Microsoft Azure is a cloud computing platform and infrastructure for building, deploying and managing applications and services through datacenters. It provides both platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. Cloud Services is a PaaS environment and can be used to create scalable applications and services; there are specific software development kits (SDKs) provided by Microsoft for Python, Java, Node.js and .NET. Azure also has file and storage services, data management, analytics and DNS services.

Share tech news, updates, or what's on your mind.

Sign up to Post

HELP!!! Can I have multiple ADFS (versions) on one domain/forest?

Currently, I have setup an ADFS 2.0 (Two ADFS servers (primary & secondary) & Two ADFS proxy servers) that is specifically setup for my student body Office365 access.

Recently, I have been tasked to create/add another cloud service access to our SSO (ADFS) setup.

After some research, I am leaning towards just creating new ADFS 4.0 VM's (Two ADFS servers (primary & secondary) & Two ADFS web app proxy servers) for this new cloud service then later migrate my student body Office365 access to it.

My question/concern is, will this create an issue within my AD environment?  Having multiple ADFS setups in the same domain/forest?  Or will it be treated like two separate services at this time?

Lastly, if this is possible, would I setup ADFS 4.0 similar to how I setup my ADFS 2.0, which was setup several years ago utilizing NLB features of the Hyper-V hosts to make a poor man's version of a cluster or something like that.  it works and works well, but just wondering if there is a better way to setup a new ADFS 4.0 services.

Let me know if you need further details / explanations to assist with my questions.

Thanks in advance.
I am  the administrator of a Windows Server 2016 essentials domain.

I go to to connect my home windows 10 pro laptop to my windows 7 pro desktop at work.
I get to the desktop and everything works except for remote printing to my home Brother hl-l2380dw printer.

The desktop printers and devices shows several printers
brother hl-l2380dw series
hp laser jet 5 north (redirected 1)
hp laserjet 5 south(redirected 1)

Why isn't the brother printer being redirected?  I am pretty sure I have the right drivers set up.

Naturally, the laserjets cannot be used to print because I don't have a lserjet at home.  In fact, I would prefer they not be redirected, because I sometimes like to print things at the office for a coworker to see.

Tomorrow I a going to haul the Brother to the office just to make sure I have a working driver.  

This is the one big advantage gotomypc.logmein have over RDP: the gotomypc printers work without a bunch of monkey business.
I am preparing for an AD upgrade from 2008 R2 to 2016.  The question is do I need to be concerned with any applications that currently use AD for authentication.  Is it assumed that they will still work after the upgrade is complete?
Need to migrate DHCP from old BIND box to Windows DC Server 2016.  Anyone can point to the right direction and steps required?
Also, lots of users are on Ubuntu and Macs.  Do they require an additional DHCP client to communicate with Windows DHCP Server or should be good by default?
Thanks in advance!!
RDS - RmoteApp - How to improve performance

I have server 2016 and one RDS install and I'm publishing one App.  It's written in VB6.  (Please, no comments on a VB6 app)

This app is the only app we publish on the RDS remote app server.  I'm looking for ways to improve the performance.  I've already disabled the RemoteFX and rich text stuff, but I'm looking for more things I can do to make sure this app runs as smoothly and as fast as possible.

Can anyone make recommendations?  I'm looking for GP settings I can tweak to make sure the app runs as quickly as it can.


Having trouble enabling MS ADCS and am receiving the following error:

The revocation function was unable to check revocation because the revocation server was offline.  0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)

When I try to follow these steps ( to Publish New Certificate Revocation List (CRL) from Offline Root CA to Active Directory, I run into a slight issue because it states that the next update is on 5/18/2018 (and it's not 5/18 yet...)  Does this means that the CRL is not considering the certificate as invalid?

Is it not required for me to republish a new CRL from my Offline RootCA at this time?
I have two servers. On one of these I would like to run Windows Server 2016.

I'm a Linux guy, my computer runs Ubuntu 17.10. I know SSH. What is the Windows equivalent?

I'm running Windows 10 in a VM, should I be dual booting Windows 10 on my computer to access Windows server?
how do we do archiving, legal holds and azure rights management in office 365
can you tell me any difference between windows server 2012 and windows server 2016

any other functionalities I should be aware of
I have spent the last few days trying to work out a technique to do something very simple:

Remove a Desktop and a Start Menu shortcut for a period of time, and then have it return.

The objective

Remove the desktop and start menu Icons, that are at present deployed via GP, while I do a software update from 08:00 to 08:30

The Rules

It must be reliable as it is in a healthcare environment where medical staff will need to access patient records reliably by restoring the shortcuts after the update, so I can't expect them to just run GPUpdate to get their shortcuts back.

