Entra Connect cloudsync (entra ID -> AD sync)
Dear, I am trying to do cloud syncronization from Entra ID to Active Directory via entra website. However this is not working. In the opposite direction it does (AD -> entra ID). Does anyone have any idea how I can solve this? I can press the…
"BitLocker Recovery" tab disappeared from Server 2019 ADUC
We've got a pair of 2019 DCs. Until this week, we were able to see BitLocker recovery keys for our assets in ADUC. That tab is just gone now. It's not a GPO issue. Our Group Policy doesn't even allow endpoints to encrypt until after the recovery key has…
I am getting error, When I am trying to update the GPO by executing gpupdate /force.
Hi Experts, I have applied the GPO to disable windows auto update and Trying to update the GPO. But I am getting below error while I am trying to update the GPO. "Windows failed to applied the {F312195E-sD90-447A-A3F5-08DFFA24735E) settings .…
AzureAD group membership
Hi All In our hybrid environment, all users are initially created on-premises and then synced to Azure AD. I've created five security groups within Azure AD. Specifically, I've granted ownership of these five AD groups to a user, let's call them user1.…
Unable to join Windows Server 2022 to domain using Microsoft Entra domain services
I am trying to join my Windows Server 2022 to my domain using Microsoft Entra domain services. However, I am unable to find the correct DNS server addresses to join my device to the domain. I have searched online extensively but have not found any useful…
Can you virtualize all domain controllers in your organization?
Can you have all of your domain controllers in your environment virtualized. Once upon a time I recall it was recommended at least 1 DC be physical, is that still the case or has Azure changed how that works?
We have plan to move on-premise AD to Entra ID, how to move the windows file server to Entra ID?
We have a plan to move on-premise AD to Entra ID. The target is: Remove all local AD DC servers, move devices/users to Intune/Entra ID, all users have M365 now. Move on-premies fileservers to the cloud Join Windows servers (on AWS) to Entra ID The…
Query on Group policy
Hi All, I want to capture Scheduled Task Event logs, i.e., when a scheduled task is created, updated, modified, or deleted. Can I achieve this using the below GPO? Computer Configuration --> Policies --> Windows Settings --> Security Settings…
Couldn't access member attribute of "Domain Computers" even if full control is present
The member attribute data cannot be fetched using the administrator credential for the group "Domain Computers/Users". The credential has full control access to this group. Any specific access needs to be provided to get the members of this…
Problems with MS Teams logging in from browser (but works on mobile)
During login to MS Teams a user in our AD gets the following unspecific error: When we examined the Dev console we saw that error, that might be relevant - "Unrecognized Content-Security-Policy directive 'prefetch-src'" and "AuthZ Token…
Azure Single Sign On with SAML - IDX10214: Audience validation failed issue
Hello, I have a sample application that is trying to facilitate single sign on using SAML and I am able to authenticate the user, but when I am getting the SAML response back from Azure, I am facing the below error: IDX10214: Audience validation failed.…
enable domain user group to enable the network adaptor
Dear team, I am looking for an option available to enable domain users (non-admin) to make changes to the network adaptor e.g enable/disable or change IP Domain users be default cannot make changes to the network adaptor unless they use elevated…
When attempting to modify files within the Netlogon folder in Active Directory, I've encountered instances where files are use and cannot be change
Dear Experts, I'm seeking assistance with aspects of Active Directory (AD) management and troubleshooting. Specifically, I am encountering a error that the files are in use and cannot be change in the Netlogon folder. When attempting to modify files…
How to sync my AD and setup mailboxes for migration
Hello, Our company has Business Standard license but an on prem exchange server. We want to migrate to exchange online and eliminate our on prem server. We were using the old AD sync tool but that no longer works. What is the best way for me to sync my…
LSA Auditing
Hi All I have the following requirement to enable (Enforce LSA Auditing) through GPO on all my servers. I have an OU with a couple of test VMs, and I have created a GPO and enabled the two policies below: Computer Configuration > Administrative…
On Premise Server Using Azure AD?
Hi, I've recently purchased a server running 2022. My plan with this is to run VM's for RDS users. We currently run an Azure only estate where we have Azure AD running all our computers & email logins etc. I need help understanding how I can use…
gpresult /r report shows user as a domain admin when he is not
I was troubleshooting a GPO for a windows user when i stubble into something weird. The gpresults /r show he is a member of Domain Admins, Enterprise Admins and Schema Admins. I have check AD for those groups and he is not a member of any listed above.…
Enable Logging
Hi All I have a requirement to enable PowerShell/WinRM/WMI logging on my servers. I will enable this through the GPOs listed below. The requirement is that I need to generate event IDs or logs to show management that I have configured the GPO properly.…
How to test SCIM User provisioning for non gallery applications on client credentials authorization mode?
I am doing SCIM User Provisioning. For that I have developed SCIM APIs which supports client credentials authorization mode as well as long lived token in the form of API Key. When I was testing Azure AD SCIM Provisioning, I can see Azure supports long…
Can we control non-interactive sign-in logs in Azure AD
Hi folks, I have a quick question; can we control non-interactive sign-ins in Azure AD i.e. can we stop interactive/ non- interactive sign-ins for any account. Thanks in advance!