Create your WindowsTechno Community account. It’s free and only takes a minute.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We want to connect the people who have knowledge to the people who need it, to bring together people with different perspectives so they can understand each other better, and to empower everyone to share their knowledge.
Fun active directory problem–cloned domains?
Can you clarifying your terminology “ad servers” I’m guessing you mean domain controllers. If so then this is a cluster fcuk of a mess you’ve got.. you should pick one domain and make it the primary then forget about the others and migrate every server manually.. Alternatively create a new primary dRead more
Can you clarifying your terminology “ad servers” I’m guessing you mean domain controllers.
If so then this is a cluster fcuk of a mess you’ve got.. you should pick one domain and make it the primary then forget about the others and migrate every server manually..
Alternatively create a new primary domain, create a domain trust between one of the original domains, migrate everything you need, delete the trust, power off the old environment, then repeat for each other domain :/
See lessneed to manually remove last 2008 server before upgrading domain level to 2012
You can remove the 2008 dc.. as you 2012 dcs. There will no impact if we have other versions dc available
You can remove the 2008 dc.. as you 2012 dcs. There will no impact if we have other versions dc available
See lessTrying to find GPO that renames local admin account
No sure below might can help this path shows we can rename local administrator account using GPO. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options. In the right pane, double-click Accounts: Rename administrator aRead more
No sure below might can help this path shows we can rename local administrator account using GPO.
Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click Security Options.
See lessIn the right pane, double-click Accounts: Rename administrator account.
Create AD User To Be A Local Admin On All Domain Joined Endpoints But NOT Domain Admin
This can be done using GPO. Make group and add users to whom you wanted to be an local admin on the endpoints. and then add that group in the policy. Below is the GPO you can configure. Open Group Policy Management Editor (GPMC) Create a New Group Policy Object and name it Local Administrators – SerRead more
This can be done using GPO.
Make group and add users to whom you wanted to be an local admin on the endpoints.
and then add that group in the policy.
Below is the GPO you can configure.
Open Group Policy Management Editor (GPMC)
See lessCreate a New Group Policy Object and name it Local Administrators – Servers
Navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Restricted Groups. Right Click on the right panel and select Add Group
Browse for the Active Directory Group you wish to add as a local admin
Select This group is a member of
Select Browse
Type Administrator – Note: Be sure to add “s” at the end
Click Check Names to make sure it resolves and click OK
Close out of the window
Sharing knowledge to find out the orphaned GPO in Active directory
Thank you for this , if possible please add the steps as well.
Thank you for this , if possible please add the steps as well.
See lessUnable to create backups with a gMSA account after installing Microsoft feb month patches
Yes this can be solved either Uninstall the latest patches from RMAD server or convert your gmsa to non-gmsa as we investigated and found that RMAD software is not compatible with gmsa after installing these security patches since Nov 2022. Regards Vipan
Yes this can be solved either Uninstall the latest patches from RMAD server or convert your gmsa to non-gmsa as we investigated and found that RMAD software is not compatible with gmsa after installing these security patches since Nov 2022.
Regards
See lessVipan
January 2023 Patch – Kerberos Hardening questions
Hey , I was also looking same , help me to fix this kerberos issue permanently.
Hey , I was also looking same , help me to fix this kerberos issue permanently.
See lessIn AGPM, the controlled GPO is not visible.
You might not have permission to list the GPO if the name of the GPO does not display on the Controlled, Uncontrolled, or Pending tab. Get in touch with an AGPM Administrator to ask for permission.
You might not have permission to list the GPO if the name of the GPO does not display on the Controlled, Uncontrolled, or Pending tab. Get in touch with an AGPM Administrator to ask for permission.
See lessretiring DC that holds all FSMO – what roles to transfer first
No real risk. Just verify where you want your roles to be. Although it is **perfectly fine** to have all the roles on one DC, I tend to not to, because I work in environments that have a lot of crap on them such as: 1. LDAP integration with applications, like Cisco firewalls with their identity piecRead more
No real risk. Just verify where you want your roles to be. Although it is **perfectly fine** to have all the roles on one DC, I tend to not to, because I work in environments that have a lot of crap on them such as:
1. LDAP integration with applications, like Cisco firewalls with their identity piece.
2. Azure AD Connect
3. SSO type activities
4. Domain/forest trusts.
Depending on the DC’s that I have, I try not to put roles on a DC that is handling a lot of non user authentication traffic. I try to leave the best provisioned one (if they are all different) to just handle that stuff with no roles. Schema master and Infrastructure master can go pretty much anywhere, they don’t get smashed very hard for their role. I put the PDC emulator on which ever DC has the best network connectivity (again, if there is a lot of variance there), since it’s the authoritative one.
See lessAfter Update Google Chrome 78.0.3904.70 in crash
had to uninstall and install the older version to allow me to use it. not sure if Symantec is the one who need to allow it or not. yet to confirm. any causes??
had to uninstall and install the older version to allow me to use it. not sure if Symantec is the one who need to allow it or not. yet to confirm. any causes??
See less