Install-Module Microsoft.Graph.Identity.DirectoryManagement -Scope AllUsers -Force
Import-Module Microsoft.Graph.Identity.DirectoryManagement
Connect-MgGraph -Scopes "Organization.ReadWrite.All", "Directory.ReadWrite.All"
$orgId = (Get-MgOrganization).Id
Update-MgOrganization -OrganizationId $orgId -OnPremisesSyncEnabled:$false
(Get-MgOrganization).OnPremisesSyncEnabled
# Should return: False
To force user to change at next login and log them out.
Install-Module Microsoft.Graph.Users -Scope AllUsers -Force
Install-Module Microsoft.Graph.Users.Actions -Scope AllUsers -Force
Import-Module Microsoft.Graph.Users
Import-Module Microsoft.Graph.Users.Actions
Connect-MgGraph -Scopes "User.ReadWrite.All", "Directory.AccessAsUser.All"
$email = "user@domain.com"
# Force password change at next login
Update-MgUser -UserId $email -PasswordProfile @{ ForceChangePasswordNextSignIn = $true }
# Confirm it's flagged
Get-MgUser -UserId $email -Property PasswordProfile | Select-Object UserPrincipalName, @{Name="ForceChange";Expression={$_.PasswordProfile.ForceChangePasswordNextSignIn}}
# Revoke sign-in sessions (log them out of everything)
Revoke-MgUserSignInSession -UserId $email
Forget all of the former connection to 365. Microsoft broke it as of ... 3/2025.
Find-Module ExchangeOnlineManagement -AllVersionsRemove-Module ExchangeOnlineManagement
Uninstall-Module ExchangeOnlineManagement -AllVersions -ForceInstall-Module ExchangeOnlineManagement -RequiredVersion 3.7.2 -Scope AllUsersImport-Module ExchangeOnlineManagement -RequiredVersion 3.7.2Connect-ExchangeOnline
regedit and press Enter.111 (if needed)
Resolving FortiClient Stuck on 'Connecting' with SAML on Windows 11
I encountered an issue where FortiClient would hang on "connecting" when using SAML authentication on new Windows 11 machines. After some troubleshooting, I found the solution: install the latest version of the Microsoft Visual C++ Redistributable.
https://learn.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170
Occasionally, your Windows Domain Controller (Server) may boot into the "Private" network zone instead of the expected "Domain" network zone. Here are steps to address this issue:
The issue may stem from incorrect DNS configuration. If the server cannot resolve the domain name before the Network Location Awareness (NLA) service starts, the network zone may default to "Private."
To resolve this:
127.0.0.1 (its loopback address).If the server continues to boot into the "Private" profile and the primary solution doesn't resolve the issue, you can disable the domain discovery negative cache by adding specific registry keys.
Add the following registry keys:
1. Disable the Domain Discovery Negative Cache
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
00 to disable caching.)Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
00 to disable caching.)Note: Disabling the negative cache ensures that failed domain detection results (e.g., ERROR_NO_SUCH_DOMAIN) are not cached. By default, Network Location Awareness (NLA) attempts domain detection multiple times during network setup (triggered by route or IP address changes). However, if the first detection fails and is cached negatively, subsequent attempts may also fail.
2. Alter NLA Domain Detection Behavior
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters
1Note: This registry key modifies how NLA handles retries for domain detection, ensuring it always expects a Domain Controller.
By following these steps, you can mitigate issues with your Domain Controller booting into the wrong network profile. Always exercise caution when editing the registry and ensure you have backups before making changes.