You may have already seen that you can deploy most Windows Server 2012 role services with Windows PowerShell. If you are interested in Active Directory Certificate Services (AD CS), you've probably noticed the PowerShell commands for deploying all six...

Breaking guidance change: Although you can use Setspn -A , you should use Setspn -S instead because -S will verify that there are no duplicate SPNs. However, if you are using Windows Server 2003 or earlier, you will not be able to use the -S switch because...

Here is a great question and reply from a lead developer for AD Recycle Bin. Q: After enabling the AD Recycle Bin, is there any downside to bringing the tombstoneLifetime value down to, e.g. 7 days? On the face of it it seems sensible to do this to...

Just want to make people aware of a new topic recently posted by colleagues: Configuring MaxConcurrentAPI for NTLM pass-through authentication . This was written by the authentication product group team themselves and has a deep explanation of how...

When I was first learning about Active Directory Certificate Services (AD CS), a colleague told me that I should search on Step-by-Step Guide with AD CS. He was right, that was a good place to get started. Starting with Windows Server 2008 R2, the Test...

Recently a question was asked on the blog regarding printing queries from Active Directory Administrative Center (ADAC). There is no native functionality for printing queries performed in ADAC, but there is a workaround. 1. Open ADAC and create a query...

One of the favorite ice breakers for computer geek get-together is to talk about your first computer. Hey, I still remember the TRS 80 (who people in the know call it the Trash80). If you liked something and you are proud of it and still refer to it as...

I was recently alerted to the situation that not all of our Microsoft customers have adjusted their language based on the new branding of Active Directory to include more than just Active Directory Domain Services. For example, people might just be searching...

A few updates were just posted, so I am putting out an FYI post. I should do this more often, so I will! Anyways, here goes: 1. Slowly, but surely, the AD CS documentation is being consolidated into a single download center page: Active Directory Certificate...

Here is a video I shot a while back that demonstrates how to use ADSI Edit to find the number of RIDs remaining in your domain. However, you can do this more quickly by running the following command: dcdiag /test:ridmanager /v | find /i "available...

When you run adprep /forestprep, you are updating the Active Directory schema forest version. Several people have asked, what is the forest schema version for Windows Server 2008 R2. To learn more about adprep and forestprep and schema versions, read...

A common warning message for anyone who has installed Active Directory on Windows Server 2008 or Windows 2008 R2, especially on the first domain controller in a forest or domain is: A delegation for this DNS server cannot be created because the authoritative...

An important security update, described in MS11-051 ( http://go.microsoft.com/fwlink/?LinkId=217101 ) was released today. The update fixes a cross-site scripting vulnerability in the sample web enrollment ASP pages that are part of Active Directory Certificate...

There is a typo in the Windows Server 2003 Active Directory Branch Office Guide that has affected some customers. The typo appears in the section of the guide that explains the mnemonics of DC Locator DNS Records that should not be registered by the DCs...

If you have heard of Certificates Next Generation (silly name, I know), which is why people call them V3 templates at Microsoft most of the time, then you might wonder or already know that there could be some compatibility issues - the same is true for...

I am really trying to make this TechNet Wiki article PKI Design Brief Overview a place from which we can answer the basic questions regarding PKI design and then point off to the more detailed information. http://social.technet.microsoft.com/wiki/contents...

If you have trouble with Certificate Autoenrollment or have ever had issues troubleshooting certificate autoenrollment in Active Directory Certificate Services (AD CS), take a look at the notes compiled by Roger Grimes and turned into a TechNet Wiki article...

We are developing an Active Directory troubleshooting guide on the TechNet Wiki. Been working on it since February, so it is ready for some feedback and feel free to help us out with comments, feedback, and so on. del.icio.us Tags: Active Directory troubleshooting...

I just went through and updated 16 or more resources that were posted online a while ago regarding Windows Server 2003. Seems there was not enough context with the information that was appearing in TechNet regarding the Certificates Console (certmgr.msc...

Be sure that you've planned your PKI . Then, see Offline Root CA . del.icio.us Tags: Active Directory Certificate Services , AD CS design , installing AD CS , PKI design , CA hierarchy , installing Active Directory Certificate Services (AD CS)

To get the answer to that and other questions, like "How do I patch an offline root CA?" see the new TechNet Wiki article Offline Root Certification Authority (CA). del.icio.us Tags: certification authority , CA , AD CS , Active Directory Certificate...

The DSForum post, EventID 26 & 27 : KDC: suitable keys , has been consolidated into the following TechNet Wiki article: KDC Event ID 26 (dsforum2wiki) Please look the article over and let us know what you think. You can edit the Wiki article...

Check out this TechNet Wiki article that describes a potential solution. Turns out that clearing out the files saved in Active Directory Sites and Services might be the answer.

The DS forum posts, Netlogon error 5719 and Event 5719 Netlogon Problem , have been consolidated into the following TechNet Wiki article: Event ID 5719 source Netlogon (dsforum2wiki) Please look the article over and let us know what you...

Test Lab Guide - Deploy Windows Firewall with Advanced Security to Protect Network Communication to a Domain Controller Description: This Test Lab Guide contains an introduction to Windows Firewall with Advanced Security (WFAS) and step-by-step instructions...