Active Directory

78K

Solutions

39K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi
Can someone help me with the best group policy settings for offline cache files?
users have Windows 10 and using folder redirection.
They receive error indicating offline cache size is full.
Thank you.
0
Exploring ASP.NET Core: Fundamentals
LVL 12
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Hi,

What is the attribute in Active Directory for user enabled or disabled?

Thanks
0
How to allow an AD security group to read the Security Event Viewer log in all domain via GPO ?
We have server 2008 Dcs
0
We have a weird issue where all of the windows explorer windows will close at random times on Windows 10 machines.  I have checked the event viewer and the only thing I can see is that the system has processed group policies.  I have looked through the GPO's and there are no replace options on system drives and not sure what is causing this.  Any thoughts?
event_viewer.png
0
After removing our on premise exchange server, we no longer have the ability to edit the "Send on Behalf of" or "Send As" properties of our Active Directory synced distribution lists or mail enabled security groups.
If we create a distribution list, or group in Office 365, we can edit these fields in Office 365.  
Currently, we are looking at deleting our on premise groups/distribution lists, and recreating them in Office 365. (If there is a better way, without using 3rd party tools, please let me know!)

I can use the powershell command "get-adgroup" to find the groups. (I plan on doing distribution lists first, and then mail enabled security groups later, as I have to verify they're not in use for local shares.) and I can use "get-adgroupmember" to find the members of the group.

For ease of creating the new distribution lists in the cloud, it would be nice to have the distribution group name, and email, followed by all members of the group in a file. (Or files.) So that it can be read, while creating the new groups in Office 365.

What is the easiest way to accomplish this?

Thanks for any assistance.
0
So I am constantly getting this message when working in Office 365 and On-Prem (exchange 2013) EAC
"the action can't be performed on the object because the object is being synchronized..."

Like I go to run an Exchange PS command or do something through the GUI but can't. Some users show up on both sides and some only on one or the other. Very frustrating.

For example, I went to add myself as a moderator on a Distribution Group in O365 but I got the error above so I go over to the on prem (enterprise) EAC and when the window comes up displaying user accounts, I am not there.

Any ideas very much appreciated.
0
I had this question after viewing "Incorrect Username or Password" on log in.

After setting up a new VoIP phone system from Comcast Business on our network, which required re-configuring our Dell network switch with VLANs for voice and data, we started to see issues with users not able to login to the network even though their credentials are valid. I would like to know if others have a similar experience and if so what is the best solution to avoid this kind of problems. Also, I am still trying to resolve the login problems for the users and the only way I have been able to use thus far is to have the user reboot their PC and then they are able to login again. I had similar problems with my domain admin account randomly on different servers. Why is it that on some servers my login works and others it does not?
0
I downloaded the GPO administrative template installer for WIndows 10.  It installed and I copied the files to \\domain\sysvol\domain\policies\policydefinitions. When I first did this, I saw the policies in Group Policy Mgmt Editor. A day later, I started seeing errors "An appropriate resource file could not be found for file \\<path above>\ActiveXInstallService.admx (error = 3) and then errors on all the other ADMX files pop up too until I stop the task in task mgr. The files look to be all there. Does anyone have insight into this?
0
Hi
Let me explain our server setup first .we have three domain controller in our Head office and one Read-only domain controller at each site office. All DC and RODC servers are also Global Catalog server, DNS server and DFSR namespace server. There is VPN connection between site office and head office.
Active directory sites and subnets are configured. Each Active directory site is configured with that particular site RODC.  Namespace folders are configured with multiple folder targets. Employees are getting access to local targets automatically as they move from HQ to site or site to site
My problem is, When VPN is connected if I type our active directory  domain in ”run” from any site office client pc or  from server (\\XXX.XXX.local) I can see SYSVOL, NETLOGON, DFSR namespace, ETC . If VPN is not connected domain name doesn’t resolve and I don’t see anything .If I ping to AD domain from site office when VPN is connected I am getting reply from head office DC, without VPN I am not getting reply, I am not sure if it is supposed to be like this.
Recently we started to use domain based namespace for file sharing, so whenever VPN gets disconnected all mapped network drive becomes unavailable.
Thanks,
0
Dear Experts, can we increase the maximum size of email signature in OWA of Exchange 2016 server?

GUI or cmd is ok for us. Many thanks as always!
0
Big Business Goals? Which KPIs Will Help You
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Hi Experts

We are using Exchange 2013 and management wants to know what is the typical message size being sent by users.
They need to know statistics of message for the past 1 month.

