Category Archives: Active Directory

Server Error in ‘/MultiFactorAuth’ Application

By | 2nd August 2018

We recently switch over the Azure MFA Server (on-prem) solution and during our test we did not experience any problems. However when we started to onboard our users (approx. 5.000) we received a few calls from users, less than 10, who were unable to sign in to the User Portal. Assuming you didn’t specify any… Read More »

Dynamic AD Security groups

By | 26th February 2018

Active Directory does not offer any build in Dynamic Security groups, whereas Exchange does offer Dynamic Distribution lists. So to solve this problem you could run a PowerShell script based on users in an OU. The script below will scan one or more OU’s and add each user account to the AD Security group you… Read More »

How to fix: Get-ADGroupMember : The size limit for this request was exceeded

By | 16th February 2018

Working in a larger Active Directory environment I occasionally got the error:

When trying to read all the members (recursively) of an AD Group. This was annoying since in the alternatives are limited especially when using the -recursive option. You could try with:

or

However these don’t have the recursive option. And… Read More »

Azure AD connect sync error: FederatedDomainChangeError

By | 30th November 2017

When synchronizing identity data from your on-prem Active Directory environment to the Azure Active Directory environment using the Azure AD connect tool you might occasionally get an error. One example is the error: FederatedDomainChangeError Details This error typically occurs after you have changed the UserPrincipalName suffix of an user from one federated domain to another… Read More »

Azure AD – Check and clean your on-prem AD with IdFix before migrating

By | 1st October 2017

Before you start syncing your On-Premises Active Directory with Azure Active Directory you should check and fix any issue’s there might be with any of the accounts. Microsoft has released a tool for this called: IdFix which you can download directly from Microsoft: IdFix DirSync Error Remediation Tool This tool will scan your On-Prem AD… Read More »

How to downgrade the Domain and Forest functional level

By | 24th May 2017

With older versions of Windows Server it was not possible to downgrade the domain and forest functional level once upgraded. However this has changed since Windows Server 2012R2, using PowerShell you can now downgrade the Domain and Forest functional level. To do so follow these steps: 1. Log on to the domain controller as domain… Read More »