All Questions
Tagged with windows active-directory
1,627
questions
0
votes
0
answers
19
views
Why am I only seeing logoff, but no login, events in Windows Event Logs?
I want to audit when every user logged into of logged off a server via RDP. When I run Get-EventLog or Get-WinEvent and filter for Login (Event ID 4624) and Logoff (Event ID 4634) events, I only am ...
- 126
1
vote
0
answers
127
views
Unable to access SMB share with DNS Cache service disabled from Windows Server 2022 but it works on Server 2019
I have a requirement to disable the Windows DNS Cache on a new Windows Server 2022 RDS VM.
Trying to access a SMB share hosted on a Windows Server 2022 file server, all my servers are joined to a AD ...
- 11
1
vote
1
answer
33
views
Change of the keyboard language and operating system language on users' computers using GPO (Windows Server)
I am responsible for managing a fleet of computers in my organization, and I would like to know how to configure the change of keyboard language and operating system language on users' computers using ...
1
vote
1
answer
46
views
Windows Group Policy Management - Session host limit group policy doesn't work as expected
I have created a group policy to end the sessions which are disconnected automatically & the settings of RDP session timeouts are located in the following GPO section Computer Configuration -> ...
- 11
0
votes
1
answer
66
views
How do i delegate domain admin to cross forest account
I currently have a setup involving two domains. In Domain 1, there is a Domain Controller (DC) and a Gateway (GW) configured for Windows Admin Center. A two-way forest-wide trust has been established ...
- 1
1
vote
1
answer
83
views
How RD Gateway passes credentials to target RDP
How are credentials passed CredSSP in remote desktop gateway to the destination RDP machines?
Is the TLS tunnel created just like regular RDP sessions?
Is HTTPS used?
I was thinking something like:
...
0
votes
1
answer
45
views
Azure AD Connect says my User is synced, but it isn't
I use Azure AD Connect to sync Users, Computers and Groups from my local Active Directory to Azure. Before I set up Azure AD Connect, every User already existed in local AD and in Azure AD, so I had ...
- 785
0
votes
1
answer
237
views
Windows Server 2022 unable to logon due to no Remote Desktop License Servers available
Summary
I need to allow Windows Server 2022 to allow unique users to RDP to the server at the same time. I believe this was the default behavior that was working for about a month, before the error ...
- 126
1
vote
0
answers
98
views
How to find the reason for locked accounts in Active Directory?
Help me figure out why Active Directory locks accounts who connect to the corporate network via VPN (l2tp).
Given:
local Windows Server 2022 with the latest updates + Active Directory + file storage (...
3
votes
2
answers
309
views
How do Windows domain clients behave if the on site domain controller is/goes offline?
If I have Windows PCs that are joined to a domain and the DC on the same site goes offline, what kind of behavior can I expect on the clients
a) when local DC is already offline when Windows boots? ...
1
vote
1
answer
138
views
Active Directory Knowledge Consistency Checker Not Creating Links Between Two Sites
I have 3 sites:
Site A: 192.168.0.0/24
Site B: 192.168.7.0/24
Site C: 192.168.1.0/24
Each site has 1 domain controller:
Site A: SERVER-1
Site B: SERVER-2
Site C: SERVER-3
In Active Directory Sites ...
- 81
-1
votes
1
answer
131
views
Redirected folders and roaming profiles issues
At the beginning:
I've been working as an extra in a new company (it's a school) for two weeks, so I don't really know the rules/configuration.
After weeks of working there, users started having ...
- 1
1
vote
0
answers
180
views
Windows Server Manager crashing when promoting to domain controller
I have a problem when promoting my Windows Server 2022 to a domain controller.
So I installed the Active Directory Tools and then I wanted to promote the server to a domain controller. As soon as I ...
- 11
0
votes
0
answers
123
views
Does a new Windows 2019 domain controller require Windows to be activated before it will function as a logon server?
I have set up a new domain controller. I believe I've done all the necessary things. DNS is synchronized, DHCP is transferred and working, and handing out the new server as DNS, also working. Is a ...
- 145
0
votes
1
answer
190
views
New LAPS - Authorized password decryptor not updating permissions as expected
Created a new group DOMAIN\LapsAdmins. Currently empty.
Configured GPO Configure Authorized password decryptors to point to my group DOMAIN\LapsAdmins
Forced server1 to create a new encrypted password ...
- 288
1
vote
1
answer
126
views
Windows automated service logon with AD service user fails to start the first time
I am dealing with this issue for the past 4 years and it bugs me very much.
My company generates msi installers with wix toolset, and they create multiple Windows services. Those services run with an ...
