Active Directory

78K

Solutions

39K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi
Can someone help me with the best group policy settings for offline cache files?
users have Windows 10 and using folder redirection.
They receive error indicating offline cache size is full.
Thank you.
0
OWASP: Avoiding Hacker Tricks
LVL 12
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Hi,

What is the attribute in Active Directory for user enabled or disabled?

Thanks
0
How to allow an AD security group to read the Security Event Viewer log in all domain via GPO ?
We have server 2008 Dcs
0
Our environment consist of Windows 2012 R2 DC's and 2012 R2 ADFS servers and have an Office 365 tenant  setup in a federated mode.  We are taking on another company who we have a AD trust with and their email domain is going to be brought into our tenant . So one tenant to separate domains. Here is my question. We have am ADFS server and AD Connect server. They also have a Windows 2012 R2 ADFS server. Can Windows 2012 R2 ADFS handle two separate forest? From what I have read is sounds like it can. Also will authentication for Office 365 go through our ADFS server or theirs?

https://www.itprotoday.com/iaaspaas/adfs-multiple-forest-authentication-azure-ad

https://blogs.technet.microsoft.com/abizerh/2013/02/05/supportmultipledomain-switch-when-managing-sso-to-office-365/
0
We have a weird issue where all of the windows explorer windows will close at random times on Windows 10 machines.  I have checked the event viewer and the only thing I can see is that the system has processed group policies.  I have looked through the GPO's and there are no replace options on system drives and not sure what is causing this.  Any thoughts?
event_viewer.png
0
Since when the Active Directory doesn't accept same display names?  I have the 2nd jenny jones and it doesn't want to take it.  Unless I will do something else (2nd jenny) or whatever.

I remember I was supporting university with 3000 users and it wasn't an issue.   Is it recent in 2016 AD?
0
After removing our on premise exchange server, we no longer have the ability to edit the "Send on Behalf of" or "Send As" properties of our Active Directory synced distribution lists or mail enabled security groups.
If we create a distribution list, or group in Office 365, we can edit these fields in Office 365.  
Currently, we are looking at deleting our on premise groups/distribution lists, and recreating them in Office 365. (If there is a better way, without using 3rd party tools, please let me know!)

I can use the powershell command "get-adgroup" to find the groups. (I plan on doing distribution lists first, and then mail enabled security groups later, as I have to verify they're not in use for local shares.) and I can use "get-adgroupmember" to find the members of the group.

For ease of creating the new distribution lists in the cloud, it would be nice to have the distribution group name, and email, followed by all members of the group in a file. (Or files.) So that it can be read, while creating the new groups in Office 365.

What is the easiest way to accomplish this?

Thanks for any assistance.
0
So I am constantly getting this message when working in Office 365 and On-Prem (exchange 2013) EAC
"the action can't be performed on the object because the object is being synchronized..."

Like I go to run an Exchange PS command or do something through the GUI but can't. Some users show up on both sides and some only on one or the other. Very frustrating.

For example, I went to add myself as a moderator on a Distribution Group in O365 but I got the error above so I go over to the on prem (enterprise) EAC and when the window comes up displaying user accounts, I am not there.

Any ideas very much appreciated.
0
I had this question after viewing "Incorrect Username or Password" on log in.

After setting up a new VoIP phone system from Comcast Business on our network, which required re-configuring our Dell network switch with VLANs for voice and data, we started to see issues with users not able to login to the network even though their credentials are valid. I would like to know if others have a similar experience and if so what is the best solution to avoid this kind of problems. Also, I am still trying to resolve the login problems for the users and the only way I have been able to use thus far is to have the user reboot their PC and then they are able to login again. I had similar problems with my domain admin account randomly on different servers. Why is it that on some servers my login works and others it does not?
0
I downloaded the GPO administrative template installer for WIndows 10.  It installed and I copied the files to \\domain\sysvol\domain\policies\policydefinitions. When I first did this, I saw the policies in Group Policy Mgmt Editor. A day later, I started seeing errors "An appropriate resource file could not be found for file \\<path above>\ActiveXInstallService.admx (error = 3) and then errors on all the other ADMX files pop up too until I stop the task in task mgr. The files look to be all there. Does anyone have insight into this?
0
Determine the Perfect Price for Your IT Services
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Hi
Let me explain our server setup first .we have three domain controller in our Head office and one Read-only domain controller at each site office. All DC and RODC servers are also Global Catalog server, DNS server and DFSR namespace server. There is VPN connection between site office and head office.
Active directory sites and subnets are configured. Each Active directory site is configured with that particular site RODC.  Namespace folders are configured with multiple folder targets. Employees are getting access to local targets automatically as they move from HQ to site or site to site
My problem is, When VPN is connected if I type our active directory  domain in ”run” from any site office client pc or  from server (\\XXX.XXX.local) I can see SYSVOL, NETLOGON, DFSR namespace, ETC . If VPN is not connected domain name doesn’t resolve and I don’t see anything .If I ping to AD domain from site office when VPN is connected I am getting reply from head office DC, without VPN I am not getting reply, I am not sure if it is supposed to be like this.
Recently we started to use domain based namespace for file sharing, so whenever VPN gets disconnected all mapped network drive becomes unavailable.
Thanks,
0
Dear Experts, can we increase the maximum size of email signature in OWA of Exchange 2016 server?

