Active Directory
A set of directory-based technologies included in Windows Server.
6,131 questions
4 answers
4732 - "A member was added to a security-enabled local group" - system account as subject?
Hello, Windows security event log 4732: I see log entry's where it's clear 'user A' added 'user B' to 'group C'.... however I also see entries where instead of it being a user that is doing the adding to the group, it is 'nt authority\system', the…
asked 2020-08-27T19:29:27.52+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 74%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
djc
1
Reputation point
commented 2020-09-04T03:16:45.98+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)
Hannah Xiong
6,251
Reputation points
1 answer
Uninstall AD Certificate Services, then immediately reinstall AD CS same server?
Hi, folks. We have a domain controller with AD Certificate Services installed as our root CA, and I'd like to demote it from being a DC which requires first uninstalling AD CS. Can we backup CA private key and database, uninstall AD CS role, demote as…
asked 2020-08-29T17:18:23.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 71%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Starlessblack
1
Reputation point
commented 2020-09-04T03:13:21.31+00:00
Hannah Xiong
6,251
Reputation points
1 answer
Changing Windows PKI to issue SHA384 RSA 3072 certificates
Hi, We currently have a PKI infrastructure that's configured to generate SHA256 RSA 2048 certificates. We need to generate a SHA384 RSA 3072 certificate for one of our appliances. I believe these would be our options: 1.) Migrate the key size of the…
asked 2020-08-26T00:26:06.807+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 52%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEN%3C/text%3E%3C/svg%3E)
Edward Narayan
1
Reputation point
commented 2020-09-03T07:52:32.607+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Daisy Zhou
20,556
Reputation points Microsoft Vendor
4 answers
One of the answers was accepted by the question author.
Computer Certificate autoenrollment not working
Hi, everyone! I have a problem with computer certificate autoenrollment and I've done a lot of search and troubleshooting and seems I'm stuck. I'm in an AD environment with internal PKI infrastructure, root ca is offline and there are two intermediate…
asked 2020-09-02T07:41:45.187+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 50%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Blitz
21
Reputation points
commented 2020-09-03T07:34:51.62+00:00
Daisy Zhou
20,556
Reputation points Microsoft Vendor
2 answers
Getting error while installing Enterprise root Certificate Authority role in Child Domain
Error: Active Directory Certificate Services setup failed with the following error: The security ID structure is invalid. 0x80070539 (WIN32: 1337 ERROR_INVALID_SID) Environment: 1 Parent root domain (ABC.LOCAL) and 1 CHILD Domain (CHILD.ABC.LOCAL).…
asked 2020-08-23T18:45:54.89+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 34%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Priyavert Sharma
136
Reputation points
commented 2020-09-02T02:10:22.643+00:00
Daisy Zhou
20,556
Reputation points Microsoft Vendor
1 answer
Troubleshooting Security events in Server 2012
I am seeing alot of activity in the events log associated with the MSOL_xxxxx account especially off hours. Is this normal or should I be looking for a cause? The event logs samples are below. Security: A Kerberos authentication ticket (TGT) was…
asked 2020-08-27T11:24:51.947+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 51%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Mike Garczynski
1
Reputation point
commented 2020-09-02T01:46:29.867+00:00
Hannah Xiong
6,251
Reputation points
2 answers
One of the answers was accepted by the question author.
How to trigger an event log entry when ADCS Role Separation is turned on or off
This article indicates that if you have the CA\AuditFilter property set t the max value (127) an event log entry would be triggered when we turn Role Separation on or off. The event ID should be 801: …
asked 2020-08-27T14:56:19.043+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 57.99999999999999%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Mike Bruno
136
Reputation points
commented 2020-09-01T15:43:14.903+00:00
Mike Bruno
136
Reputation points
1 answer
MSDN Forum: MS PKI Certificate based authentication on network access control device.
I have a 2 tier PKI infrastructure. With my SUB CA issuing certificates to machines(win 10) and user's through group policy. We are testing certificate based authentication with the NAC(aruba clearpass).The machine has user and the client certificate, we…
asked 2020-08-29T11:20:56.72+00:00
Shardul Rane
1
Reputation point
answered 2020-08-31T08:41:55.543+00:00
Candy Luo
12,686
Reputation points Microsoft Vendor
1 answer
Offline ROOT CA - Can I simply roll out a new one to use for Subordinate request signing?
Hi All, After running low on resources in one of our VM environments a script was run to identify all offline VMs and delete them. This deleted my "Offline ROOT CA" servers in that environment. My basic understanding of the two tier online…
asked 2020-08-25T12:06:13.59+00:00
Heath Durrett
486
Reputation points
commented 2020-08-31T06:36:34.877+00:00
Hannah Xiong
6,251
Reputation points
4 answers
Hyper-V Extended ACL - Can ICMP be stateful or not?