What I have found so far

  • It works as long as I do a gpudpate on the client machine.
  • If a machine is offline and a user powers it on and logs in at 08:03 the shortcuts are present circumventing (it could be timing, i.e. do I need to allow time for the full GP+targeting criteria to be deployed to all clients?)
  • It works on it's own but the timing but the dpearture and arrival of the shtrcuts can vary a fair bit.
I can only assume I am making the same mistake using targeting to achieve this.

NOT between 08:00 and 08:30

I have tried the same techniques on Server 2008R2, SBS2011, Server 2012+R2, Server 2016.  Can someone put me out of my misery with a suggestion or prove it can't be done.

It was something I was able to do ironically in NT4/2000 GP deployments back in the days, but am struggling to come up with a technique now
I have a Domain Controller running Windows Server 2016.  I also have (3) Windows 10 Pro computers as part of the domain.  I have (21) users that need to roam between these (3) computers.  As part of their profile, they will be using Outlook for the mail messaging system.
Question: Can someone let me know the best strategy and send me a step by step on how to accomplish this?
Raising Domain and Forest levels from 2003 to 2008R2 or 2016

We have one location.

It has a physical 2008R2 and a VM 2008R2 PDC and BDC
They are set as Domain and Forest functional levels 2003
There are no trust relationships I can see or know about (small possibility of one in past but unlikely and certainly not required)
I have two Hyper V instances of 2016 not joined to the Domain or with any roles

I have run DCdiag /c / e /v and Repadmin /showrpl on both servers along with AD PBA these show no issues. We have no issues with the servers or AD and I have latest updates and they are freshly rebooted last night.

My Plan was to upgrade the 2008R2 servers from 2003 functional levels to 2008R2, reboot recheck overnight. As long as this is OK I would then add the 2016 servers and look to decomission the 2008R2's once the 2016's had been promoted.

Does this all sound simple and relatively low risk? Any other checks or gotchas? This is quite a small simple environment, the only other servers have no DC functions and are 2008R2 terminal services and 2012 running SQL. DNS also looks good and is on PDC.
I have written a script which includes logging into Azure, looking at the resources within the subscription, and then I want to pull out the resource names of resources that do not have a resource manager 'lock' applied to it. The script only appears to do exactly the opposite, runs without error, producing the text file but only reports just the single locked resource in my subscription, and hence, not the resources without locks.  I'm hoping someone can spot an obvious error here?
Thank you for looking:

select-azurermsubscription NameOfAzureSubHere
$rgs = Get-AzureRMResourceGroup
foreach ($rg in $rgs) {$Resourcess = Get-AzureRMResource}
foreach ($rgs in $resources) { if ($rg.Lock -eq $null) { echo $rg.Name, $rg.ResourceType } }
get-azurermresourcelock | out-file -FilePath C:\Temp\unlocked.txt

setting up SQL 2016 AOG group on a single DB and this is the first time I set it up after join the AD (I tried workgroup AOG before which is not good), and I go to this page:

when creating SQL 2k16 AOG gorup
and i click next :
and error SURPRISINGLY is:

I tried to save file to that share folder from 3x SQL nodes, all works, why there are error when setting that up?
I had default web site on windows server 2016 listening at 80 and 443. I want any traffic that
hits 80 to go to 443. But I don't do power shell. Is there any that's built in to IIS Manager that
would allow me to do this or do I need to download redirect module to make that happen?

We are trying to restrict our service accounts in AD to do interactive logon process by pressing the CTRL-ALT-DEL key sequence.

What is the best way to do it?  We have all service accounts in an OU in AD.  Is it possible to use group policy to restrict that?  

Or should I do that in the machine level?

Please advise.

Outlook 2016 Always ask login and password on office 365
Is their a solution for this problem ?


Decock Lode
I feel really stupid for not being able to figure this out but I can't seem to get Microsoft Edge GPO configuration as an option on my Windows Server 2016 Domain Controller. Essentially, I want to be able to set the home-page for Microsoft Edge from the Domain Controller, much like I currently do for Internet Explorer, which works without issue.

The problem is I can't seem to get Microsoft Edge as an option in Group Policy on the server at all. Every knowledge base and website I go to tells me to look in Policies -> Admin Templates -> Windows Components and there should be an option for Microsoft Edge. I can find this option on my local Windows 10 machine but it doesn't show up on Windows Server 2016. Am I missing something simple here? It's great that I can set a computer locally to set the Edge homepage but why can't I do it from the server?

