not be on the same network as everything else)

I have attempted to create VLANs, but end up losing connectivity to the network, and there are two many possible areas of failure given all the components.

Should the router be the DHCP server instead of the Win 2012 server?

Please advise!!

Thank you in advance!!
Hello everyone. We have setup a Windows Server 2012 r2 instance on AWS. We would like to setup Active Directory and have users be able to auth against it. I understand AWS has its own AD service available, but we run Okta in our organization and need a Windows server Okta agent running to sync against our AD, hence the windows server. I am having a hard time with the users being able to login to the domain on a computer. We would like to use the same domain name of our email (ie contoso.com) which also hosts our website. I understand we need to add something the SRV records to our domain DNS which is hosted on AWS as well.
Also, we use Ruckus APs that can authenticate against an AD, which we cannot get to reach the AD server.

Any suggestions?

Thank you.
How can I create a Server 2016 group policy that defines which Windows 10 applications are disabled at statrtup?

There are certain applications that are set to enabled by default on startup and I need to make sure that these applications don't automatically load at startup. They need to be disabled.

I have a DC with a ldaps (636) and an external nat address through the firewall.

it has a self signed certificate from our in house certificate authority. and my hosted software is able to connect to it and allow my users to authenticate via LDAP just fine.

Except one.

the newest is requiring that we have a 3rd party certificate installed. So i purchased one, and added it to the personal store in the Certificate management area for the service account.  however didn't buy the extended validation option. so i think i have to buy another one.

if that is the case.. i would like to do it a bit differently.

if my server is server.mydomain.org
can i (after adding an external DNS alias for ldap.mydomain.org) purchase a cert for ldap.mydomain.org, and if so my reading leads me to believe that if i purchase the EV version of the cert, and put it in the personal store for the serivice account, is that all i need to do to get LDAPS using it ?

Hello everybody, I just enrolled myself to this website to learn, share and also meet IT like me.
As I stated, this is my first time in this website but I was wondering if sombody could give me some guidance in exchange server.

Here is my scenario: I have two site A and B
And I want to apply DAG resilience. But my problem is when I install exchange server in my secondary server it tells me I am not part of the certain group which I added.

Let me put it this way, I have a domain controller and an exchange already installed and configured working fine.
Now, In my second site I have added another domain, child domain. The child domain it's being configured no problem I can ping back and forth both server primary and child.

My issue lies when I add a member to my child domain to install exchange.
Basically is telling me the machine hasn't been added to a domain controller which is not true, and it's not belong the enterprise members and whatnot.

Could anyone explain me what exactly is going on and where is my weak point in this scenario.?
Thank you!

Here is what I got

Site A:  
1- Domain Controller
1-Exchange server
1- File-Share Witness
2- Card

Site B:  
1- Domain Controller
1-Exchange server
1- File-Share Witness
2- Card

If you need more information please let me know.

This is something I'm working on myself.
Where within the Server 2016 group policy settings can I set the "Taskbar Settings" for the Windows 10 client computers?

Where do I need to go within Server 2016 Group Policy settings to set the "File Explorer Options" to define what settings I want the Windows 10 client computers to have within the within the General, View, & Search tabs?

File Explorer options
I am trying to create a program that  loads computernames in the treeview control limited to one OU IN vb.net
I can load a combobox like this
 Public Sub ADComputers()
        Dim dirEntry As DirectoryEntry = New DirectoryEntry()
        ' NOTE: This path should be comma delimited, not semi-colon delimited
        ' Each label in the domain name should be a separate Domain Component (DC)
        dirEntry.Path = "LDAP://OU=XXX,OU=Computer Accounts,DC=XXX,DC=XXX,DC=XXX,DC=org"

        Dim mySearcher As DirectorySearcher = New DirectorySearcher(dirEntry)
        ' This value can be passed in the constructor if preferred.
        mySearcher.Filter = "(objectClass=Computer)"
        mySearcher.PageSize = 1001

        For Each resEnt As SearchResult In mySearcher.FindAll()
            ' List box is a bit simple for these unless I missed something
            ' lbADUsers.Items.Add(resEnt.Properties("sAMAccountName")(0).ToString())
            ' lbADUsers.Items.Add(resEnt.Properties("aDSPath")(0).ToString())
            ' And this one needs some work unless you're attaching to every object within the directory.
            ' lbADUsers.Items.Add(resEnt.Properties("objectGUID")(0).ToString())
        txtComputerCount.Text = TSCmbADC.Items.Count
    End Sub

Open in new window

We have a public website and it changed to new IP address. And A DNS record for the website is located at DNS1.

So user's path for DNS name resolution is;
User laptop------DNS2-------DNS1

DNS1 is configured as a forwarder in DNS2.

