Improve company productivity with a Business Account.Sign Up


Active Directory





Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post

hi evreyone ,

PS 1 : our company use jira service desk cloud  .
PS 2 : i have two Question.

Question1 :

Is it possible to integrate  Jira Service Desk Cloud with Windows Active Directory ?
because it doesn't seem to allow Active Directory integration , i didn't find any option for this .

Where can I find the description of the settings?
Do we need additional software?
how we can do it ??

If not, is there a solution that does the same job of Active Directory?

i need this solution of active directory or any solution that make the same work of active directory

Question 2 :

what is the solution who can make the company when it should add a lot of customers , i mean how it can add them in one time instead of add one by one ?? it's a real issue ,any help please ???
Free Tool: ZipGrep
LVL 12
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

My question is one of trust relationships with AD and O365.

It has to do with a mid/complex level identity management issue…i.e. Company A owns company B and C and would like to, rather than create a net new tenant that represents company A (as an umbrella) and migrate existing 365 users from company B and company C tenants, somehow figure out a way through AD trusts and dir sync/federation sync (whatever the sync is called these days) to represent the existing tenants from B and C in A without a physical mailbox migration.

Could anyone offer guidance or support? Thanks very much!
Win 10 pro joined to Domain - cant log in
Recently bought a PC with Win 10 Home. Upgraded to Win 10 Pro.  Joined the pc to the DOMAIN . After joining to domain and reboot, cannot log in with a domain user. Tried multiple users. I get the error "The user name or password is incorrect. Try Again."
I wud like to add persistent routes for about 50 subnets' PCs using GPO:
Kindly elaborate how this can be done
Active Directory User Account gets locked out daily.

I have a user who get's his active directory account locked out once a day.  He changed his password last week and it has been happening every day since.  Obviously, there's something trying to login to his account using his old credentials which locks his account.  I'm not sure why it only happens once a day or what the device could be.

They have an on-site exchange server.  His account only shows 3 Activesync devices, all of which he said he has the new password in.  He said he's never logged into another computer on the domain and no one else has access to his mailbox in their outlook.

The main issue I'm having is figuring out the event logs for the lockout.  I find the event that locks it out (and attached a screen shot), but the "Caller Computer Name" says IP-10-1-30-72.  That IP isnt part of their network IP scheme, so it cant be coming from the internal Lan.

It looks like the failed logins come from the same couple IPs on the same network


How to create a scan folder in Active Directory?

A long time ago i had 2 DC servers (DC-01 and DC-02). After some changes, DC-01 was properly at 95% removed. But some issue looks like appeared.
At now after few month exists some symptoms of DNS issue.
At event log pops up 3 events of NETLOGON with ID 5781. Dynamic registration or deletion of one or more DNS records associated with DNS domain "DOMAIN.local.
DomainDnsZones.DOMAIN.local and ForestDnsZones.DOMAIN.local.
Sometimes events like DNS-Server-Service ID 4013 and DFSR events 1202
DcDiag says:
Testing server: Default-First-Site-Name\DC-02
   Starting test: Connectivity
      The host 0ebb0f3a-b3b5-4acd-a22f-4b32fbf35b59._msdcs.HAJARB48.local could not be resolved to an IP address.
      Check the DNS server, DHCP, server name, etc.
      Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
      ......................... DC-02 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC-02
      Skipping all tests, because server DC-02 is not responding to directory service requests.
Is there a way to export out all the Dynamic Distribution Groups, Distribution Groups, and Security Groups that have 1 or below members?
Attempting to push proxy settings via gpo.

Background: We are running a current domain functional level of 2008 R2 and a forest functional level of 2003.

I am trying to push out our proxy settings via GPO as we had done in the past. I have been making the changes from our primary domain controller and applying to a test machine with just this user defined in the GPO.

1. I attempted to add the proxy to the local computer then pull the registry settings in from HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections. This method did not work. Even after an gpupdate/force and restarting the computer.

2. I attempted to add the setting through GPO from GPM, User Configuration, Control Panel Settings, Internet Settings, New > IE10, Connections Tab, enter settings and press F6 to apply. Still no effect.

Client machines are Win 7 with IE11. Soon to be replaced with Win 10 computers.
We have SSRS reports that pull from our data warehouse.  The IT team Active Directory group has Read permission to the data warehouse.  However, there are some reports that are going to be used by other staff, not just the IT team, but I don't want to grant Domain Users permissions to the data warehouse.  I see when setting up SSRS data sources I can store a username/password, but it says the 'Credentials stored securely in the report server'.  Is it talking about the Report Server database?  Because Report Server is a different database than the data warehouse, however they are on the same server.  

So at the report level, I will only give permissions via the report security so certain non-IT staff will have access to the report.  But how do I get the report to be able to pull from the data warehouse without adding those certain staff (and the list may grow of who they are) to the permissions of the data warehouse database?
Creating Active Directory Users from a Text File
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

We currently use Office 365 with AD Sync to hashes to keep our users accounts in sync with our on prem active directory accounts. One annoyance we've always had is if a user changes their password, they have to wait 30 minutes (the lowest time AD Connect will go to sync) for it to replicate. On top of it they have to re-sign into all of their on prem apps (Skype, Outlook, etc). We don't really care about the web login, but more so the on prem apps. While our users are "ok" so far with it, we want to streamline the experience for them. I recently was talking to another IT Admin about how they implemented AD Connect Pass Through Authentication, and he believes this is the solution we're looking for. So I Googled it and came up with this article: 

I was just curious if anyone else has experience with this? Is this the magic bullet we are looking for? Was it hard to implement?
I have some POS systems as well as computers\laptops suddenly dropping off the domain randomly.  The POS systems I know were moved to a new AD OU and soon after ever so often they just drop off and loose their domain trust.  I'm new to the environment so I don't know much about what has been done, but engineers are regularly having to add these machines back to the domain which is of cumbersome.
I have taken over AD admin responsibilities. This is something new to me. Hope experts will shed light on this.
I ran the AD topology diagrammer and noticed that intrasite topology generator is disabled.
What that does, should I worry about it?
i am having a csv file with user's Display Name and i need a powershell script to enable all the accounts which is in the csv file and get an output in csv
All my Windows 10 computers on my Windows domain have "some new" functions that by default blocks any connection attempt TO THEM.
It is not the default Windows Firewall.