Can you add stateful ACL rules (on a Hyper-V Virtual Switch) on the ICMP protocol? If not, this leaves you to either open ICMP to everyone or close ICMP to everyone including the VM itself. Neither is secure or practical for such an important and…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 71%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
How to renew computer serfificates in AD gp based system before term ends?
Hello. We have internal CA server and AD based distibution of certificates to computers by group policy. I'ts all good and fine, but now we had to edit computer certificate template for certificate based autentication to network with radius. (yes…
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,992 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,772 questions
asked 2020-08-25T09:48:15.613+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 23%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Matti Tauriainen
21
Reputation points
commented 2020-08-26T07:22:32.93+00:00
Matti Tauriainen
21
Reputation points
4 answers
Where can I download security patch for MS11-025, MS11-049 etc.?
My corporate security found some vulnerabilities MS11-025 and MS11-049 etc., and I found them in security bulletin, but there is no where in the bulletin I can find download link. So, where can I find those hot fix download?
asked 2020-08-13T20:08:27.643+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 19%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGL%3C/text%3E%3C/svg%3E)
Gao, Leo (MGCS)
1
Reputation point
answered 2020-08-24T08:17:15.217+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
Vicky Wang
2,646
Reputation points
3 answers
certreq -Enroll
Hello I tried to use the below command in order to renew certificate but i have an error (The request contains no certificate template information) certreq -Enroll -cert certificateSerialNumber -machine Renew How can i solve this issue?
asked 2020-08-17T16:42:14.11+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Moonlight
176
Reputation points
commented 2020-08-24T06:06:28.61+00:00
Daisy Zhou
20,556
Reputation points Microsoft Vendor
4 answers
Signing an externally generated CSR with AD CS standalone
Hi, I am currently facing a quite blocking issue regarding the signature of a CSR emitted by a non-Microsoft PKI (EJBCA Community in my case) with a Root CA on AD CS (standalone version). What we want to do is to create a Sub-CA in EJBCA (the client…
asked 2020-08-11T14:59:21.69+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 72%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Arnaud_Synetis
1
Reputation point
answered 2020-08-24T04:47:09.31+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 96%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Karan SACHDEVA
1
Reputation point
1 answer
Computer administrator
I am trying to load some older programs, but when they start to set up a warning message pops up, this installation was stopped by the administrator contact your administrator. I am the administrator and this is my personal computer so what is happening…
asked 2020-08-18T09:26:00.467+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 42%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKT%3C/text%3E%3C/svg%3E)
Keith Tillen
1
Reputation point
commented 2020-08-24T02:03:39.747+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Fan Fan
15,311
Reputation points Microsoft Vendor
1 answer
Transitive Network Logon attack - Account lockout
Hi all, I see a transitive Network Logon attack on my AD netlogon logs, however, the computer name that attacks are coming from not pingable or searchable internally. Is there any way to find this puzzle? Thanks, Lrok
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 46%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
Biometrics & Facial Recognition in the domain
I would like to use both username & password. But only after the PC verifies the facial identity to the username. I hope that makes sense? This i a domain environment and it would add security to our domain. The problem I run into in my career is…
asked 2020-08-19T17:23:44.697+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 3%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
Vaughn Minter
21
Reputation points
commented 2020-08-21T06:37:21.13+00:00
Daisy Zhou
20,556
Reputation points Microsoft Vendor
2 answers
One of the answers was accepted by the question author.
WS2016 AD DC, unlock Windows session with smartcard, '... credentials could not be verified'
Hello, Scenario: ---------- Try open a Windows session with a smartcard on computer joined to a 2016 AD domain Technology: ------------ Involves a third party CSP library for the smartcard to work. the smartcard contains the…
asked 2020-08-15T12:28:20.177+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 41%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBP%3C/text%3E%3C/svg%3E)
Bertrand PERRET
61
Reputation points
commented 2020-08-20T07:42:46.8+00:00
Daisy Zhou
20,556
Reputation points Microsoft Vendor
2 answers
SHA 1 to SHA 256
Hi to all Which will be steps to change SHA 1 to SHA 256 in CA Windows 2012 r2?
asked 2020-08-14T02:55:54.93+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 38%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
ManuelVallejo
36
Reputation points
commented 2020-08-20T01:50:46.043+00:00
Hannah Xiong
6,251
Reputation points
5 answers
Hyper-V Live Migration using Kerberos from 2012 R2 to 2019 fails with error 0x80090322
Hello! I have a Windows Server 2012 R2 Hyper-V Failover Cluster and I'm trying to Live Migrate VM's to a Windows Server 2019 Hyper-V Failover Cluster. When I try to Live Migrate a non-clustered VM from one of the Windows Server 2012 R2 Hosts to one of…
asked 2020-08-13T17:33:28.203+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 20%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Dave Baddorf
101
Reputation points
answered 2020-08-19T19:08:18.163+00:00
Dave Baddorf
101
Reputation points