I have had ADSelfService Plus deployed to all of our PCs so users can unlock their own account and reset their passwords. Recently, I have decided to enable MFA on any PC or server where a Domain Admin logs in. I have the policy set up and it works on most of the machines I have tried, however, I have a couple Server 2012 r2 machines that wont prompt for MFA when I use my Domain Admin account. It works on other Server 2012 r2, 2016 and 2019 machines and the ones it doesn't work on, the domain Administrator account is prompted for MFA. Looking at the logs on those machines it states "TFA is not enabled for this user". The server itself recognizes my account as a domain admin as verified by a gpresult /V. For some reason, however, ADSSP doesn't see the account as a Domain Admin. Any idea why that could be?