KnowledgeBase: Colleagues receive ‘We cannot create a self-service Azure AD account for you because domain.tld has disabled self-service account sign-up by email validation. Ask domain.tld's admin to enable EmailVerified users or create an account for you.’ when they try to redeem an Azure AD B2B invitation

Sometimes, error codes for Microsoft products and technologies are really straightforward. Especially in situations where you have limited to no troubleshooting options, like in Azure Active Directory (Azure AD), this might prove difficult to solve. Today, let’s look at an error your colleagues might encounter with default Azure AD settings in the context of Azure … Continue reading "KnowledgeBase: Colleagues receive ‘We cannot create a self-service Azure AD account for you because domain.tld has disabled self-service account sign-up by email validation. Ask domain.tld's admin to enable EmailVerified users or create an account for you.’ when they try to redeem an Azure AD B2B invitation"

KnowledgeBase: You receive EventID 16990 or 16991 when users create or modify computer objects

One of the more recent issues you might encounter, when you create or modify computer objects and/or (group) managed service accounts in Active Directory is errors on your domain controllers with event ID 16990 or 16991 with source Directory-Services-SAM in the System event log. The situation You run an Active Directory forest with Domain Controllers … Continue reading "KnowledgeBase: You receive EventID 16990 or 16991 when users create or modify computer objects"

KnowledgeBase: In-placing upgrading Windows Server for an Azure AD Connect installation is not supported

With the release of Azure AD Connect v2, many Hybrid Identity admins find themselves with Windows Server 2012 and Windows Server 2012 R2 installations with Azure AD Connect v1 installations. As Azure AD Connect v2 does not support installation on these Operating Systems, Microsoft urges these admins to perform an Azure AD Connect swing migration. … Continue reading "KnowledgeBase: In-placing upgrading Windows Server for an Azure AD Connect installation is not supported"

KnowledgeBase: You experience ‘You can't access this shared folder because your organization's security policies block unauthenticated guest access’ errors after applying the May 2021 Cumulative Update

Troubleshooting IT problems is hard. Troubleshooting problems that arise on end-user devices around the  same time as these devices automatically update should be simpler, but can be just as hard. Today, let’s talk about some behavior we’re seeing at some organizations surrounding the May 2021 Cumulative Update for Windows 10. The situation Within the organization, … Continue reading "KnowledgeBase: You experience ‘You can't access this shared folder because your organization's security policies block unauthenticated guest access’ errors after applying the May 2021 Cumulative Update"

Knowledgebase: Azure AD Connect Health Agents are not registered on Azure AD Connect installations running version 1.6.2.4

Version 1.6.2.4 of Azure AD Connect that was released just last week seems to have an issue with the Azure AD Connect Health agent.   The situation You intend to synchronize objects from one or more on-premises Active Directory Domain Services implementations to an Azure AD tenant. You install Azure AD Connect version 1.6.2.4 to … Continue reading "Knowledgebase: Azure AD Connect Health Agents are not registered on Azure AD Connect installations running version 1.6.2.4"

KnowledgeBase: You experience EventID 1699 on Domain Controllers targeted by Azure AD Connect

One of the issues you might encounter, when you misconfigure the delegated permissions for Azure AD Connect’s Active Directory connector account is events in your Domain Controllers’ event viewers every hour with event ID 1699. The situation You are using Azure AD Connect with Password Hash Synchronization as either the sign-in method to Azure AD … Continue reading "KnowledgeBase: You experience EventID 1699 on Domain Controllers targeted by Azure AD Connect"

KnowledgeBase: Some users receive an "We're sorry, we ran into a problem" error when registering Azure MFA

Today, Raymond and I troubleshooted an issue for several people who received the ‘Sorry, we ran into a problem’ error when trying to register their security information. As is our mutual expectation, I decided to document the issue. When you run into the same situation, you might find it helpful.   The situation An Azure … Continue reading "KnowledgeBase: Some users receive an "We're sorry, we ran into a problem" error when registering Azure MFA"

KnowledgeBase: The WID Service consumes 100% CPU after transitioning AD FS Servers

This week, I encountered unexpected behavior with Active Directory Federation Services (AD FS) on a Windows Server installation that an organization had recently transitioned to from an AD FS server running a previous version of Windows Server. I’m sharing my experiences, so others may benefit from our troubleshooting and solution.   The situation Your organization … Continue reading "KnowledgeBase: The WID Service consumes 100% CPU after transitioning AD FS Servers"

KnowledgeBase: LSASS on Windows 10 version 20H2 crashes and reboots unexpectedly on systems with renamed built-in administrator or guest accounts

On October 20th, 2020, Microsoft released Windows 10, version 20H2 build 19042 to Visual Studio Subscribers and organizations with access to the Software Download Center and the Volume Licensing Service Center. This version is also known as Windows 10 ‘October 2020 Update’. Last week, Microsoft acknowledged an issue causing forced restarts on devices running Windows … Continue reading "KnowledgeBase: LSASS on Windows 10 version 20H2 crashes and reboots unexpectedly on systems with renamed built-in administrator or guest accounts"

KnowledgeBase: You receive “the mS-DS-ConsistencyGuid attribute is already in use” when you change the source anchor on a Staging Mode Azure AD Connect installation

In environments with multiple Azure AD Connect installations, sometimes, you experience unexpected behavior. For instance, when you want to change the source anchor from objectGUID to mS-DS-ConsistencyGuid for your Hybrid Identity implementation. The situation An organization leverages multiple Azure AD Connect installations. One installation is the actively synchronizing Azure AD Connect installation, the other installations … Continue reading "KnowledgeBase: You receive “the mS-DS-ConsistencyGuid attribute is already in use” when you change the source anchor on a Staging Mode Azure AD Connect installation"