Go Premium for a chance to win a PS4. Enter to Win


Active Directory





Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Share tech news, updates, or what's on your mind.

Sign up to Post


We have Windows 2012 active directory server and windows 7 clients PCs and have subscribed for a web base program . Around 50 users will be taking the test on this program.
There is audio on this program and the audio dosent work on internet explorer and works only oly on the google chrome browser. The software vedor has also said that sound will work only on Google chrome.

We have Internet explorer and google chrome installed on the user workstations and i have put the shortcut for the URL on every user desktop ( for this web base program).  When users open the shortcut , it opens in the internet explorer.
Please let me know if there is a way to set up , that when users clik the desktp shortcut , the program open in google chrome.

Any tutorials will be great.
Simplify Active Directory Administration
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Hello Experts. I am using VMware workstation 11.0 for home lab. all virtual machines got power off by themselves sometime during the night, when i try to power one on, i received the following error: "could not open virtual machine, .vmx file not found" for all virtual machines. all these virtual machines are not running on any esxi host. when I went the disk where i am storing the files (local disk on server), all files have the lock icon, with .NM4 extension (see attached pic). How can i fix this?, Has anybody encountered this issue before? Please assist.
We are in the process of upgrading our single domain forest from 2003 to 2012R2. We have several site- (On=On-Prem and AWS)

Currently we have all 2008 Domain Controllers in a 2003 Forest Level. We ran Forest Prep already.  Once forest level is raised I will run DCDiag to make sure all looks good.

Once on 2008 Forest level, can I promote a 2012R2 server to Domain Controller?
Once on the DC role is on a 2012KR2, can the forest level be upgraded to 2012R2 from 2008?
Is there any Forest preps that needs to be done in between?
Any one know of any "Gotcha" during this process?
We have a SBS server going EOL.  We only have some of our PC's on the domain already, and are considering doing away with the domain completely. (Most of our production runs on linux anyway).  I'm not sure what would happen with the user profiles if the PC's are unjoined from the domain though?  Can/will the profile just be converted to a local user profile with the same credentials instead of domain user profile?   Or does a whole new local profile need to be made and any settings/files/etc carried over manually?
Can I identify whether or not an "exe" is currently running in lotusscript?
I started using the Profile tab for user's in Active Directory (2012r2) to map a network drive for the specific user.  We use to do this before by putting a login script in the startup folder on the client machines.  The login script would map the company network drives as well as each individual users drive on the server.  I have now started to use Group Policy to map our network drives, but needed a way to map individual user drives.  For this reason just used the AD Profile tab for these individual drives.  It works just fine but I had a user complain to my about his PowerShell when opened defaulting to this network user drive now.  I have also noticed that within the individual network user drives there is now a windows folder created automatically.  Is this the reason for the PowerShell issue?  Is there away around this?  Is there a way to set this so the windows directory is not created in the users network folder?
Dear guys, we have an Exchange 2016 on-premise server and would like to increase the attachment's size of users' emails to 100 MB. We did some research and followed but still got the error "The following files weren't attached because adding them would cause the message to exceed the maximum size limit of 25 MB: smex_12.0_ag.pdf. " when attached a file that is bigger than 25 MB into an email. Could you please suggest?

Attached pictures are our settings, we restarted IIS, Transport services, even server itself but did not help!
We had a problem this morning where suddenly, inexplicably after months of running with no issue, some of users were routed to the wrong file share via a DFS path.  Here's the setup:

We have two sites: Corporate (actually called Default-First-Site-Name) and DR.  In AD Sites/Services, we've defined these Sites by IP ranges - our 10.12.XXX.XXX ranges are Corporate and our 10.13.XXX.XXX ranges are DR.  In DFS, we a folder target (\\blah\public\profiles) with two paths: one for Corporate and one for DR.  The DR file share (obviously) is located on a file server in our DR site, and is a mirrored copy of the file share located in our Corporate site.

This has never been a problem, until today, when suddenly all of users reported really slow sessions.  Some quick research revealed that users were drawing their profiles from our DR site thru the DFS path for some unknown reason.  Nothing had changed in the configuration in months.  We disabled the DR path in DFS, had everyone reboot, and all was back to normal.

