Windows Active Directory setup in Azure
Hi, I plan to setup a Windows Active Directory (AD) using VMs (1 for PDC and 1 for BDC) in the Azure cloud environment and it should sync the AD in the on-prem via the established site-to-site IPsec VPN link. What are the pros and cons? Which is better…
Raise DFL and FFL level from 2008R2 to 2016
Hello Everyone, I have been working on an AD Modernization Project. Currently, in the environment, the Domain and Forest Functional levels are in 2008R2. I would like to raise the DFL and FFL level to Windows Server 2016. Since this is an irreversible…
Adding legacy computers to the domain
We have approx 20 Mazak milling machines running either Win 95, Win 2000 Pro or Win XP. Since the beginning of the year I've not been able to re-add them back onto the domain (functional level 2016). As they are old a hard drive replacement is often…
Prevent constant MFA requests for hybrid workforce
Hello, Most of our users are hybrid, working remotely via VPN and locally in office. Regardless of our 30-day MFA policy, our users are prompted for MFA every few days if they move locations between working at home and at the office. We are a non-profit…
Azure policy
I am testing a azure policy that I just successfully deployed. The policy works and it has been deployed at a device level. The thing is the policy is not working for local accounts only the cloud accounts that sign into the device have been affected…
Delete User from AD
Hi I have a question. I have a user which is created on On-premise AD and synced to Azure AD. This user has exchange online, teams and one drive license. I want to remove this user. What is the best way to remove this user? If I will remove it from…
Improper permissions for Azure ad connect sync?
So we have our azure ad synced with our on prem. We have an issue where our sync agent service stops. We have had this multiple times. I noticed that the "Log On As" is listed as "ourdomain\adconnectuser" instead of NT Service\System …
How to fix The directory name is invalid. 0x8007010b (WIN32/HTTP: 267 ERROR_DIRECTORY) in Certificate Authority
Certificate Authority has the following error. Active Directory Certificate Services could not publish a Delta CRL for key 0 to the following location: file://\publiccert\CRLD$\AGC Internal Issuing+.crl. The directory name is invalid. 0x8007010b…
Users are unable to log into Outlook mobile devices
Dear Expertise, In my on-premises Exchange environment, some users are unable to log into Outlook mobile devices. However, these same users can log in using other mobile email apps such as Gmail or the default email app through the email address. Here's…
Improper permissions for Azure ad connect sync?
So we have our azure ad synced with our on prem. We have an issue where our sync agent service stops. We have had this multiple times. I noticed that the "Log On As" is listed as "ourdomain\adconnectuser" instead of NT Service\System …
Authenticate with Graph API and send code to Microsoft Authenticator
I'm looking for a way to verify a user is doing certain operations. And when the user approves something in a c# solution we'd like to confirm the user via Microsoft Authenticator. Basically we'd liek to display a code (similar to the Multi Factor…
Access to Azure Active Directory, will be disabled on May 2, 2024
Received this email form Microsoft. No idea What I'm supposed to do. Your subscription offer, Access to Azure Active Directory, will be disabled on May 2, 2024 Access to Azure Active Directory subscriptions were subscriptions that were used to connect to…
Icone raccourci par GPO blanche windows 11
Bonjour, Dans notre infrastructure, nous avons des postes sous Windows 11 et Windows 10. Nous avons un serveur 2016 qui héberge le DC et donc les GPO. Nous avons différents raccourcis vers des pages web avec l'icône de l'application, l'icône est hébergée…
Risk and consequence when executing Kerberos password reset in a Hybrid Azure AD - OnPremise AD DS?
What are the risks and consequences of resetting the Kerberos krbtgt account during business hours using the steps defined…
The processing of Group Policy failed in Active Directory.
Hello everyone, I've installed admx file for MDM Automatic Enrollment gpo on Active Directory for Microsoft Intune Enrollment for Entra Hybrid Joined Device and applied that GPO to OU. When I want to gpo update using gpupdate /force, it shown : The…
AZUREADSSOACC Key Rollover no longer works using Hybrid Identity Administrator creds
Hi I use a PowerShell script in an Azure Hybrid Worker Runbook to automate the rollover of the Kerberos decryption key for the AZUREADSSOACC computer account. It uses a service account in Entra ID which is assigned the Hybrid Identity Administrator…
Unable to Access Windows Server 2019 Datacenter Using Azure Active Directory User
I am facing an issue while attempting to access a Windows Server 2019 Datacenter instance using an Azure Active Directory (Azure AD) user. Despite configuring various settings on the server, I encounter an error stating "the username or password is…
Regarding access token generation using REST API
We are using Azure subscription with the Standard Tier. We have a requirement to use Cost Details API in our application. For that, we need to generate access token for Cost Details API authorization. Is there any REST API available to generate access…
what are setting in GPO Should be applied for implementing tiering in AD
hello Experts, Wants to implement tiering model in AD ,what are settings we can implement in GPO point to implement tier. Any supported links and examples of GPO would be helpful. thanks Richa
how accurate is the email address attribute from get-aduser
If you use Exchange Online (ExO) for your organisations email system (and perhaps previously used on-prem Exchange Server), how accurate & current is a user’s email attribute that would be produced if you ran a get-aduser PowerShell command on the…