GUI or cmd is ok for us. Many thanks as always!
0
Hi Experts

We are using Exchange 2013 and management wants to know what is the typical message size being sent by users.
They need to know statistics of message for the past 1 month.

I tried running this https://gallery.technet.microsoft.com/exchange/Exchange-2007-2013-email-b66c5543 only for 2 days but it is still stuck in powershell since yesterday.
I got 2 mailbox databases and the size of each is around 600GB, total about 1TB.

Is above link correct to get statistics of the messages daily sent/received? How longs it takes usually for what size of database?

If above is not what I supposed to run, what is the quickest way to get daily messages sent/received for the past 1 week?

My objective is just to get all individual messages size being/sent/received (internal/external).
Any powershell comand that can generate all individual message size for X days ?

Thanks
0
What steps do you recommend for UPLOADING Employee Photos to my Window Server 2016, Active Directory ?

Details
 ** # of employees = 100
 ** photos = under 100kb in size, named firstname_lastname.jpg
 ** AD Account Name = firstname lastname
 ** security = IT (me) will do upload
 ** software = powershell/etc is fine, or something like https://www.codetwo.com/freeware/active-directory-photos
0
I have a need to schedule a task to occur every four hours, but unbelievably I cannot find any way to do this with the  GPO Task Scheduler in Server 2008. The options for "repeat task every" are 5, 10, 15, 30 minutes and 1 hour...
I can modify the custom repeat time manually in 2008 Server task scheduler but the same isn't possible when doing it on GPO task schedule. I understand and tried changing the repeat interval by editing .XML file but instead GPO tasks schedule change to "5 minutes". Please help its very urgent and important.

Thanks in advance.

 here is the .xml file

<?xml version="1.0" encoding="UTF-8"?>
-<ScheduledTasks clsid="{CC63F200-7309-4ba0-B154-A71CD118DBCC}">-<TaskV2 clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}" removePolicy="0" userContext="0" uid="{E5521DE0-0643-4ED9-AC8E-8EA1DD8FED23}" changed="2019-01-15 16:33:08" image="2" name="Reboot Notification">-<Properties name="Reboot Notification" logonType="InteractiveToken" runAs="%LogonDomain%\%LogonUser%" action="U">-<Task version="1.3">-<RegistrationInfo><Author>TMMCADM\admin152</Author><Description/></RegistrationInfo>-<Principals>-<Principal …
0
I am trying to Event Log Forwarding.  I have it setup per basic Microsoft instructions.  I am using 'computer account' for logon and have added it to Event Log Reader group on Source Computer.  I have also tried various user accounts, such as the local Administrator account (from source computer), and Domain Admin.  I have added Network Service to Event Log Reader group (source computer)  and Local Policy -Rights Management -- Manage Audit Security log.

I get error: (when using Computer account)
sourcecomputer.apsu.edu] - Error - Last retry time: 1/15/2019 11:24:17 AM. Code (0x138C): <f:ProviderFault provider="Event Forwarding Plugin" path="C:\Windows\system32\wevtfwd.dll" xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"><t:ProviderError xmlns:t="http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog">Windows Event Forward plugin can't read any event from the query since the query returns no active channel. Please check channels in the query and make sure they exist and you have access to them.</t:ProviderError></f:ProviderFault>  Next retry time: 1/15/2019 11:29:17 AM.

I get Access Denied with using user accounts.
Thanks in advance.
0
In order to capture all computers in the domain on the new WSUS server, should I place a WSUS GPO just under the domain (like with the default domain policy)? Would that be a bad idea?