So, how can this happen?  My understanding is that when you logon to the domain, you'll be assigned to the appropriate Site based on your IP, and then you'll resolve your DFS paths based on your Site, full stop.  Is there some sort of load balancing going on underneath the hood that I don't know about that might elect to pop someone over to a different path that isn't supposed to be available to that Site?


For example:

$DisabledADUser = Get-ADUser -Filter {Enabled -eq $false} -properties mail | Select name,enabled, mail | Export-csv c:\temp\Disabled-Account.csv

$OUDisabledUsers = Get-ADUser -SearchBase "OU=Disabled User Accounts,DC=AU,DC=local" -Filter * -properties mail | Select name,enabled, mail | Export-csv c:\temp\AU-OU-DisabledUsers.csv

How can I merge $DisabledADUser and $OUDisabledUsers  (without duplication) and export the final result in csv file?
We have a service account that needs permissions to every mailbox. One specific mailbox does not have these permissions, however when I view permission on the associated AD user object, they are there. How do they sync? How can I fix this/

Ask an Anonymous Question!
LVL 11
Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

I had a public folder that I deleted yesterday, I first disabled the email address on it,  and then deleted the folder.
I then created a mailbox, with the same email address.

Now when I try to email the new account, I get these errors.  Is there a manual way to update exchange, or what would I need to do to refresh exchange, or remove any of the old pointers to the public folder?

Delivery has failed to these recipients or groups:
The email address you entered couldn't be found. Please check the recipient's email address and try to resend the message.
If the problem continues, please contact your helpdesk.

Diagnostic information for administrators:
Generating server: ELIJAH.mydomain.org
Remote Server returned '550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found'
Original message headers:
Received: from ELIJAH.mydomain.org ( by
 elijah.mydomain.org ( with Microsoft SMTP Server (TLS) id
 15.0.1156.6; Tue, 14 Nov 2017 08:40:30 -0800
Received: from ELIJAH.mydomain.org ([fe80::97d:771a:ed09:476]) by
 elijah.mydomain.org ([fe80::97d:771a:ed09:476%12]) with mapi id
 15.00.1156.000; Tue, 14 Nov 2017 08:40:30 -0800
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: Dan …
I have got a list of 20 users. where there country location is blank.

I need to run a simple script on DC where i can update their country location as United States
I want to move to Exchange Online and use Conditional Access to restrict how users connect, with what and where from.  However, I dont want to use Azure AD, I want to use my own AD with Directory Sync.  Is this possible, or do I have to use Azure AD in order to use Conditional Access and incur the extra costs of the Azure AD premium license.
Dear EE experts,

We would like to ask for tech support on how to resolve user profile synchronization problem in SharePoint 2013, as per attached.
User Profile Service has been started already, under System Settings -> Manage Services on Server.
We reset IIS already using IISRESET, but still same problem...
* In whereas the said group (STE IT) or whatever group that is created already inside SharePoint seems to be unknown...

Please advise, what would be the problem or we missed something...

Thank you and hope to hear soon...
I need to update one attribute (LOCATION)  of users in active directory

but there are 1000 users and I want to do 200 in a batch

is there any script I can use so that 200 users get their attribute updated in a batch
Hi All,

We have three domain controllers (1 - Server 2008 R2 and 2 - Server 2008). Our domain and Forest levels are Server 2008.

We are in the process of introducing Server 2016 as domain controller. When I run adprep /Forestprep from server 2016 iso on our PDC Server 2008 R2, I keep getting the following error. I have added my account to Enterprise and Schema admins groups. Has anyone come across this issue?

Adprep detected that the supplied or default user is not a member of the followi
ng group: Enterprise Admins group and Schema Admins group.
Adprep has stopped without making changes.
[User Action]
Verify the user is a member of Enterprise Admins group and Schema Admins group.
Hello Experts our current environment is as follows:
Web Server Hosting IIS & Citrix Secure Gateway
Citrix Server
SQL Server
AD Server
App server
Currently users must have CAC or PKI to get to login screen.  So where I'm a little fuzzy, authentication starts on users machine their cert must be validated up to CA, once validated, user enters username / password which then goes to AD for verification?  Or does Citrix do the verification?
I am getting event ID 1121 error:0x80004005 connecting to Active directory

is this can be  a LDAP connection issue with my mailbox and AD servers (ms exchange IS is down)

We have a windows 2012 application server in our network and have a shared drive called "G" and normally we install applications on this drive and this drive gets mapped for our users.

