639 questions
639 questions with Windows Server | Identity and access | Active Directory tags
0 answers
CN (Common Name) attribute from SAP SuccessFactors is not updating in the on-prexmises Active Directory via the Azure AD Connect Cloud Sync Agent
Hi Microsoft Support/Everyone, Currently, I'm working on integration with SAP SuccessFactors to On prem AD in Windows server via Azure Entra ID Cloud Sync agent. Here, I'm facing a difficulty related to the CN (Common Name) in AD. Whenever the object is…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 81%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
0 answers
NLA Error on Azure AD
We have a VPN from onsite to Azure AD. But sometimes we are not able to login to windows servers using AD accounts and get NLA error When we try test Test-ComputerSecureChannel it fails, but other protocols are up - ping Kerberos LDAP DNS RPC SMB Please…
asked 2025-04-16T18:02:34.21+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 62%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Ranji Prem Andrew
0
Reputation points
edited the question 2025-04-17T03:48:59.7933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
35,591
Reputation points Microsoft Employee
0 answers
best way or any tool to cleanup gpo
Hello , We need to cleanup GPOs(count: 2K) from AD ,Please suggest the tool or method to handle the cleanup quickly and effectively. Thanks Richa
asked 2025-04-15T12:54:14.8466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 54%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Richa Kumari
291
Reputation points
edited the question 2025-04-16T10:55:56.1966667+00:00
Richa Kumari
291
Reputation points
1 answer
Error Raising Domain Functional Level from Windows 2012 R2 to 2016
Attempting to raise the domain functional level from Windows 2012 R2 to Windows 2016 results in the following error: "The functional Level could not be raised. The error is: The server is unwilling to process the request." This occurs when…
asked 2025-03-24T02:28:06.7733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 38%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET8%3C/text%3E%3C/svg%3E)
TaylorRobertA-8225
0
Reputation points
commented 2025-04-11T13:18:22.0933333+00:00
TaylorRobertA-8225
0
Reputation points
0 answers
Access to PAW from regular workstation
I configured a basic authentication policy and assigned it to a user, restricting access to a single computer. This setup worked as expected until I attempted to use Remote Desktop Protocol (RDP), at which point I discovered that I needed to update the…
asked 2025-04-09T17:16:59.22+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 41%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
Raymond Jette
0
Reputation points
asked 2025-04-09T17:16:59.22+00:00
Raymond Jette
0
Reputation points
0 answers
Users have the ability to add themselves to the Domain Admins group, granting them Domain Admin privileges.
All users created in Active Directory are able to add themselves to the Domain Admin group, granting themselves Domain Admin privileges. Users can log into the Domain Controller, access Active Directory, and add themselves to the Domain Admin group. I…
asked 2025-04-09T12:31:35.4666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 94%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHW%3C/text%3E%3C/svg%3E)
Hassan Waheed
10
Reputation points
edited the question 2025-04-09T12:33:00.4166667+00:00
Hassan Waheed
10
Reputation points
1 answer
Best Practices for Managing Stale User and Computer Accounts in Active Directory
Hello everyone, I’m looking for best practices to manage stale (inactive) user and computer accounts in Active Directory. Could you please suggest the most effective approach for identifying and handling these accounts? Specifically, I’m interested…
asked 2025-04-07T06:45:01.9433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 40%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
tanvir hasan
0
Reputation points
commented 2025-04-07T10:57:42.86+00:00
tanvir hasan
0
Reputation points
2 answers
How to recreate the Keys and Managed Service Accounts containers in Active Direcotry
We are running on a 2016 domain and forest functional level in Active Directory and the Keys and Managed Service Accounts containers have been deleted. These have been deleted for so long that they are no longer recoverable from the AD Recycle Bin. How…
asked 2025-03-20T15:02:04.18+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 61%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEJ%3C/text%3E%3C/svg%3E)
Eric Johnson
0
Reputation points
edited an answer 2025-04-03T21:39:42.7733333+00:00
Eric Johnson
0
Reputation points
1 answer
Is Install-ADServiceAccount on member servers necessary for gMSAs?
In some of the documentation for gMSAs, it is shown that the PowerShell cmdlet Install-ADServiceAccount is a necessary step, but in practice, I've seen scenarios where this doesn't appear to be true. I've done the following in my lab to confirm: Add a…
asked 2025-04-02T18:31:53.4133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 5%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Jake Parks
0
Reputation points
commented 2025-04-03T15:19:32.12+00:00
Jake Parks
0
Reputation points
0 answers
Aviso DFSR - EventID 5014 - O serviço Replicação DFS está interrompendo a comunicação com o parceiro
Bom dia, Estou recebendo o seguinte aviso nos DC's de minha rede, abaixo encaminho a descrição do evento coletado no SERVER3, com id de evento 5014: { O serviço Replicação DFS está interrompendo a comunicação com o parceiro SERVER1 para o grupo de…
asked 2025-04-03T14:52:18.6666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 72%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGN%3C/text%3E%3C/svg%3E)
Gustavo Nunes Martins
20
Reputation points
asked 2025-04-03T14:52:18.6666667+00:00
Gustavo Nunes Martins
20
Reputation points
2 answers
One of the answers was accepted by the question author.