Things I've tried:

1) Updated every and all ADMX libraries for Windows Server 2016. Made sure they are current (ADMX files on the server show they are from October of last year.
2) Tried copying the ADMX file for Edge from my computer to the Server. I was afraid this might break something but it didn't do anything.
3) Checked both c:\windows\policydefinitions and c:\program files (x86)\Microsoft Group Policy that to make sure they are updated. The latter shows the folder of Windows 10 Fall Creatures Update 1709.

Attached are two files showing the problem. One is labeled computer is one is labeled server. The computer…
Windows 10/server 2016....I'd like to rename the default DOCUMENTS folder to something else.  Well, I'd like to hide it, but that's proved more difficult than I had hoped.

So, here's the deal....

We have a remote app published in a server 2016 RDS environment.  When a user logs into the app and tried to save anything, I have successfully hidden the quick access folders and I have hidden the local hard drives so that the user can ONLY see the local drives of his computer.


Under This PC, there is a "Documents" folder still showing and I either need to know how to hide that last folder OR I want to rename it to something like NEVERSAVEHERE or something or other.

Anyone have any idea how to rename that folder or hide it?


How can I make a Server 2016 AD group policy that will add a registry key to other Server 2016 Data Center computers?
Need help determining the OUTBOUND Windows firewall rule(s) necessary to allow the following command to be run FROM a Win2016 server. The issue goes away if the Windows firewall is set to "Allow" all OUTBOUND connections.

Get-WmiObject -ComputerName $RemoteComputer -namespace "ROOT\Cimv2" -Class Win32_ComputerSystem

Open in new window

When the outbound firewall is enabled, the result of this command is a "No such interface supported" error, and the firewall log shows "DROP TCP x.x.x.x y.y.y.y 50011 49154 0 - 0 0 0 - - - SEND". The "Windows Management Instrumentation (WMI-Out)" is enabled with it's default settings and being respected, as it's visible in the "Monitoring" rules. I've also pretty much tried all available predefined outbound rules with no success.
We have need to increase RDS sessions on a standalone 2016 server that resides on Google Cloud. We found this article that indicates it is possible, but we were hoping to hear from someone in the field that has done it that it does, indeed, work, prior to purchasing the CALS...
I am copying from C:\Folder to \\backup\folder$

My Command:
ROBOCOPY C:\Folder \\backup\folder$ /E /MIR /copy:datso

Robocopy ERROR 1307 (0x0000051B) Copying NTFS Security to Destination Directory ...This security ID may not be assigned as the owner of this object

If I change the cxommand to /copy:dats (without the o) it works OK, but I need the ownership!

C:\Folder has ownership of "domain\domain admins"
C:\Folder has a few user folders in it with ownerships of "domain\username"

any ideas?
I have Sql Server 2016 installed on my laptop.  When I go into  Reporting Services Configuration Manager and Select Power BI integration , I get a Green check mark next to
Sign in to Azure Active Directory but a red X next to Registering Power BI ClientApp with the message: Failed to register Power BI Client application.  You may not have permissions to register an app with  Azure Active Directory.  What do I do?
Hello Experts. My org has Exchange 2013 enterprise, with MB, CAS roles on all exchange servers, CU19. AD is windows 2012 R2, for both domain and forest funtional level. We are thinking of migrating to O365 for Email, with a hybrid migration, using pass-hash syncronization.
I have a few questions below.

1. My understanding is, For a user who's mailbox has been migrated to O365, their Outlook will connect to exchange online using Mapi over HTTP with basic authentication, will this not result in credential popup for user when their password changes/ expires from Outlook? We would like a SSO experience for user.

2. I have read that Modern Authentication can be used to have a migrated users outlook not connect using basic authentication to Exchange online, this will fix the prompt issue. I know outlook 2016 is enabled for modern auth, and o365 now comes with modern auth, will this have any effect to on-prem users, in terms of their outlook connection/ authentication to on-prem. Will this result in on-prem users outlook going to Azure token server to get authenticated aswell like in hybrid modern authentication? Which is not what i want.

3. What is the difference between modern authentication, and hybrid modern authentication. For HMA, it mentions this change will effect all on-prem mailboxes as well as EXonline mailboxes going to azure token server for authentication to anything for both on-prem and cloud. Which is not what i want at this stage.

I would just like …


Microsoft Azure is a cloud computing platform and infrastructure for building, deploying and managing applications and services through datacenters. It provides both platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. Cloud Services is a PaaS environment and can be used to create scalable applications and services; there are specific software development kits (SDKs) provided by Microsoft for Python, Java, Node.js and .NET. Azure also has file and storage services, data management, analytics and DNS services.