Now I have been given an application and when installing this application on this Windows 2012 server and it defaults to
C:\Program Files (x86)\Pearson\AdministratorDashboard
I wanted to change the default path to “G” drive and it doesn’t allow to change the path and says cannot change the path.

So installed this application on the default path.Now the shortcut for this program has be installed on the servers desktop. When I execute the shortcut the program opens successfully.
Only the exam officer needs access to this application .Is there a way to create this shortcut on windows 7 PC for  point to this server.

Any help will be great.
NFR key for Veeam Backup for Microsoft Office 365
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Using Exchange 2013 Standard on premise with Active Directory on another server. I keep getting the same error when I use the change password function: The password you entered doesn't meet minimum security requirements. Am I missing a configuration.
I ran this command on the Exchange Server: Get-OwaVirtualDirectory |fl *pass*
Got this: ChangePasswordEnabled : True

I also ran this command on the server and set the GPO password settings way down to get this to work:  net accounts

C:\Windows\system32>net accounts
 Force user logoff how long after time expires?:       Never
 Minimum password age (days):                          30
 Maximum password age (days):                          180
 Minimum password length:                              1
 Length of password history maintained:                24
 The command completed successfully.

The password complexity is disabled.

I entered this password: a1cs6nx.2T   and still got the "The password you entered doesn't meet minimum security requirements."  Doesn't make sense.

What is next?
Hi Guys,

This weekend i am upgrading my server from server2k3 to 2012 R2.

What is the best way to approach it, i am thinking

BACKUP old server 2k3 machine
Build new 2012 machine
Demote 2k3 machine as PDC
Promote 2012 as PDC
restore data from 2k3 machine to 2012

How do i restore all the active directory settings?
If deploying a small RDS environment, can all roles exist on one server?

If not, which role(s) must exist on another server?

I have heard Licensing Services Role should exist on another server, perhaps a DC.  Also I have heard Broker Server Role too (on the same DC)?

What would you recommend?
Thank you.
Hello Experts currently our website requires CAC or PKI to get to login screen.  Is there anyway to capture CAC Id's as users login?  Rather than having 1500 users send us their CAC Id's & manually tied to their account?
I have a PHP webpage that captures the username of the person connecting to it.

I now need to do a lookup in Active Directory to get the email address (SecurityPincipal.sAMAccountName)

I have had some success with the below code, in it will bind successfully with LDAP but does not return anything


//using ldap bind anonymously

// connect to ldap server
$ldapconn = ldap_connect("global.tesco.org")
    or die("Could not connect to LDAP server.");

if ($ldapconn) {

    // binding anonymously
    $ldapbind = ldap_bind($ldapconn);

    if ($ldapbind) {
        echo "LDAP bind anonymous successful...";

        ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION,3);
        ldap_set_option($ldapconn, LDAP_OPT_REFERRALS,0);

        $dn = "CN=Users,DC=name,DC=name,DC=org"; 
        $justthese = array("ou", "sn", "givenname", "mail");

        $sr=ldap_search($ldapconn, $dn, $filter, $justthese);

        $info = ldap_get_entries($ldapconn, $sr);

        echo $info["count"]." entries returned\n";

    } else {
        echo "LDAP bind anonymous failed...";

Open in new window

After logging onto the Office 365 module within PowerShell on a Server 2012 R2 server and typing in the Install-Module -Name AzureAD command within PowerShell I receive an error message that says

"Install-Module : The term 'Install-Module' is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
At line:1 char:1
+ Install-Module -Name AzureAD
+ ~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Install-Module:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException"

What do I need to do so I can successfully install the Azure AD module within PowerShell?

Active Directory





Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Vendor Experts

Kevin StanushSystemTools Software Learn more about SystemTools Software