644 questions
644 questions with Windows Server | Identity and access | Active Directory tags
0 answers
Unable to change CNO Security
In a failover cluster, in Windows Server 2025, if I change security of the CNO, after about 1 hour, the security settings rollback and inheritance disabled. This cause access denied when CNO try to change password every hour. If I add the correct…
Windows Server Identity and access Active Directory
asked 2025-05-07T15:22:07.21+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 26%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Domenico Pozza
0
Reputation points
asked 2025-05-07T15:22:07.21+00:00
Domenico Pozza
0
Reputation points
0 answers
Windows Domain User is constantly locked out (MacOS environment)
A windows domain user is constantly being locked out. we are a relatively small company and have only one domain controller. all users work with mac devices and iphones. but after a password change one user is locked out all the time. we have many…
Windows Server Identity and access Active Directory
644 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 68%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
1 answer
Users have the ability to add themselves to the Domain Admins group, granting them Domain Admin privileges.
All users created in Active Directory are able to add themselves to the Domain Admin group, granting themselves Domain Admin privileges. Users can log into the Domain Controller, access Active Directory, and add themselves to the Domain Admin group. I…
Windows Server Identity and access Active Directory
644 questions
asked 2025-04-09T12:31:35.4666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 94%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHW%3C/text%3E%3C/svg%3E)
Hassan Waheed
10
Reputation points
answered 2025-05-06T08:32:51.5533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 2%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
Chen Tran
0
Reputation points
0 answers
Only domain account is locked out
The only domain account is locked out. The network setup is hybrid on-prem and cloud infra is connected via S2S VPN. Thanks.
Windows Server Identity and access Active Directory
644 questions
asked 2025-04-30T14:34:33.8833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 84%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
Mackoy Camisera
1
Reputation point
edited the question 2025-05-05T09:38:59.7166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT
20,796
Reputation points Microsoft Employee
Moderator
1 answer
Active Directory Replication with Mesh Topology
Hello, I have a total of three Active Directory Sites: NG1, NG2, and NG3. There is 1 domain controller placed in the NG1 site, 4 domain controllers placed in the NG2 site, and 4 domain controllers placed in the NG3 site. I have a total of 9 domain…
Windows Server Identity and access Active Directory
644 questions
asked 2025-05-04T09:39:30.8633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 56.00000000000001%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Md. Rubiat Haque
0
Reputation points
answered 2025-05-04T11:08:47.9366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Marcin Policht
45,240
Reputation points MVP
Moderator
1 answer
best way or any tool to cleanup gpo
Hello , We need to cleanup GPOs(count: 2K) from AD ,Please suggest the tool or method to handle the cleanup quickly and effectively. Thanks Richa
Windows Server Identity and access Active Directory
644 questions
asked 2025-04-15T12:54:14.8466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 54%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Richa Kumari
291
Reputation points
answered 2025-05-02T07:05:32.1733333+00:00
Chen Tran
0
Reputation points
0 answers
Azure Alerts aadds.changefinancial.com.au managed domain has detected usage of a deprecated TLS version, which is scheduled for retirement.
I get emails for, Azure Alerts aadds.changefinancial.com.au managed domain has detected usage of a deprecated TLS version, which is scheduled for retirement. Refer to the following article to resolve this issue Active Directory Domain Services…
Windows Server Identity and access Active Directory
644 questions
asked 2025-05-01T22:01:57.82+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 14.000000000000002%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDY%3C/text%3E%3C/svg%3E)
David Yuill
0
Reputation points
edited the question 2025-05-02T01:06:54.1966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Akhilesh Vallamkonda
14,650
Reputation points Microsoft External Staff
Moderator
0 answers
CN (Common Name) attribute from SAP SuccessFactors is not updating in the on-prexmises Active Directory via the Azure AD Connect Cloud Sync Agent
Hi Microsoft Support/Everyone, Currently, I'm working on integration with SAP SuccessFactors to On prem AD in Windows server via Azure Entra ID Cloud Sync agent. Here, I'm facing a difficulty related to the CN (Common Name) in AD. Whenever the object is…
Windows Server Identity and access Active Directory
644 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 81%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
0 answers
NLA Error on Azure AD
We have a VPN from onsite to Azure AD. But sometimes we are not able to login to windows servers using AD accounts and get NLA error When we try test Test-ComputerSecureChannel it fails, but other protocols are up - ping Kerberos LDAP DNS RPC SMB Please…
Windows Server Identity and access Active Directory
644 questions
asked 2025-04-16T18:02:34.21+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 62%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Ranji Prem Andrew
0
Reputation points
edited the question 2025-04-17T03:48:59.7933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
35,596
Reputation points Microsoft Employee
Moderator
1 answer
Error Raising Domain Functional Level from Windows 2012 R2 to 2016
Attempting to raise the domain functional level from Windows 2012 R2 to Windows 2016 results in the following error: "The functional Level could not be raised. The error is: The server is unwilling to process the request." This occurs when…
Windows Server Identity and access Active Directory
644 questions
asked 2025-03-24T02:28:06.7733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 38%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET8%3C/text%3E%3C/svg%3E)
TaylorRobertA-8225
0
Reputation points
commented 2025-04-11T13:18:22.0933333+00:00
TaylorRobertA-8225
0
Reputation points
0 answers
Access to PAW from regular workstation
I configured a basic authentication policy and assigned it to a user, restricting access to a single computer. This setup worked as expected until I attempted to use Remote Desktop Protocol (RDP), at which point I discovered that I needed to update the…
Windows Server Identity and access Active Directory
644 questions
asked 2025-04-09T17:16:59.22+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 41%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
Raymond Jette
0
Reputation points
asked 2025-04-09T17:16:59.22+00:00
Raymond Jette
0
Reputation points
1 answer
Best Practices for Managing Stale User and Computer Accounts in Active Directory
Hello everyone, I’m looking for best practices to manage stale (inactive) user and computer accounts in Active Directory. Could you please suggest the most effective approach for identifying and handling these accounts? Specifically, I’m interested…
Windows Server Identity and access Active Directory
644 questions
asked 2025-04-07T06:45:01.9433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 40%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
tanvir hasan
0
Reputation points
commented 2025-04-07T10:57:42.86+00:00
tanvir hasan
0
Reputation points
2 answers
How to recreate the Keys and Managed Service Accounts containers in Active Direcotry
We are running on a 2016 domain and forest functional level in Active Directory and the Keys and Managed Service Accounts containers have been deleted. These have been deleted for so long that they are no longer recoverable from the AD Recycle Bin. How…
Windows Server Identity and access Active Directory
644 questions
asked 2025-03-20T15:02:04.18+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 61%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEJ%3C/text%3E%3C/svg%3E)
Eric Johnson
0
Reputation points
edited an answer 2025-04-03T21:39:42.7733333+00:00
Eric Johnson
0
Reputation points
1 answer
Is Install-ADServiceAccount on member servers necessary for gMSAs?
