OU permissions
Hi All I have an Organizational Unit (OU) with 250 Active Directory (AD) groups. I have a few users and I want to grant them access to these 250 AD groups, specifically allowing them to add/remove members from the AD groups. Besides this access, I don't…
Unable to Read/Write B2C Custom Domain Settings in Entra Admin Center
I'm following along the Azure Add your custom domain name steps and trying to navigate to the Settings>Domain name. I have global admin for the tenant which is also linked to an active subscription But there is no Setting under Identity.
replication interval for site link vs connection object
Hello All , I wanted to understand the difference between replication interval in site link and in a connection object ,in a given site link properties there is a "replicate every " entry default to 180 minutes and there is a "change…
Risk and consequence when executing Kerberos password reset in a Hybrid Azure AD - OnPremise AD DS?
What are the risks and consequences of resetting the Kerberos krbtgt account during business hours using the steps defined…
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR?
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR? https://learn.microsoft.com/en-us/windows-server/storage/dfs-replication/migrate-sysvol-to-dfsr FFL & DFL: Windows Server…
Is there a way sign into OneDrive app on desktop
We manage our own classical active directory (not Azure AD), and use the user IDs from it for logging onto computers. On the other hand, we use Microsoft Office 365 as SaaS. We want all users to save all their data to OneDrive which is part of our Office…
How to validate access token received after micorsoft login?
We are using Active Directory SAML SSO. We are getting the token as a response with the following json response {"token_type": "Bearer", "scope": "openid profile User.Read email", "expires_in": 3774,…
How to get list of all attribute in AD
Hello, How To get list of all attribute in AD(default and custom attribute ) in csv file. Thanks Rich
audit public folders
Hello Please i need your help on this issue. When trying to run audits, results are not showing. I would like to know how to audit public folders. Also i am not getting the desire results when i try to search for audit logs for compliance…
The User Profile Service service failed the sign-in
While logging into a domain joined machine using local administrator access, I encountered an error message as shown in the screenshot. Sometimes, rebooting the machine resolves this issue. However, this time it still persists. What is the cause of…
PKI - Certification Authority (CA): IssuingCA, certificate with "unknown error"
Hi everyone, I have a couple of CAs that I manage, they are Enterprice CA with Root Server in workgroup (not in domain). I have an error in the IssuingCA regarding the certificate and I think it happens when the Root CRL expires, if I copy the Root…
SmartCard login not supported for user account
Hello, We had a problem with few users signing in via SmartCard. Infrastructure: local DC's (few of them, one DC per site) PKI used to generate certificates Root and sub CA Problem was that a week ago at morning few users had problem signing in.…
Problem with account blocked in Problem with account blocked in active directory
Problem with account blocked in active directory I have a problem with several Active Directory accounts. The account on the new computer is blocked at random times (this is not a problem with incorrect password entry). I was able to check the basic…
Azure Data Studio: adding Entra ID user account fails with "Error: read ECONNRESET"
Hello, we are facing the situation in our organization that some users (on specific laptops) have problems to add their personal Entra ID user accounts (formally Azure Active Directory) in Azure Data Studio. We tried Code Grant authentication as well…
Received error while deploying Bicep. Error: "The role assignment request schedule is invalid. (InvalidRoleAssignmentRequestSchedule)"
Hi Team, I'm currently utilizing Bicep to enable Azure AD Privileged Identity Management (PIM) with a custom role. I've created an AD Group and assigned a Custom Role to it, which includes the following actions: "Microsoft.Authorization//read",…
How to prevent users from saving data on local drive exept one place
The goad is to force a user to save data only in the OneDrive folder within their profile folder. E.g. "C:\Users\username\OneDrive - CompanyName" This is the only place where they should be allowed to save data. I've tried the below GPO, but it…
How to add Azure AD B2C user in AD B2C tenant
Recently, I have seen create Azure AD B2C user option is removed. Earlier, I have created Azure AD B2C tenant in my Azure account. I had added some of the users inside it using the reference…
AD B2C Custom Policy Passwordless redirect to authorized page
Is there a custom policy sample that will automatically redirect the user to authorized page after clicking verify (email received code and was verified) button? I mean no need to add/display Continue button How can I achieve this using custom policy?
Can't promote DC - "verification of prerequisites for active directory preparation failed "the specified user is not a member of the following groups"
Hello, I am trying to promote a DC into an existing domain. This is the account on the existing domain I am using.
Enabling SSSO through AADC is not working.
I'm having trouble setting up seamless SSO in our hybrid environment. I'm trying to do pass-through AAD authentication, not AD FS: all of our clients are WIN10 and above all of our devices are synced to Azure port 9090 is not blocked AADC is the…