What are the port requirements between ADFS servers and AD Domain Controllers?
What are the port requirements between ADFS servers and AD Domain Controllers? Does it need to be bi-directional or unidirectional? I am configuring a new setup and asked network security team to open bi-directional ports between ADFS and AD DCs but they…
asked 2025-04-01T08:18:45.02+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 92%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
Sharad Vivek Singh
25
Reputation points
edited the question 2025-04-01T10:41:55.4433333+00:00
Stanislav Zhelyazkov
27,476
Reputation points MVP
3 answers
Third party Kerberos Realms, and PAC-validation
For years we have helped customers manage Windows Servers and workstations, that log on via third party kerberos MIT-realm, but with the updates and PAC-validatoin requirements all interoperability with such realms seems broken. We help with both FreeIPA…
asked 2025-03-29T10:30:07.0133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 23%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Jostein-Skyfritt
0
Reputation points
answered 2025-04-01T09:47:14.48+00:00
Jostein-Skyfritt
0
Reputation points
1 answer
Updating and Migrating the KDS Root Key after decommissioning AD Domain Controller
What steps should I follow to successfully update the KDS Root Key value? When I execute the below simple command: (Get-KdsRootKey).domaincontroller https://learn.microsoft.com/en-us/powershell/module/kds/get-kdsrootkey?view=windowsserver2025-ps The…
asked 2025-03-30T23:24:55.9966667+00:00
EnterpriseArchitect
5,761
Reputation points
commented 2025-03-31T06:01:26.84+00:00
EnterpriseArchitect
5,761
Reputation points
1 answer
we are facing issue with SSL certificate installed on windows server
We have imported SSL certificate in Event log analyzer application, but it sitll runs in HTTP not secure mode.
asked 2025-03-26T02:56:01.95+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 33%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELI%3C/text%3E%3C/svg%3E)
LBOM1 itsupport
0
Reputation points
answered 2025-03-27T01:47:01.6833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Daisy Zhou
32,441
Reputation points Microsoft External Staff
1 answer
¿Qué perfil o permisos debe tener una cuenta de Active Directory para poder ejecutar las instalaciones de Windows Update?
Hola, Mi consulta surge porque actualmente estamos teniendo problemas al instalar actualizaciones desde Windows Update en equipos con Windows 11 Pro 21H2 y 23H2, que están unidos a un Active Directory. El problema específico es que, tras reiniciar el…
asked 2025-03-23T15:20:07.0433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 19%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Gordon Sanchez, Neyfer Paul
0
Reputation points
answered 2025-03-24T07:23:53.52+00:00
Daisy Zhou
32,441
Reputation points Microsoft External Staff
1 answer
Hello! Question for service accounts in Active Directory.
Hello everyone! I have a project, to implement a services MSA (Managed Service Account) & gMSA (Group Managed Service Account). And have a 2-nd task, to implement IDM(identity Management). And i have a question. This services can work together? In…
asked 2025-03-18T14:49:38.3033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 32%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Gev Ananyan
20
Reputation points
answered 2025-03-20T03:01:18.8166667+00:00
Daisy Zhou
32,441
Reputation points Microsoft External Staff
2 answers
One of the answers was accepted by the question author.
Migration FSR TO DFSR Problem
Hello, I have a Windows Server 2008 R2 server with Active Directory installed, and I want to migrate it to a Windows Server 2022 server. The domain and functional levels are 2008 R2. However, due to FSR technology, I couldn't proceed with the…
asked 2025-03-16T21:14:51.3466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 36%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER4%3C/text%3E%3C/svg%3E)
RamazanSar-4303
20
Reputation points
commented 2025-03-16T22:56:41.28+00:00
RamazanSar-4303
20
Reputation points
1 answer
One of the answers was accepted by the question author.
AD- Health Check
Hi, We have separated our network into two domains (forests) and have demoted more than 30 domain controllers. Now, we want to check the health status and ensure everything is functioning correctly. Could you please guide us on what aspects we need to…
asked 2025-02-27T17:23:35.87+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 33%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Khushboo Kumari
20
Reputation points
accepted 2025-03-06T18:03:39.06+00:00
Khushboo Kumari
20
Reputation points
3 answers
Unable to Delegate Full Control to User account that used to be a Domain Admin
We had a group of people within our IT Dept that had administrative accounts set up as Domain Admins, that we will call ITGroupC. Obviously, it is not best practice to have several Domain Admins, and we have worked at giving them targeted access to…
asked 2025-02-27T13:58:39.7166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 34%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ameer Shah
0
Reputation points
commented 2025-03-04T02:51:23.7533333+00:00
Daisy Zhou
32,441
Reputation points Microsoft External Staff
2 answers
Launching ADUC as other user doesn't retain settings
I sometimes need to run a different domain account that has higher privilege's than my logged in account to complete tasks. I've noticed that when I run as other user the settings that I specify in ADUC don't stick around after I reboot the system. The…
asked 2025-02-27T18:40:42.8333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 83%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
Ozar
6
Reputation points
answered 2025-02-28T12:52:51.13+00:00
Daisy Zhou
32,441
Reputation points Microsoft External Staff