In some of the documentation for gMSAs, it is shown that the PowerShell cmdlet Install-ADServiceAccount is a necessary step, but in practice, I've seen scenarios where this doesn't appear to be true. I've done the following in my lab to confirm: Add a…
Windows Server Identity and access Active Directory
644 questions
asked 2025-04-02T18:31:53.4133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 5%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Jake Parks
0
Reputation points
commented 2025-04-03T15:19:32.12+00:00
Jake Parks
0
Reputation points
0 answers
Aviso DFSR - EventID 5014 - O serviço Replicação DFS está interrompendo a comunicação com o parceiro
Bom dia, Estou recebendo o seguinte aviso nos DC's de minha rede, abaixo encaminho a descrição do evento coletado no SERVER3, com id de evento 5014: { O serviço Replicação DFS está interrompendo a comunicação com o parceiro SERVER1 para o grupo de…
Windows Server Identity and access Active Directory
644 questions
asked 2025-04-03T14:52:18.6666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 72%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGN%3C/text%3E%3C/svg%3E)
Gustavo Nunes Martins
20
Reputation points
asked 2025-04-03T14:52:18.6666667+00:00
Gustavo Nunes Martins
20
Reputation points
2 answers
One of the answers was accepted by the question author.
What are the port requirements between ADFS servers and AD Domain Controllers?
What are the port requirements between ADFS servers and AD Domain Controllers? Does it need to be bi-directional or unidirectional? I am configuring a new setup and asked network security team to open bi-directional ports between ADFS and AD DCs but they…
Windows Server Identity and access Active Directory
644 questions
asked 2025-04-01T08:18:45.02+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 92%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
Sharad Vivek Singh
25
Reputation points
edited the question 2025-04-01T10:41:55.4433333+00:00
Stanislav Zhelyazkov
27,556
Reputation points MVP
Moderator
3 answers
Third party Kerberos Realms, and PAC-validation
For years we have helped customers manage Windows Servers and workstations, that log on via third party kerberos MIT-realm, but with the updates and PAC-validatoin requirements all interoperability with such realms seems broken. We help with both FreeIPA…
Windows Server Identity and access Active Directory
644 questions
asked 2025-03-29T10:30:07.0133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 23%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Jostein-Skyfritt
0
Reputation points
answered 2025-04-01T09:47:14.48+00:00
Jostein-Skyfritt
0
Reputation points
1 answer
Updating and Migrating the KDS Root Key after decommissioning AD Domain Controller
What steps should I follow to successfully update the KDS Root Key value? When I execute the below simple command: (Get-KdsRootKey).domaincontroller https://learn.microsoft.com/en-us/powershell/module/kds/get-kdsrootkey?view=windowsserver2025-ps The…
Windows Server Identity and access Active Directory
644 questions
asked 2025-03-30T23:24:55.9966667+00:00
EnterpriseArchitect
5,831
Reputation points
commented 2025-03-31T06:01:26.84+00:00
EnterpriseArchitect
5,831
Reputation points
1 answer
we are facing issue with SSL certificate installed on windows server
We have imported SSL certificate in Event log analyzer application, but it sitll runs in HTTP not secure mode.
Windows Server Identity and access Active Directory
644 questions
asked 2025-03-26T02:56:01.95+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 33%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELI%3C/text%3E%3C/svg%3E)
LBOM1 itsupport
0
Reputation points
answered 2025-03-27T01:47:01.6833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Daisy Zhou
32,461
Reputation points Microsoft External Staff
1 answer
¿Qué perfil o permisos debe tener una cuenta de Active Directory para poder ejecutar las instalaciones de Windows Update?
Hola, Mi consulta surge porque actualmente estamos teniendo problemas al instalar actualizaciones desde Windows Update en equipos con Windows 11 Pro 21H2 y 23H2, que están unidos a un Active Directory. El problema específico es que, tras reiniciar el…
Windows Server Identity and access Active Directory
644 questions
asked 2025-03-23T15:20:07.0433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 19%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Gordon Sanchez, Neyfer Paul
0
Reputation points
answered 2025-03-24T07:23:53.52+00:00
Daisy Zhou
32,461
Reputation points Microsoft External Staff