alter login fails with "the name change cannot be performed because the SID of the new name does not match the old SID of the principal"
Hello, I've two AD Domains let's say DomSRC and DomDEST, I've a SQL Server instance in DomSRC, I plan to migrate the server into DomDest. I've used ADMT to create AD users in DomDest, and I've set the program to keep both the SID and the SID's…
PDC emulator listening time signal to external time server
HI Expert, I would like setup PDC as Domain time server and it listening time signal to time.windows.com. I could see the domain listening time from PDC . The PDC listening time to time.windows.com failure. The below is the configuration. Please…
Transitioning Windows 2003 to Windows 2008 R2 with Exchange 2007 SP1
Hello, We have recently acquired an old company where we have 3 Windows 2003 Domain Controllers where AD +Exchange 2007 is installed on the same server. I would like to perform transition to Windows 2008 R2, which is fairly easy. The Windows 2003…
We have AD users Authentication Issue
Dear Community, We have created three groups in AD Domain Controller for authentication of our AD Users (i.e. Internet Officers (with restriceted ), Middle Management(partially restricted), Top Management(no restriction)). These groups are…
Fined-Password Policy does not working properly
Hi all, I created and configured domain password policy using Fined-Password Policy. I created a Security Group to apply this password policy to a few users of Active Directory. My issue is that users that are NOT inside the Security Group…
A question about Delegation ( TRUSTED_FOR_DELEGATION & TRUSTED_TO_AUTH_FOR_DELEGATION ) and UserAccountControl
Hello Can someone please let me with the following question If I take an AD User Object e.g. UserA (who I set a dummy SPN on just so I can see the 'delegation' tab in ADUC GUI) If I go to the Delegation tab of the user and set 'Trust this user for…
Roaming Profile Slow Log-off 15 to 20 minutes: Please Help !
Hi All, Few users In our company are experiencing delays of 15 to 20 minutes when trying to log-off from a PC. I have looked at the issue and performed the below steps, but the issue still exists. Can someone please assist ? Actions taken: Outlook was…
Account operators group in Active Directory
Hello, I need to create delegate administration access in Active Directory but i have some difficulties to find the best practise for this. I've read many posts where answers advised to let Account operators group empty but i never found any…
Sync Center and Network Drives 2021
I am using FolderRedirection GPO on a Windows Server 2019 Standard, most of our client computers are Windows 10, we have a few that are Windows 8.1. Some client computers of users who use heavily network drives (which are provided by a centralized QNAP…
Using accounts
Do you know how to use these users? Is it possible to cancel them? Change them there? SearchResults LyncEnterprise-ApplicationAccount SharePointEnterprise-ApplicationAccount
Mapped Drives not Reconnecting at Login of LAN
I know this has been discussed a few times, but the solutions provided in the article haven't provided a solution. Environment: AD: Windows 2019 Server File Server: Windows 2012 User Device: Windows 10 VPN: Windows built in VPN Connection to a…
UserPrincipal.FindByIdentity fails with System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
The code below works on my development machine when debugging in Visual Studio. The development machine is on a different domain than the staging and production servers but creating the principal context with a username and password seemed to solve the…
AD dnsRecord Attribute
Hi I am looking for some help, I am trying to get the dnsRecord Attribute to populate. It says the system is as posed to populate. I assumed it wasn't because we didn't have our DNS intergated with AD. I have since moved us over to Ad DNS intetgation. …
Get the ACL of OUs with servers only inside
Hi Guys, I have to get the ACLs of all my OUs where servers only are inside and check if the inheritance is disabled or not. Can you help me please ? Thank you. Cheers,
How access is granted by domain local groups
@Anonymous @Anonymous Let me put my question in simple words. During a normal migration, The source file system resource is secured by two Domain Local Groups, Source\Resource-Read (sid 1-1) and Source\Resource-Write (sid 1-2).…
Questions About Active Directory Best Practises - Domains, Subdomains, and DNs
I'm learning active directory in a homelab environment here, so please excuse my lack of technical understanding; I have an active directory server "ad-01", serving as active directory + DNS server for users to authenticate into other…
Set delegation to reset krbtgt password
Hi, I want give a permission to a admin account to reset krbtgt password. The permission is gone. Can I set delegation to give permission to this account to reset krbtgt password. Thank you in advance for your help.
how to list parent directory, all nested subdirectories and files
Hello, I wan to list all files, subfolders (all nested subfolders including parent directory) and all files across all level of subfolders into power query for any folder of my choosing. But, when I am using power data query to add a folder, it doesn't…
Get-AdUser from another domain with a trust relationship
Hello, I have two domains A and B with a two-way trust relationship. I want to search for a domain A user through a domain B account. I tried the following command but I got a return that it can't find the information. Get-AdUser -Server…
If User is Member of Group A, Remove Group A, then add to Group B
Title says it all. I'm trying to create a PowerShell script that will do the following: Search for all members of Group A Remove from Group A Add to Group B Any tips are appreciated!