Migrare domain controller da sistema linux su vm windows server 2008
Buongiorno, ho un nas qnap come domain controller, vorrei sapere se è possibile migrare esso su una vm con windows server 2008 R2(livello schema uguale --> 47), facendo delle prove, dopo aver creato il domain controller sul nas ho aggiunto la vm al…
Upgrading domain controllers - compatibility
I am trying to track down official documentation for domain controller compatibility. We are behind the ball and still have some 2008R2 DC's, I want to make sure that i can go to 2019 both with just the OS compatibility and also the functional level…
AD Sites and Services - Config Query Post Migration of all on-prem DCs to Azure as IaaS VMs
We have recently moved all on-premise domain controllers over to Azure as standard IaaS VMs (not to be confused with Azure AD DS which we are not using). No issues have been found running repadmin /syncall or dcdiag and all seems to be fine in that…
Edit files on Desktop PC in AD
On a PC that belongs to an Active Directory domain, I would like to prevent the ability to edit/add/delete files or folders on the desktop by using a domain-wide policy so that it applies to all non-administrators users in the domain. Can it be done? …
Laps Segragation Per OU
We have deployed the LAPS and its working well. We've assigned the permissions to IT support team to fetch the passwords and they are able fetch the password of All OU'S computers. Environment: We've multiple sites and one IT support engineer is…
CDP Expired
Hi experts, Upon checking, I have found out that CDP location is expired as below:- I have tried the following as stated in microsoft article as below:- certutil -CRL Upon doing so, I can see the new .crl being generated in …
What Process Kicks Off RENEWAL of PKI Certificate
We have AD integrated PKI setup, which supplies certificate to all our client machines. We have setup the necessary Certificate Template, and allowed auto enroll permissions to all devices. In the Default Policy for our domain, we have enabled the…
Please share example - "Generic" GPO policies for a mid-size enterprise
I have found a lot of guides that explain how to configure some elements of GPO, but I have not found an article that explains the whole process of GPO settings. I know that each and every organization is unique and has its own needs, but could please…
[AD Bitlocker/Network unlock] Can enforce AD unlock USB drive?
Hello: In domian, All computer using bitlocker and unlock by and only by network unlock. Here is what I want to achive: When any employee useing removeable media, They enforce require using bitlocker protected USB drive, And those drive unlock by…
GPO for disable power plan
Hi, I have a service account that used to login to several workstations across multiple sites. These workstations display are need to stay on. But because of our GPO, it's going to the sleep mode. Without finding these devices and excluded from…
DFSRPrivate Installing Folder
I have been working through some issues with SYSVOL replication lately. I've noticed the "Installing" folder in DFSRPrivate has around 160,000 files, which appear to be .bat files included in two different GPO's. All the domain controllers…
Raise a 2k19 domain controller in core server mode using an answer file.
Good Morning! How can I raise a 2k19 domain controller in core server mode using an answer file? Is there any material that teaches step by step? It will not be a RODC. Thanks.
AD Fun after user enforced shutdown
Hi All, I've got a problem with a server at a charity I volunteer at, where it appears one on the DCs at one of their remote site was shut down on the button. The following day, the server involved started complaining about a target account being…
New active directory for group of comapnies
The situation - one group of small comapnies. The main DC will be located at the cloud. each company will have 1 dc or 2 in office replicated from cloud. what is the best way to implement the new active directory ? each company with separate…
AD delegation wizard permissions issue
Using the delegation wizard to allow the help desk to reset passwords In one OU, there are 12 user accounts. Only 1 of the 12 user accounts has the “User must change password at next logon” greyed out. I can’t understand why its only greyed out on…
Windows Image Recovery
Been restoring Windows Server 2012 Standard Full backup (Bare metal + 2 logical drives) to Hyper-V virtual machine. Restores logical drives then gets stuck on "Cleaning up" screen, not sure how to get around this? Been running for 12 hours. I…
CSV batch registration method using Powershell of Active Directory user account property (Department)
In Active Directory, I want to reflect the specific value (Department) of the registered account property in CSV with PowerShell using PowerShell. (If possible, please tell me the sentence of the completed command) Commands on Powershell and contents…
How to redirect clients of Active Directory site with RODC to another site when all RODC in site fail?
Hello! We have 3 sites: two central sites A and B with RWDC and remote site C with 1 RODC. What must we do to redirect clients of site C with RODC to another site A (not to B) with RWDC when RODC in this remote site fail? The access to site B is…
Duplicate objects in AD and ADC (hybrid environment)
Hi, We are managing a migration to Office 365. I have therefore configured a server with a DC role and one with the Azure AD Connect component. Some users had already been enrolled in Azure AD to take advantage of Office 365 licenses, while…
AD CS Expired Root CA
We have a 2 tier PKI environment. Every time i add a server in the domain 2 expired Root certificate appears in the Intermediate CA store of new server. one is certificate template cross certification authority template and other is Root…