I just requested to change A record to DNS1 admin and he changed. I can resolve to new IP;
c:>nslookup website.com DNS1

But if I try to resolve with DNS2, it still returns the old IP address. It seems as DNS2 is not getting the change yet, TTL issue in cache.

Is there a way to delete only a single record for website.com?? It's AD integrated DNS server, I went to DNS concole> Advanced View> Cache Lookup, there was no record for website.com. I want to delete the record in DNS 2 and gets new DNS record from DNS1
Are your AD admin tools letting you down?
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

in the Exchange queue find the message and don't send it.
the dns nslookup on the srvmail respond with the error unknow.
on the server dns respond wth the correct name
I have a domaincontroller in my network that also acts as a DNS server for my clients. DNS server is given out by the DHCP server.

Of course when the DNS server is down, our clients can't connect to the internet anymore.

I tried in the past to add a second google DNS to the DHCP, but that caused more problems than solutions.

Is there a way to enable a setting so the clients only connect to the internal DNS server when needed (like logging in) and use the google DNS for internet only?
Had a request from management here to prevent users from changing the default folder icons. (Right click>Properties>Customise>Change Icon). Preferable way would be via a GPO, but  cannot seem to find that setting.  

Does anyone have any idea about how I could implement this? Machines are Windows 7 - 10.
My company have round 8-9k users.
I work in helpdesk and get cases where managers ask "who has access to my area on server"

Idealy i want to generate a report that simply lists the names of who has write  access to the specified area via the manual security group they are member of.

The different groups can have 100`s of members.

Is there some easy way to solve this for a helpdes teq?

What are the steps necessary to schedule all Windows 10 computers to run the SFC & DISM commands within a Server 2016 domain? I would like to have these commands run once a week.

Can this be done using a group policy or task scheduler command?

The commands that I would like to run are:

DISM.exe /Online /Cleanup-Image /Scanhealth
DISM.exe /Online /Cleanup-Image /Restorehealth
sfc /scannow
What are the steps to create a group policy to enable the System Restore feature & to use 13% of hard drive space for these restores on all Windows 10 and Windows 7 computers?
Up until now most all of the group policies I have created have been assigned to all authenticated users.

I'm now looking for guides and references on how to create group policy exclusions within Server 2016 so certain users or computers can be excluded from certain group policies.

Please provide me with references and guides on how to do this.
What kinds of group policies can be assigned to computers only (and not to users) within Server 2016?

I need to a trusted site URL to my IE options>security>trusted sites>sites using GPO

I am trying suggestion in this link https://deployhappiness.com/managing-internet-explorer-trusted-sites-with-group-policy/ but I do not see a Site to Zone Assignment list under User Configuration/Policies/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page

Someone please advise.
Concerto's Cloud Advisory Services
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


I need a script for AD (2008) - where it will spit out the AD username for only ACTIVE users. can someone provide?
What are the steps to create power management settings within Server 2016 for Windows 10 client computers?
I want to make our primary Active Directory domain controller into the secondary AC DC. Our current Windows 2008 server is named John. The secondary server (newer) 2012 is named Joe. I want to rename John to Andrew. Then I want to rename Joe to John.

This is necessary because all of our Group Policies are managed by John; all of our users log into John; and many users have a desktop full of shortcuts which point to John. Both servers have FSMO roles and a current backup of data.

Can I use the properties to rename John to Andrew? Then use the properties to rename Joe to Andrew? I find a mixture of information on the web, saying this will and this won't work.

Has anyone done this with positive results? Or know of an alternative for this scenario?
I have been asked to patch office 365 but the conventional way using SCCM cannot be used because the current version level is at SCCM 2012 R2 (1302) on 2008 R2 SP1 Standard. Active Directory is at 2003, I can’t upgrade SCCM to 1606 to support office 365 because of AD SCCM would fall out of support if we changed it.

I have been tasked with patching O365 I have a few suggestions but need some advice on achieving this

1: Set up a file share for the patching and use group policy. Really dont want to take this approach as its labour intensive.

2: Set a new instance of WSUS up on a 2012 server with WSUS ver 4.0 and deploy 365 patching from it only snag is I dont know if I can run SCCM client patching along side a separate instance of WSUS. Is this achievable or is there a better solution.

We aren’t using azure the o365 is static.

Any suggestions would be greatly received

We have a list of user first and last names in separate columns in a CSV file.

Would someone advise a PS command to read this CSV file and return another file that contain their first and last names, account status (account disable or enable) and UPN names?  

We also need a PS command to disable these UPN names if they are currently enabled.  

Where within Server 2016 Group Policy do I need to go to create a group Policy to display the Computer, User's Files, Recycle Bin, & Network icons on Windows 10 client computer's desktops?

These are settings that can be set within the "Themes and Related settings" Desktop icon settings within Windows 10 (see below):


Active Directory





Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Vendor Experts

Kevin StanushSystemTools Software Learn more about SystemTools Software