I know that moreover the firewall, they added another blocking mecanism : when I go in control panel, network ... , Advanced Settings: there is a "profile " système there. I do see it as "Current Profile DOMAIN" and there are 2 settings: "Activate network discovery" and "Activate files and printer Sharing" and both of them are Active. I have to manually make them active on each Windows 10 because I didn't find in my domain GPO the settings for that. Do you know if that can be controlled by GPO and Windows 2003 GPO also...?
Hello Experts,

I want to check if a group contains the same group as its member. Could you please assist me with a script. For instance: If GroupA contains GroupA as its member.

How to identify issued Certificates that do not have a SAN.  "Subject Alternate Name"
powershell logon script gpo not running. Please share the correct steps to do the same.

And also while disabling right click  startmenu on win 10 is not working. Please share the correct steps to do the same. We have done already the below mentioned to disable however it is not working.

to disable and delete the below path

Please help me on this to fix on win 10.
Hey Guys,

My Active Directory server, ADFS01 is running into IP address conflict.  My AD server also has the role of Routing and Remote Access.  In DNS, I see a second ADFS01 entry with RAS IP address.  I deleted the one with RAS IP address.  And, it shows up again after few days.  Has anyone experience this problem?
Get 10% Off Your First Squarespace Website
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to and use offer code ‘EXPERTS’ to get 10% off your first purchase.

I'd like to import updated ADMX/ADML files for Windows 10 and Office 2016 into my existing environment consisting of Windows 7 and Office 2010.  Active Directory is Win 2012.

Is it okay to import the ADMX/ADML files and overwrite the existing files?  Are they backwards compatible?
There is a VB6 application that uses ADODB to connect to LDAP and do a lot of operations, there is an LDAP Attribute (field) called "co-unit" and when the application runs specifically on Windows 8 (it has been tested on other OSs and works 100%) generates an "Unspecified error (-2147467259)" error and after analyzing the source code it was discovered that the problem is that when trying to run the Querye it does not accept any field that contains in its name the hyphen, for example co-unit , no-drive, dt-creation, etc ...

I have already searched in numerous forums including MVPs and other professionals but I have not been able to find any solution, because it seems that this problem should never have occurred.

I would like to know if there is anyone who can help me and give a light to solve this problem, I have tried everything, changed components, tried to get the Attribute through ADSPath among other ways and none gave result giving the same error.

You are my last attempt to help.

I'm waiting for some help from someone.

Excerpt from code that generates error:

sqlStmt = "SELECT uid, co-unit, cn" & _
    "FROM 'LDAP: //" & m_LDAPServer & ":" & m_LDAPPort & "/ o =" & m_Org & "/ ou =" & m_OrgPeople &
    "WHERE uid = '" & m_User & "'" & "and objectClass = '*'"
    'executes the data string ...

I'm unable to set Trusted Sites Zone to low for all users - using GPO.

(Windows 10, IE11)

"Trusted Sites Zone Template" to "Low" under UserConfig and ComputerConfig.

But the zone does not change on the users -


how can i integrate Qualys and SCCM 2012 R2 for patching purposes
I have been practicing to extend the valid period of both root CA and user and computer  certificates in our lab before working on the production server..
I was following the link below. and few EE articles. I still have few questions since I am new to this.
 I got a new cert (see the picture), that is, there is an old and new certificate for root CA (certificate#0 and certificate#1).
The old certificate was imported via GPO to cert trusted store before so the computers trust the CA but it is going to expire soon,
1. How do i push this new cert to the PC's trusted root certificate  store
2 Do i have to create new cert for users and computer after this?
or Am I doing wrong?

Hi -

I've got a client that has a file server with 2008 Standard installed. The directory service event log is reporting AD corruption in ntds.dit. It's the only AD on the network. Very few changes have ever been made to it and until now, no problems whatsoever. It's a small office with only a few employees now which is probably why it's gone unnoticed for so long. I was able to trace it back to a power outage on 10-29-2015 when apparently the battery backup had failed. All the existing users seem to have no problem. I only noticed when I had to install a new machine for a new user on the network and tried to join it to the domain.

So, apparently the only backups are of files (including the offending ntds.dit), but not the "system state". I did find a couple backups that do go back far enough, but it's an image of the entire volume. In the spirit of trying to save myself some time, since this is the first time I've ever run into AD corruption, I thought I'd post here and see what my options are... or if I even have any other than to start over from scratch because of a single line of text in a 14 MB file...

Once I backup all the current data, is there any way to perform ntds.dit "surgery" (or replacement) to clear the corruption? Even if it means re-creating the users and permissions, at least I wouldn't have to reload a 7 year old server. Thankfully, we're only talking about 3, maybe 4 users here.

Windows event log (event 467): NTDS (776) NTDSA: …

Active Directory





Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Vendor Experts

Kevin StanushSystemTools Software Learn more about SystemTools Software