I don't believe this..... we still see environments with Account Lockout policy set with a threshold of 3, with lockout duration of 2 or 5 minutes etc. Most of them, spend a good amount of money and time addressing these lockouts, and affecting business...

Here I’m assuming that we are using ADFS 2.0, for SSO to O365 services: 1. Active Directory replication issue If AD replication is broken, changes made to user/group may not be in sync across DCs. Between DCs, we may have password/upn/groupmembersip...

Common understanding about SSO: Which may mean user enters username/password once, and does not need to reenter again during the same session. It may also mean that when accessing different application/resources, we need not enter different credentials...

The Onmicrosoft.com email address gets stamped the time an Exchange license is assigned to the user. When creating the Onmicrosoft.com email address for the user, we look at the mailNickname attribute value for this user on the cloud. The mailNickName...

Use of SupportMultipleDomain switch, when managing SSO to Office 365 using ADFS When a SSO is enabled for O365 via ADFS, you should see the Relying Party (RP) trust created for O365. Commands that would create the RP trust for O365 are...

Symptoms Forest1 = 2003dom.local Forest2 = 2008dom.local 2-way Forest Trust created between them, with forest level authentication. **User from Forest2 access a server in Trusted Forest1 i.e. \\2003-dc1.2003dom.local Here is what I see in the network...

  In order to find out about user and computer account deletion, you must keep the “Account Management” auditing enabled , beforehand. The Account Management auditing needs to be enabled as follows: At Domain Controller OU level, edit the “Default...

Domain setup: Both Child1 and Child2 are in the same forest with the same parent domain R2dom.local. Administrator of the Child domain ( CHILD1 ) login to a member server ( CH1-Mem ) in CHILD1 domain . After login in the user tries...

I have come across various scanarios where System Administrators have installed IIS on Domain Controllers. They do it to efffectively utilize that server hardware, to cut down cost by preventing a need for another server for IIS, some application that...

You test WMI connectivity remotely using WBEMTEST > Error: "The parameter is incorrect" Analysis: Network trace during the issue shows that communication is happening with TCP Port 135 but after that secondary connection other DCOM/WMI interface...

I have come across a few issues where I have seen the above error. Below are two scenarios of the issue and the symptoms that I've noticed during that time. · Domain Workstations going into a state where they are unable to access resources over...

In this scenario when are troubleshooting AD replication between 2 DCs separated by a firewall. In order to ensure that the important well-known ports required in a domain environment are open on the firewall between these DCs, use the PortqryUI...

Windows AppLocker is a new feature in Windows 7 and Windows Server 2008 R2 is an alternative to the Software Restriction Policies feature. New with AppLocker ================== · Define rules based on file attributes derived from the digital...

Preventing Unwanted/Accidental deletions Windows 2003 Use Delegation to restrict the deletion activity , to only selected Admins. · Create group which contains users, who you want should NOT have the delete permission of set of objects...