Considerations Before Upgrading Functional Levels
Upgrading Functional Levels KB ID 0001851 Problem For over twenty years, I’ve been involved with domain migrations, and I’ve had to upgrade both domain and forest functional levels thousands of times. I’ve also had to deal with many clients who were somewhat nervous when they knew that I was updating, their forest and the domain functional levels. I’m not sure if it’s just embedded in IT folklore that something horrible might happen,...
Find Specific GPO Settings
Find Specific GPO Settings KB ID 0001850 Problem To find Specific GPO Settings are being applied, and which GPO is affecting which setting, you can generate an html report, there are two ways of doing this. You can either run the report on the affected machine, or if you do not have access, you can generate the same report on a domain controller (or any machine that has the group Policy Management console installed). Solution: Find...
Insufficient access rights Error Code 8344
Error Code 8344 KB ID 0001636 Problem With Azure AD Replication, you may notice that you have the following error when you take a look at your connector status; Error: permission-issue Connected data source error code: 8344 Connected data source error: Insufficient access rights to perform this operation. Solution: Error Code 8344 Firstly ensure that the user you are running AAD sync under, has the following permissions on the...
PowerShell Inventory Operating Systems in Active Directory
PowerShell Inventory KB ID 0001838 Problem I needed to get a list of operating systems ‘in-use’ in my active directory this week. bear in mind this will pull information from all enables computer accounts in AD, so if you are ‘not good’ at tidying out old machines and servers you might get a lot of garbage in your output! Solution: PowerShell Inventory Use the following PowerShell. Get-ADComputer -Filter...
There Is No Editor Registered To Handle This Attribute Type
KB ID 0001837 Problem If you attempt to edit the authOrig attribute of a mail enabled group using ADSIedit you will get the following error. There is no editor registered to handle this attribute type. Why would you be doing this? This is done when you want to restrict who can email a group. Solution If you are running either on-premises Microsoft Exchange (or are running in Hybrid Exchange mode, and have retained an Exchange server...
Delegate LAPS Administration
LAPS Administration KB ID 0001834 Problem I saw this asked on a forum this morning and, went to test the answer (and create an article if successful), to find out the posted answer and most of the info I found online was for Microsoft LAPS and not the newer Windows LAPS. Windows LAPS Laps Administration Let’s say we have an OU called Computers (with my computers in) and I want to grant read permissions to LAPS password to a security...
Windows Remote VPN no DNS
VPN no DNS KB ID 0001402 Problem I’ve been setting up a VPN solution on the test bench as I’m looking at Always On VPN. When I noticed that I had a problem with my remote VPN connections on Windows. They would connect fine but I could not resolve any FQDNs for my domain? VPN no DNS Solution By default, all (Windows) VPN connections are ‘Force Tunnel’ (this means they have the option ‘Use default gateway...
Windows: Copy User Membership to Another User
Copy User Membership KB ID 0001828 Problem If you have a lot of user groups and simply want to copy/clone one users group membership to another user, then with PowerShell that’s quite simple to do. Solution: Copy User Membership Here I have two users ALane who is a member of a few groups and APatel who is simply a member of domain admins. Although we can see above what groups ALane is a member off let’s prove that will...
Deny RDS
Deny RDS KB ID 0001825 Problem Way back when I started doing tech (in the days of Novell 4 and NT4), my mantra was, if you must deny something then you’ve done something wrong. Now I work for a UK based MSP that offers SPLA licensing to clients. Unlike typical RDS licensing, With SPLA this requires every ‘capable’ AD user that ‘can’ RDP onto a server (regardless of it’s a Session Host RDS Server or...
Auto Update ADMX Files
Auto Update ADMX KB ID 0001824 Problem It’s been a long time since I ran through setting up a central policy definitiosn store. In that time, you’ve probably had to copy ADMX (and ADML) files into your central store manually. Microsoft updates typically DO download updates but puts them (usually) in C:\Windows\PolicyDefinitions, There’s probably a sensible reason for that. When someone cleverer than I has scripted...