Setting up smart card authentication to domain
i have taken over a domain that appears to have had ADFS partially installed and partially set up. the role has long been removed as well as the expired certificates. I am now trying to implement smart card authentication from a third party CA. I…
checking sysvol replication type when there is only 1 DC in the domain!?
Hi. I have a single DC, 2012 server R2. I want to add a 2019 DC because I know it is not a best practice to only have 1 DC (just started this job . Trust me, I freaked when I discovered there was only 1 DC!!!!) Here is the problem. I have gone thru…
Active Directory Domain NTP Design
We have 100 DC's in 8 countries ( US, UK, AUS, NZ, France and in Asia ) some DC's are in Azure, AWS and Vmware/xen hypervisors. Noticed some RDP login issues to Vmware servers and DNS issues to AWS. I thought PDC is set to external time source or…
Domain controller (maximum off time)
Hello, We have to depromote a DC and as a precaution to verify that everything works, we have an idea to turn it off for a week or two. What is the maximum time that a DC can be off without problems of decoupling? 90 days? I'm not sure how long…
Why would a cloud-only SMB company need to implement Active Directory?
Hi! I have a customer with less than 20 users, and already has implemented a Microsoft 365 solution, using teams, sharepoint, and exchange online. What is the reason to implement Active Directory? They want to improve security to have more control of…
Sites and services auto generate
I have 4 sites and 4 domain controllers in my environment (one at each site) and I'm migrating them over to new hardware. I've stood up the new servers, fully patched, enabled Domain Services, etc on the new servers and they are all listed as domain…
Help! - Security Group Scope Nightmare
EDIT/UPDATE: Here is a summary of the two things which we saw in our environment which should not happen: Computers no longer saw themselves as a member of several security groups. Group scopes were changed from Domain Local to Universal to Global…
Event ID's 5829-31 Not Visible in Domain Controller logs after August 2020 Patches
Hello, we have applied the August 2020 patches on our Domain Controllers but do not see any logs with Event ID 5829-5831 since the updates. There is at least one Server 2003 machine (i.e. out of support OS) on our domain which I assume is still using…
Proper way to remove a turned off Domain Controller ?
Hi, The domain controller (Running Windows 2012R2) & other MS Windows Servers in a particular small site has been turned off for a couple of months. We are going to decommission all servers in that site. We would like to ask the proper way of…
Adding a Custom Attribute in AD and Only Give Access to Certain Groups
Working on Active Directory in a Windows Server 2012R2 / 2016 environment (with Exchange 2016). I want to enter everyone's cell phone number into AD and then have that information be searchable in Outlook, OWA, and the GAL on configured mobile devices.…
Orphaned Enterprise CAs....
I inherited a network with two orphaned Enterprise CAs in Active Directory. Both DCs that were running these CAs, are long gone.... I found the following article and would like to confirm that it still applies to get rid of these orphaned CAs. The…
ADDS Forest Trust question
I have a query about ADDS domain trusts as i cannot wrap my head around it, allow me to build a quick scenario 2 forests forestA and forestB - They are able to resolve each other via DNS and are single domain environments S2016 Trust - 1-way…
Export users list from OU in a csv file
Hi team, I`m currently working on a Powershell script in order to get the following information from all users in a specific OU and export them into a csv file: givenname surname samaccountname E-mail address Departament Title …
2016 multihomed domain server
We have a control system in place with a primary and backup domain controller. They are a multihomed domain server. We have multiple NICs that the DNS is monitoring. The question is we have panelviews that are trying to authenticate against the DNS using…
Move a Domain Controller to an Orphan Site.
Hi All, I have an environment where I have two sites one in India and another in China. I have Domain Controllers under each site that are communicating among themselves. If I demote one of the servers, it will disturb the communication among the other…
How to upgrade to a 2019 domain controller with a current 2008 primary controller
Hello, we currently have a 2008 R2 domain controller and a 2012 R2 secondary domain controller. I would like to add a 2019 domain controller and eventually demote the 2008 R2 DC. I understand that the 2019 server schema needs to be upgraded. Is there a…
Choose CSP when using Get-Certificate powershell
Hi, I am looking for a way to change the CSP which is being used by the Get-Certificate powershell function. To be precise, i am trying to use the CSP Type 24 Microsoft Enhanced RSA and AES Cryptographic Provider. Issuing certificates from the…
The trust domain has been validated successfully, but I can't find the Object User Domain A, in DC Domain B, even though the location I have changed to Forest Domain A
The trust domain has been validated successfully, but I can't find the Object User Domain A, in DC Domain B, even though the location I have changed to Forest Domain A
How to fix this error?
We cannot log in the windows 2016 by Personal ID,the error message is "The trust relationship between this workstation and the primary domain failed". I logged in by admin ID and checked the log message.The log content is as below.Would you…
PKI infrastracture setup multiple hashing algorithm
Hi, I would like to ask if its possible to setup a root CA with SHA 256 then multiple issuing CA with different hashing algorithm like 1 issuing is SHA 382, other issuing is SHA 512 and 1 issuing CA using 256?