To continually increase the information security of on-premises Domain Controllers, Microsoft provides new functionality to Windows Server and Active Directory. Sometimes, the new security measures affect the efforts of admins to get their Active Directory environments to a safer state, ahead of the curve. In this knowledgebase article, I’ll discuss such a measure. The … Continue reading "KnowledgeBase: You experience errors with Event ID 14 and source Kerberos-Key-Distribution-Center on Domain Controllers"
To continually increase the information security of on-premises Domain Controllers, Microsoft provides new functionality to Windows Server and Active Directory. Sometimes, the new security measures affect backward compatibility. In this knowledgebase article, I’ll discuss such a measure. The situation You run Active Directory with Domain Controllers on one or more of the below Windows Server … Continue reading "KnowledgeBase: You experience errors with Event ID 42 and source Kdcsvc on Domain Controllers"
Azure AD Connect can configure a lot of the requirements it needs automatically. One of the things it can configure for you is the AD Connector account, the account that is used to read and write into Active Directory. However, Azure AD Connect also provides PowerShell cmdlets to configure and secure AD Connector accounts of … Continue reading "KnowledgeBase: You experience Errors with EventID 33007 and 33008 when people try to use Azure AD Self-service Password Reset"
Sometimes, error codes for Microsoft products and technologies are really straightforward. Especially in situations where you have limited to no troubleshooting options, like in Azure Active Directory (Azure AD), this might prove difficult to solve. Today, let’s look at an error your colleagues might encounter with default Azure AD settings in the context of Azure … Continue reading "KnowledgeBase: Colleagues receive ‘We cannot create a self-service Azure AD account for you because domain.tld has disabled self-service account sign-up by email validation. Ask domain.tld's admin to enable EmailVerified users or create an account for you.’ when they try to redeem an Azure AD B2B invitation"
One of the more recent issues you might encounter, when you create or modify computer objects and/or (group) managed service accounts in Active Directory is errors on your domain controllers with event ID 16990 or 16991 with source Directory-Services-SAM in the System event log. The situation You run an Active Directory forest with Domain Controllers … Continue reading "KnowledgeBase: You receive EventID 16990 or 16991 when users create or modify computer objects"
With the release of Azure AD Connect v2, many Hybrid Identity admins find themselves with Windows Server 2012 and Windows Server 2012 R2 installations with Azure AD Connect v1 installations. As Azure AD Connect v2 does not support installation on these Operating Systems, Microsoft urges these admins to perform an Azure AD Connect swing migration. … Continue reading "KnowledgeBase: In-placing upgrading Windows Server for an Azure AD Connect installation is not supported"
Troubleshooting IT problems is hard. Troubleshooting problems that arise on end-user devices around the same time as these devices automatically update should be simpler, but can be just as hard. Today, let’s talk about some behavior we’re seeing at some organizations surrounding the May 2021 Cumulative Update for Windows 10. The situation Within the organization, … Continue reading "KnowledgeBase: You experience ‘You can't access this shared folder because your organization's security policies block unauthenticated guest access’ errors after applying the May 2021 Cumulative Update"
Version 18.104.22.168 of Azure AD Connect that was released just last week seems to have an issue with the Azure AD Connect Health agent. The situation You intend to synchronize objects from one or more on-premises Active Directory Domain Services implementations to an Azure AD tenant. You install Azure AD Connect version 22.214.171.124 to … Continue reading "Knowledgebase: Azure AD Connect Health Agents are not registered on Azure AD Connect installations running version 126.96.36.199"
One of the issues you might encounter, when you misconfigure the delegated permissions for Azure AD Connect’s Active Directory connector account is events in your Domain Controllers’ event viewers every hour with event ID 1699. The situation You are using Azure AD Connect with Password Hash Synchronization as either the sign-in method to Azure AD … Continue reading "KnowledgeBase: You experience EventID 1699 on Domain Controllers targeted by Azure AD Connect"
Today, Raymond and I troubleshooted an issue for several people who received the ‘Sorry, we ran into a problem’ error when trying to register their security information. As is our mutual expectation, I decided to document the issue. When you run into the same situation, you might find it helpful. The situation An Azure … Continue reading "KnowledgeBase: Some users receive an "We're sorry, we ran into a problem" error when registering Azure MFA"