Windows: Join Azure AD (AAD)
KB ID 0001596 Problem With more people looking at Microsoft 365 (as opposed to Office 365), then the amount of people who want to Join Azure AD with their Windows machines is only going to go up. This is how to join your Windows and BYOD client devices to Azure AD. There are essentially 3 WAYS to Join Azure AD. Azure AD Join: Used for corporate assets. Windows Only! (Can be managed by Intune) Users log in with their Azure AD account...
In Place Upgrade Windows 2016 to Windows 2019
KB ID 0001761 Problem Note: Also See In Place Upgrade of Window Server For the last twenty years or so I’ve said “In place upgrades are a bad idea”, my rationale has been that if something is broken we are simply migrating that problem, and we are relying on a lot of factors, (some of which may be unknown.) That we will just have to ‘trust that it will work’. Most modern servers are virtual so we can...
Use Azure MFA With Microsoft NPS (RADIUS) Server
KB ID 0001759 Problem I was in a forum last week and someone asked, “Can I enable Azure MFA, on my RADIUS server, to secure access to my switches and routers etc”. It turns out if you want to enable Azure MFA with Microsoft NPS it’s actually quite simple. So, I’m using RADIUS auth (above) on my NPS server, and it’s simply checking the authenticating user is a member of a domain security group....
How Many Users in AD? (User Count)
KB ID 0001748 Problem I had to get some stats from a number of customers earlier today, one of the stats I needed was the user count from within their respective Active Directories. If you have a tedious job to do, there’s usually a PowerShell command to help! Getting Object Numbers From Active Directory User Count (Get-ADUser -Filter *).Count Computer Count (Get-ADComputer -Filter *).Count Group Count (Get-ADGroup -Filter...
Leave Domain: “A general network error occurred’
KB ID 0001738 Problem After a recent lab on the test bench, I ended up with a 2008 x32 standard server. It took me a while to get this setup and running, so I wanted to keep it (or turn it into a VMware template should I ever need another). But first I needed to ‘remove it’ from the domain it was in. However, when attempting to do so this happened; Computer Name /Domain Changes The following error occurred validating...
Windows File Server Migration (Maintain Share & NTFS Permissions)
KB ID 0001201 Problem When attempting a File Server Migration why isn’t this better publicised? Did you know Microsoft have a set of Migration tools, and one of them is for file servers? Now traditionally I’d use RoboCopy or XCopy to migrate files and folders, and for ‘User Profiles’ I would normally back them up, and restore them to the new server. This is because the file permissions on ‘correctly...
Domain Join SID Error
KB ID 0001732 Problem Thankfully I don’t see a SID error very often these days; The following error occurred when attempting to join the domain ‘{domain-name} The domain join cannot be completed because the SID of the domain you attempted to join was identical to the SID of this machine. This is a symptom of an improperly cloned operating system install. You should run Sysprep on this machine in order to generate a new...
Cannot Recreate Azure AD ‘Local’ AD Connector
KB ID 0001659 Problem While trying to fix another Azure AD Replication problem today I managed to delete one of the connectors (the one for the local ‘on-prem’ Active Directory). In an effort to ‘recreate’ it, I ran the ‘Microsoft Azure Active Directory Connect’ and went to ‘Customise the Synchronisation Options’. Unfortunately I got this error; The forest {forest-name} cannot be added...
Group Policy: Item-Level Targeting
KB ID 0001654 Problem Yesterday I wrote a post about Deploying a ‘Mapped’ Drive to a couple of users using Group Policy. This received a comment that was basically ‘Why not simply use Client Targeting?’ To be fair that’s a good point, I was using a Group Policy Preference and they can be specifically targeted. So here’s how to do that. Solution If you do not already have one, create a group for your...
Apply Group Policy To a Security Group
KB ID 0001653 Problem On EE this morning someone asked how to map a drive to only two users, so that wherever they logged in, they got their mapped drive. Seemed like a good Idea for a post so here you go; Solution If you do not already have one, create a group for your users. Add the users, (as appropriate). On a Domain Controller > Administrative Groups > Locate the OU that contains your users (Note: if your group members are...