Disable or delete AD user object?
What is recomended or best practise when an employee leaves the buisness, disable the account and keep it "for ever" or delete it after a periode? Is there any reason you would want to store a User AD object? Or is it a good reason for why you should delete it? Also do GDPR or the privacy law enforce anything regarding this and the employees sensitive information regarding this user object? Is there any difference regarding this on AD on-prem and Azure AD? Thank you!
Sync an Existing Office365 Tenant into a New Active Directory Domain
Hi, My company is existing Office365 (E3) tenant and i planning to run Azure AD Hybrid join and implement a on-premises new Active directory and sync my Office365 (E3) tenant Azure AD details into it. In this case, do i need to purchase CALs for the on-premise AD services? if no, can we use the GPO features?
Azure AD Windows 10 and Azure AD Connect
So we sync our AD w/ Azure AD Connect and I have Password Hash Sync enabled. I can't seem to login to any Windows 10 Azure AD joined computers with accounts that are synced. I was able to create a cloud only account *.onmicrosoft.com account and it works. Is it possible for the accounts that are synced from AD -> Azure AD to authenticate? Is there something special we need to make this happen?Active Directory Forest Migration
Hi Team, We are planning to migrate AD forest A to AD Forest B to maintain single root domain. Environment details: Forest A : contoso.com --> Root Domain Fabrikam.com --> Added as UPN Suffix domain (used for Email) Public Facing In Forest B we wanted to eliminate contoso.com as root domain and wanted to make fabrikam.com as root domain. How do we plan to migrate the user accounts, as we are getting some domain conflict errors while setting AD Trust. Let me know if someone has a better option to this solution.Active Directory
We currently have our Active Directory running on a Windows Server 2016 machine. It seems to be working out well for us. If I were to use Azure AD, does that run along side my AD on Server 2016 or would I remove the AD on Server 2016 and only run it on Azure AD. We currently use Office 365 for email, OneDrive, Flow, etc. Thanks for advice and suggestions.Directory Services Restore Mode - DSRM - Help needed
Hi there! I'm not sure if I'm bringing this on the right community. If not, please move this for the right place. I have an Active Directory test environment mimicking a real one: - DC's are 2008 R2 and 2012 R2 (a total of four DC's, two of each) - Forest and domain levels are 2008 R2, - Workstations are W7 and W10. We use Symantec Netbackup for backup, and for a restore test, we mess up a little bit with the domain and waited for a little for the replication to take place, shut down three of the DC's, and in the one remain, we went into DSRepair mode, and proceeded with a restore a full restore of the System State. After the restore, we use the ntdsutil to set it as authoritative. Everything went well, the data was restored successfully and replicated successfully to the other DC's. The problem is, I can't go into Directory Services Restore Mode anymore, in any of the domain controllers. When I select the DSRM mode, pressing F8 or using MSConfig, it always goes into SAFE Mode. Does anyone face this before? What's that I did wrong? Thanks.
How to connect ADFS with OAuth 2.0 protocol
Current environment information Server OS Version: Windows Server 2012 R2 ADFS was installed. I can not create an OAuth 2.0 authentication request after ADFS client added. I use this url:(This domain is for internal network access only, because firewall is running to filter tcp 80/443 port by china telecom government security policy limit) https://adfs.dingplace.com/adfs/oauth2/authorize?client_id=wifidog_authportal&response_type=code&redirect_uri=http%3A%2F%2F172.20.1.6%3A8080%2F~dingstudio%2FwebAuth%2FadfsLogin.php&scope=openid&state= to request authentication, but ADFS redirect my request to an error page and take some error description. How can make the ADFS work correctly, and where is ADFS' s resource application program interface ? Before ADFS, my single sign on solution is CAS or myself auth server. I want a solution to help me.
Can FSMO roles be transferred to a non Global Catalog server?
Hello! I have a question. Can FSMO roles be transferred to a non-Global Catalog server? If the non-Global Catalog server holds the Infrastructure master role can it also hold the other 4 roles as a non GC or do I need to make it a GC. If I need to make it a GC will enabling GC cause any negative effect? Thanks in advance, Theaxehax