To note, I found 145 servers in AD using powershell with only 8 of them being disabled. Since yesterday, 45 have shown up on WSUS but they are in specific OUs where I linked the WSUS GPO. The other servers are in the Computers container and Domain Controllers OU (12 DCs). So, I am about 90 off between AD and WSUS (after I link the WSUS GPO to the Domain Controllers OU).

Thanks.
0
I installed office 365 proplus on my desktop through shared computer licensing scenario.

used office deployment tool

but when i log in to my desktop , i see this pop up coming up , i click x on right and continue working


is there any way i can block from my AD Group policy (Attached-sign in to office)



Also there is an option to switch account when i open word or excel, how can i disable that?-attachedsign in to officesign in to officeword1.PNG
0
Active Directory On-Prem to Azure Replication Scenarios:
For an SMB customer, Azure AD is costly.
What is the best AD Authentication solution for "Citrix Cloud and Azure Workload" implementation?
Shall I use Standalone Domain Controllers on Azure and create a new forest and replace with on-prem AD?
Are there any other solutions for this Scenario?
What are the possible AD solutions for Citrix Cloud and Azure?
Please suggest.
0
Exploring SharePoint 2016
LVL 12
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

We have a 1000 windows 7 SP1 clients, some of them X86 and some of them X64. IE9 is currently installed on the clients. We want to update the IE to IE11 because of incompatibility with a new application.
It’s a secure environment with no internet and WSUS is not allowed.  We do not have SCCM also in the environment. Now I need to update IE9 to IE7 on all computers using AD GPO.
I realize that IE for X64 has prerequisites that need ot be installed before IE11. On X86 it can be installed directly.
What could be the most efficient way of installing IE11 in my situation.
Thanks
0
I have 8 Group Policy Objects that I apply to an OU.

When I look at the GroupPolicy event logs, specifically Event ID 5312 that shows applicable Group Policy Objects, it continuously changes.

One minute I will see all 8 applied like this:

List of applicable Group Policy objects: 
GPO-1
GPO-2
GPO-3
GPO-4
GPO-5
GPO-6
GPO-7
GPO-8

Open in new window


The next minute I look I only see 3 applied like this:

List of applicable Group Policy objects: 
GPO-1
GPO-2
GPO-3

Open in new window


When I view this specific eventID, sort, I can see the change sometimes happening within 2 minutes. Almost like it's "flapping" so to speak.

Can anyone provide insight on this? I have 4 domain controllers in 1 forrest.

Thank you in advance.
0
Hi

I understand that there is  HealthMailbox in Exchange 2013.

Based on the message logs, there are a lot of email coming from contoso.com. I don't know why domain shows as consoso.com.

Would there be any issue if we delete HealthMailbox ?
What would be the impact on mailbox of the user if we delete?

Thanks
0
hello,

Please I need a script (using Exchange Management Shell commands) to create 100 shared mailbox from a csv file and after affect full access permission to some user and put the account in specific organisationnal unit in Active directory

CSV format :
Name,alias,OU,UserPrincipalName,user1, user2, user3

Thank you for help.
0
i have on premise AD and ADFS server.

we have mailboxes in office 365 having E3 licenses.

we dont have any on premise exchange servers.

we had 1 user who went on to soft delete, the user had left sometime back and company decided to hire him back.

generally we have AD policy where after 90 days of user leaving on premise AD account is permanently deleted and user goes into soft delete in office 365.

i saw user isn deleted state in azure AD , so i restored the user, but the user account is in blocked state in office 365

do i need to recreate the account in onpremise AD ?
0
Issue: In Microsoft Azure DevOps, external users (from our domain) that have "Basic" user licenses are unable to assign issues to other team members or tag people (by searching for their names) in the Discussion text area.  When trying to assign work items to other team members, they get the message "No identities found" and they are unable to type in that field.  When tagging people in the discussion area, they receive the message "sign-in required" when searching for names (even though they are signed in).  I believe this is some sort of permissions issue but am unsure how to solve.  Our company domain is tied to our Azure account and Office365 account.  We are adding these external users to our Azure Active Users section, so their account names are theirname@ourdomainname.onmicrosoft.com.  They use this to log into sharepoint and our DevOps platform.  This issue does not happen with users within our domain, which makes me believe it is a permissions issue or AD issue.  I searched google for this error and see lots of posts about how the reason you can't search for names is that you have to type their names and then it will take a minute to search AD and find their name.  That is not the case here, so please don't reference those solutions.  If you have any other questions of need further details, please let me know. Thank you!
0

Active Directory

78K

Solutions

39K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.