I tried running this https://gallery.technet.microsoft.com/exchange/Exchange-2007-2013-email-b66c5543 only for 2 days but it is still stuck in powershell since yesterday.
I got 2 mailbox databases and the size of each is around 600GB, total about 1TB.

Is above link correct to get statistics of the messages daily sent/received? How longs it takes usually for what size of database?

If above is not what I supposed to run, what is the quickest way to get daily messages sent/received for the past 1 week?

My objective is just to get all individual messages size being/sent/received (internal/external).
Any powershell comand that can generate all individual message size for X days ?

Thanks
0
What steps do you recommend for UPLOADING Employee Photos to my Window Server 2016, Active Directory ?

Details
 ** # of employees = 100
 ** photos = under 100kb in size, named firstname_lastname.jpg
 ** AD Account Name = firstname lastname
 ** security = IT (me) will do upload
 ** software = powershell/etc is fine, or something like https://www.codetwo.com/freeware/active-directory-photos
0
I have a need to schedule a task to occur every four hours, but unbelievably I cannot find any way to do this with the  GPO Task Scheduler in Server 2008. The options for "repeat task every" are 5, 10, 15, 30 minutes and 1 hour...
I can modify the custom repeat time manually in 2008 Server task scheduler but the same isn't possible when doing it on GPO task schedule. I understand and tried changing the repeat interval by editing .XML file but instead GPO tasks schedule change to "5 minutes". Please help its very urgent and important.

Thanks in advance.

 here is the .xml file

<?xml version="1.0" encoding="UTF-8"?>
-<ScheduledTasks clsid="{CC63F200-7309-4ba0-B154-A71CD118DBCC}">-<TaskV2 clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}" removePolicy="0" userContext="0" uid="{E5521DE0-0643-4ED9-AC8E-8EA1DD8FED23}" changed="2019-01-15 16:33:08" image="2" name="Reboot Notification">-<Properties name="Reboot Notification" logonType="InteractiveToken" runAs="%LogonDomain%\%LogonUser%" action="U">-<Task version="1.3">-<RegistrationInfo><Author>TMMCADM\admin152</Author><Description/></RegistrationInfo>-<Principals>-<Principal …
0
I am trying to Event Log Forwarding.  I have it setup per basic Microsoft instructions.  I am using 'computer account' for logon and have added it to Event Log Reader group on Source Computer.  I have also tried various user accounts, such as the local Administrator account (from source computer), and Domain Admin.  I have added Network Service to Event Log Reader group (source computer)  and Local Policy -Rights Management -- Manage Audit Security log.

I get error: (when using Computer account)
sourcecomputer.apsu.edu] - Error - Last retry time: 1/15/2019 11:24:17 AM. Code (0x138C): <f:ProviderFault provider="Event Forwarding Plugin" path="C:\Windows\system32\wevtfwd.dll" xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"><t:ProviderError xmlns:t="http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog">Windows Event Forward plugin can't read any event from the query since the query returns no active channel. Please check channels in the query and make sure they exist and you have access to them.</t:ProviderError></f:ProviderFault>  Next retry time: 1/15/2019 11:29:17 AM.

I get Access Denied with using user accounts.
Thanks in advance.
0
We have a 1000 windows 7 SP1 clients, some of them X86 and some of them X64. IE9 is currently installed on the clients. We want to update the IE to IE11 because of incompatibility with a new application.
It’s a secure environment with no internet and WSUS is not allowed.  We do not have SCCM also in the environment. Now I need to update IE9 to IE7 on all computers using AD GPO.
I realize that IE for X64 has prerequisites that need ot be installed before IE11. On X86 it can be installed directly.
What could be the most efficient way of installing IE11 in my situation.
Thanks
0
I have 8 Group Policy Objects that I apply to an OU.

When I look at the GroupPolicy event logs, specifically Event ID 5312 that shows applicable Group Policy Objects, it continuously changes.

One minute I will see all 8 applied like this:

List of applicable Group Policy objects: 
GPO-1
GPO-2
GPO-3
GPO-4
GPO-5
GPO-6
GPO-7
GPO-8

Open in new window


The next minute I look I only see 3 applied like this:

List of applicable Group Policy objects: 
GPO-1
GPO-2
GPO-3

Open in new window


When I view this specific eventID, sort, I can see the change sometimes happening within 2 minutes. Almost like it's "flapping" so to speak.

Can anyone provide insight on this? I have 4 domain controllers in 1 forrest.

Thank you in advance.
0
Hi

I understand that there is  HealthMailbox in Exchange 2013.