- 123
0
votes
0
answers
30
views
Allowing users to Utilize Remote Desktop Connection on their PC
Hi everybody i need help with this issue. So currently all users cannot connect in via RDP unless they are an administrator on their PC.I want to enable RDP access to all users , but Windows cannot ...
- 1
0
votes
1
answer
55
views
Limit Managed Service Account to only run certain service
I've started learning about Managed Service Accounts in Windows. As I understand it, such accounts make password management easier and the accounts can be limited to be used on certain machines.
You ...
0
votes
0
answers
102
views
Windows doesn't failover between internal DNS
We have an Active directory environment with 2 servers - WS2019 being the "main" one holding all FSMO and WS2022 being "reserve", almost all clients are Windows 10. Both are in the ...
- 135
0
votes
0
answers
45
views
Windows AD to OpenLDAP synchronisation with password cache
We're looking for an "LDAP proxy" solution that can synchronize a Windows Active Directory with an OpenLDAP server inclusive passwords.
The openLDAP server will act as primary and failover ...
- 1
0
votes
1
answer
52
views
Net group command
I'm working on an automation project, and I need to add members to a specific group using a command-line approach. Currently, I'm using the net group command like this:
net group "group name"...
0
votes
0
answers
57
views
How to set Windows Server DNS to resolve recursively for every IP in my subnet?
Windows Server DNS server (active directory integrated) does not resolve for linux clients in my subnet, but resolves for Windows machines that are domain members.
Disable recursion checkbox is NOT ...
1
vote
0
answers
74
views
Active Directory: Should a computer object have admincount=1?
I have run Purple Knight to see if there are things in our Active Directory (two DCs running Windows Server 2019) that should be changed. One of those elements is "Privileged users with SPN ...
- 325
0
votes
2
answers
105
views
applying a GPO to all users for a specific server
first time writer here.
My situation is as follows:
we have an active directory, that is more or less organized. All users are in a single OU, and working on a Terminalserver (WINS 2012R2), lets call ...
- 11
1
vote
3
answers
137
views
Domain Controller Authorative Restore to a point in time where other domain controller(s) are not present
Day 1: Only one Domain Controller (DC1) is present. Windows Server Backup is configured on DC1 to save the system state. Delete an important user from AD.
Day 2: Promote additional Domain Controller (...
- 288
0
votes
0
answers
429
views
Active Directory LDAP logon failure
I'm at the end of my wits with this issue and I'm hoping some genius here can assist. Background: We have a client (a hospital) with 3 sites in AD and two DCs at each site. These DCs are 2012 and we'...
0
votes
0
answers
72
views
Which domain trusts to reset during forest recovery? Incoming, outgoing or both?
I understand the difference between an outgoing and an incoming trust
I understand that the trust flow goes into one direction and the direction of access is the other way around
I understand that ...
- 288
0
votes
2
answers
260
views
How to Set Intra-site Replication Delay Time (Active Directory)
Cannot configure replication delay. I have 2 domain controllers (DC1 and DC2, Windows Server 2019), both in the same site. I set the replication delay time in the Server Manager snap-in "AD Sites ...
1
vote
0
answers
741
views
How do I use Group Policy to sync client time in an Active Directory domain with an external NTP server and not the domain controller?
I have an Active Directory domain, with a domain controller running on Samba on Linux.
I noticed that my Windows clients are having clock drift. I think this is because they really want the domain ...
- 323
0
votes
0
answers
70
views
Can't create a custom CSR using mmc and certificates snap-in on Windows 10
I am trying to generate a custom CSR using the certificates snap-in for mmc on Windows 10. The certificate I want to create is a client authentication cert using ECC. However, I have run into a ...
- 31
3
votes
1
answer
453
views
How to create Origin (@) DNS record in Windows DNS Server
I am running Active Directory, and have a Domain Controller with a DNS server for my internal (acmecorp.acme.com) and external (acme.com) domains.
So, my machine names are things like workstation1....
- 33
0
votes
0
answers
61
views
Suggestions on the best way to migrate to a new server
I have an OLD server (Windows server 2012 R2) and a NEW server (Windows server 2022).
Old server is a bare-metal Domain Controller Server and the New server is a VM. I am planning on migrating to the ...
- 1
0
votes
1
answer
516
views
About the quick assist in AD domain environment
My company network is MS AD domain environment.
All my client's PC are joined the AD domain.
Therefore, I must connect the client's PC when my user needs the admin. right.
I can connect to my client's ...
- 103
0
votes
0
answers
44
views
Is there a way to filter on a specific local user at the domain level?
