delegate control wizard: create a custom task to delegate active directory object type – only the following objects in the folder: user objects permissions, clear “general” checkbox, check “property-specific” checkbox select read lockouttime and write lockouttime complete wizard source: https://support.microsoft.com/en-us/kb/294952

logo = Set-AdfsWebTheme -TargetName custom -Logo @{path=”c:\theme\script\logo.png”} illustration = Set-AdfsWebTheme -TargetName custom -Illustration @{path=”c:\theme\illustration\illustration.png”} sign-in page description = Set-AdfsGlobalWebContent -SignInPageDescriptionText “HTML” onload.js = Set-AdfsWebTheme -TargetName custom -AdditionalFileResource @{Uri=’/adfs/portal/script/onload.js’;path=”c:\theme\script\onload.js”} auto-append @mydomain.com or prepend mydomain\: i used the following code as a great starting point https://social.msdn.microsoft.com/Forums/vstudio/en-US/bfde6a72-a522-4d12-907d-3f96577ab3a0/windows-server-2012-r2-adfs-proxy-error-enter-your-user-id-in-the-format-domainuser?forum=Geneva and https://social.msdn.microsoft.com/Forums/vstudio/en-US/d0b2089f-e4be-494c-b488-21493f62bc58/adfs-2012-r2-forms-authentication-default-login-domain?forum=Geneva i ended up altering this portion: var lowerUserName = […]

i recently installed windows updates on a domain controller in late march 2015. the updates included KB3002657 which apparently has been causing problems with a lot of NAS devices. the issue we experienced was users getting asked for credentials when trying to access the FS7600 CIFS shares (even though they already had an active kerberos […]