Based on the message logs, there are a lot of email coming from contoso.com. I don't know why domain shows as consoso.com.

Would there be any issue if we delete HealthMailbox ?
What would be the impact on mailbox of the user if we delete?

Thanks
0
hello,

Please I need a script (using Exchange Management Shell commands) to create 100 shared mailbox from a csv file and after affect full access permission to some user and put the account in specific organisationnal unit in Active directory

CSV format :
Name,alias,OU,UserPrincipalName,user1, user2, user3

Thank you for help.
0
Issue: In Microsoft Azure DevOps, external users (from our domain) that have "Basic" user licenses are unable to assign issues to other team members or tag people (by searching for their names) in the Discussion text area.  When trying to assign work items to other team members, they get the message "No identities found" and they are unable to type in that field.  When tagging people in the discussion area, they receive the message "sign-in required" when searching for names (even though they are signed in).  I believe this is some sort of permissions issue but am unsure how to solve.  Our company domain is tied to our Azure account and Office365 account.  We are adding these external users to our Azure Active Users section, so their account names are theirname@ourdomainname.onmicrosoft.com.  They use this to log into sharepoint and our DevOps platform.  This issue does not happen with users within our domain, which makes me believe it is a permissions issue or AD issue.  I searched google for this error and see lots of posts about how the reason you can't search for names is that you have to type their names and then it will take a minute to search AD and find their name.  That is not the case here, so please don't reference those solutions.  If you have any other questions of need further details, please let me know. Thank you!
0
Rowby Goren Makes an Impact on Screen and Online
LVL 12
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Is it possible to shorten the Windows Server DFS Namespace root address or domain name using an alias? Currently, we have it set up with \\domain.com\dfs\ but our domain name is too long and we are running into character limitations for some paths in our ERP system.  I know I can just point the paths directly to one of our file server's Hostname by that defeats the purpose of having a distributed file system.  We have two Windows 2016 Files Servers and one Windows 2008 R2 Files Server in this DFS Namespace.
0
Windows 7 machines not listening to Folder Redirection group policy after a DC migration to Windows 2016.

At present, the old Windows 2012 Essentials server is still in place but a new Windows Server 2016 Standard server has been added. The domain has been migrated across along with the FSMO roles. After having issues with getting machines to pick up the new Group policy settings due to DNS issues, all does appear to be ok - at least, it is for Windows 10 clients. However, although Windows 7 clients can be coaxed into seeing the correct group policy, they are all ignoring the change in Folder Redirection location.

Things I've tried:
1. gpupdate /force
2. ipconfig /flushDNS
3  Several reboots

4. gpresult /v
This is interesting. After clearing the DNS cache, Windows 7 PCs do now pick up their group policy from the new server. However, they are still ignoring the folder redirection and the result of the above command shows:
FOLDER REDIRECTION
--------------------------------
N/A

5. I've tried removing the WMI filter from the redirection policy - no effect.
6. I've tried creating the new GPO and putting the redirection in there. GPRESULT lists the policy, so it's seeing the right stuff, but it still ignores the redirection.

Remember - Windows 10 PCs are working fine. This appears to be just Windows 7 machines.

Any ideas? I'm getting short of them!
1
Hi,
Users in our domain cannot run task manager or change the network settings.
I beleive it is a group policy setting on how to increase users access control on computers.
our domain controllers are mix of 2012 R2 and 2016. Our clients are Windows 10, 1709, 1803 mix.

thank you in advance.
0
Need to create a GPO that runs an MSI but the MSI requires a config file be in the same directory as the MSI in order to run properly.  Is it possible to include the config file with the MSI in a GPO ?
0
windows 10 GPO adjust for best performance

Trying to get this working via GPO:

performance.JPG
I have found many, many "solutions" mentioning this change:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects]
“VisualFXSetting”=dword:00000002

That is incorrect. Sure, it looks like it worked but if you do some basic testing it becomes clear the visual effects are still enabled.
I guess maybe there are individual registry settings which need to be changed.
Does anyone know what they are?
0
Dear Experts.

Need help on firewall ports requirment.

I have two different forest tbd.nal.nl and nsk.pwd.uk entity within same organization (no child domain).
Request experts help to suggest what are the ports minimally required for forest trust to work.

1. List of ports to be open in firewalls for forest trust.
2. Ports to open between forest domain controllers tbd.nal.nl and nsk.pwd.uk.
3. Do we require to ports to open tbd.nal.nl clients to forest nsk.pwd.uk domain controllers and viseversa, if yes can help us list of ports to open.
0

Active Directory

78K

Solutions

39K

Contributors

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.