I have a local admin user account with the same username across all our domain machines. I want to apply a user level security filter on any local user with this particular username. So for instance, ...
- 1
0
votes
0
answers
82
views
How to set file permissions if user logged on using Smart Card or Windows Hello for Business
I have a hybrid joined Windows domain and have set up log-on with Smart Cards and Windows Hello for business. I would like to be able to set file server permissions based on whether a user logged on ...
- 11
-1
votes
1
answer
180
views
assign AD GPO to a specific set of computers: what mechanism?
(In exploratory mode: not sure what is the right question to ask, and how to ask it. Also, new to AD GPOs: please forgive lack of clarity in the question.)
Question: how do I assign an Active ...
- 304
0
votes
1
answer
866
views
How can I enable BUILTIN\Administrators for my user
I am working in an Windows active directory environment.
I am connected to a windows workstation with a domain user.
Here is what I see when I type:
whoami /groups
BUILTIN\Administrators Alias ...
- 339
0
votes
0
answers
102
views
DNS entries for forward lookup zone in separate forest needs manual updating
I am trying to help DNS name resolution work consistently across a company's three separate domains. These domains are also separate forests. They are physically networked together with a site-to-site ...
- 1
0
votes
0
answers
30
views
Users can access a certain website on our network but they cannot log in. They can log in on our second network and on any external network
it is my third month as a junior sys admin and my senior is on vacation.
Starting this past Tuesday, users have not been able to log in to a website while on our primary network. The web page loads ...
1
vote
1
answer
206
views
Overriding win/kerberos computer secure channel
Is there a way to completely ignore/override/overrule establishing a secure channel? I'm trying to revert a VM snapshot to test something, and the domain controller is being obnoxious and not allowing ...
- 149
0
votes
1
answer
198
views
Joining a domain is no longer possible. Windows Server 2016 - Windows 10 22H2
I can't connect computers to the domain. It pops up when I try to connect my computer to the domain(Windows Server 2016 - Windows 10):
This user cannot log in due to account restrictions
I tried on 2 ...
- 101
2
votes
1
answer
721
views
Domain Admins group removed from local Administrators group but gets UAC prompts for non-admin applications
So, I have an odd one that I just cannot find on the internet. We are trying to set up Privileged Access Workstations at our company.
We have removed the Domain Admins group from the Local ...
0
votes
0
answers
223
views
Windows Server 2019 Best Practices Analyzer - Error is Fixed but a new scan still displays same error. What to do?
Server OS: Windows 2019
Roles: Hyper-V, DC, DNS, etc. (2 vms on Hyper-V RDS vm and DC vm)
The old IT team had this configuration now I want to change it to best practices.
BPA scan on Server Manager &...
- 1
1
vote
2
answers
181
views
Get Windows AD DC with SHA1 signed cert to accept LDAP (StartTLS) connections from OpenSSL 3 clients
Trying to get Windows Active Directory DC (with SHA1 signed certificate) to accept LDAP(StartTLS) connections from WordPress Server using Next Active Directory Integration plugin. WordPress is running ...
1
vote
1
answer
401
views
How to block Microsoft forcing Office 365 Semi-Annual systems to the Monthly update channel?
For years, my company has followed the usual software patching strategy of every IT department I've ever worked for, which is to validate new software versions in testing before rolling the upgrade ...
- 1,922
-1
votes
1
answer
673
views
How to find what user is logged into a computer in Active Directory? Windows Server 2022
Is there a way in Active Directory to query a Computer object to find the last user who logged in? I have a couple of computers that are not active and I would like to locate them or username know.
- 101
0
votes
0
answers
57
views
Can I use a group in a root domain to filter application of a group policy object from this root domain for a computer in a child domain?
I have a root domain (root.local) with a child domain (child.root.local).
I have a Group Policy Object in the root domain, e.g. GPO_root
In the child domain I have a computer, computer_child. Is is ...
- 1
0
votes
1
answer
2k
views
Best method for enabling bitlocker via GPO/scripting
I'm working on getting bitlocker deployed across an organization and am getting hung up on how I'm expected to actually enable it. We're using on-site AD on Server2012 (will be moving to 2022 this ...
- 229
0
votes
1
answer
57
views
Grant local impersonation user permission to share
We have a domain connected server (Windows Server 2016) named STORAGE. The server has a local "impersonation" user created by our Autodesk software called AutodeskVault. This user is only a ...
- 103
1
vote
0
answers
48
views
Microsoft Active Directory Admin - Discriminate usable USB Disk devices
good morning, I have been trying for a while through policy management or other microsoft media to restrict the use of USB removable disks. I know that through Active Direcory I can enable and disable ...
- 11