Migrate to Microsoft Entra Connect
Migrate to Microsoft Entra Connect KB ID 0001857 Problem You want to migrate from Microsoft Azure AD Connect to Microsoft Entra ID connect. Let me let you into a secret, (at time of writing) Entra ID connect and Azure AD connect ARE THE SAME THING, if you go to download Entra ID connect, the file you will download is called AzureADConnect.msi. So what you want to do is, upgrade Azure AD Connect. If your existing Azure AD connect is...
Exclude One Computer from GPO
Exclude One Computer from GPO KB ID 0001852 Problem You have a requirement that you want one computer (or a group of computers) NOT to have a specific GPO applied. If that is the case, then this is how to simply achieve that goal Note: The same procedure can be used to Exclude a GPO from one user (or a group of users). Solution : Exclude One Computer from GPO Let’s find the computer in question, in my case it’s called PNL-ZERTO-2022,...
Considerations Before Upgrading Functional Levels
Upgrading Functional Levels KB ID 0001851 Problem For over twenty years, I’ve been involved with domain migrations, and I’ve had to upgrade both domain and forest functional levels thousands of times. I’ve also had to deal with many clients who were somewhat nervous when they knew that I was updating, their forest and the domain functional levels. I’m not sure if it’s just embedded in IT folklore that something horrible might happen,...
Find Specific GPO Settings
Find Specific GPO Settings KB ID 0001850 Problem To find Specific GPO Settings are being applied, and which GPO is affecting which setting, you can generate an html report, there are two ways of doing this. You can either run the report on the affected machine, or if you do not have access, you can generate the same report on a domain controller (or any machine that has the group Policy Management console installed). Solution: Find...
Insufficient access rights Error Code 8344
Error Code 8344 KB ID 0001636 Problem With Azure AD Replication, you may notice that you have the following error when you take a look at your connector status; Error: permission-issue Connected data source error code: 8344 Connected data source error: Insufficient access rights to perform this operation. Solution: Error Code 8344 Firstly ensure that the user you are running AAD sync under, has the following permissions on the...
PowerShell Inventory Operating Systems in Active Directory
PowerShell Inventory KB ID 0001838 Problem I needed to get a list of operating systems ‘in-use’ in my active directory this week. bear in mind this will pull information from all enables computer accounts in AD, so if you are ‘not good’ at tidying out old machines and servers you might get a lot of garbage in your output! Solution: PowerShell Inventory Use the following PowerShell. Get-ADComputer -Filter...
There Is No Editor Registered To Handle This Attribute Type
KB ID 0001837 Problem If you attempt to edit the authOrig attribute of a mail enabled group using ADSIedit you will get the following error. There is no editor registered to handle this attribute type. Why would you be doing this? This is done when you want to restrict who can email a group. Solution If you are running either on-premises Microsoft Exchange (or are running in Hybrid Exchange mode, and have retained an Exchange server...
Delegate LAPS Administration
LAPS Administration KB ID 0001834 Problem I saw this asked on a forum this morning and, went to test the answer (and create an article if successful), to find out the posted answer and most of the info I found online was for Microsoft LAPS and not the newer Windows LAPS. Windows LAPS Laps Administration Let’s say we have an OU called Computers (with my computers in) and I want to grant read permissions to LAPS password to a security...
Windows Remote VPN no DNS
VPN no DNS KB ID 0001402 Problem I’ve been setting up a VPN solution on the test bench as I’m looking at Always On VPN. When I noticed that I had a problem with my remote VPN connections on Windows. They would connect fine but I could not resolve any FQDNs for my domain? VPN no DNS Solution By default, all (Windows) VPN connections are ‘Force Tunnel’ (this means they have the option ‘Use default gateway...
Windows: Copy User Membership to Another User
Copy User Membership KB ID 0001828 Problem If you have a lot of user groups and simply want to copy/clone one users group membership to another user, then with PowerShell that’s quite simple to do. Solution: Copy User Membership Here I have two users ALane who is a member of a few groups and APatel who is simply a member of domain admins. Although we can see above what groups ALane is a member off let’s prove that will...