Browse by Tags

The past year and a half have been active for us in support in terms of dealing with MaxConcurrentApi issues. We’ve created a great deal of new documentation , updated existing documentation , successfully advocated some changes in product to help reduce the likelihood of these issues occurring and detect...

Howdy folks! I've posted another PowerShell script which may come in handy for IT admins no matter what services you administer. You can read more about it below, and you can download it from this TechNet Script Center link . Public Key Infrastructure (PKI) relies on the certificates which are being...

Hi folks! I’m due for my (now) semi annual blog post, and I have a pretty good one. Short and sweet. Remember my blog posts about MaxConcurrentApi problems? Well, of course not but they are here and here so you can read them now. I’m certain you read these fine blog posts about the...

Hi folks! If you have to set up or administer any Kerberos authentication in your environment then I have an article that is a must read for you. It's in the May editiion of Windows IT Pro magazine, in their "What Would Microsoft Support Do?" column. You can read it here . Enjoy!

To start the new year off right I have an article that is a must read if you IT administrator and using Microsoft products.  It’s in the January edition of Windows IT Pro magazine, in their “What Would Microsoft Support Do?” column.  You can read it from this link . Happy New Year folks!

If you are working in a support or engineering role with Microsoft platform products like the various Windows versions one of the biggest struggles you can have is understanding what to expect in code and on the network when Windows computers communicate to each other and other platforms.  Documentation...

In this blog post we’re going to go over a few techniques that are a bit old school but will come in handy for understanding how things work even if you ultimately use a great monitoring suite like MOM. Now, there are great articles here and here that describe good general ways to start checking your...

This week I’ve had the need to do some testing around ADAM (also known by it’s shiny new name of Active Directory Lightweight Directory Services or AD LDS).  The tests themselves are not directly relevant to this blog post, but in order for the tests to have some validity the ADAM instance needed...

Weeks ago I blogged about how single sign on and credential providers work and a scenario you can run into with them. One reader faced a slightly different scenario but was able to apply that topic toward getting his issue resolved. He had installed a credential provider for testing purposes. Unfortunately...

It’s easy to forget that when we say “Directory Services” we are really talking about multiple technologies. I remember when the idea that what we support is so much more than simply a user account repository first hit me. It happened when I first read the Windows 2000 Distributed Systems Guide from...

We use the term single sign on (SSO) to describe a variety of behaviors in Windows and other applications where the result is simply to prevent the user from being prompted to provide their credentials again and again; to ideally enter their credentials only once at initial logon. Active Directory and...

There will be times when you have to make big changes in your Active Directory. Sometimes those big changes mean deleting a lot of objects. I’ve personally needed to match customer environments by creating tens of thousands of AD objects just to have the beginnings of a matching environment. For my test...

I find myself doing blog posts on things that are not frequent enough for most experienced admins to be aware of since it wouldn’t come across their desk often. The reason for that is that in my role I receive the least common unresolved issues that occur from our customers. When I receive a few...

We occasionally receive support calls which revolve around the topics of “why is the Active Directory database on DC A different in size than that on DC B?”. It’s easy to dismiss the question out of hand but there are real life scenarios where this can be an important question. And there are real life...

I was well and truly stumped a few months ago. I joke that once a year I am flat out wrong, and rarely do I have nothing to say on a subject. The 'once a year I may be flat out wrong' statement may be true simply because after 15 years in the IT industry I’ve learned to avoid letting broad definitive...

We have a temporary role in CSS where support folks will help out in supporting prerelease (also known as beta) software.   I’ve worked a couple of Windows betas, and it’s a great experience.   I mention this since I remember a few years ago during the beta of a prior Windows release...

I learn more about AD and other things every day, which is part of the fun of this job we do-learning about how things work. This story does a good job of lending some understanding to something that can be tough to understand-trust secure channels. This story begins with a customer contacting us regarding...

Although we have a team of engineers who are dedicated to troubleshooting general server performance related problems Microsoft Directory Services specialists are expected to be the “go to” people for Active Directory and domain controller related performance issues. This is especially true when the...

    Over the past few years we’ve learned more about “NTLM and MaxConcurrentApi Concerns” and we’ve even come up with some new ways of addressing them.   The starting point for learning more is the Knowledge Base article You are intermittently prompted for credentials or experience...

Recently I wrote a post about how, in an uncommon scenario, Active Directory integrated DNS could lose an entry regarding a domain controller in a global SRV record. Here’s another aspect of AD integrated DNS which you can run into, particularly if you are spending energy tweaking your environment at...

When we do initial interviewing of a candidate for a job here in the CSS Directory Services team a question we’ll often start with is “how important is DNS to Active Directory?”. The person’s answer-if the correct answer of very important is given- is a great place to start with more detailed DNS questions...

I want to point out an excellent resource for an administrator out there who is responsible for Active Directory replication in their environment. The resource is a comprehensive and detailed article solely on using Repadmin.exe. The article goes over what Repadmin.exe can do, adds explanations for the...

Here’s another question we get asked occasionally: is there a way to load the entire Active Directory database into RAM? The idea behind this question is that having the sought after data in physical RAM would prevent the delays of seek time and paging which even the fastest hard drives have to...

I was recently asked to help out on an issue with a similar theme to other cases we have seen over the years. The topic has never been one that has generated a high number of calls to us but the calls we have received are not easy ones to get an initial handle on. I was very surprised that I couldn...

A while back I did a blog post regarding the user interface and settings for configuring a service account correctly to allow the more complex Kerberos delegation scenarios to take place. I recently had a customer issue I helped with that gave a good clear symptom as an example of when things are...