Hi, I need to add a Windows Server 2016 as domain controller.
Currently there is just one DC: Windows 2003 R2.
Forest functional level is: Windows 2000.
First question: can I safely raise this to Window Server 2003?

Second: is it possible to add Windows Server 2016 as DC?
If not, should I add a third server with 2008 , raise forest functional level to 2008, demote the 2003 DC, and then add Windows server 2016?
Thank you

we are getting ready to implement a retail site with approximately 20 users on Azure with RDS and M365.  We are currently in a Citrix environment and have generic terminals logging in to the Citrix servers.  Some of the sales people are full Citrix users and some are Email only users.  They have show cases in multiple spots in the store.  Users log all of the terminals in when they get in in the morning (sales1, sales2, office1 ets).  Throughout the day users will check stock or show clients various items and just log in to the application at the closest terminal (which is already logged into Citrix).  

We are being told that every user has to have a license.  That makes sense to me but it is really unworkable to have them logging out of RDS and logging back in again as themselves all day long.  If they are at the server, they log into the application as themselves.  Any ideas of what we can do and still be legal.  Thanks  Gloria

Looking for some help concerning the RDS Gateway Role and load balancing.

I have an pre-production RDS environment that contains 3x Gateway Servers. I have tested the environment by connecting through each one of the individual Gateways and everything works just fine.

I'm now at the point where I want to use my hardware load balancer to receive the connections and distribute them between the 3 Gateways. I would also like to use the UDP Transport on 3391 as well.

The part that I don't completely understand is that I'm assuming that each individual connection, which will be coming in initially on TCP 443 and then UDP 3391 would need to be routed to the same gateway?

It would make sense and be easy to set the LB up to balance both ports to the 3 Gateways, but without any specific load balancer magic, connection "A" might go to one gateway for 443 and a different gateway for 3391.

It's possible that I could be overthinking this and I'm not sure if this is a flat out requirement. In the case where the user initially connects on Port 443 to Gateway A, then the UDP traffic comes in and the LB forwards that to Gateway B. Does Gateway B know to forward that UDP traffic to Gateway A if all the gateways have the farm properties configured?

These are the things that I don't really know.

If I have an O365 account that is either cloud or AD synced that had an assigned mailbox, can I convert it to shared and then I in assign the Exchange license and then delete the account without affecting the now shared mailbox?

I manage an active directory domain at the Windows Server 2012 Domain and Forest functional levels with two replicating DCs.  This domain was first created as a 2000 AD domain, and then migrated to Windows Server 2003, then migrated to Windows Server 2008 R2, and then again to Windows Server 2012.  So the AD domain has been active for about 20 years now, and I am concerned the domain may now have a lot of extra baggage that is no longer needed or even applies.  Our environment has also hosted Exchange NT Server, Exchange Server 2003, and now an Exchange 2010 server.  We plan on moving to O365 as well. I do not plan on O365 mailboxes integrated/managed by AD.  We are looking at no more than 20 mailboxes.

I also believe AD now employs more secure channels of replication that needs to be manually applied, and was not automatically applied during the 2012 AD level migration.

Later this year, I will purchase a new Windows Server 2019 server that will host a new DC. My understanding employing a new 2019 server as a domain controller only allows functional levels at 2016 domain and forest functional levels, so there is no 2019 domain/functional level option.  

So I have two options:

I have the choice of migrating the existing AD domain again to the 2016 functional levels once again of which is pretty easy and not much fuss.

Or, I can go ahead and setup a brand new 2016 AD domain/forest with a 2016 Server as a replicated DC, and 2019 server functioning as the primary …

I have an  ssl certification with crt format and i need to convert it to .pfx (to use it to Azure apps)

How to do this conversion?

Hi im looking to  adding registry keys via a GPO but am having mixed results.

I've created a .bat file and added to the startup script on the user configuration profile, but its creating some mixed results.

It applies in full on some PC's but sporadic on others.

Any ideas

Content of batch file

reg add HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity /v Version /t REG_DWORD /d 1
reg add HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Identity /v EnableADAL /t REG_DWORD /d 1
reg add HKEY_CURRENT_USER\Software\Microsoft\Exchange /v AlwaysUseMSOAuthForAutodiscover /t REG_DWORD /d 1

DHCP Logging Question:  I am running DHCP services on a Windows Server 2016.  I would like to know how I can capture all of the DHCP log activity for an indefinite amount of time in a format that humans can read.  Any suggestions are appreciated.

When trying to get Bitlocker key saved to the Azure AD, I sometimes get this:

Can't sign in to your Microsoft Account
You need to be signed in to Windows with a Microsoft
account to save your recovery key. Sign out and then
sign in with a Microsoft account or go to
Settings and choose Accounts to change your
existing account.

This doesn't make sense to me. The user is signed in to his "Work or School" account which appears to register him with not only the Microsoft 365 apps etc. but also registers him and the laptop on the Azure Active Directory for the organisation. Under "Devices" in the AD his device appears with correct name.

It's only when attempting to save the BL key to the AD that we have this issue.

Is there perhaps another way to get the user signed in to the domain account but without having to tell Windows that the laptop is an organisation's laptop?

Confused of Berkshire!

Hi,
 I am setting up Anywhere Access in Windows Server 2016 Essentials. As you can see in the screenshot, I need to enter SSL Certificate for "remote.domain_name.com".
 I have a few questions for this:
 (1) Can I have W2016 Essentials server to create a certificate like I was able to do in SBS2011?
 (2) If option (1) is not possible, where can I buy one cheap? (I know there is a free one out there, but I like to get one)
 (3) Since I am testing "Anywhere Access" on this test server/lab environment, I like to be able to re-assign SSL certificate (that I am going to buy) in production server in a week.
       Can I use SSL Certificate on this test server and use it in production server later?

Thanks for your help.

Hi Experts,

we use WIN2016 server and ADFS Server.
What can I do when we have problems with the password sync ?

Hi everyone,

I have production data in an Azure SQL Data Warehouse, for which I need to scramble certain sensitive data, so I can supply to external vendors. E.g. Company Name, address etc...

I imported the data from 20 x different Excel files and there are no relationships defined in the database with common fields.

How can I scramble the data in MS SQL, retaining the original values and ensuring the scrambled value is consistent across all tables for the same value. E.g. Company A, renamed to Company Z will be consistent across all instances of Company A, across all tables.

Thank you for any help you can provide :-)

Chris

Will setting a new server 2016 I made it a workgroup instead of a domain.
How can I change it into its new domain?