Browse by Tags

Tagged Content List
  • Blog Post: Easy Checking for MaxConcurrentApi Problems

    Hi folks! I’m due for my (now) semi annual blog post, and I have a pretty good one. Short and sweet. Remember my blog posts about MaxConcurrentApi problems? Well, of course not but they are here and here so you can read them now. I’m certain you read these fine blog posts about the...
  • Blog Post: ADMT and Server 2008

    Whenever we release a new product or suite of products we at Microsoft want to ease the adoption of it. For that reason we’ve released tools and scripts over the years to help our customers out. We’ve typically given these as free downloads from the internet, and (I know my opinion is skewed here) frankly...
  • Blog Post: These are the Updates You Are Looking For

    In this blog post we’re going to go over a few techniques that are a bit old school but will come in handy for understanding how things work even if you ultimately use a great monitoring suite like MOM. Now, there are great articles here and here that describe good general ways to start checking your...
  • Blog Post: T2A4D (Coincidentally What I Would Name A Droid, If I Had One)

    Not another post about Kerberos! Sorry folks, my Momma said ‘stick with what you’re good with’. And since playing Halo 3 is not a paying job I’m doing another blog post on Kerberos. I thought this would be a good one to post since how this works can save people a lot of time, even though this is...
  • Blog Post: Updated: NTLM and MaxConcurrentApi Concerns

        Over the past few years we’ve learned more about “NTLM and MaxConcurrentApi Concerns” and we’ve even come up with some new ways of addressing them.   The starting point for learning more is the Knowledge Base article You are intermittently prompted for credentials or experience...
  • Blog Post: What's in a name?

    Have you ever heard the Shakespeare paraphrased saying “a rose by any other name is still a rose?”. Well, the same holds true for objects in AD. Not that we have “rose” class objects, but the point being that simply renaming an object doesn’t really fundamentally alter that object. Here’s how this...
  • Blog Post: A Complicated Scenario Regarding DNS and the DC Locator SRVs

    When we do initial interviewing of a candidate for a job here in the CSS Directory Services team a question we’ll often start with is “how important is DNS to Active Directory?”. The person’s answer-if the correct answer of very important is given- is a great place to start with more detailed DNS questions...
  • Blog Post: What Would Microsoft Support Do?

    To start the new year off right I have an article that is a must read if you IT administrator and using Microsoft products.  It’s in the January edition of Windows IT Pro magazine, in their “What Would Microsoft Support Do?” column.  You can read it from this link . Happy New Year folks!
  • Blog Post: Testing a Credential Provider

    Weeks ago I blogged about how single sign on and credential providers work and a scenario you can run into with them. One reader faced a slightly different scenario but was able to apply that topic toward getting his issue resolved. He had installed a credential provider for testing purposes. Unfortunately...
  • Blog Post: Question about AD authentication, Put In Context

    Occasionally I am contacted with specific questions or topics people would like to hear more about. This post is a reply to one of those. Here’s the question: My question is what are the impact when I change the logon workstation property of a user account in AD. Obviously, that user account cannot...
  • Blog Post: Scary Sounding Errors

    We have a temporary role in CSS where support folks will help out in supporting prerelease (also known as beta) software.   I’ve worked a couple of Windows betas, and it’s a great experience.   I mention this since I remember a few years ago during the beta of a prior Windows release...
  • Blog Post: Loading the Active Directory Database Into RAM

    Here’s another question we get asked occasionally: is there a way to load the entire Active Directory database into RAM? The idea behind this question is that having the sought after data in physical RAM would prevent the delays of seek time and paging which even the fastest hard drives have to...
  • Blog Post: Dude, where's my PAC?

    Something that is becoming more prevalent over the past few years has been great investments into our security technologies for application oriented reasons. Impersonation, people, that’s what I’m talking about. If anyone ever asks you what the big deal with Kerberos authentication is you can some it...
  • Blog Post: Thoughts on Single Sign On and Credential Providers

    We use the term single sign on (SSO) to describe a variety of behaviors in Windows and other applications where the result is simply to prevent the user from being prompted to provide their credentials again and again; to ideally enter their credentials only once at initial logon. Active Directory and...
  • Blog Post: Group Policy Best Practice Analyzer

    Ever heard of a Best Practice Analyzer , otherwise known as a ‘BPA’? It’s a type of tool that many of our product or support teams have been creating the last few years which can be used to gauge the general health of a component before things go catastrophically wrong. BPA's can also identify problems...
  • Blog Post: Indexing in Active Directory

    We end up taking indexing for granted most of the time until and unless we encounter a problem. Why don’t we start off with the question of “what is indexing?”. So an index is essentially a way of organizing data for fast retrieval or at least retrieving a quick answer. For a thorough understanding...
  • Blog Post: VSS Snapshots and You

    I find myself doing blog posts on things that are not frequent enough for most experienced admins to be aware of since it wouldn’t come across their desk often. The reason for that is that in my role I receive the least common unresolved issues that occur from our customers. When I receive a few...
  • Blog Post: Certificate Trust List Size Problem Check (PKI)

    Howdy folks! I've posted another PowerShell script which may come in handy for IT admins no matter what services you administer. You can read more about it below, and you can download it from this TechNet Script Center link . Public Key Infrastructure (PKI) relies on the certificates which are being...
  • Blog Post: Monitor AD Replication Much?

    I want to point out an excellent resource for an administrator out there who is responsible for Active Directory replication in their environment. The resource is a comprehensive and detailed article solely on using Repadmin.exe. The article goes over what Repadmin.exe can do, adds explanations for the...
  • Blog Post: Referral Chasing

    It’s easy to forget that when we say “Directory Services” we are really talking about multiple technologies. I remember when the idea that what we support is so much more than simply a user account repository first hit me. It happened when I first read the Windows 2000 Distributed Systems Guide from...
  • Blog Post: Conflict Resolution, Lingering Objects, Printers

    I was recently asked to help out on an issue with a similar theme to other cases we have seen over the years. The topic has never been one that has generated a high number of calls to us but the calls we have received are not easy ones to get an initial handle on. I was very surprised that I couldn...
  • Blog Post: Gauging Size Differences in AD Databases

    We occasionally receive support calls which revolve around the topics of “why is the Active Directory database on DC A different in size than that on DC B?”. It’s easy to dismiss the question out of hand but there are real life scenarios where this can be an important question. And there are real life...
  • Blog Post: What Would Microsoft Support Do on Kerberos Delegation?

    Hi folks! If you have to set up or administer any Kerberos authentication in your environment then I have an article that is a must read for you. It's in the May editiion of Windows IT Pro magazine, in their "What Would Microsoft Support Do?" column. You can read it here . Enjoy!
  • Blog Post: Bulking Up an ADAM Test Instance

    This week I’ve had the need to do some testing around ADAM (also known by it’s shiny new name of Active Directory Lightweight Directory Services or AD LDS).  The tests themselves are not directly relevant to this blog post, but in order for the tests to have some validity the ADAM instance needed...
  • Blog Post: Troubleshooting a Memory Leak in Lsass.exe

    Although we have a team of engineers who are dedicated to troubleshooting general server performance related problems Microsoft Directory Services specialists are expected to be the “go to” people for Active Directory and domain controller related performance issues. This is especially true when the...