I recently ran into a situation in my lab environment that required I resync all (2000+) user accounts to Azure AD. Though this sounds complex and daunting, its actually quite simple. T The basic steps involve disabling sync, and then removing the user objects. This can all be done with two PowerShell commands: 1) Set-MsolDirSyncEnabled -EnableDirSync $false 2) Get-MsolUser -All | Remove-MsolUser -force The account that you are currently running the commands as will not be removed.

Prerequisites: Change server name and IP address Configure time settings and NTP In this post we will be reviewing the basic installation of the Active Directory Domain Services role and setup of a new forest on Windows Server Core 2019. To get started, login to your server with administrator privileges. You will first need to type in “powershell” in the cmd prompt to start powershell. Once you do that, type in the following command to install the Active Directory Domain Services role:

When migrating computer objects using the Active Directory Migration Tool, you may encounter the following error: In addition, the Migration Log may show the following error: This is typically caused by a host-side firewall. To resolve this, deploy a GPO to disable the Windows firewall prior to migrating the computer account. I like to create a special OU for computers (I typically name it “PreMigration”) that I will move computer objects to prior to migrating them.

This morning, I ran into an issue with Azure AD Connect that I had never seen before. I received an email alert from Azure AD stating that Password Synchronization was not working for my forest, and the suggested fix was to restart the ADSync service on the server. I restarted the service and then forced a sync to verify it was working. After forcing the sync, I opened miisclient and noticed some strange errors.

I recently had to create a new Azure AD Connect server, and found that it was not able to report health status in the Azure Portal. After some troubleshooting/research, I was able to get the health status report working by registering the health agent on the server with Azure AD Health Services. Doing this involves running one PowerShell cmdlet on your AD Connect server and providing global administrator credentials. First, let’s test the status of the agent communication:

In an organization with multiple Active Directory forests, you may want to sync objects from trusted forests. Adding trusted forests to Azure AD Sync is a simple process that I will likely cover in a future article. The focus of this post is the not-so-obvious process of removing a forest from Azure AD Connect. This can be a daunting and somewhat scary thing to do. Not fully understanding the process or having someone to guide you can leave you with thoughts like “what happens when I remove the forest from Azure AD Sync?

You may receive the error below when attempting to delete a dynamic distribution group. To resolve this, open ADUC and show advanced features (Click View > Advanced Features). Then find the object for the dynamic distribution group and open the properties window. Browse to the “Object” tab and uncheck the “Protect object from accidental deletion” box. Wait for ADDS to replicate or force replication yourself. Go back to the ECP and you should be able to delete the group.

One of my clients had a really strange issue the other day. He has a domain admin account in his domain and was not able to login to a server that I recently built. The server was an Exchange 2013 box, and was used in Coexistence mode to migrate his company from an Exchange 2007 box. He was getting this error message when attempting to login: This is a classic error message that I’m sure most technicians have seen before.

This script will iterate through all computers in Active Directory and return the configured time server for each computer. <# .SYNOPSIS Get time source for all computers in domain .EXAMPLE Get-TimeSource .NOTES Author: Ryan Nemeth - RyanNemeth@live.com Site: http://www.geekyryan.com .LINK http://www.geekyryan.com .DESCRIPTION This function will iterate through all computers/servers in a domain and return the time source for each. #> Write-Host -foregroundcolor Red -BackgroundColor black "This script must be run on a domain controller and requires that the AD Powershell module be installed" $module = Get-Module -ListAvailable | Select-Object -ExpandProperty Name if($module -notcontains "ActiveDirectory") { Write-Host -foregroundcolor red -backgroundcolor black "***Active Directory Powershell Module Not Found***" } else { Write-Host -foregroundcolor yellow "Found Active Directory Powershell Module.

This is a simple script to convert a SID to a username # Returns a username based on a SID # Author: Ryan Nemeth # Date: 12/2/2014 $SID = read-host “Please enter the SID: ” $object = New-Object System.Security.Principal.SecurityIdentifier($SID) $User = $object.Translate( \[System.Security.Principal.NTAccount\]) write-host “The user is: ” $User.Value